]> git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/bio/bss_dgram.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Fix BIO_sendmmsg/BIO_recvmmsg issues on FreeBSD
[thirdparty/openssl.git] / crypto / bio / bss_dgram.c
1 /*
2 * Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #ifndef _GNU_SOURCE
11 # define _GNU_SOURCE
12 #endif
13
14 #include <stdio.h>
15 #include <errno.h>
16
17 #include "bio_local.h"
18 #ifndef OPENSSL_NO_DGRAM
19
20 # ifndef OPENSSL_NO_SCTP
21 # include <netinet/sctp.h>
22 # include <fcntl.h>
23 # define OPENSSL_SCTP_DATA_CHUNK_TYPE 0x00
24 # define OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE 0xc0
25 # endif
26
27 # if defined(OPENSSL_SYS_LINUX) && !defined(IP_MTU)
28 # define IP_MTU 14 /* linux is lame */
29 # endif
30
31 # if OPENSSL_USE_IPV6 && !defined(IPPROTO_IPV6)
32 # define IPPROTO_IPV6 41 /* windows is lame */
33 # endif
34
35 # if defined(__FreeBSD__) && defined(IN6_IS_ADDR_V4MAPPED)
36 /* Standard definition causes type-punning problems. */
37 # undef IN6_IS_ADDR_V4MAPPED
38 # define s6_addr32 __u6_addr.__u6_addr32
39 # define IN6_IS_ADDR_V4MAPPED(a) \
40 (((a)->s6_addr32[0] == 0) && \
41 ((a)->s6_addr32[1] == 0) && \
42 ((a)->s6_addr32[2] == htonl(0x0000ffff)))
43 # endif
44
45 /* Determine what method to use for BIO_sendmmsg and BIO_recvmmsg. */
46 # define M_METHOD_NONE 0
47 # define M_METHOD_RECVMMSG 1
48 # define M_METHOD_RECVMSG 2
49 # define M_METHOD_RECVFROM 3
50 # define M_METHOD_WSARECVMSG 4
51
52 # if !defined(M_METHOD)
53 # if defined(OPENSSL_SYS_WINDOWS) && defined(BIO_HAVE_WSAMSG) && !defined(NO_WSARECVMSG)
54 # define M_METHOD M_METHOD_WSARECVMSG
55 # elif !defined(OPENSSL_SYS_WINDOWS) && defined(MSG_WAITFORONE) && !defined(NO_RECVMMSG)
56 # define M_METHOD M_METHOD_RECVMMSG
57 # elif !defined(OPENSSL_SYS_WINDOWS) && defined(CMSG_LEN) && !defined(NO_RECVMSG)
58 # define M_METHOD M_METHOD_RECVMSG
59 # elif !defined(NO_RECVFROM)
60 # define M_METHOD M_METHOD_RECVFROM
61 # else
62 # define M_METHOD M_METHOD_NONE
63 # endif
64 # endif
65
66 # if defined(OPENSSL_SYS_WINDOWS)
67 # define BIO_CMSG_SPACE(x) WSA_CMSG_SPACE(x)
68 # define BIO_CMSG_FIRSTHDR(x) WSA_CMSG_FIRSTHDR(x)
69 # define BIO_CMSG_NXTHDR(x, y) WSA_CMSG_NXTHDR(x, y)
70 # define BIO_CMSG_DATA(x) WSA_CMSG_DATA(x)
71 # define BIO_CMSG_LEN(x) WSA_CMSG_LEN(x)
72 # define MSGHDR_TYPE WSAMSG
73 # define CMSGHDR_TYPE WSACMSGHDR
74 # else
75 # define MSGHDR_TYPE struct msghdr
76 # define CMSGHDR_TYPE struct cmsghdr
77 # define BIO_CMSG_SPACE(x) CMSG_SPACE(x)
78 # define BIO_CMSG_FIRSTHDR(x) CMSG_FIRSTHDR(x)
79 # define BIO_CMSG_NXTHDR(x, y) CMSG_NXTHDR(x, y)
80 # define BIO_CMSG_DATA(x) CMSG_DATA(x)
81 # define BIO_CMSG_LEN(x) CMSG_LEN(x)
82 # endif
83
84 # if M_METHOD == M_METHOD_RECVMMSG \
85 || M_METHOD == M_METHOD_RECVMSG \
86 || M_METHOD == M_METHOD_WSARECVMSG
87 # if defined(__APPLE__)
88 /*
89 * CMSG_SPACE is not a constant expresson on OSX even though POSIX
90 * says it's supposed to be. This should be adequate.
91 */
92 # define BIO_CMSG_ALLOC_LEN 64
93 # else
94 # if defined(IPV6_PKTINFO)
95 # define BIO_CMSG_ALLOC_LEN_1 BIO_CMSG_SPACE(sizeof(struct in6_pktinfo))
96 # else
97 # define BIO_CMSG_ALLOC_LEN_1 0
98 # endif
99 # if defined(IP_PKTINFO)
100 # define BIO_CMSG_ALLOC_LEN_2 BIO_CMSG_SPACE(sizeof(struct in_pktinfo))
101 # else
102 # define BIO_CMSG_ALLOC_LEN_2 0
103 # endif
104 # if defined(IP_RECVDSTADDR)
105 # define BIO_CMSG_ALLOC_LEN_3 BIO_CMSG_SPACE(sizeof(struct in_addr))
106 # else
107 # define BIO_CMSG_ALLOC_LEN_3 0
108 # endif
109 # define BIO_MAX(X,Y) ((X) > (Y) ? (X) : (Y))
110 # define BIO_CMSG_ALLOC_LEN \
111 BIO_MAX(BIO_CMSG_ALLOC_LEN_1, \
112 BIO_MAX(BIO_CMSG_ALLOC_LEN_2, BIO_CMSG_ALLOC_LEN_3))
113 # endif
114 # if (defined(IP_PKTINFO) || defined(IP_RECVDSTADDR)) && defined(IPV6_RECVPKTINFO)
115 # define SUPPORT_LOCAL_ADDR
116 # endif
117 # endif
118
119 # define BIO_MSG_N(array, stride, n) (*(BIO_MSG *)((char *)(array) + (n)*(stride)))
120
121 static int dgram_write(BIO *h, const char *buf, int num);
122 static int dgram_read(BIO *h, char *buf, int size);
123 static int dgram_puts(BIO *h, const char *str);
124 static long dgram_ctrl(BIO *h, int cmd, long arg1, void *arg2);
125 static int dgram_new(BIO *h);
126 static int dgram_free(BIO *data);
127 static int dgram_clear(BIO *bio);
128 static int dgram_sendmmsg(BIO *b, BIO_MSG *msg,
129 size_t stride, size_t num_msg,
130 uint64_t flags, size_t *num_processed);
131 static int dgram_recvmmsg(BIO *b, BIO_MSG *msg,
132 size_t stride, size_t num_msg,
133 uint64_t flags, size_t *num_processed);
134
135 # ifndef OPENSSL_NO_SCTP
136 static int dgram_sctp_write(BIO *h, const char *buf, int num);
137 static int dgram_sctp_read(BIO *h, char *buf, int size);
138 static int dgram_sctp_puts(BIO *h, const char *str);
139 static long dgram_sctp_ctrl(BIO *h, int cmd, long arg1, void *arg2);
140 static int dgram_sctp_new(BIO *h);
141 static int dgram_sctp_free(BIO *data);
142 static int dgram_sctp_wait_for_dry(BIO *b);
143 static int dgram_sctp_msg_waiting(BIO *b);
144 # ifdef SCTP_AUTHENTICATION_EVENT
145 static void dgram_sctp_handle_auth_free_key_event(BIO *b, union sctp_notification
146 *snp);
147 # endif
148 # endif
149
150 static int BIO_dgram_should_retry(int s);
151
152 static void get_current_time(struct timeval *t);
153
154 static const BIO_METHOD methods_dgramp = {
155 BIO_TYPE_DGRAM,
156 "datagram socket",
157 bwrite_conv,
158 dgram_write,
159 bread_conv,
160 dgram_read,
161 dgram_puts,
162 NULL, /* dgram_gets, */
163 dgram_ctrl,
164 dgram_new,
165 dgram_free,
166 NULL, /* dgram_callback_ctrl */
167 dgram_sendmmsg,
168 dgram_recvmmsg,
169 };
170
171 # ifndef OPENSSL_NO_SCTP
172 static const BIO_METHOD methods_dgramp_sctp = {
173 BIO_TYPE_DGRAM_SCTP,
174 "datagram sctp socket",
175 bwrite_conv,
176 dgram_sctp_write,
177 bread_conv,
178 dgram_sctp_read,
179 dgram_sctp_puts,
180 NULL, /* dgram_gets, */
181 dgram_sctp_ctrl,
182 dgram_sctp_new,
183 dgram_sctp_free,
184 NULL, /* dgram_callback_ctrl */
185 NULL, /* sendmmsg */
186 NULL, /* recvmmsg */
187 };
188 # endif
189
190 typedef struct bio_dgram_data_st {
191 BIO_ADDR peer;
192 BIO_ADDR local_addr;
193 unsigned int connected;
194 unsigned int _errno;
195 unsigned int mtu;
196 struct timeval next_timeout;
197 struct timeval socket_timeout;
198 unsigned int peekmode;
199 char local_addr_enabled;
200 } bio_dgram_data;
201
202 # ifndef OPENSSL_NO_SCTP
203 typedef struct bio_dgram_sctp_save_message_st {
204 BIO *bio;
205 char *data;
206 int length;
207 } bio_dgram_sctp_save_message;
208
209 typedef struct bio_dgram_sctp_data_st {
210 BIO_ADDR peer;
211 unsigned int connected;
212 unsigned int _errno;
213 unsigned int mtu;
214 struct bio_dgram_sctp_sndinfo sndinfo;
215 struct bio_dgram_sctp_rcvinfo rcvinfo;
216 struct bio_dgram_sctp_prinfo prinfo;
217 BIO_dgram_sctp_notification_handler_fn handle_notifications;
218 void *notification_context;
219 int in_handshake;
220 int ccs_rcvd;
221 int ccs_sent;
222 int save_shutdown;
223 int peer_auth_tested;
224 } bio_dgram_sctp_data;
225 # endif
226
227 const BIO_METHOD *BIO_s_datagram(void)
228 {
229 return &methods_dgramp;
230 }
231
232 BIO *BIO_new_dgram(int fd, int close_flag)
233 {
234 BIO *ret;
235
236 ret = BIO_new(BIO_s_datagram());
237 if (ret == NULL)
238 return NULL;
239 BIO_set_fd(ret, fd, close_flag);
240 return ret;
241 }
242
243 static int dgram_new(BIO *bi)
244 {
245 bio_dgram_data *data = OPENSSL_zalloc(sizeof(*data));
246
247 if (data == NULL)
248 return 0;
249 bi->ptr = data;
250 return 1;
251 }
252
253 static int dgram_free(BIO *a)
254 {
255 bio_dgram_data *data;
256
257 if (a == NULL)
258 return 0;
259 if (!dgram_clear(a))
260 return 0;
261
262 data = (bio_dgram_data *)a->ptr;
263 OPENSSL_free(data);
264
265 return 1;
266 }
267
268 static int dgram_clear(BIO *a)
269 {
270 if (a == NULL)
271 return 0;
272 if (a->shutdown) {
273 if (a->init) {
274 BIO_closesocket(a->num);
275 }
276 a->init = 0;
277 a->flags = 0;
278 }
279 return 1;
280 }
281
282 static void dgram_adjust_rcv_timeout(BIO *b)
283 {
284 # if defined(SO_RCVTIMEO)
285 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
286
287 /* Is a timer active? */
288 if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0) {
289 struct timeval timenow, timeleft;
290
291 /* Read current socket timeout */
292 # ifdef OPENSSL_SYS_WINDOWS
293 int timeout;
294
295 int sz = sizeof(timeout);
296 if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
297 (void *)&timeout, &sz) < 0) {
298 perror("getsockopt");
299 } else {
300 data->socket_timeout.tv_sec = timeout / 1000;
301 data->socket_timeout.tv_usec = (timeout % 1000) * 1000;
302 }
303 # else
304 socklen_t sz = sizeof(data->socket_timeout);
305 if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
306 &(data->socket_timeout), &sz) < 0) {
307 perror("getsockopt");
308 } else
309 OPENSSL_assert(sz <= sizeof(data->socket_timeout));
310 # endif
311
312 /* Get current time */
313 get_current_time(&timenow);
314
315 /* Calculate time left until timer expires */
316 memcpy(&timeleft, &(data->next_timeout), sizeof(struct timeval));
317 if (timeleft.tv_usec < timenow.tv_usec) {
318 timeleft.tv_usec = 1000000 - timenow.tv_usec + timeleft.tv_usec;
319 timeleft.tv_sec--;
320 } else {
321 timeleft.tv_usec -= timenow.tv_usec;
322 }
323 if (timeleft.tv_sec < timenow.tv_sec) {
324 timeleft.tv_sec = 0;
325 timeleft.tv_usec = 1;
326 } else {
327 timeleft.tv_sec -= timenow.tv_sec;
328 }
329
330 /*
331 * Adjust socket timeout if next handshake message timer will expire
332 * earlier.
