]> git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/bio/bss_dgram.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Cast socklen_t to size_t in assert comparison
[thirdparty/openssl.git] / crypto / bio / bss_dgram.c
1 /*
2 * Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #ifndef _GNU_SOURCE
11 # define _GNU_SOURCE
12 #endif
13
14 #include <stdio.h>
15 #include <errno.h>
16
17 #include "internal/time.h"
18 #include "bio_local.h"
19 #ifndef OPENSSL_NO_DGRAM
20
21 # ifndef OPENSSL_NO_SCTP
22 # include <netinet/sctp.h>
23 # include <fcntl.h>
24 # define OPENSSL_SCTP_DATA_CHUNK_TYPE 0x00
25 # define OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE 0xc0
26 # endif
27
28 # if defined(OPENSSL_SYS_LINUX) && !defined(IP_MTU)
29 # define IP_MTU 14 /* linux is lame */
30 # endif
31
32 # if OPENSSL_USE_IPV6 && !defined(IPPROTO_IPV6)
33 # define IPPROTO_IPV6 41 /* windows is lame */
34 # endif
35
36 # if defined(__FreeBSD__) && defined(IN6_IS_ADDR_V4MAPPED)
37 /* Standard definition causes type-punning problems. */
38 # undef IN6_IS_ADDR_V4MAPPED
39 # define s6_addr32 __u6_addr.__u6_addr32
40 # define IN6_IS_ADDR_V4MAPPED(a) \
41 (((a)->s6_addr32[0] == 0) && \
42 ((a)->s6_addr32[1] == 0) && \
43 ((a)->s6_addr32[2] == htonl(0x0000ffff)))
44 # endif
45
46 /* Determine what method to use for BIO_sendmmsg and BIO_recvmmsg. */
47 # define M_METHOD_NONE 0
48 # define M_METHOD_RECVMMSG 1
49 # define M_METHOD_RECVMSG 2
50 # define M_METHOD_RECVFROM 3
51 # define M_METHOD_WSARECVMSG 4
52
53 # if !defined(M_METHOD)
54 # if defined(OPENSSL_SYS_WINDOWS) && defined(BIO_HAVE_WSAMSG) && !defined(NO_WSARECVMSG)
55 # define M_METHOD M_METHOD_WSARECVMSG
56 # elif !defined(OPENSSL_SYS_WINDOWS) && defined(MSG_WAITFORONE) && !defined(NO_RECVMMSG)
57 # define M_METHOD M_METHOD_RECVMMSG
58 # elif !defined(OPENSSL_SYS_WINDOWS) && defined(CMSG_LEN) && !defined(NO_RECVMSG)
59 # define M_METHOD M_METHOD_RECVMSG
60 # elif !defined(NO_RECVFROM)
61 # define M_METHOD M_METHOD_RECVFROM
62 # else
63 # define M_METHOD M_METHOD_NONE
64 # endif
65 # endif
66
67 # if defined(OPENSSL_SYS_WINDOWS)
68 # define BIO_CMSG_SPACE(x) WSA_CMSG_SPACE(x)
69 # define BIO_CMSG_FIRSTHDR(x) WSA_CMSG_FIRSTHDR(x)
70 # define BIO_CMSG_NXTHDR(x, y) WSA_CMSG_NXTHDR(x, y)
71 # define BIO_CMSG_DATA(x) WSA_CMSG_DATA(x)
72 # define BIO_CMSG_LEN(x) WSA_CMSG_LEN(x)
73 # define MSGHDR_TYPE WSAMSG
74 # define CMSGHDR_TYPE WSACMSGHDR
75 # else
76 # define MSGHDR_TYPE struct msghdr
77 # define CMSGHDR_TYPE struct cmsghdr
78 # define BIO_CMSG_SPACE(x) CMSG_SPACE(x)
79 # define BIO_CMSG_FIRSTHDR(x) CMSG_FIRSTHDR(x)
80 # define BIO_CMSG_NXTHDR(x, y) CMSG_NXTHDR(x, y)
81 # define BIO_CMSG_DATA(x) CMSG_DATA(x)
82 # define BIO_CMSG_LEN(x) CMSG_LEN(x)
83 # endif
84
85 # if M_METHOD == M_METHOD_RECVMMSG \
86 || M_METHOD == M_METHOD_RECVMSG \
87 || M_METHOD == M_METHOD_WSARECVMSG
88 # if defined(__APPLE__)
89 /*
90 * CMSG_SPACE is not a constant expresson on OSX even though POSIX
91 * says it's supposed to be. This should be adequate.
92 */
93 # define BIO_CMSG_ALLOC_LEN 64
94 # else
95 # if defined(IPV6_PKTINFO)
96 # define BIO_CMSG_ALLOC_LEN_1 BIO_CMSG_SPACE(sizeof(struct in6_pktinfo))
97 # else
98 # define BIO_CMSG_ALLOC_LEN_1 0
99 # endif
100 # if defined(IP_PKTINFO)
101 # define BIO_CMSG_ALLOC_LEN_2 BIO_CMSG_SPACE(sizeof(struct in_pktinfo))
102 # else
103 # define BIO_CMSG_ALLOC_LEN_2 0
104 # endif
105 # if defined(IP_RECVDSTADDR)
106 # define BIO_CMSG_ALLOC_LEN_3 BIO_CMSG_SPACE(sizeof(struct in_addr))
107 # else
108 # define BIO_CMSG_ALLOC_LEN_3 0
109 # endif
110 # define BIO_MAX(X,Y) ((X) > (Y) ? (X) : (Y))
111 # define BIO_CMSG_ALLOC_LEN \
112 BIO_MAX(BIO_CMSG_ALLOC_LEN_1, \
113 BIO_MAX(BIO_CMSG_ALLOC_LEN_2, BIO_CMSG_ALLOC_LEN_3))
114 # endif
115 # if (defined(IP_PKTINFO) || defined(IP_RECVDSTADDR)) && defined(IPV6_RECVPKTINFO)
116 # define SUPPORT_LOCAL_ADDR
117 # endif
118 # endif
119
120 # define BIO_MSG_N(array, stride, n) (*(BIO_MSG *)((char *)(array) + (n)*(stride)))
121
122 static int dgram_write(BIO *h, const char *buf, int num);
123 static int dgram_read(BIO *h, char *buf, int size);
124 static int dgram_puts(BIO *h, const char *str);
125 static long dgram_ctrl(BIO *h, int cmd, long arg1, void *arg2);
126 static int dgram_new(BIO *h);
127 static int dgram_free(BIO *data);
128 static int dgram_clear(BIO *bio);
129 static int dgram_sendmmsg(BIO *b, BIO_MSG *msg,
130 size_t stride, size_t num_msg,
131 uint64_t flags, size_t *num_processed);
132 static int dgram_recvmmsg(BIO *b, BIO_MSG *msg,
133 size_t stride, size_t num_msg,
134 uint64_t flags, size_t *num_processed);
135
136 # ifndef OPENSSL_NO_SCTP
137 static int dgram_sctp_write(BIO *h, const char *buf, int num);
138 static int dgram_sctp_read(BIO *h, char *buf, int size);
139 static int dgram_sctp_puts(BIO *h, const char *str);
140 static long dgram_sctp_ctrl(BIO *h, int cmd, long arg1, void *arg2);
141 static int dgram_sctp_new(BIO *h);
142 static int dgram_sctp_free(BIO *data);
143 static int dgram_sctp_wait_for_dry(BIO *b);
144 static int dgram_sctp_msg_waiting(BIO *b);
145 # ifdef SCTP_AUTHENTICATION_EVENT
146 static void dgram_sctp_handle_auth_free_key_event(BIO *b, union sctp_notification
147 *snp);
148 # endif
149 # endif
150
151 static int BIO_dgram_should_retry(int s);
152
153 static const BIO_METHOD methods_dgramp = {
154 BIO_TYPE_DGRAM,
155 "datagram socket",
156 bwrite_conv,
157 dgram_write,
158 bread_conv,
159 dgram_read,
160 dgram_puts,
161 NULL, /* dgram_gets, */
162 dgram_ctrl,
163 dgram_new,
164 dgram_free,
165 NULL, /* dgram_callback_ctrl */
166 dgram_sendmmsg,
167 dgram_recvmmsg,
168 };
169
170 # ifndef OPENSSL_NO_SCTP
171 static const BIO_METHOD methods_dgramp_sctp = {
172 BIO_TYPE_DGRAM_SCTP,
173 "datagram sctp socket",
174 bwrite_conv,
175 dgram_sctp_write,
176 bread_conv,
177 dgram_sctp_read,
178 dgram_sctp_puts,
179 NULL, /* dgram_gets, */
180 dgram_sctp_ctrl,
181 dgram_sctp_new,
182 dgram_sctp_free,
183 NULL, /* dgram_callback_ctrl */
184 NULL, /* sendmmsg */
185 NULL, /* recvmmsg */
186 };
187 # endif
188
189 typedef struct bio_dgram_data_st {
190 BIO_ADDR peer;
191 BIO_ADDR local_addr;
192 unsigned int connected;
193 unsigned int _errno;
194 unsigned int mtu;
195 OSSL_TIME next_timeout;
196 OSSL_TIME socket_timeout;
197 unsigned int peekmode;
198 char local_addr_enabled;
199 } bio_dgram_data;
200
201 # ifndef OPENSSL_NO_SCTP
202 typedef struct bio_dgram_sctp_save_message_st {
203 BIO *bio;
204 char *data;
205 int length;
206 } bio_dgram_sctp_save_message;
207
208 typedef struct bio_dgram_sctp_data_st {
209 BIO_ADDR peer;
210 unsigned int connected;
211 unsigned int _errno;
212 unsigned int mtu;
213 struct bio_dgram_sctp_sndinfo sndinfo;
214 struct bio_dgram_sctp_rcvinfo rcvinfo;
215 struct bio_dgram_sctp_prinfo prinfo;
216 BIO_dgram_sctp_notification_handler_fn handle_notifications;
217 void *notification_context;
218 int in_handshake;
219 int ccs_rcvd;
220 int ccs_sent;
221 int save_shutdown;
222 int peer_auth_tested;
223 } bio_dgram_sctp_data;
224 # endif
225
226 const BIO_METHOD *BIO_s_datagram(void)
227 {
228 return &methods_dgramp;
229 }
230
231 BIO *BIO_new_dgram(int fd, int close_flag)
232 {
233 BIO *ret;
234
235 ret = BIO_new(BIO_s_datagram());
236 if (ret == NULL)
237 return NULL;
238 BIO_set_fd(ret, fd, close_flag);
239 return ret;
240 }
241
242 static int dgram_new(BIO *bi)
243 {
244 bio_dgram_data *data = OPENSSL_zalloc(sizeof(*data));
245
246 if (data == NULL)
247 return 0;
248 bi->ptr = data;
249 return 1;
250 }
251
252 static int dgram_free(BIO *a)
253 {
254 bio_dgram_data *data;
255
256 if (a == NULL)
257 return 0;
258 if (!dgram_clear(a))
259 return 0;
260
261 data = (bio_dgram_data *)a->ptr;
262 OPENSSL_free(data);
263
264 return 1;
265 }
266
267 static int dgram_clear(BIO *a)
268 {
269 if (a == NULL)
270 return 0;
271 if (a->shutdown) {
272 if (a->init) {
273 BIO_closesocket(a->num);
274 }
275 a->init = 0;
276 a->flags = 0;
277 }
278 return 1;
279 }
280
281 static void dgram_adjust_rcv_timeout(BIO *b)
282 {
283 # if defined(SO_RCVTIMEO)
284 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
285 OSSL_TIME timeleft;
286
287 /* Is a timer active? */
288 if (!ossl_time_is_zero(data->next_timeout)) {
289 /* Read current socket timeout */
290 # ifdef OPENSSL_SYS_WINDOWS
291 int timeout;
292 int sz = sizeof(timeout);
293
294 if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
295 (void *)&timeout, &sz) < 0)
296 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
297 "calling getsockopt()");
298 else
299 data->socket_timeout = ossl_ms2time(timeout);
300 # else
301 struct timeval tv;
302 socklen_t sz = sizeof(tv);
303
304 if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &tv, &sz) < 0)
305 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
306 "calling getsockopt()");
307 else
308 data->socket_timeout = ossl_time_from_timeval(tv);
309 # endif
310
311 /* Calculate time left until timer expires */
312 timeleft = ossl_time_subtract(data->next_timeout, ossl_time_now());
313 if (ossl_time_compare(timeleft, ossl_ticks2time(OSSL_TIME_US)) < 0)
314 timeleft = ossl_ticks2time(OSSL_TIME_US);
315
316 /*
317 * Adjust socket timeout if next handshake message timer will expire
318 * earlier.
