xref: /freebsd/crypto/openssl/ssl/rio/rio_notifier.c (revision 24e4dcf4ba5e9dedcf89efd358ea3e1fe5867020) 
1 /*
2  * Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 #include "internal/sockets.h"
11 #include <openssl/bio.h>
12 #include <openssl/err.h>
13 #include "internal/thread_once.h"
14 #include "internal/rio_notifier.h"
15 
16 /*
17  * Sets a socket as close-on-exec, except that this is a no-op if we are certain
18  * we do not need to do this or the OS does not support the concept.
19  */
20 static int set_cloexec(int fd)
21 {
22 #if !defined(SOCK_CLOEXEC) && defined(FD_CLOEXEC)
23     return fcntl(fd, F_SETFD, FD_CLOEXEC) >= 0;
24 #else
25     return 1;
26 #endif
27 }
28 
29 #if defined(OPENSSL_SYS_WINDOWS)
30 
31 static CRYPTO_ONCE ensure_wsa_startup_once = CRYPTO_ONCE_STATIC_INIT;
32 static int wsa_started;
33 
34 static void ossl_wsa_cleanup(void)
35 {
36     if (wsa_started) {
37         wsa_started = 0;
38         WSACleanup();
39     }
40 }
41 
42 DEFINE_RUN_ONCE_STATIC(do_wsa_startup)
43 {
44     WORD versionreq = 0x0202; /* Version 2.2 */
45     WSADATA wsadata;
46 
47     if (WSAStartup(versionreq, &wsadata) != 0)
48         return 0;
49     wsa_started = 1;
50     OPENSSL_atexit(ossl_wsa_cleanup);
51     return 1;
52 }
53 
54 static ossl_inline int ensure_wsa_startup(void)
55 {
56     return RUN_ONCE(&ensure_wsa_startup_once, do_wsa_startup);
57 }
58 
59 #endif
60 
61 #if RIO_NOTIFIER_METHOD == RIO_NOTIFIER_METHOD_SOCKET
62 
63 /* Create a close-on-exec socket. */
64 static int create_socket(int domain, int socktype, int protocol)
65 {
66     int fd;
67 # if defined(OPENSSL_SYS_WINDOWS)
68     static const int on = 1;
69 
70     /*
71      * Use WSASocketA to create a socket which is immediately marked as
72      * non-inheritable, avoiding race conditions if another thread is about to
73      * call CreateProcess.
74      * NOTE: windows xp (0x501) doesn't support the non-inheritance flag here
75      * but preventing inheritance isn't mandatory, just a safety precaution
76      * so we can get away with not including it for older platforms
77      */
78 
79 #  ifdef WSA_FLAG_NO_HANDLE_INHERIT
80     fd = (int)WSASocketA(domain, socktype, protocol, NULL, 0,
81                          WSA_FLAG_NO_HANDLE_INHERIT);
82 
83     /*
84      * Its also possible that someone is building a binary on a newer windows
85      * SDK, but running it on a runtime that doesn't support inheritance
86      * supression.  In that case the above will return INVALID_SOCKET, and
87      * our response for those older platforms is to try the call again
88      * without the flag
89      */
90     if (fd == INVALID_SOCKET)
91         fd = (int)WSASocketA(domain, socktype, protocol, NULL, 0, 0);
92 #  else
93     fd = (int)WSASocketA(domain, socktype, protocol, NULL, 0, 0);
94 #  endif
95     if (fd == INVALID_SOCKET) {
96         int err = get_last_socket_error();
97 
98         ERR_raise_data(ERR_LIB_SYS, err,
99                        "calling WSASocketA() = %d", err);
100         return INVALID_SOCKET;
101     }
102 
103     /* Prevent interference with the socket from other processes on Windows. */
104     if (setsockopt(fd, SOL_SOCKET, SO_EXCLUSIVEADDRUSE, (void *)&on, sizeof(on)) < 0) {
105         ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
106                        "calling setsockopt()");
107         BIO_closesocket(fd);
108         return INVALID_SOCKET;
109     }
110 
111 # else
112 #  if defined(SOCK_CLOEXEC)
113     socktype |= SOCK_CLOEXEC;
114 #  endif
115 
116     fd = BIO_socket(domain, socktype, protocol, 0);
117     if (fd == INVALID_SOCKET) {
118         ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
119                        "calling BIO_socket()");
120         return INVALID_SOCKET;
121     }
122 
123     /*
124      * Make socket close-on-exec unless this was already done above at socket
125      * creation time.