333 */
334 if ((data->socket_timeout.tv_sec == 0
335 && data->socket_timeout.tv_usec == 0)
336 || (data->socket_timeout.tv_sec > timeleft.tv_sec)
337 || (data->socket_timeout.tv_sec == timeleft.tv_sec
338 && data->socket_timeout.tv_usec >= timeleft.tv_usec)) {
339 # ifdef OPENSSL_SYS_WINDOWS
340 timeout = timeleft.tv_sec * 1000 + timeleft.tv_usec / 1000;
341 if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
342 (void *)&timeout, sizeof(timeout)) < 0) {
343 perror("setsockopt");
344 }
345 # else
346 if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &timeleft,
347 sizeof(struct timeval)) < 0) {
348 perror("setsockopt");
349 }
350 # endif
351 }
352 }
353 # endif
354 }
355
356 static void dgram_update_local_addr(BIO *b)
357 {
358 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
359 socklen_t addr_len = sizeof(data->local_addr);
360
361 if (getsockname(b->num, &data->local_addr.sa, &addr_len) < 0)
362 /*
363 * This should not be possible, but zero-initialize and return
364 * anyway.
365 */
366 BIO_ADDR_clear(&data->local_addr);
367 }
368
369 # if M_METHOD == M_METHOD_RECVMMSG || M_METHOD == M_METHOD_RECVMSG || M_METHOD == M_METHOD_WSARECVMSG
370 static int dgram_get_sock_family(BIO *b)
371 {
372 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
373 return data->local_addr.sa.sa_family;
374 }
375 # endif
376
377 static void dgram_reset_rcv_timeout(BIO *b)
378 {
379 # if defined(SO_RCVTIMEO)
380 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
381
382 /* Is a timer active? */
383 if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0) {
384 # ifdef OPENSSL_SYS_WINDOWS
385 int timeout = data->socket_timeout.tv_sec * 1000 +
386 data->socket_timeout.tv_usec / 1000;
387 if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
388 (void *)&timeout, sizeof(timeout)) < 0) {
389 perror("setsockopt");
390 }
391 # else
392 if (setsockopt
393 (b->num, SOL_SOCKET, SO_RCVTIMEO, &(data->socket_timeout),
394 sizeof(struct timeval)) < 0) {
395 perror("setsockopt");
396 }
397 # endif
398 }
399 # endif
400 }
401
402 static int dgram_read(BIO *b, char *out, int outl)
403 {
404 int ret = 0;
405 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
406 int flags = 0;
407
408 BIO_ADDR peer;
409 socklen_t len = sizeof(peer);
410
411 if (out != NULL) {
412 clear_socket_error();
413 BIO_ADDR_clear(&peer);
414 dgram_adjust_rcv_timeout(b);
415 if (data->peekmode)
416 flags = MSG_PEEK;
417 ret = recvfrom(b->num, out, outl, flags,
418 BIO_ADDR_sockaddr_noconst(&peer), &len);
419
420 if (!data->connected && ret >= 0)
421 BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &peer);
422
423 BIO_clear_retry_flags(b);
424 if (ret < 0) {
425 if (BIO_dgram_should_retry(ret)) {
426 BIO_set_retry_read(b);
427 data->_errno = get_last_socket_error();
428 }
429 }
430
431 dgram_reset_rcv_timeout(b);
432 }
433 return ret;
434 }
435
436 static int dgram_write(BIO *b, const char *in, int inl)
437 {
438 int ret;
439 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
440 clear_socket_error();
441
442 if (data->connected)
443 ret = writesocket(b->num, in, inl);
444 else {
445 int peerlen = BIO_ADDR_sockaddr_size(&data->peer);
446
447 ret = sendto(b->num, in, inl, 0,
448 BIO_ADDR_sockaddr(&data->peer), peerlen);
449 }
450
451 BIO_clear_retry_flags(b);
452 if (ret <= 0) {
453 if (BIO_dgram_should_retry(ret)) {
454 BIO_set_retry_write(b);
455 data->_errno = get_last_socket_error();
456 }
457 }
458 return ret;
459 }
460
461 static long dgram_get_mtu_overhead(bio_dgram_data *data)
462 {
463 long ret;
464
465 switch (BIO_ADDR_family(&data->peer)) {
466 case AF_INET:
467 /*
468 * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP
469 */
470 ret = 28;
471 break;
472 # if OPENSSL_USE_IPV6
473 case AF_INET6:
474 {
475 # ifdef IN6_IS_ADDR_V4MAPPED
476 struct in6_addr tmp_addr;
477 if (BIO_ADDR_rawaddress(&data->peer, &tmp_addr, NULL)
478 && IN6_IS_ADDR_V4MAPPED(&tmp_addr))
479 /*
480 * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP
481 */
482 ret = 28;
483 else
484 # endif
485 /*
486 * Assume this is UDP - 40 bytes for IP, 8 bytes for UDP
487 */
488 ret = 48;
489 }
490 break;
491 # endif
492 default:
493 /* We don't know. Go with the historical default */
494 ret = 28;
495 break;
496 }
497 return ret;
498 }
499
500 /* Enables appropriate destination address reception option on the socket. */
501 # if defined(SUPPORT_LOCAL_ADDR)
502 static int enable_local_addr(BIO *b, int enable) {
503 int af = dgram_get_sock_family(b);
504
505 if (af == AF_INET) {
506 # if defined(IP_PKTINFO)
507 /* IP_PKTINFO is preferred */
508 if (setsockopt(b->num, IPPROTO_IP, IP_PKTINFO,
509 (void *)&enable, sizeof(enable)) < 0)
510 return 0;
511
512 return 1;
513
514 # elif defined(IP_RECVDSTADDR)
515 /* Fall back to IP_RECVDSTADDR */
516
517 if (setsockopt(b->num, IPPROTO_IP, IP_RECVDSTADDR,
518 &enable, sizeof(enable)) < 0)
519 return 0;
520
521 return 1;
522 # endif
523 }
524
525 # if OPENSSL_USE_IPV6
526 if (af == AF_INET6) {
527 # if defined(IPV6_RECVPKTINFO)
528 if (setsockopt(b->num, IPPROTO_IPV6, IPV6_RECVPKTINFO,
529 &enable, sizeof(enable)) < 0)
530 return 0;
531
532 return 1;
533 # endif
534 }
535 # endif
536
537 return 0;
538 }
539 # endif
540
541 static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
542 {
543 long ret = 1;
544 int *ip;
545 bio_dgram_data *data = NULL;
546 int sockopt_val = 0;
547 int d_errno;
548 # if defined(OPENSSL_SYS_LINUX) && (defined(IP_MTU_DISCOVER) || defined(IP_MTU))
549 socklen_t sockopt_len; /* assume that system supporting IP_MTU is
550 * modern enough to define socklen_t */
551 socklen_t addr_len;
552 BIO_ADDR addr;
553 # endif
554
555 data = (bio_dgram_data *)b->ptr;
556
557 switch (cmd) {
558 case BIO_CTRL_RESET:
559 num = 0;
560 ret = 0;
561 break;
562 case BIO_CTRL_INFO:
563 ret = 0;
564 break;
565 case BIO_C_SET_FD:
566 dgram_clear(b);
567 b->num = *((int *)ptr);
568 b->shutdown = (int)num;
569 b->init = 1;
570 dgram_update_local_addr(b);
571 # if defined(SUPPORT_LOCAL_ADDR)
572 if (data->local_addr_enabled) {
573 if (enable_local_addr(b, 1) < 1)
574 data->local_addr_enabled = 0;
575 }
576 # endif
577 break;
578 case BIO_C_GET_FD:
579 if (b->init) {
580 ip = (int *)ptr;
581 if (ip != NULL)
582 *ip = b->num;
583 ret = b->num;
584 } else
585 ret = -1;
586 break;
587 case BIO_CTRL_GET_CLOSE:
588 ret = b->shutdown;
589 break;
590 case BIO_CTRL_SET_CLOSE:
591 b->shutdown = (int)num;
592 break;
593 case BIO_CTRL_PENDING:
594 case BIO_CTRL_WPENDING:
595 ret = 0;
596 break;
597 case BIO_CTRL_DUP:
598 case BIO_CTRL_FLUSH:
599 ret = 1;
600 break;
601 case BIO_CTRL_DGRAM_CONNECT:
602 BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr));
603 break;
604 /* (Linux)kernel sets DF bit on outgoing IP packets */
605 case BIO_CTRL_DGRAM_MTU_DISCOVER:
606 # if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO)
607 addr_len = (socklen_t) sizeof(addr);
608 BIO_ADDR_clear(&addr);
609 if (getsockname(b->num, &addr.sa, &addr_len) < 0) {
610 ret = 0;
611 break;
612 }
613 switch (addr.sa.sa_family) {
614 case AF_INET:
615 sockopt_val = IP_PMTUDISC_DO;
616 if ((ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER,
617 &sockopt_val, sizeof(sockopt_val))) < 0)
618 perror("setsockopt");
619 break;
620 # if OPENSSL_USE_IPV6 && defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_DO)
621 case AF_INET6:
622 sockopt_val = IPV6_PMTUDISC_DO;
623 if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
624 &sockopt_val, sizeof(sockopt_val))) < 0)
625 perror("setsockopt");
626 break;
627 # endif
628 default:
629 ret = -1;
630 break;
631 }
632 # else
633 ret = -1;
634 # endif
635 break;
636 case BIO_CTRL_DGRAM_QUERY_MTU:
637 # if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU)
638 addr_len = (socklen_t) sizeof(addr);
639 BIO_ADDR_clear(&addr);
640 if (getsockname(b->num, &addr.sa, &addr_len) < 0) {
641 ret = 0;
642 break;
643 }
644 sockopt_len = sizeof(sockopt_val);
645 switch (addr.sa.sa_family) {
646 case AF_INET:
647 if ((ret =
648 getsockopt(b->num, IPPROTO_IP, IP_MTU, (void *)&sockopt_val,
649 &sockopt_len)) < 0 || sockopt_val < 0) {
650 ret = 0;
651 } else {
652 /*
653 * we assume that the transport protocol is UDP and no IP
654 * options are used.
655 */
656 data->mtu = sockopt_val - 8 - 20;
657 ret = data->mtu;
658 }
659 break;
660 # if OPENSSL_USE_IPV6 && defined(IPV6_MTU)
661 case AF_INET6:
662 if ((ret =
663 getsockopt(b->num, IPPROTO_IPV6, IPV6_MTU,
664 (void *)&sockopt_val, &sockopt_len)) < 0
665 || sockopt_val < 0) {
666 ret = 0;
667 } else {
668 /*
669 * we assume that the transport protocol is UDP and no IPV6
670 * options are used.
671 */
672 data->mtu = sockopt_val - 8 - 40;
673 ret = data->mtu;
674 }
675 break;
676 # endif
677 default:
678 ret = 0;
679 break;
680 }
681 # else
682 ret = 0;
683 # endif
684 break;
685 case BIO_CTRL_DGRAM_GET_FALLBACK_MTU:
686 ret = -dgram_get_mtu_overhead(data);
687 switch (BIO_ADDR_family(&data->peer)) {
688 case AF_INET:
689 ret += 576;
690 break;
691 # if OPENSSL_USE_IPV6
692 case AF_INET6:
693 {
694 # ifdef IN6_IS_ADDR_V4MAPPED
695 struct in6_addr tmp_addr;
696 if (BIO_ADDR_rawaddress(&data->peer, &tmp_addr, NULL)
697 && IN6_IS_ADDR_V4MAPPED(&tmp_addr))
698 ret += 576;
699 else
700 # endif
701 ret += 1280;
702 }
703 break;
704 # endif
705 default:
706 ret += 576;
707 break;
708 }
709 break;
710 case BIO_CTRL_DGRAM_GET_MTU:
711 return data->mtu;
712 case BIO_CTRL_DGRAM_SET_MTU:
713 data->mtu = num;
714 ret = num;
715 break;
716 case BIO_CTRL_DGRAM_SET_CONNECTED:
717 if (ptr != NULL) {
718 data->connected = 1;
719 BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr));
720 } else {
721 data->connected = 0;
722 BIO_ADDR_clear(&data->peer);
723 }
724 break;
725 case BIO_CTRL_DGRAM_GET_PEER:
726 ret = BIO_ADDR_sockaddr_size(&data->peer);
727 /* FIXME: if num < ret, we will only return part of an address.