319 */
320 if (ossl_time_is_zero(data->socket_timeout)
321 || ossl_time_compare(data->socket_timeout, timeleft) >= 0) {
322 # ifdef OPENSSL_SYS_WINDOWS
323 timeout = (int)ossl_time2ms(timeleft);
324 if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
325 (void *)&timeout, sizeof(timeout)) < 0)
326 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
327 "calling setsockopt()");
328 # else
329 tv = ossl_time_to_timeval(timeleft);
330 if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &tv,
331 sizeof(tv)) < 0)
332 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
333 "calling setsockopt()");
334 # endif
335 }
336 }
337 # endif
338 }
339
340 static void dgram_update_local_addr(BIO *b)
341 {
342 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
343 socklen_t addr_len = sizeof(data->local_addr);
344
345 if (getsockname(b->num, &data->local_addr.sa, &addr_len) < 0)
346 /*
347 * This should not be possible, but zero-initialize and return
348 * anyway.
349 */
350 BIO_ADDR_clear(&data->local_addr);
351 }
352
353 # if M_METHOD == M_METHOD_RECVMMSG || M_METHOD == M_METHOD_RECVMSG || M_METHOD == M_METHOD_WSARECVMSG
354 static int dgram_get_sock_family(BIO *b)
355 {
356 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
357 return data->local_addr.sa.sa_family;
358 }
359 # endif
360
361 static void dgram_reset_rcv_timeout(BIO *b)
362 {
363 # if defined(SO_RCVTIMEO)
364 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
365
366 /* Is a timer active? */
367 if (!ossl_time_is_zero(data->next_timeout)) {
368 # ifdef OPENSSL_SYS_WINDOWS
369 int timeout = (int)ossl_time2ms(data->socket_timeout);
370
371 if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
372 (void *)&timeout, sizeof(timeout)) < 0)
373 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
374 "calling setsockopt()");
375 # else
376 struct timeval tv = ossl_time_to_timeval(data->socket_timeout);
377
378 if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv)) < 0)
379 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
380 "calling setsockopt()");
381 # endif
382 }
383 # endif
384 }
385
386 static int dgram_read(BIO *b, char *out, int outl)
387 {
388 int ret = 0;
389 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
390 int flags = 0;
391
392 BIO_ADDR peer;
393 socklen_t len = sizeof(peer);
394
395 if (out != NULL) {
396 clear_socket_error();
397 BIO_ADDR_clear(&peer);
398 dgram_adjust_rcv_timeout(b);
399 if (data->peekmode)
400 flags = MSG_PEEK;
401 ret = recvfrom(b->num, out, outl, flags,
402 BIO_ADDR_sockaddr_noconst(&peer), &len);
403
404 if (!data->connected && ret >= 0)
405 BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &peer);
406
407 BIO_clear_retry_flags(b);
408 if (ret < 0) {
409 if (BIO_dgram_should_retry(ret)) {
410 BIO_set_retry_read(b);
411 data->_errno = get_last_socket_error();
412 }
413 }
414
415 dgram_reset_rcv_timeout(b);
416 }
417 return ret;
418 }
419
420 static int dgram_write(BIO *b, const char *in, int inl)
421 {
422 int ret;
423 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
424 clear_socket_error();
425
426 if (data->connected)
427 ret = writesocket(b->num, in, inl);
428 else {
429 int peerlen = BIO_ADDR_sockaddr_size(&data->peer);
430
431 ret = sendto(b->num, in, inl, 0,
432 BIO_ADDR_sockaddr(&data->peer), peerlen);
433 }
434
435 BIO_clear_retry_flags(b);
436 if (ret <= 0) {
437 if (BIO_dgram_should_retry(ret)) {
438 BIO_set_retry_write(b);
439 data->_errno = get_last_socket_error();
440 }
441 }
442 return ret;
443 }
444
445 static long dgram_get_mtu_overhead(bio_dgram_data *data)
446 {
447 long ret;
448
449 switch (BIO_ADDR_family(&data->peer)) {
450 case AF_INET:
451 /*
452 * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP
453 */
454 ret = 28;
455 break;
456 # if OPENSSL_USE_IPV6
457 case AF_INET6:
458 {
459 # ifdef IN6_IS_ADDR_V4MAPPED
460 struct in6_addr tmp_addr;
461 if (BIO_ADDR_rawaddress(&data->peer, &tmp_addr, NULL)
462 && IN6_IS_ADDR_V4MAPPED(&tmp_addr))
463 /*
464 * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP
465 */
466 ret = 28;
467 else
468 # endif
469 /*
470 * Assume this is UDP - 40 bytes for IP, 8 bytes for UDP
471 */
472 ret = 48;
473 }
474 break;
475 # endif
476 default:
477 /* We don't know. Go with the historical default */
478 ret = 28;
479 break;
480 }
481 return ret;
482 }
483
484 /* Enables appropriate destination address reception option on the socket. */
485 # if defined(SUPPORT_LOCAL_ADDR)
486 static int enable_local_addr(BIO *b, int enable) {
487 int af = dgram_get_sock_family(b);
488
489 if (af == AF_INET) {
490 # if defined(IP_PKTINFO)
491 /* IP_PKTINFO is preferred */
492 if (setsockopt(b->num, IPPROTO_IP, IP_PKTINFO,
493 (void *)&enable, sizeof(enable)) < 0)
494 return 0;
495
496 return 1;
497
498 # elif defined(IP_RECVDSTADDR)
499 /* Fall back to IP_RECVDSTADDR */
500
501 if (setsockopt(b->num, IPPROTO_IP, IP_RECVDSTADDR,
502 &enable, sizeof(enable)) < 0)
503 return 0;
504
505 return 1;
506 # endif
507 }
508
509 # if OPENSSL_USE_IPV6
510 if (af == AF_INET6) {
511 # if defined(IPV6_RECVPKTINFO)
512 if (setsockopt(b->num, IPPROTO_IPV6, IPV6_RECVPKTINFO,
513 &enable, sizeof(enable)) < 0)
514 return 0;
515
516 return 1;
517 # endif
518 }
519 # endif
520
521 return 0;
522 }
523 # endif
524
525 static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
526 {
527 long ret = 1;
528 int *ip;
529 bio_dgram_data *data = NULL;
530 int sockopt_val = 0;
531 int d_errno;
532 # if defined(OPENSSL_SYS_LINUX) && (defined(IP_MTU_DISCOVER) || defined(IP_MTU))
533 socklen_t sockopt_len; /* assume that system supporting IP_MTU is
534 * modern enough to define socklen_t */
535 socklen_t addr_len;
536 BIO_ADDR addr;
537 # endif
538
539 data = (bio_dgram_data *)b->ptr;
540
541 switch (cmd) {
542 case BIO_CTRL_RESET:
543 num = 0;
544 ret = 0;
545 break;
546 case BIO_CTRL_INFO:
547 ret = 0;
548 break;
549 case BIO_C_SET_FD:
550 dgram_clear(b);
551 b->num = *((int *)ptr);
552 b->shutdown = (int)num;
553 b->init = 1;
554 dgram_update_local_addr(b);
555 # if defined(SUPPORT_LOCAL_ADDR)
556 if (data->local_addr_enabled) {
557 if (enable_local_addr(b, 1) < 1)
558 data->local_addr_enabled = 0;
559 }
560 # endif
561 break;
562 case BIO_C_GET_FD:
563 if (b->init) {
564 ip = (int *)ptr;
565 if (ip != NULL)
566 *ip = b->num;
567 ret = b->num;
568 } else
569 ret = -1;
570 break;
571 case BIO_CTRL_GET_CLOSE:
572 ret = b->shutdown;
573 break;
574 case BIO_CTRL_SET_CLOSE:
575 b->shutdown = (int)num;
576 break;
577 case BIO_CTRL_PENDING:
578 case BIO_CTRL_WPENDING:
579 ret = 0;
580 break;
581 case BIO_CTRL_DUP:
582 case BIO_CTRL_FLUSH:
583 ret = 1;
584 break;
585 case BIO_CTRL_DGRAM_CONNECT:
586 BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr));
587 break;
588 /* (Linux)kernel sets DF bit on outgoing IP packets */
589 case BIO_CTRL_DGRAM_MTU_DISCOVER:
590 # if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO)
591 addr_len = (socklen_t) sizeof(addr);
592 BIO_ADDR_clear(&addr);
593 if (getsockname(b->num, &addr.sa, &addr_len) < 0) {
594 ret = 0;
595 break;
596 }
597 switch (addr.sa.sa_family) {
598 case AF_INET:
599 sockopt_val = IP_PMTUDISC_DO;
600 if ((ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER,
601 &sockopt_val, sizeof(sockopt_val))) < 0)
602 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
603 "calling setsockopt()");
604 break;
605 # if OPENSSL_USE_IPV6 && defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_DO)
606 case AF_INET6:
607 sockopt_val = IPV6_PMTUDISC_DO;
608 if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
609 &sockopt_val, sizeof(sockopt_val))) < 0)
610 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
611 "calling setsockopt()");
612 break;
613 # endif
614 default:
615 ret = -1;
616 break;
617 }
618 # else
619 ret = -1;
620 # endif
621 break;
622 case BIO_CTRL_DGRAM_QUERY_MTU:
623 # if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU)
624 addr_len = (socklen_t) sizeof(addr);
625 BIO_ADDR_clear(&addr);
626 if (getsockname(b->num, &addr.sa, &addr_len) < 0) {
627 ret = 0;
628 break;
629 }
630 sockopt_len = sizeof(sockopt_val);
631 switch (addr.sa.sa_family) {
632 case AF_INET:
633 if ((ret =
634 getsockopt(b->num, IPPROTO_IP, IP_MTU, (void *)&sockopt_val,
635 &sockopt_len)) < 0 || sockopt_val < 0) {
636 ret = 0;
637 } else {
638 /*
639 * we assume that the transport protocol is UDP and no IP
640 * options are used.
641 */
642 data->mtu = sockopt_val - 8 - 20;
643 ret = data->mtu;
644 }
645 break;
646 # if OPENSSL_USE_IPV6 && defined(IPV6_MTU)
647 case AF_INET6:
648 if ((ret =
649 getsockopt(b->num, IPPROTO_IPV6, IPV6_MTU,
650 (void *)&sockopt_val, &sockopt_len)) < 0
651 || sockopt_val < 0) {
652 ret = 0;
653 } else {
654 /*
655 * we assume that the transport protocol is UDP and no IPV6
656 * options are used.
657 */
658 data->mtu = sockopt_val - 8 - 40;
659 ret = data->mtu;
660 }
661 break;
662 # endif
663 default:
664 ret = 0;
665 break;
666 }
667 # else
668 ret = 0;
669 # endif
670 break;
671 case BIO_CTRL_DGRAM_GET_FALLBACK_MTU:
672 ret = -dgram_get_mtu_overhead(data);
673 switch (BIO_ADDR_family(&data->peer)) {
674 case AF_INET:
675 ret += 576;
676 break;
677 # if OPENSSL_USE_IPV6
678 case AF_INET6:
679 {
680 # ifdef IN6_IS_ADDR_V4MAPPED
681 struct in6_addr tmp_addr;
682 if (BIO_ADDR_rawaddress(&data->peer, &tmp_addr, NULL)
683 && IN6_IS_ADDR_V4MAPPED(&tmp_addr))
684 ret += 576;
685 else
686 # endif
687 ret += 1280;
688 }
689 break;
690 # endif
691 default:
692 ret += 576;
693 break;
694 }
695 break;
696 case BIO_CTRL_DGRAM_GET_MTU:
697 return data->mtu;
698 case BIO_CTRL_DGRAM_SET_MTU:
699 data->mtu = num;
700 ret = num;
701 break;
702 case BIO_CTRL_DGRAM_SET_CONNECTED:
703 if (ptr != NULL) {
704 data->connected = 1;
705 BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr));
706 } else {
707 data->connected = 0;
708 BIO_ADDR_clear(&data->peer);
709 }
710 break;
711 case BIO_CTRL_DGRAM_GET_PEER:
712 ret = BIO_ADDR_sockaddr_size(&data->peer);
713 /* FIXME: if num < ret, we will only return part of an address.