126      */
127     if (!set_cloexec(fd)) {
128         ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
129                        "calling set_cloexec()");
130         BIO_closesocket(fd);
131         return INVALID_SOCKET;
132     }
133 # endif
134 
135     return fd;
136 }
137 
138 /*
139  * The SOCKET notifier method manually creates a connected TCP socket pair by
140  * temporarily creating a TCP listener on a random port and connecting back to
141  * it.
142  *
143  * Win32 does not support socketpair(2), and Win32 pipes are not compatible with
144  * Winsock select(2). This means our only means of making select(2) wakeable is
145  * to artifically create a loopback TCP connection and send bytes to it.
146  */
147 int ossl_rio_notifier_init(RIO_NOTIFIER *nfy)
148 {
149     int rc, lfd = -1, rfd = -1, wfd = -1;
150     struct sockaddr_in sa = {0}, accept_sa;
151     socklen_t sa_len = sizeof(sa), accept_sa_len = sizeof(accept_sa);
152 
153 # if defined(OPENSSL_SYS_WINDOWS)
154     if (!ensure_wsa_startup()) {
155         ERR_raise_data(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR,
156                        "Cannot start Windows sockets");
157         return 0;
158     }
159 # endif
160     /* Create a close-on-exec socket. */
161     lfd = create_socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
162     if (lfd == INVALID_SOCKET) {
163         ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
164                        "calling create_socket()");
165         return 0;
166     }
167 
168     /* Bind the socket to a random loopback port. */
169     sa.sin_family       = AF_INET;
170     sa.sin_addr.s_addr  = htonl(INADDR_LOOPBACK);
171     rc = bind(lfd, (const struct sockaddr *)&sa, sizeof(sa));
172     if (rc < 0) {
173         ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
174                        "calling bind()");
175         goto err;
176     }
177 
178     /* Determine what random port was allocated. */
179     rc = getsockname(lfd, (struct sockaddr *)&sa, &sa_len);
180     if (rc < 0) {
181         ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
182                        "calling getsockname()");
183         goto err;
184     }
185 
186     /* Start listening. */
187     rc = listen(lfd, 1);
188     if (rc < 0) {
189         ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
190                        "calling listen()");
191         goto err;
192     }
193 
194     /* Create another socket to connect to the listener. */
195     wfd = create_socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
196     if (wfd == INVALID_SOCKET) {
197         ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
198                        "calling create_socket()");
199         goto err;
200     }
201 
202     /*
203      * Disable Nagle's algorithm on the writer so that wakeups happen
204      * immediately.
205      */
206     if (!BIO_set_tcp_ndelay(wfd, 1)) {
207         ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
208                        "calling BIO_set_tcp_ndelay()");
209         goto err;
210     }
211 
212     /*
213      * Connect the writer to the listener.
214      */
215     rc = connect(wfd, (struct sockaddr *)&sa, sizeof(sa));
216     if (rc < 0) {
217         ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
218                        "calling connect()");
219         goto err;
220     }
221 
222     /*
223      * The connection accepted from the listener is the read side.
224      */
225     rfd = accept(lfd, (struct sockaddr *)&accept_sa, &accept_sa_len);
226     if (rfd == INVALID_SOCKET) {
227         ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
228                        "calling accept()");
229         goto err;
230     }
231 
232     rc = getsockname(wfd, (struct sockaddr *)&sa, &sa_len);
233     if (rc < 0) {
234         ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
235                        "calling getsockname()");
236         goto err;
237     }
238 
239     /* Close the listener, which we don't need anymore. */
240     BIO_closesocket(lfd);
241     lfd = -1;
242 
243     /*
244      * Sanity check - ensure someone else didn't connect to our listener during
245      * the brief window of possibility above.