728 That should bee an error, no? */
729 if (num == 0 || num > ret)
730 num = ret;
731 memcpy(ptr, &data->peer, (ret = num));
732 break;
733 case BIO_CTRL_DGRAM_SET_PEER:
734 BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr));
735 break;
736 case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT:
737 memcpy(&(data->next_timeout), ptr, sizeof(struct timeval));
738 break;
739 # if defined(SO_RCVTIMEO)
740 case BIO_CTRL_DGRAM_SET_RECV_TIMEOUT:
741 # ifdef OPENSSL_SYS_WINDOWS
742 {
743 struct timeval *tv = (struct timeval *)ptr;
744 int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000;
745 if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
746 (void *)&timeout, sizeof(timeout)) < 0) {
747 perror("setsockopt");
748 ret = -1;
749 }
750 }
751 # else
752 if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, ptr,
753 sizeof(struct timeval)) < 0) {
754 perror("setsockopt");
755 ret = -1;
756 }
757 # endif
758 break;
759 case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT:
760 {
761 # ifdef OPENSSL_SYS_WINDOWS
762 int sz = 0;
763 int timeout;
764 struct timeval *tv = (struct timeval *)ptr;
765
766 sz = sizeof(timeout);
767 if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
768 (void *)&timeout, &sz) < 0) {
769 perror("getsockopt");
770 ret = -1;
771 } else {
772 tv->tv_sec = timeout / 1000;
773 tv->tv_usec = (timeout % 1000) * 1000;
774 ret = sizeof(*tv);
775 }
776 # else
777 socklen_t sz = sizeof(struct timeval);
778 if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
779 ptr, &sz) < 0) {
780 perror("getsockopt");
781 ret = -1;
782 } else {
783 OPENSSL_assert(sz <= sizeof(struct timeval));
784 ret = (int)sz;
785 }
786 # endif
787 }
788 break;
789 # endif
790 # if defined(SO_SNDTIMEO)
791 case BIO_CTRL_DGRAM_SET_SEND_TIMEOUT:
792 # ifdef OPENSSL_SYS_WINDOWS
793 {
794 struct timeval *tv = (struct timeval *)ptr;
795 int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000;
796 if (setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
797 (void *)&timeout, sizeof(timeout)) < 0) {
798 perror("setsockopt");
799 ret = -1;
800 }
801 }
802 # else
803 if (setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, ptr,
804 sizeof(struct timeval)) < 0) {
805 perror("setsockopt");
806 ret = -1;
807 }
808 # endif
809 break;
810 case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT:
811 {
812 # ifdef OPENSSL_SYS_WINDOWS
813 int sz = 0;
814 int timeout;
815 struct timeval *tv = (struct timeval *)ptr;
816
817 sz = sizeof(timeout);
818 if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
819 (void *)&timeout, &sz) < 0) {
820 perror("getsockopt");
821 ret = -1;
822 } else {
823 tv->tv_sec = timeout / 1000;
824 tv->tv_usec = (timeout % 1000) * 1000;
825 ret = sizeof(*tv);
826 }
827 # else
828 socklen_t sz = sizeof(struct timeval);
829 if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
830 ptr, &sz) < 0) {
831 perror("getsockopt");
832 ret = -1;
833 } else {
834 OPENSSL_assert(sz <= sizeof(struct timeval));
835 ret = (int)sz;
836 }
837 # endif
838 }
839 break;
840 # endif
841 case BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP:
842 /* fall-through */
843 case BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP:
844 # ifdef OPENSSL_SYS_WINDOWS
845 d_errno = (data->_errno == WSAETIMEDOUT);
846 # else
847 d_errno = (data->_errno == EAGAIN);
848 # endif
849 if (d_errno) {
850 ret = 1;
851 data->_errno = 0;
852 } else
853 ret = 0;
854 break;
855 # ifdef EMSGSIZE
856 case BIO_CTRL_DGRAM_MTU_EXCEEDED:
857 if (data->_errno == EMSGSIZE) {
858 ret = 1;
859 data->_errno = 0;
860 } else
861 ret = 0;
862 break;
863 # endif
864 case BIO_CTRL_DGRAM_SET_DONT_FRAG:
865 sockopt_val = num ? 1 : 0;
866
867 switch (data->peer.sa.sa_family) {
868 case AF_INET:
869 # if defined(IP_DONTFRAG)
870 if ((ret = setsockopt(b->num, IPPROTO_IP, IP_DONTFRAG,
871 &sockopt_val, sizeof(sockopt_val))) < 0) {
872 perror("setsockopt");
873 ret = -1;
874 }
875 # elif defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined (IP_PMTUDISC_PROBE)
876 if ((sockopt_val = num ? IP_PMTUDISC_PROBE : IP_PMTUDISC_DONT),
877 (ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER,
878 &sockopt_val, sizeof(sockopt_val))) < 0) {
879 perror("setsockopt");
880 ret = -1;
881 }
882 # elif defined(OPENSSL_SYS_WINDOWS) && defined(IP_DONTFRAGMENT)
883 if ((ret = setsockopt(b->num, IPPROTO_IP, IP_DONTFRAGMENT,
884 (const char *)&sockopt_val,
885 sizeof(sockopt_val))) < 0) {
886 perror("setsockopt");
887 ret = -1;
888 }
889 # else
890 ret = -1;
891 # endif
892 break;
893 # if OPENSSL_USE_IPV6
894 case AF_INET6:
895 # if defined(IPV6_DONTFRAG)
896 if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_DONTFRAG,
897 (const void *)&sockopt_val,
898 sizeof(sockopt_val))) < 0) {
899 perror("setsockopt");
900 ret = -1;
901 }
902 # elif defined(OPENSSL_SYS_LINUX) && defined(IPV6_MTUDISCOVER)
903 if ((sockopt_val = num ? IP_PMTUDISC_PROBE : IP_PMTUDISC_DONT),
904 (ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
905 &sockopt_val, sizeof(sockopt_val))) < 0) {
906 perror("setsockopt");
907 ret = -1;
908 }
909 # else
910 ret = -1;
911 # endif
912 break;
913 # endif
914 default:
915 ret = -1;
916 break;
917 }
918 break;
919 case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD:
920 ret = dgram_get_mtu_overhead(data);
921 break;
922
923 /*
924 * BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE is used here for compatibility
925 * reasons. When BIO_CTRL_DGRAM_SET_PEEK_MODE was first defined its value
926 * was incorrectly clashing with BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE. The
927 * value has been updated to a non-clashing value. However to preserve
928 * binary compatibility we now respond to both the old value and the new one
929 */
930 case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE:
931 case BIO_CTRL_DGRAM_SET_PEEK_MODE:
932 data->peekmode = (unsigned int)num;
933 break;
934
935 case BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP:
936 # if defined(SUPPORT_LOCAL_ADDR)
937 ret = 1;
938 # else
939 ret = 0;
940 # endif
941 break;
942
943 case BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE:
944 # if defined(SUPPORT_LOCAL_ADDR)
945 num = num > 0;
946 if (num != data->local_addr_enabled) {
947 if (enable_local_addr(b, num) < 1) {
948 ret = 0;
949 break;
950 }
951
952 data->local_addr_enabled = (char)num;
953 }
954 # else
955 ret = 0;
956 # endif
957 break;
958
959 case BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE:
960 *(int *)ptr = data->local_addr_enabled;
961 break;
962
963 default:
964 ret = 0;
965 break;
966 }
967 return ret;
968 }
969
970 static int dgram_puts(BIO *bp, const char *str)
971 {
972 int n, ret;
973
974 n = strlen(str);
975 ret = dgram_write(bp, str, n);
976 return ret;
977 }
978
979 # if M_METHOD == M_METHOD_WSARECVMSG
980 static void translate_msg_win(BIO *b, WSAMSG *mh, WSABUF *iov,
981 unsigned char *control, BIO_MSG *msg)
982 {
983 iov->len = msg->data_len;
984 iov->buf = msg->data;
985
986 /* Windows requires namelen to be set exactly */
987 mh->name = msg->peer != NULL ? &msg->peer->sa : NULL;
988 if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET)
989 mh->namelen = sizeof(struct sockaddr_in);
990 # if OPENSSL_USE_IPV6
991 else if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET6)
992 mh->namelen = sizeof(struct sockaddr_in6);
993 # endif
994 else
995 mh->namelen = 0;
996
997 /*
998 * When local address reception (IP_PKTINFO, etc.) is enabled, on Windows
999 * this causes WSARecvMsg to fail if the control buffer is too small to hold
1000 * the structure, or if no control buffer is passed. So we need to give it
1001 * the control buffer even if we aren't actually going to examine the
1002 * result.
1003 */
1004 mh->lpBuffers = iov;
1005 mh->dwBufferCount = 1;
1006 mh->Control.len = BIO_CMSG_ALLOC_LEN;
1007 mh->Control.buf = control;
1008 mh->dwFlags = 0;
1009 }
1010 # endif
1011
1012 # if M_METHOD == M_METHOD_RECVMMSG || M_METHOD == M_METHOD_RECVMSG
1013 /* Translates a BIO_MSG to a msghdr and iovec. */
1014 static void translate_msg(BIO *b, struct msghdr *mh, struct iovec *iov,
1015 unsigned char *control, BIO_MSG *msg)
1016 {
1017 iov->iov_base = msg->data;
1018 iov->iov_len = msg->data_len;
1019
1020 /* macOS requires msg_namelen be 0 if msg_name is NULL */
1021 mh->msg_name = msg->peer != NULL ? &msg->peer->sa : NULL;
1022 if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET)
1023 mh->msg_namelen = sizeof(struct sockaddr_in);
1024 # if OPENSSL_USE_IPV6
1025 else if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET6)
1026 mh->msg_namelen = sizeof(struct sockaddr_in6);
1027 # endif
1028 else
1029 mh->msg_namelen = 0;
1030
1031 mh->msg_iov = iov;
1032 mh->msg_iovlen = 1;
1033 mh->msg_control = msg->local != NULL ? control : NULL;
1034 mh->msg_controllen = msg->local != NULL ? BIO_CMSG_ALLOC_LEN : 0;
1035 mh->msg_flags = 0;
1036 }
1037 # endif
1038
1039 # if M_METHOD == M_METHOD_RECVMMSG || M_METHOD == M_METHOD_RECVMSG || M_METHOD == M_METHOD_WSARECVMSG
1040 /* Extracts destination address from the control buffer. */
1041 static int extract_local(BIO *b, MSGHDR_TYPE *mh, BIO_ADDR *local) {
1042 # if defined(IP_PKTINFO) || defined(IP_RECVDSTADDR) || defined(IPV6_PKTINFO)
1043 CMSGHDR_TYPE *cmsg;
1044 int af = dgram_get_sock_family(b);
1045
1046 for (cmsg = BIO_CMSG_FIRSTHDR(mh); cmsg != NULL;
1047 cmsg = BIO_CMSG_NXTHDR(mh, cmsg)) {
1048 if (af == AF_INET) {
1049 if (cmsg->cmsg_level != IPPROTO_IP)
1050 continue;
1051
1052 # if defined(IP_PKTINFO)
1053 if (cmsg->cmsg_type != IP_PKTINFO)
1054 continue;
1055
1056 local->s_in.sin_addr =
1057 ((struct in_pktinfo *)BIO_CMSG_DATA(cmsg))->ipi_addr;
1058
1059 # elif defined(IP_RECVDSTADDR)
1060 if (cmsg->cmsg_type != IP_RECVDSTADDR)
1061 continue;
1062
1063 local->s_in.sin_addr = *(struct in_addr *)BIO_CMSG_DATA(cmsg);
1064 # endif
1065
1066 # if defined(IP_PKTINFO) || defined(IP_RECVDSTADDR)
1067 {
1068 bio_dgram_data *data = b->ptr;
1069
1070 local->s_in.sin_family = AF_INET;
1071 local->s_in.sin_port = data->local_addr.s_in.sin_port;
1072 }
1073 return 1;
1074 # endif
1075 }
1076 # if OPENSSL_USE_IPV6
1077 else if (af == AF_INET6) {
1078 if (cmsg->cmsg_level != IPPROTO_IPV6)
1079 continue;
1080
1081 # if defined(IPV6_RECVPKTINFO)
1082 if (cmsg->cmsg_type != IPV6_PKTINFO)
1083 continue;
1084
1085 {
1086 bio_dgram_data *data = b->ptr;
1087
1088 local->s_in6.sin6_addr =
1089 ((struct in6_pktinfo *)BIO_CMSG_DATA(cmsg))->ipi6_addr;
1090 local->s_in6.sin6_family = AF_INET6;
1091 local->s_in6.sin6_port = data->local_addr.s_in6.sin6_port;
1092 local->s_in6.sin6_scope_id =
1093 data->local_addr.s_in6.sin6_scope_id;
1094 local->s_in6.sin6_flowinfo = 0;
1095 }
1096 return 1;
1097 # endif
1098 }
1099 # endif
1100 }
1101 # endif
1102
1103 return 0;
1104 }
1105
1106 static int pack_local(BIO *b, MSGHDR_TYPE *mh, const BIO_ADDR *local) {
1107 int af = dgram_get_sock_family(b);
1108 # if defined(IP_PKTINFO) || defined(IP_RECVDSTADDR) || defined(IPV6_PKTINFO)
1109 CMSGHDR_TYPE *cmsg;
1110 bio_dgram_data *data = b->ptr;
1111 # endif
1112
1113 if (af == AF_INET) {
1114 # if defined(IP_PKTINFO)
1115 struct in_pktinfo *info;
1116
1117 # if defined(OPENSSL_SYS_WINDOWS)
1118 cmsg = (CMSGHDR_TYPE *)mh->Control.buf;
1119 # else
1120 cmsg = (CMSGHDR_TYPE *)mh->msg_control;
1121 # endif
1122
1123 cmsg->cmsg_len = BIO_CMSG_LEN(sizeof(struct in_pktinfo));
1124 cmsg->cmsg_level = IPPROTO_IP;
1125 cmsg->cmsg_type = IP_PKTINFO;
1126
1127 info = (struct in_pktinfo *)BIO_CMSG_DATA(cmsg);
1128 # if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_CYGWIN)
1129 info->ipi_spec_dst = local->s_in.sin_addr;
1130 # endif
1131 info->ipi_addr.s_addr = 0;
1132 info->ipi_ifindex = 0;
1133
1134 /*
1135 * We cannot override source port using this API, therefore
1136 * ensure the application specified a source port of 0
1137 * or the one we are bound to. (Better to error than silently
1138 * ignore this.)