714 That should bee an error, no? */
715 if (num == 0 || num > ret)
716 num = ret;
717 memcpy(ptr, &data->peer, (ret = num));
718 break;
719 case BIO_CTRL_DGRAM_SET_PEER:
720 BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr));
721 break;
722 case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT:
723 data->next_timeout = ossl_time_from_timeval(*(struct timeval *)ptr);
724 break;
725 # if defined(SO_RCVTIMEO)
726 case BIO_CTRL_DGRAM_SET_RECV_TIMEOUT:
727 # ifdef OPENSSL_SYS_WINDOWS
728 {
729 struct timeval *tv = (struct timeval *)ptr;
730 int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000;
731
732 if ((ret = setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
733 (void *)&timeout, sizeof(timeout))) < 0)
734 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
735 "calling setsockopt()");
736 }
737 # else
738 if ((ret = setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, ptr,
739 sizeof(struct timeval))) < 0)
740 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
741 "calling setsockopt()");
742 # endif
743 break;
744 case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT:
745 {
746 # ifdef OPENSSL_SYS_WINDOWS
747 int sz = 0;
748 int timeout;
749 struct timeval *tv = (struct timeval *)ptr;
750
751 sz = sizeof(timeout);
752 if ((ret = getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
753 (void *)&timeout, &sz)) < 0) {
754 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
755 "calling getsockopt()");
756 } else {
757 tv->tv_sec = timeout / 1000;
758 tv->tv_usec = (timeout % 1000) * 1000;
759 ret = sizeof(*tv);
760 }
761 # else
762 socklen_t sz = sizeof(struct timeval);
763 if ((ret = getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
764 ptr, &sz)) < 0) {
765 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
766 "calling getsockopt()");
767 } else {
768 OPENSSL_assert((size_t)sz <= sizeof(struct timeval));
769 ret = (int)sz;
770 }
771 # endif
772 }
773 break;
774 # endif
775 # if defined(SO_SNDTIMEO)
776 case BIO_CTRL_DGRAM_SET_SEND_TIMEOUT:
777 # ifdef OPENSSL_SYS_WINDOWS
778 {
779 struct timeval *tv = (struct timeval *)ptr;
780 int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000;
781
782 if ((ret = setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
783 (void *)&timeout, sizeof(timeout))) < 0)
784 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
785 "calling setsockopt()");
786 }
787 # else
788 if ((ret = setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, ptr,
789 sizeof(struct timeval))) < 0)
790 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
791 "calling setsockopt()");
792 # endif
793 break;
794 case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT:
795 {
796 # ifdef OPENSSL_SYS_WINDOWS
797 int sz = 0;
798 int timeout;
799 struct timeval *tv = (struct timeval *)ptr;
800
801 sz = sizeof(timeout);
802 if ((ret = getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
803 (void *)&timeout, &sz)) < 0) {
804 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
805 "calling getsockopt()");
806 } else {
807 tv->tv_sec = timeout / 1000;
808 tv->tv_usec = (timeout % 1000) * 1000;
809 ret = sizeof(*tv);
810 }
811 # else
812 socklen_t sz = sizeof(struct timeval);
813
814 if ((ret = getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
815 ptr, &sz)) < 0) {
816 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
817 "calling getsockopt()");
818 } else {
819 OPENSSL_assert((size_t)sz <= sizeof(struct timeval));
820 ret = (int)sz;
821 }
822 # endif
823 }
824 break;
825 # endif
826 case BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP:
827 /* fall-through */
828 case BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP:
829 # ifdef OPENSSL_SYS_WINDOWS
830 d_errno = (data->_errno == WSAETIMEDOUT);
831 # else
832 d_errno = (data->_errno == EAGAIN);
833 # endif
834 if (d_errno) {
835 ret = 1;
836 data->_errno = 0;
837 } else
838 ret = 0;
839 break;
840 # ifdef EMSGSIZE
841 case BIO_CTRL_DGRAM_MTU_EXCEEDED:
842 if (data->_errno == EMSGSIZE) {
843 ret = 1;
844 data->_errno = 0;
845 } else
846 ret = 0;
847 break;
848 # endif
849 case BIO_CTRL_DGRAM_SET_DONT_FRAG:
850 sockopt_val = num ? 1 : 0;
851
852 switch (data->peer.sa.sa_family) {
853 case AF_INET:
854 # if defined(IP_DONTFRAG)
855 if ((ret = setsockopt(b->num, IPPROTO_IP, IP_DONTFRAG,
856 &sockopt_val, sizeof(sockopt_val))) < 0)
857 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
858 "calling setsockopt()");
859 # elif defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined (IP_PMTUDISC_PROBE)
860 if ((sockopt_val = num ? IP_PMTUDISC_PROBE : IP_PMTUDISC_DONT),
861 (ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER,
862 &sockopt_val, sizeof(sockopt_val))) < 0)
863 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
864 "calling setsockopt()");
865 # elif defined(OPENSSL_SYS_WINDOWS) && defined(IP_DONTFRAGMENT)
866 if ((ret = setsockopt(b->num, IPPROTO_IP, IP_DONTFRAGMENT,
867 (const char *)&sockopt_val,
868 sizeof(sockopt_val))) < 0)
869 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
870 "calling setsockopt()");
871 # else
872 ret = -1;
873 # endif
874 break;
875 # if OPENSSL_USE_IPV6
876 case AF_INET6:
877 # if defined(IPV6_DONTFRAG)
878 if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_DONTFRAG,
879 (const void *)&sockopt_val,
880 sizeof(sockopt_val))) < 0)
881 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
882 "calling setsockopt()");
883
884 # elif defined(OPENSSL_SYS_LINUX) && defined(IPV6_MTUDISCOVER)
885 if ((sockopt_val = num ? IP_PMTUDISC_PROBE : IP_PMTUDISC_DONT),
886 (ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
887 &sockopt_val, sizeof(sockopt_val))) < 0)
888 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
889 "calling setsockopt()");
890 # else
891 ret = -1;
892 # endif
893 break;
894 # endif
895 default:
896 ret = -1;
897 break;
898 }
899 break;
900 case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD:
901 ret = dgram_get_mtu_overhead(data);
902 break;
903
904 /*
905 * BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE is used here for compatibility
906 * reasons. When BIO_CTRL_DGRAM_SET_PEEK_MODE was first defined its value
907 * was incorrectly clashing with BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE. The
908 * value has been updated to a non-clashing value. However to preserve
909 * binary compatibility we now respond to both the old value and the new one
910 */
911 case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE:
912 case BIO_CTRL_DGRAM_SET_PEEK_MODE:
913 data->peekmode = (unsigned int)num;
914 break;
915
916 case BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP:
917 # if defined(SUPPORT_LOCAL_ADDR)
918 ret = 1;
919 # else
920 ret = 0;
921 # endif
922 break;
923
924 case BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE:
925 # if defined(SUPPORT_LOCAL_ADDR)
926 num = num > 0;
927 if (num != data->local_addr_enabled) {
928 if (enable_local_addr(b, num) < 1) {
929 ret = 0;
930 break;
931 }
932
933 data->local_addr_enabled = (char)num;
934 }
935 # else
936 ret = 0;
937 # endif
938 break;
939
940 case BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE:
941 *(int *)ptr = data->local_addr_enabled;
942 break;
943
944 default:
945 ret = 0;
946 break;
947 }
948 /* Normalize if error */
949 if (ret < 0)
950 ret = -1;
951 return ret;
952 }
953
954 static int dgram_puts(BIO *bp, const char *str)
955 {
956 int n, ret;
957
958 n = strlen(str);
959 ret = dgram_write(bp, str, n);
960 return ret;
961 }
962
963 # if M_METHOD == M_METHOD_WSARECVMSG
964 static void translate_msg_win(BIO *b, WSAMSG *mh, WSABUF *iov,
965 unsigned char *control, BIO_MSG *msg)
966 {
967 iov->len = msg->data_len;
968 iov->buf = msg->data;
969
970 /* Windows requires namelen to be set exactly */
971 mh->name = msg->peer != NULL ? &msg->peer->sa : NULL;
972 if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET)
973 mh->namelen = sizeof(struct sockaddr_in);
974 # if OPENSSL_USE_IPV6
975 else if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET6)
976 mh->namelen = sizeof(struct sockaddr_in6);
977 # endif
978 else
979 mh->namelen = 0;
980
981 /*
982 * When local address reception (IP_PKTINFO, etc.) is enabled, on Windows
983 * this causes WSARecvMsg to fail if the control buffer is too small to hold
984 * the structure, or if no control buffer is passed. So we need to give it
985 * the control buffer even if we aren't actually going to examine the
986 * result.
987 */
988 mh->lpBuffers = iov;
989 mh->dwBufferCount = 1;
990 mh->Control.len = BIO_CMSG_ALLOC_LEN;
991 mh->Control.buf = control;
992 mh->dwFlags = 0;
993 }
994 # endif
995
996 # if M_METHOD == M_METHOD_RECVMMSG || M_METHOD == M_METHOD_RECVMSG
997 /* Translates a BIO_MSG to a msghdr and iovec. */
998 static void translate_msg(BIO *b, struct msghdr *mh, struct iovec *iov,
999 unsigned char *control, BIO_MSG *msg)
1000 {
1001 iov->iov_base = msg->data;
1002 iov->iov_len = msg->data_len;
1003
1004 /* macOS requires msg_namelen be 0 if msg_name is NULL */
1005 mh->msg_name = msg->peer != NULL ? &msg->peer->sa : NULL;
1006 if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET)
1007 mh->msg_namelen = sizeof(struct sockaddr_in);
1008 # if OPENSSL_USE_IPV6
1009 else if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET6)
1010 mh->msg_namelen = sizeof(struct sockaddr_in6);
1011 # endif
1012 else
1013 mh->msg_namelen = 0;
1014
1015 mh->msg_iov = iov;
1016 mh->msg_iovlen = 1;
1017 mh->msg_control = msg->local != NULL ? control : NULL;
1018 mh->msg_controllen = msg->local != NULL ? BIO_CMSG_ALLOC_LEN : 0;
1019 mh->msg_flags = 0;
1020 }
1021 # endif
1022
1023 # if M_METHOD == M_METHOD_RECVMMSG || M_METHOD == M_METHOD_RECVMSG || M_METHOD == M_METHOD_WSARECVMSG
1024 /* Extracts destination address from the control buffer. */
1025 static int extract_local(BIO *b, MSGHDR_TYPE *mh, BIO_ADDR *local) {
1026 # if defined(IP_PKTINFO) || defined(IP_RECVDSTADDR) || defined(IPV6_PKTINFO)
1027 CMSGHDR_TYPE *cmsg;
1028 int af = dgram_get_sock_family(b);
1029
1030 for (cmsg = BIO_CMSG_FIRSTHDR(mh); cmsg != NULL;
1031 cmsg = BIO_CMSG_NXTHDR(mh, cmsg)) {
1032 if (af == AF_INET) {
1033 if (cmsg->cmsg_level != IPPROTO_IP)
1034 continue;
1035
1036 # if defined(IP_PKTINFO)
1037 if (cmsg->cmsg_type != IP_PKTINFO)
1038 continue;
1039
1040 local->s_in.sin_addr =
1041 ((struct in_pktinfo *)BIO_CMSG_DATA(cmsg))->ipi_addr;
1042
1043 # elif defined(IP_RECVDSTADDR)
1044 if (cmsg->cmsg_type != IP_RECVDSTADDR)
1045 continue;
1046
1047 local->s_in.sin_addr = *(struct in_addr *)BIO_CMSG_DATA(cmsg);
1048 # endif
1049
1050 # if defined(IP_PKTINFO) || defined(IP_RECVDSTADDR)
1051 {
1052 bio_dgram_data *data = b->ptr;
1053
1054 local->s_in.sin_family = AF_INET;
1055 local->s_in.sin_port = data->local_addr.s_in.sin_port;
1056 }
1057 return 1;
1058 # endif
1059 }
1060 # if OPENSSL_USE_IPV6
1061 else if (af == AF_INET6) {
1062 if (cmsg->cmsg_level != IPPROTO_IPV6)
1063 continue;
1064
1065 # if defined(IPV6_RECVPKTINFO)
1066 if (cmsg->cmsg_type != IPV6_PKTINFO)
1067 continue;
1068
1069 {
1070 bio_dgram_data *data = b->ptr;
1071
1072 local->s_in6.sin6_addr =
1073 ((struct in6_pktinfo *)BIO_CMSG_DATA(cmsg))->ipi6_addr;
1074 local->s_in6.sin6_family = AF_INET6;
1075 local->s_in6.sin6_port = data->local_addr.s_in6.sin6_port;
1076 local->s_in6.sin6_scope_id =
1077 data->local_addr.s_in6.sin6_scope_id;
1078 local->s_in6.sin6_flowinfo = 0;
1079 }
1080 return 1;
1081 # endif
1082 }
1083 # endif
1084 }
1085 # endif
1086
1087 return 0;
1088 }
1089
1090 static int pack_local(BIO *b, MSGHDR_TYPE *mh, const BIO_ADDR *local) {
1091 int af = dgram_get_sock_family(b);
1092 # if defined(IP_PKTINFO) || defined(IP_RECVDSTADDR) || defined(IPV6_PKTINFO)
1093 CMSGHDR_TYPE *cmsg;
1094 bio_dgram_data *data = b->ptr;
1095 # endif
1096
1097 if (af == AF_INET) {
1098 # if defined(IP_PKTINFO)
1099 struct in_pktinfo *info;
1100
1101 # if defined(OPENSSL_SYS_WINDOWS)
1102 cmsg = (CMSGHDR_TYPE *)mh->Control.buf;
1103 # else
1104 cmsg = (CMSGHDR_TYPE *)mh->msg_control;
1105 # endif
1106
1107 cmsg->cmsg_len = BIO_CMSG_LEN(sizeof(struct in_pktinfo));
1108 cmsg->cmsg_level = IPPROTO_IP;
1109 cmsg->cmsg_type = IP_PKTINFO;
1110
1111 info = (struct in_pktinfo *)BIO_CMSG_DATA(cmsg);
1112 # if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_CYGWIN)
1113 info->ipi_spec_dst = local->s_in.sin_addr;
1114 # endif
1115 info->ipi_addr.s_addr = 0;
1116 info->ipi_ifindex = 0;
1117
1118 /*
1119 * We cannot override source port using this API, therefore
1120 * ensure the application specified a source port of 0
1121 * or the one we are bound to. (Better to error than silently
1122 * ignore this.)