246      */
247     if (accept_sa.sin_family != AF_INET || accept_sa.sin_port != sa.sin_port) {
248         ERR_raise_data(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR,
249                        "connected address differs from accepted address");
250         goto err;
251     }
252 
253     /* Make both sides of the connection non-blocking. */
254     if (!BIO_socket_nbio(rfd, 1)) {
255         ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
256                        "calling BIO_socket_nbio()");
257         goto err;
258     }
259 
260     if (!BIO_socket_nbio(wfd, 1)) {
261         ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
262                        "calling BIO_socket_nbio()");
263         goto err;
264     }
265 
266     nfy->rfd = rfd;
267     nfy->wfd = wfd;
268     return 1;
269 
270 err:
271     if (lfd != INVALID_SOCKET)
272         BIO_closesocket(lfd);
273     if (wfd != INVALID_SOCKET)
274         BIO_closesocket(wfd);
275     if (rfd != INVALID_SOCKET)
276         BIO_closesocket(rfd);
277     return 0;
278 }
279 
280 #elif RIO_NOTIFIER_METHOD == RIO_NOTIFIER_METHOD_SOCKETPAIR
281 
282 int ossl_rio_notifier_init(RIO_NOTIFIER *nfy)
283 {
284     int fds[2], domain = AF_INET, type = SOCK_STREAM;
285 
286 # if defined(SOCK_CLOEXEC)
287     type |= SOCK_CLOEXEC;
288 # endif
289 # if defined(SOCK_NONBLOCK)
290     type |= SOCK_NONBLOCK;
291 # endif
292 
293 # if defined(OPENSSL_SYS_UNIX) && defined(AF_UNIX)
294     domain = AF_UNIX;
295 # endif
296 
297     if (socketpair(domain, type, 0, fds) < 0) {
298         ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
299                        "calling socketpair()");
300         return 0;
301     }
302 
303     if (!set_cloexec(fds[0]) || !set_cloexec(fds[1])) {
304         ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
305                        "calling set_cloexec()");
306         goto err;
307     }
308 
309 # if !defined(SOCK_NONBLOCK)
310     if (!BIO_socket_nbio(fds[0], 1) || !BIO_socket_nbio(fds[1], 1)) {
311         ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
312                        "calling BIO_socket_nbio()");
313         goto err;
314     }
315 # endif
316 
317     if (domain == AF_INET && !BIO_set_tcp_ndelay(fds[1], 1)) {
318         ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
319                        "calling BIO_set_tcp_ndelay()");
320         goto err;
321     }
322 
323     nfy->rfd = fds[0];
324     nfy->wfd = fds[1];
325     return 1;
326 
327 err:
328     BIO_closesocket(fds[1]);
329     BIO_closesocket(fds[0]);
330     return 0;
331 }
332 
333 #endif
334 
335 void ossl_rio_notifier_cleanup(RIO_NOTIFIER *nfy)
336 {
337     if (nfy->rfd < 0)
338         return;
339 
340     BIO_closesocket(nfy->wfd);
341     BIO_closesocket(nfy->rfd);
342     nfy->rfd = nfy->wfd = -1;
343 }
344 
345 int ossl_rio_notifier_signal(RIO_NOTIFIER *nfy)
346 {
347     static const unsigned char ch = 0;
348     ossl_ssize_t wr;
349 
350     do
351         /*
352          * Note: If wr returns 0 the buffer is already full so we don't need to
353          * do anything.
354          */
355         wr = writesocket(nfy->wfd, (void *)&ch, sizeof(ch));
356     while (wr < 0 && get_last_socket_error_is_eintr());
357 
358     return 1;
359 }
360 
361 int ossl_rio_notifier_unsignal(RIO_NOTIFIER *nfy)
362 {
363     unsigned char buf[16];
364     ossl_ssize_t rd;
365 
366     /*
367      * signal() might have been called multiple times. Drain the buffer until
368      * it's empty.
369      */
370     do
371         rd = readsocket(nfy->rfd, (void *)buf, sizeof(buf));
372     while (rd == sizeof(buf)
373            || (rd < 0 && get_last_socket_error_is_eintr()));
374 
375     if (rd < 0 && !BIO_fd_non_fatal_error(get_last_socket_error()))
376         return 0;
377 
378     return 1;
379 }
380