1139 */
1140 if (local->s_in.sin_port != 0
1141 && data->local_addr.s_in.sin_port != local->s_in.sin_port) {
1142 ERR_raise(ERR_LIB_BIO, BIO_R_PORT_MISMATCH);
1143 return 0;
1144 }
1145
1146 # if defined(OPENSSL_SYS_WINDOWS)
1147 mh->Control.len = BIO_CMSG_SPACE(sizeof(struct in_pktinfo));
1148 # else
1149 mh->msg_controllen = BIO_CMSG_SPACE(sizeof(struct in_pktinfo));
1150 # endif
1151 return 1;
1152
1153 # elif defined(IP_SENDSRCADDR)
1154 struct in_addr *info;
1155
1156 /*
1157 * At least FreeBSD is very pedantic about using IP_SENDSRCADDR when we
1158 * are not bound to 0.0.0.0 or ::, even if the address matches what we
1159 * bound to. Support this by not packing the structure if the address
1160 * matches our understanding of our local address. IP_SENDSRCADDR is a
1161 * BSD thing, so we don't need an explicit test for BSD here.
1162 */
1163 if (local->s_in.sin_addr.s_addr == data->local_addr.s_in.sin_addr.s_addr) {
1164 mh->msg_control = NULL;
1165 mh->msg_controllen = 0;
1166 return 1;
1167 }
1168
1169 cmsg = (struct cmsghdr *)mh->msg_control;
1170 cmsg->cmsg_len = BIO_CMSG_LEN(sizeof(struct in_addr));
1171 cmsg->cmsg_level = IPPROTO_IP;
1172 cmsg->cmsg_type = IP_SENDSRCADDR;
1173
1174 info = (struct in_addr *)BIO_CMSG_DATA(cmsg);
1175 *info = local->s_in.sin_addr;
1176
1177 /* See comment above. */
1178 if (local->s_in.sin_port != 0
1179 && data->local_addr.s_in.sin_port != local->s_in.sin_port) {
1180 ERR_raise(ERR_LIB_BIO, BIO_R_PORT_MISMATCH);
1181 return 0;
1182 }
1183
1184 mh->msg_controllen = BIO_CMSG_SPACE(sizeof(struct in_addr));
1185 return 1;
1186 # endif
1187 }
1188 # if OPENSSL_USE_IPV6
1189 else if (af == AF_INET6) {
1190 # if defined(IPV6_PKTINFO)
1191 struct in6_pktinfo *info;
1192
1193 # if defined(OPENSSL_SYS_WINDOWS)
1194 cmsg = (CMSGHDR_TYPE *)mh->Control.buf;
1195 # else
1196 cmsg = (CMSGHDR_TYPE *)mh->msg_control;
1197 # endif
1198 cmsg->cmsg_len = BIO_CMSG_LEN(sizeof(struct in6_pktinfo));
1199 cmsg->cmsg_level = IPPROTO_IPV6;
1200 cmsg->cmsg_type = IPV6_PKTINFO;
1201
1202 info = (struct in6_pktinfo *)BIO_CMSG_DATA(cmsg);
1203 info->ipi6_addr = local->s_in6.sin6_addr;
1204 info->ipi6_ifindex = 0;
1205
1206 /*
1207 * See comment above, but also applies to the other fields
1208 * in sockaddr_in6.
1209 */
1210 if (local->s_in6.sin6_port != 0
1211 && data->local_addr.s_in6.sin6_port != local->s_in6.sin6_port) {
1212 ERR_raise(ERR_LIB_BIO, BIO_R_PORT_MISMATCH);
1213 return 0;
1214 }
1215
1216 if (local->s_in6.sin6_scope_id != 0
1217 && data->local_addr.s_in6.sin6_scope_id != local->s_in6.sin6_scope_id) {
1218 ERR_raise(ERR_LIB_BIO, BIO_R_PORT_MISMATCH);
1219 return 0;
1220 }
1221
1222 # if defined(OPENSSL_SYS_WINDOWS)
1223 mh->Control.len = BIO_CMSG_SPACE(sizeof(struct in6_pktinfo));
1224 # else
1225 mh->msg_controllen = BIO_CMSG_SPACE(sizeof(struct in6_pktinfo));
1226 # endif
1227 return 1;
1228 # endif
1229 }
1230 # endif
1231
1232 return 0;
1233 }
1234 # endif
1235
1236 /*
1237 * Converts flags passed to BIO_sendmmsg or BIO_recvmmsg to syscall flags. You
1238 * should mask out any system flags returned by this function you cannot support
1239 * in a particular circumstance. Currently no flags are defined.
1240 */
1241 # if M_METHOD != M_METHOD_NONE
1242 static int translate_flags(uint64_t flags) {
1243 return 0;
1244 }
1245 # endif
1246
1247 static int dgram_sendmmsg(BIO *b, BIO_MSG *msg, size_t stride,
1248 size_t num_msg, uint64_t flags, size_t *num_processed)
1249 {
1250 # if M_METHOD != M_METHOD_NONE && M_METHOD != M_METHOD_RECVMSG
1251 int ret;
1252 # endif
1253 # if M_METHOD == M_METHOD_RECVMMSG
1254 # define BIO_MAX_MSGS_PER_CALL 64
1255 int sysflags;
1256 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
1257 size_t i;
1258 struct mmsghdr mh[BIO_MAX_MSGS_PER_CALL];
1259 struct iovec iov[BIO_MAX_MSGS_PER_CALL];
1260 unsigned char control[BIO_MAX_MSGS_PER_CALL][BIO_CMSG_ALLOC_LEN];
1261 int have_local_enabled = data->local_addr_enabled;
1262 # elif M_METHOD == M_METHOD_RECVMSG
1263 int sysflags;
1264 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
1265 ossl_ssize_t l;
1266 struct msghdr mh;
1267 struct iovec iov;
1268 unsigned char control[BIO_CMSG_ALLOC_LEN];
1269 int have_local_enabled = data->local_addr_enabled;
1270 # elif M_METHOD == M_METHOD_WSARECVMSG
1271 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
1272 int have_local_enabled = data->local_addr_enabled;
1273 WSAMSG wmsg;
1274 WSABUF wbuf;
1275 DWORD num_bytes_sent = 0;
1276 unsigned char control[BIO_CMSG_ALLOC_LEN];
1277 # endif
1278 # if M_METHOD == M_METHOD_RECVFROM || M_METHOD == M_METHOD_WSARECVMSG
1279 int sysflags;
1280 # endif
1281
1282 if (num_msg == 0) {
1283 *num_processed = 0;
1284 return 1;
1285 }
1286
1287 if (num_msg > OSSL_SSIZE_MAX)
1288 num_msg = OSSL_SSIZE_MAX;
1289
1290 # if M_METHOD != M_METHOD_NONE
1291 sysflags = translate_flags(flags);
1292 # endif
1293
1294 # if M_METHOD == M_METHOD_RECVMMSG
1295 /*
1296 * In the sendmmsg/recvmmsg case, we need to allocate our translated struct
1297 * msghdr and struct iovec on the stack to support multithreaded use. Thus
1298 * we place a fixed limit on the number of messages per call, in the
1299 * expectation that we will be called again if there were more messages to
1300 * be sent.
1301 */
1302 if (num_msg > BIO_MAX_MSGS_PER_CALL)
1303 num_msg = BIO_MAX_MSGS_PER_CALL;
1304
1305 for (i = 0; i < num_msg; ++i) {
1306 translate_msg(b, &mh[i].msg_hdr, &iov[i],
1307 control[i], &BIO_MSG_N(msg, stride, i));
1308
1309 /* If local address was requested, it must have been enabled */
1310 if (BIO_MSG_N(msg, stride, i).local != NULL) {
1311 if (!have_local_enabled) {
1312 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1313 *num_processed = 0;
1314 return 0;
1315 }
1316
1317 if (pack_local(b, &mh[i].msg_hdr,
1318 BIO_MSG_N(msg, stride, i).local) < 1) {
1319 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1320 *num_processed = 0;
1321 return 0;
1322 }
1323 }
1324 }
1325
1326 /* Do the batch */
1327 ret = sendmmsg(b->num, mh, num_msg, sysflags);
1328 if (ret < 0) {
1329 ERR_raise(ERR_LIB_SYS, get_last_socket_error());
1330 *num_processed = 0;
1331 return 0;
1332 }
1333
1334 for (i = 0; i < (size_t)ret; ++i) {
1335 BIO_MSG_N(msg, stride, i).data_len = mh[i].msg_len;
1336 BIO_MSG_N(msg, stride, i).flags = 0;
1337 }
1338
1339 *num_processed = (size_t)ret;
1340 return 1;
1341
1342 # elif M_METHOD == M_METHOD_RECVMSG
1343 /*
1344 * If sendmsg is available, use it.
1345 */
1346 translate_msg(b, &mh, &iov, control, msg);
1347
1348 if (msg->local != NULL) {
1349 if (!have_local_enabled) {
1350 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1351 *num_processed = 0;
1352 return 0;
1353 }
1354
1355 if (pack_local(b, &mh, msg->local) < 1) {
1356 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1357 *num_processed = 0;
1358 return 0;
1359 }
1360 }
1361
1362 l = sendmsg(b->num, &mh, sysflags);
1363 if (l < 0) {
1364 ERR_raise(ERR_LIB_SYS, get_last_socket_error());
1365 *num_processed = 0;
1366 return 0;
1367 }
1368
1369 msg->data_len = (size_t)l;
1370 msg->flags = 0;
1371 *num_processed = 1;
1372 return 1;
1373
1374 # elif M_METHOD == M_METHOD_WSARECVMSG || M_METHOD == M_METHOD_RECVFROM
1375 # if M_METHOD == M_METHOD_WSARECVMSG
1376 if (bio_WSASendMsg != NULL) {
1377 /* WSASendMsg-based implementation for Windows. */
1378 translate_msg_win(b, &wmsg, &wbuf, control, msg);
1379
1380 if (msg[0].local != NULL) {
1381 if (!have_local_enabled) {
1382 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1383 *num_processed = 0;
1384 return 0;
1385 }
1386
1387 if (pack_local(b, &wmsg, msg[0].local) < 1) {
1388 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1389 *num_processed = 0;
1390 return 0;
1391 }
1392 }
1393
1394 ret = WSASendMsg((SOCKET)b->num, &wmsg, 0, &num_bytes_sent, NULL, NULL);
1395 if (ret < 0) {
1396 ERR_raise(ERR_LIB_SYS, get_last_socket_error());
1397 *num_processed = 0;
1398 return 0;
1399 }
1400
1401 msg[0].data_len = num_bytes_sent;
1402 msg[0].flags = 0;
1403 *num_processed = 1;
1404 return 1;
1405 }
1406 # endif
1407
1408 /*
1409 * Fallback to sendto and send a single message.