1123 */
1124 if (local->s_in.sin_port != 0
1125 && data->local_addr.s_in.sin_port != local->s_in.sin_port) {
1126 ERR_raise(ERR_LIB_BIO, BIO_R_PORT_MISMATCH);
1127 return 0;
1128 }
1129
1130 # if defined(OPENSSL_SYS_WINDOWS)
1131 mh->Control.len = BIO_CMSG_SPACE(sizeof(struct in_pktinfo));
1132 # else
1133 mh->msg_controllen = BIO_CMSG_SPACE(sizeof(struct in_pktinfo));
1134 # endif
1135 return 1;
1136
1137 # elif defined(IP_SENDSRCADDR)
1138 struct in_addr *info;
1139
1140 /*
1141 * At least FreeBSD is very pedantic about using IP_SENDSRCADDR when we
1142 * are not bound to 0.0.0.0 or ::, even if the address matches what we
1143 * bound to. Support this by not packing the structure if the address
1144 * matches our understanding of our local address. IP_SENDSRCADDR is a
1145 * BSD thing, so we don't need an explicit test for BSD here.
1146 */
1147 if (local->s_in.sin_addr.s_addr == data->local_addr.s_in.sin_addr.s_addr) {
1148 mh->msg_control = NULL;
1149 mh->msg_controllen = 0;
1150 return 1;
1151 }
1152
1153 cmsg = (struct cmsghdr *)mh->msg_control;
1154 cmsg->cmsg_len = BIO_CMSG_LEN(sizeof(struct in_addr));
1155 cmsg->cmsg_level = IPPROTO_IP;
1156 cmsg->cmsg_type = IP_SENDSRCADDR;
1157
1158 info = (struct in_addr *)BIO_CMSG_DATA(cmsg);
1159 *info = local->s_in.sin_addr;
1160
1161 /* See comment above. */
1162 if (local->s_in.sin_port != 0
1163 && data->local_addr.s_in.sin_port != local->s_in.sin_port) {
1164 ERR_raise(ERR_LIB_BIO, BIO_R_PORT_MISMATCH);
1165 return 0;
1166 }
1167
1168 mh->msg_controllen = BIO_CMSG_SPACE(sizeof(struct in_addr));
1169 return 1;
1170 # endif
1171 }
1172 # if OPENSSL_USE_IPV6
1173 else if (af == AF_INET6) {
1174 # if defined(IPV6_PKTINFO)
1175 struct in6_pktinfo *info;
1176
1177 # if defined(OPENSSL_SYS_WINDOWS)
1178 cmsg = (CMSGHDR_TYPE *)mh->Control.buf;
1179 # else
1180 cmsg = (CMSGHDR_TYPE *)mh->msg_control;
1181 # endif
1182 cmsg->cmsg_len = BIO_CMSG_LEN(sizeof(struct in6_pktinfo));
1183 cmsg->cmsg_level = IPPROTO_IPV6;
1184 cmsg->cmsg_type = IPV6_PKTINFO;
1185
1186 info = (struct in6_pktinfo *)BIO_CMSG_DATA(cmsg);
1187 info->ipi6_addr = local->s_in6.sin6_addr;
1188 info->ipi6_ifindex = 0;
1189
1190 /*
1191 * See comment above, but also applies to the other fields
1192 * in sockaddr_in6.
1193 */
1194 if (local->s_in6.sin6_port != 0
1195 && data->local_addr.s_in6.sin6_port != local->s_in6.sin6_port) {
1196 ERR_raise(ERR_LIB_BIO, BIO_R_PORT_MISMATCH);
1197 return 0;
1198 }
1199
1200 if (local->s_in6.sin6_scope_id != 0
1201 && data->local_addr.s_in6.sin6_scope_id != local->s_in6.sin6_scope_id) {
1202 ERR_raise(ERR_LIB_BIO, BIO_R_PORT_MISMATCH);
1203 return 0;
1204 }
1205
1206 # if defined(OPENSSL_SYS_WINDOWS)
1207 mh->Control.len = BIO_CMSG_SPACE(sizeof(struct in6_pktinfo));
1208 # else
1209 mh->msg_controllen = BIO_CMSG_SPACE(sizeof(struct in6_pktinfo));
1210 # endif
1211 return 1;
1212 # endif
1213 }
1214 # endif
1215
1216 return 0;
1217 }
1218 # endif
1219
1220 /*
1221 * Converts flags passed to BIO_sendmmsg or BIO_recvmmsg to syscall flags. You
1222 * should mask out any system flags returned by this function you cannot support
1223 * in a particular circumstance. Currently no flags are defined.
1224 */
1225 # if M_METHOD != M_METHOD_NONE
1226 static int translate_flags(uint64_t flags) {
1227 return 0;
1228 }
1229 # endif
1230
1231 static int dgram_sendmmsg(BIO *b, BIO_MSG *msg, size_t stride,
1232 size_t num_msg, uint64_t flags, size_t *num_processed)
1233 {
1234 # if M_METHOD != M_METHOD_NONE && M_METHOD != M_METHOD_RECVMSG
1235 int ret;
1236 # endif
1237 # if M_METHOD == M_METHOD_RECVMMSG
1238 # define BIO_MAX_MSGS_PER_CALL 64
1239 int sysflags;
1240 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
1241 size_t i;
1242 struct mmsghdr mh[BIO_MAX_MSGS_PER_CALL];
1243 struct iovec iov[BIO_MAX_MSGS_PER_CALL];
1244 unsigned char control[BIO_MAX_MSGS_PER_CALL][BIO_CMSG_ALLOC_LEN];
1245 int have_local_enabled = data->local_addr_enabled;
1246 # elif M_METHOD == M_METHOD_RECVMSG
1247 int sysflags;
1248 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
1249 ossl_ssize_t l;
1250 struct msghdr mh;
1251 struct iovec iov;
1252 unsigned char control[BIO_CMSG_ALLOC_LEN];
1253 int have_local_enabled = data->local_addr_enabled;
1254 # elif M_METHOD == M_METHOD_WSARECVMSG
1255 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
1256 int have_local_enabled = data->local_addr_enabled;
1257 WSAMSG wmsg;
1258 WSABUF wbuf;
1259 DWORD num_bytes_sent = 0;
1260 unsigned char control[BIO_CMSG_ALLOC_LEN];
1261 # endif
1262 # if M_METHOD == M_METHOD_RECVFROM || M_METHOD == M_METHOD_WSARECVMSG
1263 int sysflags;
1264 # endif
1265
1266 if (num_msg == 0) {
1267 *num_processed = 0;
1268 return 1;
1269 }
1270
1271 if (num_msg > OSSL_SSIZE_MAX)
1272 num_msg = OSSL_SSIZE_MAX;
1273
1274 # if M_METHOD != M_METHOD_NONE
1275 sysflags = translate_flags(flags);
1276 # endif
1277
1278 # if M_METHOD == M_METHOD_RECVMMSG
1279 /*
1280 * In the sendmmsg/recvmmsg case, we need to allocate our translated struct
1281 * msghdr and struct iovec on the stack to support multithreaded use. Thus
1282 * we place a fixed limit on the number of messages per call, in the
1283 * expectation that we will be called again if there were more messages to
1284 * be sent.
1285 */
1286 if (num_msg > BIO_MAX_MSGS_PER_CALL)
1287 num_msg = BIO_MAX_MSGS_PER_CALL;
1288
1289 for (i = 0; i < num_msg; ++i) {
1290 translate_msg(b, &mh[i].msg_hdr, &iov[i],
1291 control[i], &BIO_MSG_N(msg, stride, i));
1292
1293 /* If local address was requested, it must have been enabled */
1294 if (BIO_MSG_N(msg, stride, i).local != NULL) {
1295 if (!have_local_enabled) {
1296 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1297 *num_processed = 0;
1298 return 0;
1299 }
1300
1301 if (pack_local(b, &mh[i].msg_hdr,
1302 BIO_MSG_N(msg, stride, i).local) < 1) {
1303 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1304 *num_processed = 0;
1305 return 0;
1306 }
1307 }
1308 }
1309
1310 /* Do the batch */
1311 ret = sendmmsg(b->num, mh, num_msg, sysflags);
1312 if (ret < 0) {
1313 ERR_raise(ERR_LIB_SYS, get_last_socket_error());
1314 *num_processed = 0;
1315 return 0;
1316 }
1317
1318 for (i = 0; i < (size_t)ret; ++i) {
1319 BIO_MSG_N(msg, stride, i).data_len = mh[i].msg_len;
1320 BIO_MSG_N(msg, stride, i).flags = 0;
1321 }
1322
1323 *num_processed = (size_t)ret;
1324 return 1;
1325
1326 # elif M_METHOD == M_METHOD_RECVMSG
1327 /*
1328 * If sendmsg is available, use it.
1329 */
1330 translate_msg(b, &mh, &iov, control, msg);
1331
1332 if (msg->local != NULL) {
1333 if (!have_local_enabled) {
1334 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1335 *num_processed = 0;
1336 return 0;
1337 }
1338
1339 if (pack_local(b, &mh, msg->local) < 1) {
1340 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1341 *num_processed = 0;
1342 return 0;
1343 }
1344 }
1345
1346 l = sendmsg(b->num, &mh, sysflags);
1347 if (l < 0) {
1348 ERR_raise(ERR_LIB_SYS, get_last_socket_error());
1349 *num_processed = 0;
1350 return 0;
1351 }
1352
1353 msg->data_len = (size_t)l;
1354 msg->flags = 0;
1355 *num_processed = 1;
1356 return 1;
1357
1358 # elif M_METHOD == M_METHOD_WSARECVMSG || M_METHOD == M_METHOD_RECVFROM
1359 # if M_METHOD == M_METHOD_WSARECVMSG
1360 if (bio_WSASendMsg != NULL) {
1361 /* WSASendMsg-based implementation for Windows. */
1362 translate_msg_win(b, &wmsg, &wbuf, control, msg);
1363
1364 if (msg[0].local != NULL) {
1365 if (!have_local_enabled) {
1366 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1367 *num_processed = 0;
1368 return 0;
1369 }
1370
1371 if (pack_local(b, &wmsg, msg[0].local) < 1) {
1372 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1373 *num_processed = 0;
1374 return 0;
1375 }
1376 }
1377
1378 ret = WSASendMsg((SOCKET)b->num, &wmsg, 0, &num_bytes_sent, NULL, NULL);
1379 if (ret < 0) {
1380 ERR_raise(ERR_LIB_SYS, get_last_socket_error());
1381 *num_processed = 0;
1382 return 0;
1383 }
1384
1385 msg[0].data_len = num_bytes_sent;
1386 msg[0].flags = 0;
1387 *num_processed = 1;
1388 return 1;
1389 }
1390 # endif
1391
1392 /*
1393 * Fallback to sendto and send a single message.