1410 */
1411 if (msg[0].local != NULL) {
1412 /*
1413 * We cannot set the local address if using sendto
1414 * so fail in this case
1415 */
1416 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1417 *num_processed = 0;
1418 return 0;
1419 }
1420
1421 ret = sendto(b->num, msg[0].data,
1422 # if defined(OPENSSL_SYS_WINDOWS)
1423 (int)msg[0].data_len,
1424 # else
1425 msg[0].data_len,
1426 # endif
1427 sysflags,
1428 msg[0].peer != NULL ? &msg[0].peer->sa : NULL,
1429 msg[0].peer != NULL ? sizeof(*msg[0].peer) : 0);
1430 if (ret <= 0) {
1431 ERR_raise(ERR_LIB_SYS, get_last_socket_error());
1432 *num_processed = 0;
1433 return 0;
1434 }
1435
1436 msg[0].data_len = ret;
1437 msg[0].flags = 0;
1438 *num_processed = 1;
1439 return 1;
1440
1441 # else
1442 ERR_raise(ERR_LIB_BIO, BIO_R_UNSUPPORTED_METHOD);
1443 *num_processed = 0;
1444 return 0;
1445 # endif
1446 }
1447
1448 static int dgram_recvmmsg(BIO *b, BIO_MSG *msg,
1449 size_t stride, size_t num_msg,
1450 uint64_t flags, size_t *num_processed)
1451 {
1452 # if M_METHOD != M_METHOD_NONE && M_METHOD != M_METHOD_RECVMSG
1453 int ret;
1454 # endif
1455 # if M_METHOD == M_METHOD_RECVMMSG
1456 int sysflags;
1457 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
1458 size_t i;
1459 struct mmsghdr mh[BIO_MAX_MSGS_PER_CALL];
1460 struct iovec iov[BIO_MAX_MSGS_PER_CALL];
1461 unsigned char control[BIO_MAX_MSGS_PER_CALL][BIO_CMSG_ALLOC_LEN];
1462 int have_local_enabled = data->local_addr_enabled;
1463 # elif M_METHOD == M_METHOD_RECVMSG
1464 int sysflags;
1465 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
1466 ossl_ssize_t l;
1467 struct msghdr mh;
1468 struct iovec iov;
1469 unsigned char control[BIO_CMSG_ALLOC_LEN];
1470 int have_local_enabled = data->local_addr_enabled;
1471 # elif M_METHOD == M_METHOD_WSARECVMSG
1472 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
1473 int have_local_enabled = data->local_addr_enabled;
1474 WSAMSG wmsg;
1475 WSABUF wbuf;
1476 DWORD num_bytes_received = 0;
1477 unsigned char control[BIO_CMSG_ALLOC_LEN];
1478 # endif
1479 # if M_METHOD == M_METHOD_RECVFROM || M_METHOD == M_METHOD_WSARECVMSG
1480 int sysflags;
1481 socklen_t slen;
1482 # endif
1483
1484 if (num_msg == 0) {
1485 *num_processed = 0;
1486 return 1;
1487 }
1488
1489 if (num_msg > OSSL_SSIZE_MAX)
1490 num_msg = OSSL_SSIZE_MAX;
1491
1492 # if M_METHOD != M_METHOD_NONE
1493 sysflags = translate_flags(flags);
1494 # endif
1495
1496 # if M_METHOD == M_METHOD_RECVMMSG
1497 /*
1498 * In the sendmmsg/recvmmsg case, we need to allocate our translated struct
1499 * msghdr and struct iovec on the stack to support multithreaded use. Thus
1500 * we place a fixed limit on the number of messages per call, in the
1501 * expectation that we will be called again if there were more messages to
1502 * be sent.
1503 */
1504 if (num_msg > BIO_MAX_MSGS_PER_CALL)
1505 num_msg = BIO_MAX_MSGS_PER_CALL;
1506
1507 for (i = 0; i < num_msg; ++i) {
1508 translate_msg(b, &mh[i].msg_hdr, &iov[i],
1509 control[i], &BIO_MSG_N(msg, stride, i));
1510
1511 /* If local address was requested, it must have been enabled */
1512 if (BIO_MSG_N(msg, stride, i).local != NULL && !have_local_enabled) {
1513 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1514 *num_processed = 0;
1515 return 0;
1516 }
1517 }
1518
1519 /* Do the batch */
1520 ret = recvmmsg(b->num, mh, num_msg, sysflags, NULL);
1521 if (ret < 0) {
1522 ERR_raise(ERR_LIB_SYS, get_last_socket_error());
1523 *num_processed = 0;
1524 return 0;
1525 }
1526
1527 for (i = 0; i < (size_t)ret; ++i) {
1528 BIO_MSG_N(msg, stride, i).data_len = mh[i].msg_len;
1529 BIO_MSG_N(msg, stride, i).flags = 0;
1530 /*
1531 * *(msg->peer) will have been filled in by recvmmsg;
1532 * for msg->local we parse the control data returned
1533 */
1534 if (BIO_MSG_N(msg, stride, i).local != NULL)
1535 if (extract_local(b, &mh[i].msg_hdr,
1536 BIO_MSG_N(msg, stride, i).local) < 1)
1537 /*
1538 * It appears BSDs do not support local addresses for
1539 * loopback sockets. In this case, just clear the local
1540 * address, as for OS X and Windows in some circumstances
1541 * (see below).
1542 */
1543 BIO_ADDR_clear(msg->local);
1544 }
1545
1546 *num_processed = (size_t)ret;
1547 return 1;
1548
1549 # elif M_METHOD == M_METHOD_RECVMSG
1550 /*
1551 * If recvmsg is available, use it.
1552 */
1553 translate_msg(b, &mh, &iov, control, msg);
1554
1555 /* If local address was requested, it must have been enabled */
1556 if (msg->local != NULL && !have_local_enabled) {
1557 /*
1558 * If we have done at least one message, we must return the
1559 * count; if we haven't done any, we can give an error code
1560 */
1561 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1562 *num_processed = 0;
1563 return 0;
1564 }
1565
1566 l = recvmsg(b->num, &mh, sysflags);
1567 if (l < 0) {
1568 ERR_raise(ERR_LIB_SYS, get_last_socket_error());
1569 *num_processed = 0;
1570 return 0;
1571 }
1572
1573 msg->data_len = (size_t)l;
1574 msg->flags = 0;
1575
1576 if (msg->local != NULL)
1577 if (extract_local(b, &mh, msg->local) < 1)
1578 /*
1579 * OS X exhibits odd behaviour where it appears that if a packet is
1580 * sent before the receiving interface enables IP_PKTINFO, it will
1581 * sometimes not have any control data returned even if the
1582 * receiving interface enables IP_PKTINFO before calling recvmsg().
1583 * This appears to occur non-deterministically. Presumably, OS X
1584 * handles IP_PKTINFO at the time the packet is enqueued into a
1585 * socket's receive queue, rather than at the time recvmsg() is
1586 * called, unlike most other operating systems. Thus (if this
1587 * hypothesis is correct) there is a race between where IP_PKTINFO
1588 * is enabled by the process and when the kernel's network stack
1589 * queues the incoming message.
1590 *
1591 * We cannot return the local address if we do not have it, but this
1592 * is not a caller error either, so just return a zero address
1593 * structure. This is similar to how we handle Windows loopback
1594 * interfaces (see below). We enable this workaround for all
1595 * platforms, not just Apple, as this kind of quirk in OS networking
1596 * stacks seems to be common enough that failing hard if a local
1597 * address is not provided appears to be too brittle.
1598 */
1599 BIO_ADDR_clear(msg->local);
1600
1601 *num_processed = 1;
1602 return 1;
1603
1604 # elif M_METHOD == M_METHOD_RECVFROM || M_METHOD == M_METHOD_WSARECVMSG
1605 # if M_METHOD == M_METHOD_WSARECVMSG
1606 if (bio_WSARecvMsg != NULL) {
1607 /* WSARecvMsg-based implementation for Windows. */
1608 translate_msg_win(b, &wmsg, &wbuf, control, msg);
1609
1610 /* If local address was requested, it must have been enabled */
1611 if (msg[0].local != NULL && !have_local_enabled) {
1612 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1613 *num_processed = 0;
1614 return 0;
1615 }
1616
1617 ret = WSARecvMsg((SOCKET)b->num, &wmsg, &num_bytes_received, NULL, NULL);
1618 if (ret < 0) {
1619 ERR_raise(ERR_LIB_SYS, get_last_socket_error());
1620 *num_processed = 0;
1621 return 0;
1622 }
1623
1624 msg[0].data_len = num_bytes_received;
1625 msg[0].flags = 0;
1626 if (msg[0].local != NULL)
1627 if (extract_local(b, &wmsg, msg[0].local) < 1)
1628 /*
1629 * On Windows, loopback is not a "proper" interface and it works
1630 * differently; packets are essentially short-circuited and
1631 * don't go through all of the normal processing. A consequence
1632 * of this is that packets sent from the local machine to the
1633 * local machine _will not have IP_PKTINFO_ even if the
1634 * IP_PKTINFO socket option is enabled. WSARecvMsg just sets
1635 * Control.len to 0 on returning.
1636 *
1637 * This applies regardless of whether the loopback address,
1638 * 127.0.0.1 is used, or a local interface address (e.g.
1639 * 192.168.1.1); in both cases IP_PKTINFO will not be present.
1640 *
1641 * We report this condition by setting the local BIO_ADDR's
1642 * family to 0.
1643 */
1644 BIO_ADDR_clear(msg[0].local);
1645
1646 *num_processed = 1;
1647 return 1;
1648 }
1649 # endif
1650
1651 /*
1652 * Fallback to recvfrom and receive a single message.
1653 */
1654 if (msg[0].local != NULL) {
1655 /*
1656 * We cannot determine the local address if using recvfrom
1657 * so fail in this case
1658 */
1659 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1660 *num_processed = 0;
1661 return 0;
1662 }
1663
1664 slen = sizeof(*msg[0].peer);
1665 ret = recvfrom(b->num, msg[0].data,
1666 # if defined(OPENSSL_SYS_WINDOWS)
1667 (int)msg[0].data_len,
1668 # else
1669 msg[0].data_len,
1670 # endif
1671 sysflags,
1672 msg[0].peer != NULL ? &msg[0].peer->sa : NULL,
1673 msg[0].peer != NULL ? &slen : NULL);
1674 if (ret <= 0) {
1675 ERR_raise(ERR_LIB_SYS, get_last_socket_error());
1676 return 0;
1677 }
1678
1679 msg[0].data_len = ret;
1680 msg[0].flags = 0;
1681 *num_processed = 1;
1682 return 1;
1683
1684 # else
1685 ERR_raise(ERR_LIB_BIO, BIO_R_UNSUPPORTED_METHOD);
1686 *num_processed = 0;
1687 return 0;
1688 # endif
1689 }
1690
1691 # ifndef OPENSSL_NO_SCTP
1692 const BIO_METHOD *BIO_s_datagram_sctp(void)
1693 {
1694 return &methods_dgramp_sctp;
1695 }
1696
1697 BIO *BIO_new_dgram_sctp(int fd, int close_flag)
1698 {
1699 BIO *bio;
1700 int ret, optval = 20000;
1701 int auth_data = 0, auth_forward = 0;
1702 unsigned char *p;
1703 struct sctp_authchunk auth;
1704 struct sctp_authchunks *authchunks;
1705 socklen_t sockopt_len;
1706 # ifdef SCTP_AUTHENTICATION_EVENT
1707 # ifdef SCTP_EVENT
1708 struct sctp_event event;
1709 # else
1710 struct sctp_event_subscribe event;
1711 # endif
1712 # endif
1713
1714 bio = BIO_new(BIO_s_datagram_sctp());
1715 if (bio == NULL)
1716 return NULL;
1717 BIO_set_fd(bio, fd, close_flag);
1718
1719 /* Activate SCTP-AUTH for DATA and FORWARD-TSN chunks */
1720 auth.sauth_chunk = OPENSSL_SCTP_DATA_CHUNK_TYPE;
1721 ret =
1722 setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth,
1723 sizeof(struct sctp_authchunk));
1724 if (ret < 0) {
1725 BIO_vfree(bio);
1726 ERR_raise_data(ERR_LIB_BIO, ERR_R_SYS_LIB,
1727 "Ensure SCTP AUTH chunks are enabled in kernel");
1728 return NULL;
1729 }
1730 auth.sauth_chunk = OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE;
1731 ret =
1732 setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth,
1733 sizeof(struct sctp_authchunk));
1734 if (ret < 0) {
1735 BIO_vfree(bio);
1736 ERR_raise_data(ERR_LIB_BIO, ERR_R_SYS_LIB,
1737 "Ensure SCTP AUTH chunks are enabled in kernel");
1738 return NULL;
1739 }
1740
1741 /*
1742 * Test if activation was successful. When using accept(), SCTP-AUTH has
1743 * to be activated for the listening socket already, otherwise the
1744 * connected socket won't use it. Similarly with connect(): the socket
1745 * prior to connection must be activated for SCTP-AUTH
1746 */
1747 sockopt_len = (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
1748 authchunks = OPENSSL_zalloc(sockopt_len);
1749 if (authchunks == NULL) {
1750 BIO_vfree(bio);
1751 return NULL;
1752 }
1753 ret = getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks,
1754 &sockopt_len);
1755 if (ret < 0) {
1756 OPENSSL_free(authchunks);
1757 BIO_vfree(bio);
1758 return NULL;
1759 }
1760
1761 for (p = (unsigned char *)authchunks->gauth_chunks;
1762 p < (unsigned char *)authchunks + sockopt_len;
1763 p += sizeof(uint8_t)) {
1764 if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE)
1765 auth_data = 1;
1766 if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE)
1767 auth_forward = 1;
1768 }
1769
1770 OPENSSL_free(authchunks);
1771
1772 if (!auth_data || !auth_forward) {
1773 BIO_vfree(bio);
1774 ERR_raise_data(ERR_LIB_BIO, ERR_R_SYS_LIB,
1775 "Ensure SCTP AUTH chunks are enabled on the "
1776 "underlying socket");
1777 return NULL;
1778 }
1779
1780 # ifdef SCTP_AUTHENTICATION_EVENT
1781 # ifdef SCTP_EVENT
1782 memset(&event, 0, sizeof(event));
1783 event.se_assoc_id = 0;
1784 event.se_type = SCTP_AUTHENTICATION_EVENT;
1785 event.se_on = 1;
1786 ret =
1787 setsockopt(fd, IPPROTO_SCTP, SCTP_EVENT, &event,
1788 sizeof(struct sctp_event));
1789 if (ret < 0) {
1790 BIO_vfree(bio);
1791 return NULL;
1792 }
1793 # else
1794 sockopt_len = (socklen_t) sizeof(struct sctp_event_subscribe);
1795 ret = getsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event, &sockopt_len);
1796 if (ret < 0) {
1797 BIO_vfree(bio);
1798 return NULL;
1799 }
1800
1801 event.sctp_authentication_event = 1;
1802
1803 ret =
1804 setsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event,
1805 sizeof(struct sctp_event_subscribe));
1806 if (ret < 0) {
1807 BIO_vfree(bio);
1808 return NULL;
1809 }
1810 # endif
1811 # endif
1812
1813 /*
1814 * Disable partial delivery by setting the min size larger than the max
1815 * record size of 2^14 + 2048 + 13
1816 */
1817 ret =
1818 setsockopt(fd, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT, &optval,
1819 sizeof(optval));
1820 if (ret < 0) {
1821 BIO_vfree(bio);
1822 return NULL;
1823 }
1824
1825 return bio;
1826 }
1827
1828 int BIO_dgram_is_sctp(BIO *bio)
1829 {
1830 return (BIO_method_type(bio) == BIO_TYPE_DGRAM_SCTP);
1831 }
1832
1833 static int dgram_sctp_new(BIO *bi)
1834 {
1835 bio_dgram_sctp_data *data = NULL;
1836
1837 bi->init = 0;
1838 bi->num = 0;
1839 if ((data = OPENSSL_zalloc(sizeof(*data))) == NULL) {
1840 ERR_raise(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE);
1841 return 0;
1842 }
1843 # ifdef SCTP_PR_SCTP_NONE
1844 data->prinfo.pr_policy = SCTP_PR_SCTP_NONE;
1845 # endif
1846 bi->ptr = data;
1847
1848 bi->flags = 0;
1849 return 1;
1850 }
1851
1852 static int dgram_sctp_free(BIO *a)
1853 {
1854 bio_dgram_sctp_data *data;
1855
1856 if (a == NULL)
1857 return 0;
1858 if (!dgram_clear(a))
1859 return 0;
1860
1861 data = (bio_dgram_sctp_data *) a->ptr;
1862 if (data != NULL)
1863 OPENSSL_free(data);
1864
1865 return 1;
1866 }
1867
1868 # ifdef SCTP_AUTHENTICATION_EVENT
1869 void dgram_sctp_handle_auth_free_key_event(BIO *b,
1870 union sctp_notification *snp)
1871 {
1872 int ret;
1873 struct sctp_authkey_event *authkeyevent = &snp->sn_auth_event;
1874
1875 if (authkeyevent->auth_indication == SCTP_AUTH_FREE_KEY) {
1876 struct sctp_authkeyid authkeyid;
1877
1878 /* delete key */
1879 authkeyid.scact_keynumber = authkeyevent->auth_keynumber;
1880 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DELETE_KEY,
1881 &authkeyid, sizeof(struct sctp_authkeyid));
1882 }
1883 }
1884 # endif
1885
1886 static int dgram_sctp_read(BIO *b, char *out, int outl)
1887 {
1888 int ret = 0, n = 0, i, optval;
1889 socklen_t optlen;
1890 bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
1891 struct msghdr msg;
1892 struct iovec iov;
1893 struct cmsghdr *cmsg;
1894 char cmsgbuf[512];
1895
1896 if (out != NULL) {
1897 clear_socket_error();
1898
1899 do {
1900 memset(&data->rcvinfo, 0, sizeof(data->rcvinfo));
1901 iov.iov_base = out;
1902 iov.iov_len = outl;
1903 msg.msg_name = NULL;
1904 msg.msg_namelen = 0;
1905 msg.msg_iov = &iov;
1906 msg.msg_iovlen = 1;
1907 msg.msg_control = cmsgbuf;
1908 msg.msg_controllen = 512;
1909 msg.msg_flags = 0;
1910 n = recvmsg(b->num, &msg, 0);
1911
1912 if (n <= 0) {
1913 if (n < 0)
1914 ret = n;
1915 break;
1916 }
1917
1918 if (msg.msg_controllen > 0) {
1919 for (cmsg = CMSG_FIRSTHDR(&msg); cmsg;
1920 cmsg = CMSG_NXTHDR(&msg, cmsg)) {
1921 if (cmsg->cmsg_level != IPPROTO_SCTP)
1922 continue;
1923 # ifdef SCTP_RCVINFO
1924 if (cmsg->cmsg_type == SCTP_RCVINFO) {
1925 struct sctp_rcvinfo *rcvinfo;
1926
1927 rcvinfo = (struct sctp_rcvinfo *)CMSG_DATA(cmsg);
1928 data->rcvinfo.rcv_sid = rcvinfo->rcv_sid;
1929 data->rcvinfo.rcv_ssn = rcvinfo->rcv_ssn;
1930 data->rcvinfo.rcv_flags = rcvinfo->rcv_flags;
1931 data->rcvinfo.rcv_ppid = rcvinfo->rcv_ppid;
1932 data->rcvinfo.rcv_tsn = rcvinfo->rcv_tsn;
1933 data->rcvinfo.rcv_cumtsn = rcvinfo->rcv_cumtsn;
1934 data->rcvinfo.rcv_context = rcvinfo->rcv_context;
1935 }
1936 # endif
1937 # ifdef SCTP_SNDRCV
1938 if (cmsg->cmsg_type == SCTP_SNDRCV) {
1939 struct sctp_sndrcvinfo *sndrcvinfo;
1940
1941 sndrcvinfo =
1942 (struct sctp_sndrcvinfo *)CMSG_DATA(cmsg);
1943 data->rcvinfo.rcv_sid = sndrcvinfo->sinfo_stream;
1944 data->rcvinfo.rcv_ssn = sndrcvinfo->sinfo_ssn;
1945 data->rcvinfo.rcv_flags = sndrcvinfo->sinfo_flags;
1946 data->rcvinfo.rcv_ppid = sndrcvinfo->sinfo_ppid;
1947 data->rcvinfo.rcv_tsn = sndrcvinfo->sinfo_tsn;
1948 data->rcvinfo.rcv_cumtsn = sndrcvinfo->sinfo_cumtsn;
1949 data->rcvinfo.rcv_context = sndrcvinfo->sinfo_context;
1950 }
1951 # endif
1952 }
1953 }
1954
1955 if (msg.msg_flags & MSG_NOTIFICATION) {
1956 union sctp_notification snp;
1957
1958 memcpy(&snp, out, sizeof(snp));
1959 if (snp.sn_header.sn_type == SCTP_SENDER_DRY_EVENT) {
1960 # ifdef SCTP_EVENT
1961 struct sctp_event event;
1962 # else
1963 struct sctp_event_subscribe event;
1964 socklen_t eventsize;
1965 # endif
1966
1967 /* disable sender dry event */
1968 # ifdef SCTP_EVENT
1969 memset(&event, 0, sizeof(event));
1970 event.se_assoc_id = 0;
1971 event.se_type = SCTP_SENDER_DRY_EVENT;
1972 event.se_on = 0;
1973 i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event,
1974 sizeof(struct sctp_event));
1975 if (i < 0) {
1976 ret = i;
1977 break;
1978 }
1979 # else
1980 eventsize = sizeof(struct sctp_event_subscribe);
1981 i = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
1982 &eventsize);
1983 if (i < 0) {
1984 ret = i;
1985 break;
1986 }
1987
1988 event.sctp_sender_dry_event = 0;
1989
1990 i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
1991 sizeof(struct sctp_event_subscribe));
1992 if (i < 0) {
1993 ret = i;
1994 break;
1995 }
1996 # endif
1997 }
1998 # ifdef SCTP_AUTHENTICATION_EVENT
1999 if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT)
2000 dgram_sctp_handle_auth_free_key_event(b, &snp);
2001 # endif
2002
2003 if (data->handle_notifications != NULL)
2004 data->handle_notifications(b, data->notification_context,
2005 (void *)out);
2006
2007 memset(&snp, 0, sizeof(snp));
2008 memset(out, 0, outl);
2009 } else {
2010 ret += n;
2011 }
2012 }
2013 while ((msg.msg_flags & MSG_NOTIFICATION) && (msg.msg_flags & MSG_EOR)
2014 && (ret < outl));
2015
2016 if (ret > 0 && !(msg.msg_flags & MSG_EOR)) {
2017 /* Partial message read, this should never happen! */
2018
2019 /*
2020 * The buffer was too small, this means the peer sent a message
2021 * that was larger than allowed.
2022 */
2023 if (ret == outl)
2024 return -1;
2025
2026 /*
2027 * Test if socket buffer can handle max record size (2^14 + 2048
2028 * + 13)
2029 */
2030 optlen = (socklen_t) sizeof(int);
2031 ret = getsockopt(b->num, SOL_SOCKET, SO_RCVBUF, &optval, &optlen);
2032 if (ret >= 0)
2033 OPENSSL_assert(optval >= 18445);
2034
2035 /*
2036 * Test if SCTP doesn't partially deliver below max record size
2037 * (2^14 + 2048 + 13)
2038 */
2039 optlen = (socklen_t) sizeof(int);
2040 ret =
2041 getsockopt(b->num, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT,
2042 &optval, &optlen);
2043 if (ret >= 0)
2044 OPENSSL_assert(optval >= 18445);
2045
2046 /*
2047 * Partially delivered notification??? Probably a bug....
2048 */
2049 OPENSSL_assert(!(msg.msg_flags & MSG_NOTIFICATION));
2050
2051 /*
2052 * Everything seems ok till now, so it's most likely a message
2053 * dropped by PR-SCTP.
2054 */
2055 memset(out, 0, outl);
2056 BIO_set_retry_read(b);
2057 return -1;
2058 }
2059
2060 BIO_clear_retry_flags(b);
2061 if (ret < 0) {
2062 if (BIO_dgram_should_retry(ret)) {
2063 BIO_set_retry_read(b);
2064 data->_errno = get_last_socket_error();
2065 }
2066 }
2067
2068 /* Test if peer uses SCTP-AUTH before continuing */
2069 if (!data->peer_auth_tested) {
2070 int ii, auth_data = 0, auth_forward = 0;
2071 unsigned char *p;
2072 struct sctp_authchunks *authchunks;
2073
2074 optlen =
2075 (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
2076 authchunks = OPENSSL_malloc(optlen);
2077 if (authchunks == NULL) {
2078 ERR_raise(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE);
2079 return -1;
2080 }
2081 memset(authchunks, 0, optlen);
2082 ii = getsockopt(b->num, IPPROTO_SCTP, SCTP_PEER_AUTH_CHUNKS,
2083 authchunks, &optlen);
2084
2085 if (ii >= 0)
2086 for (p = (unsigned char *)authchunks->gauth_chunks;
2087 p < (unsigned char *)authchunks + optlen;
2088 p += sizeof(uint8_t)) {
2089 if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE)
2090 auth_data = 1;
2091 if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE)
2092 auth_forward = 1;
2093 }
2094
2095 OPENSSL_free(authchunks);
2096
2097 if (!auth_data || !auth_forward) {
2098 ERR_raise(ERR_LIB_BIO, BIO_R_CONNECT_ERROR);
2099 return -1;
2100 }
2101
2102 data->peer_auth_tested = 1;
2103 }
2104 }
2105 return ret;
2106 }
2107
2108 /*
2109 * dgram_sctp_write - send message on SCTP socket
2110 * @b: BIO to write to
2111 * @in: data to send
2112 * @inl: amount of bytes in @in to send
2113 *
2114 * Returns -1 on error or the sent amount of bytes on success
2115 */
2116 static int dgram_sctp_write(BIO *b, const char *in, int inl)
2117 {
2118 int ret;
2119 bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
2120 struct bio_dgram_sctp_sndinfo *sinfo = &(data->sndinfo);
2121 struct bio_dgram_sctp_prinfo *pinfo = &(data->prinfo);
2122 struct bio_dgram_sctp_sndinfo handshake_sinfo;
2123 struct iovec iov[1];
2124 struct msghdr msg;
2125 struct cmsghdr *cmsg;
2126 # if defined(SCTP_SNDINFO) && defined(SCTP_PRINFO)
2127 char cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndinfo)) +
2128 CMSG_SPACE(sizeof(struct sctp_prinfo))];
2129 struct sctp_sndinfo *sndinfo;
2130 struct sctp_prinfo *prinfo;
2131 # else
2132 char cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndrcvinfo))];
2133 struct sctp_sndrcvinfo *sndrcvinfo;
2134 # endif
2135
2136 clear_socket_error();
2137
2138 /*
2139 * If we're send anything else than application data, disable all user
2140 * parameters and flags.