1394 */
1395 if (msg[0].local != NULL) {
1396 /*
1397 * We cannot set the local address if using sendto
1398 * so fail in this case
1399 */
1400 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1401 *num_processed = 0;
1402 return 0;
1403 }
1404
1405 ret = sendto(b->num, msg[0].data,
1406 # if defined(OPENSSL_SYS_WINDOWS)
1407 (int)msg[0].data_len,
1408 # else
1409 msg[0].data_len,
1410 # endif
1411 sysflags,
1412 msg[0].peer != NULL ? &msg[0].peer->sa : NULL,
1413 msg[0].peer != NULL ? sizeof(*msg[0].peer) : 0);
1414 if (ret <= 0) {
1415 ERR_raise(ERR_LIB_SYS, get_last_socket_error());
1416 *num_processed = 0;
1417 return 0;
1418 }
1419
1420 msg[0].data_len = ret;
1421 msg[0].flags = 0;
1422 *num_processed = 1;
1423 return 1;
1424
1425 # else
1426 ERR_raise(ERR_LIB_BIO, BIO_R_UNSUPPORTED_METHOD);
1427 *num_processed = 0;
1428 return 0;
1429 # endif
1430 }
1431
1432 static int dgram_recvmmsg(BIO *b, BIO_MSG *msg,
1433 size_t stride, size_t num_msg,
1434 uint64_t flags, size_t *num_processed)
1435 {
1436 # if M_METHOD != M_METHOD_NONE && M_METHOD != M_METHOD_RECVMSG
1437 int ret;
1438 # endif
1439 # if M_METHOD == M_METHOD_RECVMMSG
1440 int sysflags;
1441 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
1442 size_t i;
1443 struct mmsghdr mh[BIO_MAX_MSGS_PER_CALL];
1444 struct iovec iov[BIO_MAX_MSGS_PER_CALL];
1445 unsigned char control[BIO_MAX_MSGS_PER_CALL][BIO_CMSG_ALLOC_LEN];
1446 int have_local_enabled = data->local_addr_enabled;
1447 # elif M_METHOD == M_METHOD_RECVMSG
1448 int sysflags;
1449 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
1450 ossl_ssize_t l;
1451 struct msghdr mh;
1452 struct iovec iov;
1453 unsigned char control[BIO_CMSG_ALLOC_LEN];
1454 int have_local_enabled = data->local_addr_enabled;
1455 # elif M_METHOD == M_METHOD_WSARECVMSG
1456 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
1457 int have_local_enabled = data->local_addr_enabled;
1458 WSAMSG wmsg;
1459 WSABUF wbuf;
1460 DWORD num_bytes_received = 0;
1461 unsigned char control[BIO_CMSG_ALLOC_LEN];
1462 # endif
1463 # if M_METHOD == M_METHOD_RECVFROM || M_METHOD == M_METHOD_WSARECVMSG
1464 int sysflags;
1465 socklen_t slen;
1466 # endif
1467
1468 if (num_msg == 0) {
1469 *num_processed = 0;
1470 return 1;
1471 }
1472
1473 if (num_msg > OSSL_SSIZE_MAX)
1474 num_msg = OSSL_SSIZE_MAX;
1475
1476 # if M_METHOD != M_METHOD_NONE
1477 sysflags = translate_flags(flags);
1478 # endif
1479
1480 # if M_METHOD == M_METHOD_RECVMMSG
1481 /*
1482 * In the sendmmsg/recvmmsg case, we need to allocate our translated struct
1483 * msghdr and struct iovec on the stack to support multithreaded use. Thus
1484 * we place a fixed limit on the number of messages per call, in the
1485 * expectation that we will be called again if there were more messages to
1486 * be sent.
1487 */
1488 if (num_msg > BIO_MAX_MSGS_PER_CALL)
1489 num_msg = BIO_MAX_MSGS_PER_CALL;
1490
1491 for (i = 0; i < num_msg; ++i) {
1492 translate_msg(b, &mh[i].msg_hdr, &iov[i],
1493 control[i], &BIO_MSG_N(msg, stride, i));
1494
1495 /* If local address was requested, it must have been enabled */
1496 if (BIO_MSG_N(msg, stride, i).local != NULL && !have_local_enabled) {
1497 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1498 *num_processed = 0;
1499 return 0;
1500 }
1501 }
1502
1503 /* Do the batch */
1504 ret = recvmmsg(b->num, mh, num_msg, sysflags, NULL);
1505 if (ret < 0) {
1506 ERR_raise(ERR_LIB_SYS, get_last_socket_error());
1507 *num_processed = 0;
1508 return 0;
1509 }
1510
1511 for (i = 0; i < (size_t)ret; ++i) {
1512 BIO_MSG_N(msg, stride, i).data_len = mh[i].msg_len;
1513 BIO_MSG_N(msg, stride, i).flags = 0;
1514 /*
1515 * *(msg->peer) will have been filled in by recvmmsg;
1516 * for msg->local we parse the control data returned
1517 */
1518 if (BIO_MSG_N(msg, stride, i).local != NULL)
1519 if (extract_local(b, &mh[i].msg_hdr,
1520 BIO_MSG_N(msg, stride, i).local) < 1)
1521 /*
1522 * It appears BSDs do not support local addresses for
1523 * loopback sockets. In this case, just clear the local
1524 * address, as for OS X and Windows in some circumstances
1525 * (see below).
1526 */
1527 BIO_ADDR_clear(msg->local);
1528 }
1529
1530 *num_processed = (size_t)ret;
1531 return 1;
1532
1533 # elif M_METHOD == M_METHOD_RECVMSG
1534 /*
1535 * If recvmsg is available, use it.
1536 */
1537 translate_msg(b, &mh, &iov, control, msg);
1538
1539 /* If local address was requested, it must have been enabled */
1540 if (msg->local != NULL && !have_local_enabled) {
1541 /*
1542 * If we have done at least one message, we must return the
1543 * count; if we haven't done any, we can give an error code
1544 */
1545 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1546 *num_processed = 0;
1547 return 0;
1548 }
1549
1550 l = recvmsg(b->num, &mh, sysflags);
1551 if (l < 0) {
1552 ERR_raise(ERR_LIB_SYS, get_last_socket_error());
1553 *num_processed = 0;
1554 return 0;
1555 }
1556
1557 msg->data_len = (size_t)l;
1558 msg->flags = 0;
1559
1560 if (msg->local != NULL)
1561 if (extract_local(b, &mh, msg->local) < 1)
1562 /*
1563 * OS X exhibits odd behaviour where it appears that if a packet is
1564 * sent before the receiving interface enables IP_PKTINFO, it will
1565 * sometimes not have any control data returned even if the
1566 * receiving interface enables IP_PKTINFO before calling recvmsg().
1567 * This appears to occur non-deterministically. Presumably, OS X
1568 * handles IP_PKTINFO at the time the packet is enqueued into a
1569 * socket's receive queue, rather than at the time recvmsg() is
1570 * called, unlike most other operating systems. Thus (if this
1571 * hypothesis is correct) there is a race between where IP_PKTINFO
1572 * is enabled by the process and when the kernel's network stack
1573 * queues the incoming message.
1574 *
1575 * We cannot return the local address if we do not have it, but this
1576 * is not a caller error either, so just return a zero address
1577 * structure. This is similar to how we handle Windows loopback
1578 * interfaces (see below). We enable this workaround for all
1579 * platforms, not just Apple, as this kind of quirk in OS networking
1580 * stacks seems to be common enough that failing hard if a local
1581 * address is not provided appears to be too brittle.
1582 */
1583 BIO_ADDR_clear(msg->local);
1584
1585 *num_processed = 1;
1586 return 1;
1587
1588 # elif M_METHOD == M_METHOD_RECVFROM || M_METHOD == M_METHOD_WSARECVMSG
1589 # if M_METHOD == M_METHOD_WSARECVMSG
1590 if (bio_WSARecvMsg != NULL) {
1591 /* WSARecvMsg-based implementation for Windows. */
1592 translate_msg_win(b, &wmsg, &wbuf, control, msg);
1593
1594 /* If local address was requested, it must have been enabled */
1595 if (msg[0].local != NULL && !have_local_enabled) {
1596 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1597 *num_processed = 0;
1598 return 0;
1599 }
1600
1601 ret = WSARecvMsg((SOCKET)b->num, &wmsg, &num_bytes_received, NULL, NULL);
1602 if (ret < 0) {
1603 ERR_raise(ERR_LIB_SYS, get_last_socket_error());
1604 *num_processed = 0;
1605 return 0;
1606 }
1607
1608 msg[0].data_len = num_bytes_received;
1609 msg[0].flags = 0;
1610 if (msg[0].local != NULL)
1611 if (extract_local(b, &wmsg, msg[0].local) < 1)
1612 /*
1613 * On Windows, loopback is not a "proper" interface and it works
1614 * differently; packets are essentially short-circuited and
1615 * don't go through all of the normal processing. A consequence
1616 * of this is that packets sent from the local machine to the
1617 * local machine _will not have IP_PKTINFO_ even if the
1618 * IP_PKTINFO socket option is enabled. WSARecvMsg just sets
1619 * Control.len to 0 on returning.
1620 *
1621 * This applies regardless of whether the loopback address,
1622 * 127.0.0.1 is used, or a local interface address (e.g.
1623 * 192.168.1.1); in both cases IP_PKTINFO will not be present.
1624 *
1625 * We report this condition by setting the local BIO_ADDR's
1626 * family to 0.
1627 */
1628 BIO_ADDR_clear(msg[0].local);
1629
1630 *num_processed = 1;
1631 return 1;
1632 }
1633 # endif
1634
1635 /*
1636 * Fallback to recvfrom and receive a single message.