2141 */
2142 if (in[0] != 23) {
2143 memset(&handshake_sinfo, 0, sizeof(handshake_sinfo));
2144 # ifdef SCTP_SACK_IMMEDIATELY
2145 handshake_sinfo.snd_flags = SCTP_SACK_IMMEDIATELY;
2146 # endif
2147 sinfo = &handshake_sinfo;
2148 }
2149
2150 /* We can only send a shutdown alert if the socket is dry */
2151 if (data->save_shutdown) {
2152 ret = BIO_dgram_sctp_wait_for_dry(b);
2153 if (ret < 0)
2154 return -1;
2155 if (ret == 0) {
2156 BIO_clear_retry_flags(b);
2157 BIO_set_retry_write(b);
2158 return -1;
2159 }
2160 }
2161
2162 iov[0].iov_base = (char *)in;
2163 iov[0].iov_len = inl;
2164 msg.msg_name = NULL;
2165 msg.msg_namelen = 0;
2166 msg.msg_iov = iov;
2167 msg.msg_iovlen = 1;
2168 msg.msg_control = (caddr_t) cmsgbuf;
2169 msg.msg_controllen = 0;
2170 msg.msg_flags = 0;
2171 # if defined(SCTP_SNDINFO) && defined(SCTP_PRINFO)
2172 cmsg = (struct cmsghdr *)cmsgbuf;
2173 cmsg->cmsg_level = IPPROTO_SCTP;
2174 cmsg->cmsg_type = SCTP_SNDINFO;
2175 cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndinfo));
2176 sndinfo = (struct sctp_sndinfo *)CMSG_DATA(cmsg);
2177 memset(sndinfo, 0, sizeof(*sndinfo));
2178 sndinfo->snd_sid = sinfo->snd_sid;
2179 sndinfo->snd_flags = sinfo->snd_flags;
2180 sndinfo->snd_ppid = sinfo->snd_ppid;
2181 sndinfo->snd_context = sinfo->snd_context;
2182 msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_sndinfo));
2183
2184 cmsg =
2185 (struct cmsghdr *)&cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndinfo))];
2186 cmsg->cmsg_level = IPPROTO_SCTP;
2187 cmsg->cmsg_type = SCTP_PRINFO;
2188 cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_prinfo));
2189 prinfo = (struct sctp_prinfo *)CMSG_DATA(cmsg);
2190 memset(prinfo, 0, sizeof(*prinfo));
2191 prinfo->pr_policy = pinfo->pr_policy;
2192 prinfo->pr_value = pinfo->pr_value;
2193 msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_prinfo));
2194 # else
2195 cmsg = (struct cmsghdr *)cmsgbuf;
2196 cmsg->cmsg_level = IPPROTO_SCTP;
2197 cmsg->cmsg_type = SCTP_SNDRCV;
2198 cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndrcvinfo));
2199 sndrcvinfo = (struct sctp_sndrcvinfo *)CMSG_DATA(cmsg);
2200 memset(sndrcvinfo, 0, sizeof(*sndrcvinfo));
2201 sndrcvinfo->sinfo_stream = sinfo->snd_sid;
2202 sndrcvinfo->sinfo_flags = sinfo->snd_flags;
2203 # ifdef __FreeBSD__
2204 sndrcvinfo->sinfo_flags |= pinfo->pr_policy;
2205 # endif
2206 sndrcvinfo->sinfo_ppid = sinfo->snd_ppid;
2207 sndrcvinfo->sinfo_context = sinfo->snd_context;
2208 sndrcvinfo->sinfo_timetolive = pinfo->pr_value;
2209 msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_sndrcvinfo));
2210 # endif
2211
2212 ret = sendmsg(b->num, &msg, 0);
2213
2214 BIO_clear_retry_flags(b);
2215 if (ret <= 0) {
2216 if (BIO_dgram_should_retry(ret)) {
2217 BIO_set_retry_write(b);
2218 data->_errno = get_last_socket_error();
2219 }
2220 }
2221 return ret;
2222 }
2223
2224 static long dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr)
2225 {
2226 long ret = 1;
2227 bio_dgram_sctp_data *data = NULL;
2228 socklen_t sockopt_len = 0;
2229 struct sctp_authkeyid authkeyid;
2230 struct sctp_authkey *authkey = NULL;
2231
2232 data = (bio_dgram_sctp_data *) b->ptr;
2233
2234 switch (cmd) {
2235 case BIO_CTRL_DGRAM_QUERY_MTU:
2236 /*
2237 * Set to maximum (2^14) and ignore user input to enable transport
2238 * protocol fragmentation. Returns always 2^14.
2239 */
2240 data->mtu = 16384;
2241 ret = data->mtu;
2242 break;
2243 case BIO_CTRL_DGRAM_SET_MTU:
2244 /*
2245 * Set to maximum (2^14) and ignore input to enable transport
2246 * protocol fragmentation. Returns always 2^14.
2247 */
2248 data->mtu = 16384;
2249 ret = data->mtu;
2250 break;
2251 case BIO_CTRL_DGRAM_SET_CONNECTED:
2252 case BIO_CTRL_DGRAM_CONNECT:
2253 /* Returns always -1. */
2254 ret = -1;
2255 break;
2256 case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT:
2257 /*
2258 * SCTP doesn't need the DTLS timer Returns always 1.
2259 */
2260 break;
2261 case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD:
2262 /*
2263 * We allow transport protocol fragmentation so this is irrelevant
2264 */
2265 ret = 0;
2266 break;
2267 case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE:
2268 if (num > 0)
2269 data->in_handshake = 1;
2270 else
2271 data->in_handshake = 0;
2272
2273 ret =
2274 setsockopt(b->num, IPPROTO_SCTP, SCTP_NODELAY,
2275 &data->in_handshake, sizeof(int));
2276 break;
2277 case BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY:
2278 /*
2279 * New shared key for SCTP AUTH. Returns 0 on success, -1 otherwise.
2280 */
2281
2282 /* Get active key */
2283 sockopt_len = sizeof(struct sctp_authkeyid);
2284 ret =
2285 getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid,
2286 &sockopt_len);
2287 if (ret < 0)
2288 break;
2289
2290 /* Add new key */
2291 sockopt_len = sizeof(struct sctp_authkey) + 64 * sizeof(uint8_t);
2292 authkey = OPENSSL_malloc(sockopt_len);
2293 if (authkey == NULL) {
2294 ret = -1;
2295 break;
2296 }
2297 memset(authkey, 0, sockopt_len);
2298 authkey->sca_keynumber = authkeyid.scact_keynumber + 1;
2299 # ifndef __FreeBSD__
2300 /*
2301 * This field is missing in FreeBSD 8.2 and earlier, and FreeBSD 8.3
2302 * and higher work without it.
2303 */
2304 authkey->sca_keylength = 64;
2305 # endif
2306 memcpy(&authkey->sca_key[0], ptr, 64 * sizeof(uint8_t));
2307
2308 ret =
2309 setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_KEY, authkey,
2310 sockopt_len);
2311 OPENSSL_free(authkey);
2312 authkey = NULL;
2313 if (ret < 0)
2314 break;
2315
2316 /* Reset active key */
2317 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY,
2318 &authkeyid, sizeof(struct sctp_authkeyid));
2319 if (ret < 0)
2320 break;
2321
2322 break;
2323 case BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY:
2324 /* Returns 0 on success, -1 otherwise. */
2325
2326 /* Get active key */
2327 sockopt_len = sizeof(struct sctp_authkeyid);
2328 ret =
2329 getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid,
2330 &sockopt_len);
2331 if (ret < 0)
2332 break;
2333
2334 /* Set active key */
2335 authkeyid.scact_keynumber = authkeyid.scact_keynumber + 1;
2336 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY,
2337 &authkeyid, sizeof(struct sctp_authkeyid));
2338 if (ret < 0)
2339 break;
2340
2341 /*
2342 * CCS has been sent, so remember that and fall through to check if
2343 * we need to deactivate an old key
2344 */
2345 data->ccs_sent = 1;
2346 /* fall-through */
2347
2348 case BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD:
2349 /* Returns 0 on success, -1 otherwise. */
2350
2351 /*
2352 * Has this command really been called or is this just a
2353 * fall-through?
2354 */
2355 if (cmd == BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD)
2356 data->ccs_rcvd = 1;
2357
2358 /*
2359 * CSS has been both, received and sent, so deactivate an old key
2360 */
2361 if (data->ccs_rcvd == 1 && data->ccs_sent == 1) {
2362 /* Get active key */
2363 sockopt_len = sizeof(struct sctp_authkeyid);
2364 ret =
2365 getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY,
2366 &authkeyid, &sockopt_len);
2367 if (ret < 0)
2368 break;
2369
2370 /*
2371 * Deactivate key or delete second last key if
2372 * SCTP_AUTHENTICATION_EVENT is not available.
2373 */
2374 authkeyid.scact_keynumber = authkeyid.scact_keynumber - 1;
2375 # ifdef SCTP_AUTH_DEACTIVATE_KEY
2376 sockopt_len = sizeof(struct sctp_authkeyid);
2377 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DEACTIVATE_KEY,
2378 &authkeyid, sockopt_len);
2379 if (ret < 0)
2380 break;
2381 # endif
2382 # ifndef SCTP_AUTHENTICATION_EVENT
2383 if (authkeyid.scact_keynumber > 0) {
2384 authkeyid.scact_keynumber = authkeyid.scact_keynumber - 1;
2385 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DELETE_KEY,
2386 &authkeyid, sizeof(struct sctp_authkeyid));
2387 if (ret < 0)
2388 break;
2389 }
2390 # endif
2391
2392 data->ccs_rcvd = 0;
2393 data->ccs_sent = 0;
2394 }
2395 break;
2396 case BIO_CTRL_DGRAM_SCTP_GET_SNDINFO:
2397 /* Returns the size of the copied struct. */
2398 if (num > (long)sizeof(struct bio_dgram_sctp_sndinfo))
2399 num = sizeof(struct bio_dgram_sctp_sndinfo);
2400
2401 memcpy(ptr, &(data->sndinfo), num);
2402 ret = num;
2403 break;
2404 case BIO_CTRL_DGRAM_SCTP_SET_SNDINFO:
2405 /* Returns the size of the copied struct. */
2406 if (num > (long)sizeof(struct bio_dgram_sctp_sndinfo))
2407 num = sizeof(struct bio_dgram_sctp_sndinfo);
2408
2409 memcpy(&(data->sndinfo), ptr, num);
2410 break;
2411 case BIO_CTRL_DGRAM_SCTP_GET_RCVINFO:
2412 /* Returns the size of the copied struct. */
2413 if (num > (long)sizeof(struct bio_dgram_sctp_rcvinfo))
2414 num = sizeof(struct bio_dgram_sctp_rcvinfo);
2415
2416 memcpy(ptr, &data->rcvinfo, num);
2417
2418 ret = num;
2419 break;
2420 case BIO_CTRL_DGRAM_SCTP_SET_RCVINFO:
2421 /* Returns the size of the copied struct. */
2422 if (num > (long)sizeof(struct bio_dgram_sctp_rcvinfo))
2423 num = sizeof(struct bio_dgram_sctp_rcvinfo);
2424
2425 memcpy(&(data->rcvinfo), ptr, num);
2426 break;
2427 case BIO_CTRL_DGRAM_SCTP_GET_PRINFO:
2428 /* Returns the size of the copied struct. */
2429 if (num > (long)sizeof(struct bio_dgram_sctp_prinfo))
2430 num = sizeof(struct bio_dgram_sctp_prinfo);
2431
2432 memcpy(ptr, &(data->prinfo), num);
2433 ret = num;
2434 break;
2435 case BIO_CTRL_DGRAM_SCTP_SET_PRINFO:
2436 /* Returns the size of the copied struct. */
2437 if (num > (long)sizeof(struct bio_dgram_sctp_prinfo))
2438 num = sizeof(struct bio_dgram_sctp_prinfo);
2439
2440 memcpy(&(data->prinfo), ptr, num);
2441 break;
2442 case BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN:
2443 /* Returns always 1. */
2444 if (num > 0)
2445 data->save_shutdown = 1;
2446 else
2447 data->save_shutdown = 0;
2448 break;
2449 case BIO_CTRL_DGRAM_SCTP_WAIT_FOR_DRY:
2450 return dgram_sctp_wait_for_dry(b);
2451 case BIO_CTRL_DGRAM_SCTP_MSG_WAITING:
2452 return dgram_sctp_msg_waiting(b);
2453
2454 default:
2455 /*
2456 * Pass to default ctrl function to process SCTP unspecific commands
2457 */
2458 ret = dgram_ctrl(b, cmd, num, ptr);
2459 break;
2460 }
2461 return ret;
2462 }
2463
2464 int BIO_dgram_sctp_notification_cb(BIO *b,
2465 BIO_dgram_sctp_notification_handler_fn handle_notifications,
2466 void *context)
2467 {
2468 bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
2469
2470 if (handle_notifications != NULL) {
2471 data->handle_notifications = handle_notifications;
2472 data->notification_context = context;
2473 } else
2474 return -1;
2475
2476 return 0;
2477 }
2478
2479 /*
2480 * BIO_dgram_sctp_wait_for_dry - Wait for SCTP SENDER_DRY event
2481 * @b: The BIO to check for the dry event
2482 *
2483 * Wait until the peer confirms all packets have been received, and so that
2484 * our kernel doesn't have anything to send anymore. This is only received by
2485 * the peer's kernel, not the application.