1637 */
1638 if (msg[0].local != NULL) {
1639 /*
1640 * We cannot determine the local address if using recvfrom
1641 * so fail in this case
1642 */
1643 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1644 *num_processed = 0;
1645 return 0;
1646 }
1647
1648 slen = sizeof(*msg[0].peer);
1649 ret = recvfrom(b->num, msg[0].data,
1650 # if defined(OPENSSL_SYS_WINDOWS)
1651 (int)msg[0].data_len,
1652 # else
1653 msg[0].data_len,
1654 # endif
1655 sysflags,
1656 msg[0].peer != NULL ? &msg[0].peer->sa : NULL,
1657 msg[0].peer != NULL ? &slen : NULL);
1658 if (ret <= 0) {
1659 ERR_raise(ERR_LIB_SYS, get_last_socket_error());
1660 return 0;
1661 }
1662
1663 msg[0].data_len = ret;
1664 msg[0].flags = 0;
1665 *num_processed = 1;
1666 return 1;
1667
1668 # else
1669 ERR_raise(ERR_LIB_BIO, BIO_R_UNSUPPORTED_METHOD);
1670 *num_processed = 0;
1671 return 0;
1672 # endif
1673 }
1674
1675 # ifndef OPENSSL_NO_SCTP
1676 const BIO_METHOD *BIO_s_datagram_sctp(void)
1677 {
1678 return &methods_dgramp_sctp;
1679 }
1680
1681 BIO *BIO_new_dgram_sctp(int fd, int close_flag)
1682 {
1683 BIO *bio;
1684 int ret, optval = 20000;
1685 int auth_data = 0, auth_forward = 0;
1686 unsigned char *p;
1687 struct sctp_authchunk auth;
1688 struct sctp_authchunks *authchunks;
1689 socklen_t sockopt_len;
1690 # ifdef SCTP_AUTHENTICATION_EVENT
1691 # ifdef SCTP_EVENT
1692 struct sctp_event event;
1693 # else
1694 struct sctp_event_subscribe event;
1695 # endif
1696 # endif
1697
1698 bio = BIO_new(BIO_s_datagram_sctp());
1699 if (bio == NULL)
1700 return NULL;
1701 BIO_set_fd(bio, fd, close_flag);
1702
1703 /* Activate SCTP-AUTH for DATA and FORWARD-TSN chunks */
1704 auth.sauth_chunk = OPENSSL_SCTP_DATA_CHUNK_TYPE;
1705 ret =
1706 setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth,
1707 sizeof(struct sctp_authchunk));
1708 if (ret < 0) {
1709 BIO_vfree(bio);
1710 ERR_raise_data(ERR_LIB_BIO, ERR_R_SYS_LIB,
1711 "Ensure SCTP AUTH chunks are enabled in kernel");
1712 return NULL;
1713 }
1714 auth.sauth_chunk = OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE;
1715 ret =
1716 setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth,
1717 sizeof(struct sctp_authchunk));
1718 if (ret < 0) {
1719 BIO_vfree(bio);
1720 ERR_raise_data(ERR_LIB_BIO, ERR_R_SYS_LIB,
1721 "Ensure SCTP AUTH chunks are enabled in kernel");
1722 return NULL;
1723 }
1724
1725 /*
1726 * Test if activation was successful. When using accept(), SCTP-AUTH has
1727 * to be activated for the listening socket already, otherwise the
1728 * connected socket won't use it. Similarly with connect(): the socket
1729 * prior to connection must be activated for SCTP-AUTH
1730 */
1731 sockopt_len = (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
1732 authchunks = OPENSSL_zalloc(sockopt_len);
1733 if (authchunks == NULL) {
1734 BIO_vfree(bio);
1735 return NULL;
1736 }
1737 ret = getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks,
1738 &sockopt_len);
1739 if (ret < 0) {
1740 OPENSSL_free(authchunks);
1741 BIO_vfree(bio);
1742 return NULL;
1743 }
1744
1745 for (p = (unsigned char *)authchunks->gauth_chunks;
1746 p < (unsigned char *)authchunks + sockopt_len;
1747 p += sizeof(uint8_t)) {
1748 if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE)
1749 auth_data = 1;
1750 if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE)
1751 auth_forward = 1;
1752 }
1753
1754 OPENSSL_free(authchunks);
1755
1756 if (!auth_data || !auth_forward) {
1757 BIO_vfree(bio);
1758 ERR_raise_data(ERR_LIB_BIO, ERR_R_SYS_LIB,
1759 "Ensure SCTP AUTH chunks are enabled on the "
1760 "underlying socket");
1761 return NULL;
1762 }
1763
1764 # ifdef SCTP_AUTHENTICATION_EVENT
1765 # ifdef SCTP_EVENT
1766 memset(&event, 0, sizeof(event));
1767 event.se_assoc_id = 0;
1768 event.se_type = SCTP_AUTHENTICATION_EVENT;
1769 event.se_on = 1;
1770 ret =
1771 setsockopt(fd, IPPROTO_SCTP, SCTP_EVENT, &event,
1772 sizeof(struct sctp_event));
1773 if (ret < 0) {
1774 BIO_vfree(bio);
1775 return NULL;
1776 }
1777 # else
1778 sockopt_len = (socklen_t) sizeof(struct sctp_event_subscribe);
1779 ret = getsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event, &sockopt_len);
1780 if (ret < 0) {
1781 BIO_vfree(bio);
1782 return NULL;
1783 }
1784
1785 event.sctp_authentication_event = 1;
1786
1787 ret =
1788 setsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event,
1789 sizeof(struct sctp_event_subscribe));
1790 if (ret < 0) {
1791 BIO_vfree(bio);
1792 return NULL;
1793 }
1794 # endif
1795 # endif
1796
1797 /*
1798 * Disable partial delivery by setting the min size larger than the max
1799 * record size of 2^14 + 2048 + 13
1800 */
1801 ret =
1802 setsockopt(fd, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT, &optval,
1803 sizeof(optval));
1804 if (ret < 0) {
1805 BIO_vfree(bio);
1806 return NULL;
1807 }
1808
1809 return bio;
1810 }
1811
1812 int BIO_dgram_is_sctp(BIO *bio)
1813 {
1814 return (BIO_method_type(bio) == BIO_TYPE_DGRAM_SCTP);
1815 }
1816
1817 static int dgram_sctp_new(BIO *bi)
1818 {
1819 bio_dgram_sctp_data *data = NULL;
1820
1821 bi->init = 0;
1822 bi->num = 0;
1823 if ((data = OPENSSL_zalloc(sizeof(*data))) == NULL)
1824 return 0;
1825 # ifdef SCTP_PR_SCTP_NONE
1826 data->prinfo.pr_policy = SCTP_PR_SCTP_NONE;
1827 # endif
1828 bi->ptr = data;
1829
1830 bi->flags = 0;
1831 return 1;
1832 }
1833
1834 static int dgram_sctp_free(BIO *a)
1835 {
1836 bio_dgram_sctp_data *data;
1837
1838 if (a == NULL)
1839 return 0;
1840 if (!dgram_clear(a))
1841 return 0;
1842
1843 data = (bio_dgram_sctp_data *) a->ptr;
1844 if (data != NULL)
1845 OPENSSL_free(data);
1846
1847 return 1;
1848 }
1849
1850 # ifdef SCTP_AUTHENTICATION_EVENT
1851 void dgram_sctp_handle_auth_free_key_event(BIO *b,
1852 union sctp_notification *snp)
1853 {
1854 int ret;
1855 struct sctp_authkey_event *authkeyevent = &snp->sn_auth_event;
1856
1857 if (authkeyevent->auth_indication == SCTP_AUTH_FREE_KEY) {
1858 struct sctp_authkeyid authkeyid;
1859
1860 /* delete key */
1861 authkeyid.scact_keynumber = authkeyevent->auth_keynumber;
1862 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DELETE_KEY,
1863 &authkeyid, sizeof(struct sctp_authkeyid));
1864 }
1865 }
1866 # endif
1867
1868 static int dgram_sctp_read(BIO *b, char *out, int outl)
1869 {
1870 int ret = 0, n = 0, i, optval;
1871 socklen_t optlen;
1872 bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
1873 struct msghdr msg;
1874 struct iovec iov;
1875 struct cmsghdr *cmsg;
1876 char cmsgbuf[512];
1877
1878 if (out != NULL) {
1879 clear_socket_error();
1880
1881 do {
1882 memset(&data->rcvinfo, 0, sizeof(data->rcvinfo));
1883 iov.iov_base = out;
1884 iov.iov_len = outl;
1885 msg.msg_name = NULL;
1886 msg.msg_namelen = 0;
1887 msg.msg_iov = &iov;
1888 msg.msg_iovlen = 1;
1889 msg.msg_control = cmsgbuf;
1890 msg.msg_controllen = 512;
1891 msg.msg_flags = 0;
1892 n = recvmsg(b->num, &msg, 0);
1893
1894 if (n <= 0) {
1895 if (n < 0)
1896 ret = n;
1897 break;
1898 }
1899
1900 if (msg.msg_controllen > 0) {
1901 for (cmsg = CMSG_FIRSTHDR(&msg); cmsg;
1902 cmsg = CMSG_NXTHDR(&msg, cmsg)) {
1903 if (cmsg->cmsg_level != IPPROTO_SCTP)
1904 continue;
1905 # ifdef SCTP_RCVINFO
1906 if (cmsg->cmsg_type == SCTP_RCVINFO) {
1907 struct sctp_rcvinfo *rcvinfo;
1908
1909 rcvinfo = (struct sctp_rcvinfo *)CMSG_DATA(cmsg);
1910 data->rcvinfo.rcv_sid = rcvinfo->rcv_sid;
1911 data->rcvinfo.rcv_ssn = rcvinfo->rcv_ssn;
1912 data->rcvinfo.rcv_flags = rcvinfo->rcv_flags;
1913 data->rcvinfo.rcv_ppid = rcvinfo->rcv_ppid;
1914 data->rcvinfo.rcv_tsn = rcvinfo->rcv_tsn;
1915 data->rcvinfo.rcv_cumtsn = rcvinfo->rcv_cumtsn;
1916 data->rcvinfo.rcv_context = rcvinfo->rcv_context;
1917 }
1918 # endif
1919 # ifdef SCTP_SNDRCV
1920 if (cmsg->cmsg_type == SCTP_SNDRCV) {
1921 struct sctp_sndrcvinfo *sndrcvinfo;
1922
1923 sndrcvinfo =
1924 (struct sctp_sndrcvinfo *)CMSG_DATA(cmsg);
1925 data->rcvinfo.rcv_sid = sndrcvinfo->sinfo_stream;
1926 data->rcvinfo.rcv_ssn = sndrcvinfo->sinfo_ssn;
1927 data->rcvinfo.rcv_flags = sndrcvinfo->sinfo_flags;
1928 data->rcvinfo.rcv_ppid = sndrcvinfo->sinfo_ppid;
1929 data->rcvinfo.rcv_tsn = sndrcvinfo->sinfo_tsn;
1930 data->rcvinfo.rcv_cumtsn = sndrcvinfo->sinfo_cumtsn;
1931 data->rcvinfo.rcv_context = sndrcvinfo->sinfo_context;
1932 }
1933 # endif
1934 }
1935 }
1936
1937 if (msg.msg_flags & MSG_NOTIFICATION) {
1938 union sctp_notification snp;
1939
1940 memcpy(&snp, out, sizeof(snp));
1941 if (snp.sn_header.sn_type == SCTP_SENDER_DRY_EVENT) {
1942 # ifdef SCTP_EVENT
1943 struct sctp_event event;
1944 # else
1945 struct sctp_event_subscribe event;
1946 socklen_t eventsize;
1947 # endif
1948
1949 /* disable sender dry event */
1950 # ifdef SCTP_EVENT
1951 memset(&event, 0, sizeof(event));
1952 event.se_assoc_id = 0;
1953 event.se_type = SCTP_SENDER_DRY_EVENT;
1954 event.se_on = 0;
1955 i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event,
1956 sizeof(struct sctp_event));
1957 if (i < 0) {
1958 ret = i;
1959 break;
1960 }
1961 # else
1962 eventsize = sizeof(struct sctp_event_subscribe);
1963 i = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
1964 &eventsize);
1965 if (i < 0) {
1966 ret = i;
1967 break;
1968 }
1969
1970 event.sctp_sender_dry_event = 0;
1971
1972 i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
1973 sizeof(struct sctp_event_subscribe));
1974 if (i < 0) {
1975 ret = i;
1976 break;
1977 }
1978 # endif
1979 }
1980 # ifdef SCTP_AUTHENTICATION_EVENT
1981 if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT)
1982 dgram_sctp_handle_auth_free_key_event(b, &snp);
1983 # endif
1984
1985 if (data->handle_notifications != NULL)
1986 data->handle_notifications(b, data->notification_context,
1987 (void *)out);
1988
1989 memset(&snp, 0, sizeof(snp));
1990 memset(out, 0, outl);
1991 } else {
1992 ret += n;
1993 }
1994 }
1995 while ((msg.msg_flags & MSG_NOTIFICATION) && (msg.msg_flags & MSG_EOR)
1996 && (ret < outl));
1997
1998 if (ret > 0 && !(msg.msg_flags & MSG_EOR)) {
1999 /* Partial message read, this should never happen! */
2000
2001 /*
2002 * The buffer was too small, this means the peer sent a message
2003 * that was larger than allowed.
2004 */
2005 if (ret == outl)
2006 return -1;
2007
2008 /*
2009 * Test if socket buffer can handle max record size (2^14 + 2048
2010 * + 13)
2011 */
2012 optlen = (socklen_t) sizeof(int);
2013 ret = getsockopt(b->num, SOL_SOCKET, SO_RCVBUF, &optval, &optlen);
2014 if (ret >= 0)
2015 OPENSSL_assert(optval >= 18445);
2016
2017 /*
2018 * Test if SCTP doesn't partially deliver below max record size
2019 * (2^14 + 2048 + 13)
2020 */
2021 optlen = (socklen_t) sizeof(int);
2022 ret =
2023 getsockopt(b->num, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT,
2024 &optval, &optlen);
2025 if (ret >= 0)
2026 OPENSSL_assert(optval >= 18445);
2027
2028 /*
2029 * Partially delivered notification??? Probably a bug....
2030 */
2031 OPENSSL_assert(!(msg.msg_flags & MSG_NOTIFICATION));
2032
2033 /*
2034 * Everything seems ok till now, so it's most likely a message
2035 * dropped by PR-SCTP.
2036 */
2037 memset(out, 0, outl);
2038 BIO_set_retry_read(b);
2039 return -1;
2040 }
2041
2042 BIO_clear_retry_flags(b);
2043 if (ret < 0) {
2044 if (BIO_dgram_should_retry(ret)) {
2045 BIO_set_retry_read(b);
2046 data->_errno = get_last_socket_error();
2047 }
2048 }
2049
2050 /* Test if peer uses SCTP-AUTH before continuing */
2051 if (!data->peer_auth_tested) {
2052 int ii, auth_data = 0, auth_forward = 0;
2053 unsigned char *p;
2054 struct sctp_authchunks *authchunks;
2055
2056 optlen =
2057 (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
2058 authchunks = OPENSSL_malloc(optlen);
2059 if (authchunks == NULL)
2060 return -1;
2061 memset(authchunks, 0, optlen);
2062 ii = getsockopt(b->num, IPPROTO_SCTP, SCTP_PEER_AUTH_CHUNKS,
2063 authchunks, &optlen);
2064
2065 if (ii >= 0)
2066 for (p = (unsigned char *)authchunks->gauth_chunks;
2067 p < (unsigned char *)authchunks + optlen;
2068 p += sizeof(uint8_t)) {
2069 if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE)
2070 auth_data = 1;
2071 if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE)
2072 auth_forward = 1;
2073 }
2074
2075 OPENSSL_free(authchunks);
2076
2077 if (!auth_data || !auth_forward) {
2078 ERR_raise(ERR_LIB_BIO, BIO_R_CONNECT_ERROR);
2079 return -1;
2080 }
2081
2082 data->peer_auth_tested = 1;
2083 }
2084 }
2085 return ret;
2086 }
2087
2088 /*
2089 * dgram_sctp_write - send message on SCTP socket
2090 * @b: BIO to write to
2091 * @in: data to send
2092 * @inl: amount of bytes in @in to send
2093 *
2094 * Returns -1 on error or the sent amount of bytes on success
2095 */
2096 static int dgram_sctp_write(BIO *b, const char *in, int inl)
2097 {
2098 int ret;
2099 bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
2100 struct bio_dgram_sctp_sndinfo *sinfo = &(data->sndinfo);
2101 struct bio_dgram_sctp_prinfo *pinfo = &(data->prinfo);
2102 struct bio_dgram_sctp_sndinfo handshake_sinfo;
2103 struct iovec iov[1];
2104 struct msghdr msg;
2105 struct cmsghdr *cmsg;
2106 # if defined(SCTP_SNDINFO) && defined(SCTP_PRINFO)
2107 char cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndinfo)) +
2108 CMSG_SPACE(sizeof(struct sctp_prinfo))];
2109 struct sctp_sndinfo *sndinfo;
2110 struct sctp_prinfo *prinfo;
2111 # else
2112 char cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndrcvinfo))];
2113 struct sctp_sndrcvinfo *sndrcvinfo;
2114 # endif
2115
2116 clear_socket_error();
2117
2118 /*
2119 * If we're send anything else than application data, disable all user
2120 * parameters and flags.
2121 */
2122 if (in[0] != 23) {
2123 memset(&handshake_sinfo, 0, sizeof(handshake_sinfo));
2124 # ifdef SCTP_SACK_IMMEDIATELY
2125 handshake_sinfo.snd_flags = SCTP_SACK_IMMEDIATELY;
2126 # endif
2127 sinfo = &handshake_sinfo;
2128 }
2129
2130 /* We can only send a shutdown alert if the socket is dry */
2131 if (data->save_shutdown) {
2132 ret = BIO_dgram_sctp_wait_for_dry(b);
2133 if (ret < 0)
2134 return -1;
2135 if (ret == 0) {
2136 BIO_clear_retry_flags(b);
2137 BIO_set_retry_write(b);
2138 return -1;
2139 }
2140 }
2141
2142 iov[0].iov_base = (char *)in;
2143 iov[0].iov_len = inl;
2144 msg.msg_name = NULL;
2145 msg.msg_namelen = 0;
2146 msg.msg_iov = iov;
2147 msg.msg_iovlen = 1;
2148 msg.msg_control = (caddr_t) cmsgbuf;
2149 msg.msg_controllen = 0;
2150 msg.msg_flags = 0;
2151 # if defined(SCTP_SNDINFO) && defined(SCTP_PRINFO)
2152 cmsg = (struct cmsghdr *)cmsgbuf;
2153 cmsg->cmsg_level = IPPROTO_SCTP;
2154 cmsg->cmsg_type = SCTP_SNDINFO;
2155 cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndinfo));
2156 sndinfo = (struct sctp_sndinfo *)CMSG_DATA(cmsg);
2157 memset(sndinfo, 0, sizeof(*sndinfo));
2158 sndinfo->snd_sid = sinfo->snd_sid;
2159 sndinfo->snd_flags = sinfo->snd_flags;
2160 sndinfo->snd_ppid = sinfo->snd_ppid;
2161 sndinfo->snd_context = sinfo->snd_context;
2162 msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_sndinfo));
2163
2164 cmsg =
2165 (struct cmsghdr *)&cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndinfo))];
2166 cmsg->cmsg_level = IPPROTO_SCTP;
2167 cmsg->cmsg_type = SCTP_PRINFO;
2168 cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_prinfo));
2169 prinfo = (struct sctp_prinfo *)CMSG_DATA(cmsg);
2170 memset(prinfo, 0, sizeof(*prinfo));
2171 prinfo->pr_policy = pinfo->pr_policy;
2172 prinfo->pr_value = pinfo->pr_value;
2173 msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_prinfo));
2174 # else
2175 cmsg = (struct cmsghdr *)cmsgbuf;
2176 cmsg->cmsg_level = IPPROTO_SCTP;
2177 cmsg->cmsg_type = SCTP_SNDRCV;
2178 cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndrcvinfo));
2179 sndrcvinfo = (struct sctp_sndrcvinfo *)CMSG_DATA(cmsg);
2180 memset(sndrcvinfo, 0, sizeof(*sndrcvinfo));
2181 sndrcvinfo->sinfo_stream = sinfo->snd_sid;
2182 sndrcvinfo->sinfo_flags = sinfo->snd_flags;
2183 # ifdef __FreeBSD__
2184 sndrcvinfo->sinfo_flags |= pinfo->pr_policy;
2185 # endif
2186 sndrcvinfo->sinfo_ppid = sinfo->snd_ppid;
2187 sndrcvinfo->sinfo_context = sinfo->snd_context;
2188 sndrcvinfo->sinfo_timetolive = pinfo->pr_value;
2189 msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_sndrcvinfo));
2190 # endif
2191
2192 ret = sendmsg(b->num, &msg, 0);
2193
2194 BIO_clear_retry_flags(b);
2195 if (ret <= 0) {
2196 if (BIO_dgram_should_retry(ret)) {
2197 BIO_set_retry_write(b);
2198 data->_errno = get_last_socket_error();
2199 }
2200 }
2201 return ret;
2202 }
2203
2204 static long dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr)
2205 {
2206 long ret = 1;
2207 bio_dgram_sctp_data *data = NULL;
2208 socklen_t sockopt_len = 0;
2209 struct sctp_authkeyid authkeyid;
2210 struct sctp_authkey *authkey = NULL;
2211
2212 data = (bio_dgram_sctp_data *) b->ptr;
2213
2214 switch (cmd) {
2215 case BIO_CTRL_DGRAM_QUERY_MTU:
2216 /*
2217 * Set to maximum (2^14) and ignore user input to enable transport
2218 * protocol fragmentation. Returns always 2^14.
2219 */
2220 data->mtu = 16384;
2221 ret = data->mtu;
2222 break;
2223 case BIO_CTRL_DGRAM_SET_MTU:
2224 /*
2225 * Set to maximum (2^14) and ignore input to enable transport
2226 * protocol fragmentation. Returns always 2^14.
2227 */
2228 data->mtu = 16384;
2229 ret = data->mtu;
2230 break;
2231 case BIO_CTRL_DGRAM_SET_CONNECTED:
2232 case BIO_CTRL_DGRAM_CONNECT:
2233 /* Returns always -1. */
2234 ret = -1;
2235 break;
2236 case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT:
2237 /*
2238 * SCTP doesn't need the DTLS timer Returns always 1.
2239 */
2240 break;
2241 case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD:
2242 /*
2243 * We allow transport protocol fragmentation so this is irrelevant
2244 */
2245 ret = 0;
2246 break;
2247 case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE:
2248 if (num > 0)
2249 data->in_handshake = 1;
2250 else
2251 data->in_handshake = 0;
2252
2253 ret =
2254 setsockopt(b->num, IPPROTO_SCTP, SCTP_NODELAY,
2255 &data->in_handshake, sizeof(int));
2256 break;
2257 case BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY:
2258 /*
2259 * New shared key for SCTP AUTH. Returns 0 on success, -1 otherwise.
2260 */
2261
2262 /* Get active key */
2263 sockopt_len = sizeof(struct sctp_authkeyid);
2264 ret =
2265 getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid,
2266 &sockopt_len);
2267 if (ret < 0)
2268 break;
2269
2270 /* Add new key */
2271 sockopt_len = sizeof(struct sctp_authkey) + 64 * sizeof(uint8_t);
2272 authkey = OPENSSL_malloc(sockopt_len);
2273 if (authkey == NULL) {
2274 ret = -1;
2275 break;
2276 }
2277 memset(authkey, 0, sockopt_len);
2278 authkey->sca_keynumber = authkeyid.scact_keynumber + 1;
2279 # ifndef __FreeBSD__
2280 /*
2281 * This field is missing in FreeBSD 8.2 and earlier, and FreeBSD 8.3
2282 * and higher work without it.
2283 */
2284 authkey->sca_keylength = 64;
2285 # endif
2286 memcpy(&authkey->sca_key[0], ptr, 64 * sizeof(uint8_t));
2287
2288 ret =
2289 setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_KEY, authkey,
2290 sockopt_len);
2291 OPENSSL_free(authkey);
2292 authkey = NULL;
2293 if (ret < 0)
2294 break;
2295
2296 /* Reset active key */
2297 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY,
2298 &authkeyid, sizeof(struct sctp_authkeyid));
2299 if (ret < 0)
2300 break;
2301
2302 break;
2303 case BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY:
2304 /* Returns 0 on success, -1 otherwise. */
2305
2306 /* Get active key */
2307 sockopt_len = sizeof(struct sctp_authkeyid);
2308 ret =
2309 getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid,
2310 &sockopt_len);
2311 if (ret < 0)
2312 break;
2313
2314 /* Set active key */
2315 authkeyid.scact_keynumber = authkeyid.scact_keynumber + 1;
2316 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY,
2317 &authkeyid, sizeof(struct sctp_authkeyid));
2318 if (ret < 0)
2319 break;
2320
2321 /*
2322 * CCS has been sent, so remember that and fall through to check if
2323 * we need to deactivate an old key
2324 */
2325 data->ccs_sent = 1;
2326 /* fall-through */
2327
2328 case BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD:
2329 /* Returns 0 on success, -1 otherwise. */
2330
2331 /*
2332 * Has this command really been called or is this just a
2333 * fall-through?
2334 */
2335 if (cmd == BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD)
2336 data->ccs_rcvd = 1;
2337
2338 /*
2339 * CSS has been both, received and sent, so deactivate an old key
2340 */
2341 if (data->ccs_rcvd == 1 && data->ccs_sent == 1) {
2342 /* Get active key */
2343 sockopt_len = sizeof(struct sctp_authkeyid);
2344 ret =
2345 getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY,
2346 &authkeyid, &sockopt_len);
2347 if (ret < 0)
2348 break;
2349
2350 /*
2351 * Deactivate key or delete second last key if
2352 * SCTP_AUTHENTICATION_EVENT is not available.