2486 *
2487 * Returns:
2488 * -1 on error
2489 * 0 when not dry yet
2490 * 1 when dry
2491 */
2492 int BIO_dgram_sctp_wait_for_dry(BIO *b)
2493 {
2494 return (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SCTP_WAIT_FOR_DRY, 0, NULL);
2495 }
2496
2497 static int dgram_sctp_wait_for_dry(BIO *b)
2498 {
2499 int is_dry = 0;
2500 int sockflags = 0;
2501 int n, ret;
2502 union sctp_notification snp;
2503 struct msghdr msg;
2504 struct iovec iov;
2505 # ifdef SCTP_EVENT
2506 struct sctp_event event;
2507 # else
2508 struct sctp_event_subscribe event;
2509 socklen_t eventsize;
2510 # endif
2511 bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
2512
2513 /* set sender dry event */
2514 # ifdef SCTP_EVENT
2515 memset(&event, 0, sizeof(event));
2516 event.se_assoc_id = 0;
2517 event.se_type = SCTP_SENDER_DRY_EVENT;
2518 event.se_on = 1;
2519 ret =
2520 setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event,
2521 sizeof(struct sctp_event));
2522 # else
2523 eventsize = sizeof(struct sctp_event_subscribe);
2524 ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, &eventsize);
2525 if (ret < 0)
2526 return -1;
2527
2528 event.sctp_sender_dry_event = 1;
2529
2530 ret =
2531 setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
2532 sizeof(struct sctp_event_subscribe));
2533 # endif
2534 if (ret < 0)
2535 return -1;
2536
2537 /* peek for notification */
2538 memset(&snp, 0, sizeof(snp));
2539 iov.iov_base = (char *)&snp;
2540 iov.iov_len = sizeof(union sctp_notification);
2541 msg.msg_name = NULL;
2542 msg.msg_namelen = 0;
2543 msg.msg_iov = &iov;
2544 msg.msg_iovlen = 1;
2545 msg.msg_control = NULL;
2546 msg.msg_controllen = 0;
2547 msg.msg_flags = 0;
2548
2549 n = recvmsg(b->num, &msg, MSG_PEEK);
2550 if (n <= 0) {
2551 if ((n < 0) && (get_last_socket_error() != EAGAIN)
2552 && (get_last_socket_error() != EWOULDBLOCK))
2553 return -1;
2554 else
2555 return 0;
2556 }
2557
2558 /* if we find a notification, process it and try again if necessary */
2559 while (msg.msg_flags & MSG_NOTIFICATION) {
2560 memset(&snp, 0, sizeof(snp));
2561 iov.iov_base = (char *)&snp;
2562 iov.iov_len = sizeof(union sctp_notification);
2563 msg.msg_name = NULL;
2564 msg.msg_namelen = 0;
2565 msg.msg_iov = &iov;
2566 msg.msg_iovlen = 1;
2567 msg.msg_control = NULL;
2568 msg.msg_controllen = 0;
2569 msg.msg_flags = 0;
2570
2571 n = recvmsg(b->num, &msg, 0);
2572 if (n <= 0) {
2573 if ((n < 0) && (get_last_socket_error() != EAGAIN)
2574 && (get_last_socket_error() != EWOULDBLOCK))
2575 return -1;
2576 else
2577 return is_dry;
2578 }
2579
2580 if (snp.sn_header.sn_type == SCTP_SENDER_DRY_EVENT) {
2581 is_dry = 1;
2582
2583 /* disable sender dry event */
2584 # ifdef SCTP_EVENT
2585 memset(&event, 0, sizeof(event));
2586 event.se_assoc_id = 0;
2587 event.se_type = SCTP_SENDER_DRY_EVENT;
2588 event.se_on = 0;
2589 ret =
2590 setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event,
2591 sizeof(struct sctp_event));
2592 # else
2593 eventsize = (socklen_t) sizeof(struct sctp_event_subscribe);
2594 ret =
2595 getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
2596 &eventsize);
2597 if (ret < 0)
2598 return -1;
2599
2600 event.sctp_sender_dry_event = 0;
2601
2602 ret =
2603 setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
2604 sizeof(struct sctp_event_subscribe));
2605 # endif
2606 if (ret < 0)
2607 return -1;
2608 }
2609 # ifdef SCTP_AUTHENTICATION_EVENT
2610 if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT)
2611 dgram_sctp_handle_auth_free_key_event(b, &snp);
2612 # endif
2613
2614 if (data->handle_notifications != NULL)
2615 data->handle_notifications(b, data->notification_context,
2616 (void *)&snp);
2617
2618 /* found notification, peek again */
2619 memset(&snp, 0, sizeof(snp));
2620 iov.iov_base = (char *)&snp;
2621 iov.iov_len = sizeof(union sctp_notification);
2622 msg.msg_name = NULL;
2623 msg.msg_namelen = 0;
2624 msg.msg_iov = &iov;
2625 msg.msg_iovlen = 1;
2626 msg.msg_control = NULL;
2627 msg.msg_controllen = 0;
2628 msg.msg_flags = 0;
2629
2630 /* if we have seen the dry already, don't wait */
2631 if (is_dry) {
2632 sockflags = fcntl(b->num, F_GETFL, 0);
2633 fcntl(b->num, F_SETFL, O_NONBLOCK);
2634 }
2635
2636 n = recvmsg(b->num, &msg, MSG_PEEK);
2637
2638 if (is_dry) {
2639 fcntl(b->num, F_SETFL, sockflags);
2640 }
2641
2642 if (n <= 0) {
2643 if ((n < 0) && (get_last_socket_error() != EAGAIN)
2644 && (get_last_socket_error() != EWOULDBLOCK))
2645 return -1;
2646 else
2647 return is_dry;
2648 }
2649 }
2650
2651 /* read anything else */
2652 return is_dry;
2653 }
2654
2655 int BIO_dgram_sctp_msg_waiting(BIO *b)
2656 {
2657 return (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SCTP_MSG_WAITING, 0, NULL);
2658 }
2659
2660 static int dgram_sctp_msg_waiting(BIO *b)
2661 {
2662 int n, sockflags;
2663 union sctp_notification snp;
2664 struct msghdr msg;
2665 struct iovec iov;
2666 bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
2667
2668 /* Check if there are any messages waiting to be read */
2669 do {
2670 memset(&snp, 0, sizeof(snp));
2671 iov.iov_base = (char *)&snp;
2672 iov.iov_len = sizeof(union sctp_notification);
2673 msg.msg_name = NULL;
2674 msg.msg_namelen = 0;
2675 msg.msg_iov = &iov;
2676 msg.msg_iovlen = 1;
2677 msg.msg_control = NULL;
2678 msg.msg_controllen = 0;
2679 msg.msg_flags = 0;
2680
2681 sockflags = fcntl(b->num, F_GETFL, 0);
2682 fcntl(b->num, F_SETFL, O_NONBLOCK);
2683 n = recvmsg(b->num, &msg, MSG_PEEK);
2684 fcntl(b->num, F_SETFL, sockflags);
2685
2686 /* if notification, process and try again */
2687 if (n > 0 && (msg.msg_flags & MSG_NOTIFICATION)) {
2688 # ifdef SCTP_AUTHENTICATION_EVENT
2689 if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT)
2690 dgram_sctp_handle_auth_free_key_event(b, &snp);
2691 # endif
2692
2693 memset(&snp, 0, sizeof(snp));
2694 iov.iov_base = (char *)&snp;
2695 iov.iov_len = sizeof(union sctp_notification);
2696 msg.msg_name = NULL;
2697 msg.msg_namelen = 0;
2698 msg.msg_iov = &iov;
2699 msg.msg_iovlen = 1;
2700 msg.msg_control = NULL;
2701 msg.msg_controllen = 0;
2702 msg.msg_flags = 0;
2703 n = recvmsg(b->num, &msg, 0);
2704
2705 if (data->handle_notifications != NULL)
2706 data->handle_notifications(b, data->notification_context,
2707 (void *)&snp);
2708 }
2709
2710 } while (n > 0 && (msg.msg_flags & MSG_NOTIFICATION));
2711
2712 /* Return 1 if there is a message to be read, return 0 otherwise. */
2713 if (n > 0)
2714 return 1;
2715 else
2716 return 0;
2717 }
2718
2719 static int dgram_sctp_puts(BIO *bp, const char *str)
2720 {
2721 int n, ret;
2722
2723 n = strlen(str);
2724 ret = dgram_sctp_write(bp, str, n);
2725 return ret;
2726 }
2727 # endif
2728
2729 static int BIO_dgram_should_retry(int i)
2730 {
2731 int err;
2732
2733 if ((i == 0) || (i == -1)) {
2734 err = get_last_socket_error();
2735
2736 # if defined(OPENSSL_SYS_WINDOWS)
2737 /*
2738 * If the socket return value (i) is -1 and err is unexpectedly 0 at
2739 * this point, the error code was overwritten by another system call
2740 * before this error handling is called.
2741 */
2742 # endif
2743
2744 return BIO_dgram_non_fatal_error(err);
2745 }
2746 return 0;
2747 }
2748
2749 int BIO_dgram_non_fatal_error(int err)
2750 {
2751 switch (err) {
2752 # if defined(OPENSSL_SYS_WINDOWS)
2753 # if defined(WSAEWOULDBLOCK)
2754 case WSAEWOULDBLOCK:
2755 # endif
2756 # endif
2757
2758 # ifdef EWOULDBLOCK
2759 # ifdef WSAEWOULDBLOCK
2760 # if WSAEWOULDBLOCK != EWOULDBLOCK
2761 case EWOULDBLOCK:
2762 # endif
2763 # else
2764 case EWOULDBLOCK:
2765 # endif
2766 # endif
2767
2768 # ifdef EINTR
2769 case EINTR:
2770 # endif
2771
2772 # ifdef EAGAIN
2773 # if EWOULDBLOCK != EAGAIN
2774 case EAGAIN:
2775 # endif
2776 # endif
2777
2778 # ifdef EPROTO
2779 case EPROTO:
2780 # endif
2781
2782 # ifdef EINPROGRESS
2783 case EINPROGRESS:
2784 # endif
2785
2786 # ifdef EALREADY
2787 case EALREADY:
2788 # endif
2789
2790 return 1;
2791 default:
2792 break;
2793 }
2794 return 0;
2795 }
2796
2797 static void get_current_time(struct timeval *t)
2798 {
2799 # if defined(_WIN32)
2800 SYSTEMTIME st;
2801 unsigned __int64 now_ul;
2802 FILETIME now_ft;
2803
2804 GetSystemTime(&st);
2805 SystemTimeToFileTime(&st, &now_ft);
2806 now_ul = ((unsigned __int64)now_ft.dwHighDateTime << 32) | now_ft.dwLowDateTime;
2807 # ifdef __MINGW32__
2808 now_ul -= 116444736000000000ULL;
2809 # else
2810 now_ul -= 116444736000000000UI64; /* re-bias to 1/1/1970 */
2811 # endif
2812 t->tv_sec = (long)(now_ul / 10000000);
2813 t->tv_usec = ((int)(now_ul % 10000000)) / 10;
2814 # else
2815 if (gettimeofday(t, NULL) < 0)
2816 perror("gettimeofday");
2817 # endif
2818 }
2819
2820 #endif
A mirror of the official openssl repository