2353 */
2354 authkeyid.scact_keynumber = authkeyid.scact_keynumber - 1;
2355 # ifdef SCTP_AUTH_DEACTIVATE_KEY
2356 sockopt_len = sizeof(struct sctp_authkeyid);
2357 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DEACTIVATE_KEY,
2358 &authkeyid, sockopt_len);
2359 if (ret < 0)
2360 break;
2361 # endif
2362 # ifndef SCTP_AUTHENTICATION_EVENT
2363 if (authkeyid.scact_keynumber > 0) {
2364 authkeyid.scact_keynumber = authkeyid.scact_keynumber - 1;
2365 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DELETE_KEY,
2366 &authkeyid, sizeof(struct sctp_authkeyid));
2367 if (ret < 0)
2368 break;
2369 }
2370 # endif
2371
2372 data->ccs_rcvd = 0;
2373 data->ccs_sent = 0;
2374 }
2375 break;
2376 case BIO_CTRL_DGRAM_SCTP_GET_SNDINFO:
2377 /* Returns the size of the copied struct. */
2378 if (num > (long)sizeof(struct bio_dgram_sctp_sndinfo))
2379 num = sizeof(struct bio_dgram_sctp_sndinfo);
2380
2381 memcpy(ptr, &(data->sndinfo), num);
2382 ret = num;
2383 break;
2384 case BIO_CTRL_DGRAM_SCTP_SET_SNDINFO:
2385 /* Returns the size of the copied struct. */
2386 if (num > (long)sizeof(struct bio_dgram_sctp_sndinfo))
2387 num = sizeof(struct bio_dgram_sctp_sndinfo);
2388
2389 memcpy(&(data->sndinfo), ptr, num);
2390 break;
2391 case BIO_CTRL_DGRAM_SCTP_GET_RCVINFO:
2392 /* Returns the size of the copied struct. */
2393 if (num > (long)sizeof(struct bio_dgram_sctp_rcvinfo))
2394 num = sizeof(struct bio_dgram_sctp_rcvinfo);
2395
2396 memcpy(ptr, &data->rcvinfo, num);
2397
2398 ret = num;
2399 break;
2400 case BIO_CTRL_DGRAM_SCTP_SET_RCVINFO:
2401 /* Returns the size of the copied struct. */
2402 if (num > (long)sizeof(struct bio_dgram_sctp_rcvinfo))
2403 num = sizeof(struct bio_dgram_sctp_rcvinfo);
2404
2405 memcpy(&(data->rcvinfo), ptr, num);
2406 break;
2407 case BIO_CTRL_DGRAM_SCTP_GET_PRINFO:
2408 /* Returns the size of the copied struct. */
2409 if (num > (long)sizeof(struct bio_dgram_sctp_prinfo))
2410 num = sizeof(struct bio_dgram_sctp_prinfo);
2411
2412 memcpy(ptr, &(data->prinfo), num);
2413 ret = num;
2414 break;
2415 case BIO_CTRL_DGRAM_SCTP_SET_PRINFO:
2416 /* Returns the size of the copied struct. */
2417 if (num > (long)sizeof(struct bio_dgram_sctp_prinfo))
2418 num = sizeof(struct bio_dgram_sctp_prinfo);
2419
2420 memcpy(&(data->prinfo), ptr, num);
2421 break;
2422 case BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN:
2423 /* Returns always 1. */
2424 if (num > 0)
2425 data->save_shutdown = 1;
2426 else
2427 data->save_shutdown = 0;
2428 break;
2429 case BIO_CTRL_DGRAM_SCTP_WAIT_FOR_DRY:
2430 return dgram_sctp_wait_for_dry(b);
2431 case BIO_CTRL_DGRAM_SCTP_MSG_WAITING:
2432 return dgram_sctp_msg_waiting(b);
2433
2434 default:
2435 /*
2436 * Pass to default ctrl function to process SCTP unspecific commands
2437 */
2438 ret = dgram_ctrl(b, cmd, num, ptr);
2439 break;
2440 }
2441 return ret;
2442 }
2443
2444 int BIO_dgram_sctp_notification_cb(BIO *b,
2445 BIO_dgram_sctp_notification_handler_fn handle_notifications,
2446 void *context)
2447 {
2448 bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
2449
2450 if (handle_notifications != NULL) {
2451 data->handle_notifications = handle_notifications;
2452 data->notification_context = context;
2453 } else
2454 return -1;
2455
2456 return 0;
2457 }
2458
2459 /*
2460 * BIO_dgram_sctp_wait_for_dry - Wait for SCTP SENDER_DRY event
2461 * @b: The BIO to check for the dry event
2462 *
2463 * Wait until the peer confirms all packets have been received, and so that
2464 * our kernel doesn't have anything to send anymore. This is only received by
2465 * the peer's kernel, not the application.
2466 *
2467 * Returns:
2468 * -1 on error
2469 * 0 when not dry yet
2470 * 1 when dry
2471 */
2472 int BIO_dgram_sctp_wait_for_dry(BIO *b)
2473 {
2474 return (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SCTP_WAIT_FOR_DRY, 0, NULL);
2475 }
2476
2477 static int dgram_sctp_wait_for_dry(BIO *b)
2478 {
2479 int is_dry = 0;
2480 int sockflags = 0;
2481 int n, ret;
2482 union sctp_notification snp;
2483 struct msghdr msg;
2484 struct iovec iov;
2485 # ifdef SCTP_EVENT
2486 struct sctp_event event;
2487 # else
2488 struct sctp_event_subscribe event;
2489 socklen_t eventsize;
2490 # endif
2491 bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
2492
2493 /* set sender dry event */
2494 # ifdef SCTP_EVENT
2495 memset(&event, 0, sizeof(event));
2496 event.se_assoc_id = 0;
2497 event.se_type = SCTP_SENDER_DRY_EVENT;
2498 event.se_on = 1;
2499 ret =
2500 setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event,
2501 sizeof(struct sctp_event));
2502 # else
2503 eventsize = sizeof(struct sctp_event_subscribe);
2504 ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, &eventsize);
2505 if (ret < 0)
2506 return -1;
2507
2508 event.sctp_sender_dry_event = 1;
2509
2510 ret =
2511 setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
2512 sizeof(struct sctp_event_subscribe));
2513 # endif
2514 if (ret < 0)
2515 return -1;
2516
2517 /* peek for notification */
2518 memset(&snp, 0, sizeof(snp));
2519 iov.iov_base = (char *)&snp;
2520 iov.iov_len = sizeof(union sctp_notification);
2521 msg.msg_name = NULL;
2522 msg.msg_namelen = 0;
2523 msg.msg_iov = &iov;
2524 msg.msg_iovlen = 1;
2525 msg.msg_control = NULL;
2526 msg.msg_controllen = 0;
2527 msg.msg_flags = 0;
2528
2529 n = recvmsg(b->num, &msg, MSG_PEEK);
2530 if (n <= 0) {
2531 if ((n < 0) && (get_last_socket_error() != EAGAIN)
2532 && (get_last_socket_error() != EWOULDBLOCK))
2533 return -1;
2534 else
2535 return 0;
2536 }
2537
2538 /* if we find a notification, process it and try again if necessary */
2539 while (msg.msg_flags & MSG_NOTIFICATION) {
2540 memset(&snp, 0, sizeof(snp));
2541 iov.iov_base = (char *)&snp;
2542 iov.iov_len = sizeof(union sctp_notification);
2543 msg.msg_name = NULL;
2544 msg.msg_namelen = 0;
2545 msg.msg_iov = &iov;
2546 msg.msg_iovlen = 1;
2547 msg.msg_control = NULL;
2548 msg.msg_controllen = 0;
2549 msg.msg_flags = 0;
2550
2551 n = recvmsg(b->num, &msg, 0);
2552 if (n <= 0) {
2553 if ((n < 0) && (get_last_socket_error() != EAGAIN)
2554 && (get_last_socket_error() != EWOULDBLOCK))
2555 return -1;
2556 else
2557 return is_dry;
2558 }
2559
2560 if (snp.sn_header.sn_type == SCTP_SENDER_DRY_EVENT) {
2561 is_dry = 1;
2562
2563 /* disable sender dry event */
2564 # ifdef SCTP_EVENT
2565 memset(&event, 0, sizeof(event));
2566 event.se_assoc_id = 0;
2567 event.se_type = SCTP_SENDER_DRY_EVENT;
2568 event.se_on = 0;
2569 ret =
2570 setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event,
2571 sizeof(struct sctp_event));
2572 # else
2573 eventsize = (socklen_t) sizeof(struct sctp_event_subscribe);
2574 ret =
2575 getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
2576 &eventsize);
2577 if (ret < 0)
2578 return -1;
2579
2580 event.sctp_sender_dry_event = 0;
2581
2582 ret =
2583 setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
2584 sizeof(struct sctp_event_subscribe));
2585 # endif
2586 if (ret < 0)
2587 return -1;
2588 }
2589 # ifdef SCTP_AUTHENTICATION_EVENT
2590 if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT)
2591 dgram_sctp_handle_auth_free_key_event(b, &snp);
2592 # endif
2593
2594 if (data->handle_notifications != NULL)
2595 data->handle_notifications(b, data->notification_context,
2596 (void *)&snp);
2597
2598 /* found notification, peek again */
2599 memset(&snp, 0, sizeof(snp));
2600 iov.iov_base = (char *)&snp;
2601 iov.iov_len = sizeof(union sctp_notification);
2602 msg.msg_name = NULL;
2603 msg.msg_namelen = 0;
2604 msg.msg_iov = &iov;
2605 msg.msg_iovlen = 1;
2606 msg.msg_control = NULL;
2607 msg.msg_controllen = 0;
2608 msg.msg_flags = 0;
2609
2610 /* if we have seen the dry already, don't wait */
2611 if (is_dry) {
2612 sockflags = fcntl(b->num, F_GETFL, 0);
2613 fcntl(b->num, F_SETFL, O_NONBLOCK);
2614 }
2615
2616 n = recvmsg(b->num, &msg, MSG_PEEK);
2617
2618 if (is_dry) {
2619 fcntl(b->num, F_SETFL, sockflags);
2620 }
2621
2622 if (n <= 0) {
2623 if ((n < 0) && (get_last_socket_error() != EAGAIN)
2624 && (get_last_socket_error() != EWOULDBLOCK))
2625 return -1;
2626 else
2627 return is_dry;
2628 }
2629 }
2630
2631 /* read anything else */
2632 return is_dry;
2633 }
2634
2635 int BIO_dgram_sctp_msg_waiting(BIO *b)
2636 {
2637 return (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SCTP_MSG_WAITING, 0, NULL);
2638 }
2639
2640 static int dgram_sctp_msg_waiting(BIO *b)
2641 {
2642 int n, sockflags;
2643 union sctp_notification snp;
2644 struct msghdr msg;
2645 struct iovec iov;
2646 bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
2647
2648 /* Check if there are any messages waiting to be read */
2649 do {
2650 memset(&snp, 0, sizeof(snp));
2651 iov.iov_base = (char *)&snp;
2652 iov.iov_len = sizeof(union sctp_notification);
2653 msg.msg_name = NULL;
2654 msg.msg_namelen = 0;
2655 msg.msg_iov = &iov;
2656 msg.msg_iovlen = 1;
2657 msg.msg_control = NULL;
2658 msg.msg_controllen = 0;
2659 msg.msg_flags = 0;
2660
2661 sockflags = fcntl(b->num, F_GETFL, 0);
2662 fcntl(b->num, F_SETFL, O_NONBLOCK);
2663 n = recvmsg(b->num, &msg, MSG_PEEK);
2664 fcntl(b->num, F_SETFL, sockflags);
2665
2666 /* if notification, process and try again */
2667 if (n > 0 && (msg.msg_flags & MSG_NOTIFICATION)) {
2668 # ifdef SCTP_AUTHENTICATION_EVENT
2669 if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT)
2670 dgram_sctp_handle_auth_free_key_event(b, &snp);
2671 # endif
2672
2673 memset(&snp, 0, sizeof(snp));
2674 iov.iov_base = (char *)&snp;
2675 iov.iov_len = sizeof(union sctp_notification);
2676 msg.msg_name = NULL;
2677 msg.msg_namelen = 0;
2678 msg.msg_iov = &iov;
2679 msg.msg_iovlen = 1;
2680 msg.msg_control = NULL;
2681 msg.msg_controllen = 0;
2682 msg.msg_flags = 0;
2683 n = recvmsg(b->num, &msg, 0);
2684
2685 if (data->handle_notifications != NULL)
2686 data->handle_notifications(b, data->notification_context,
2687 (void *)&snp);
2688 }
2689
2690 } while (n > 0 && (msg.msg_flags & MSG_NOTIFICATION));
2691
2692 /* Return 1 if there is a message to be read, return 0 otherwise. */
2693 if (n > 0)
2694 return 1;
2695 else
2696 return 0;
2697 }
2698
2699 static int dgram_sctp_puts(BIO *bp, const char *str)
2700 {
2701 int n, ret;
2702
2703 n = strlen(str);
2704 ret = dgram_sctp_write(bp, str, n);
2705 return ret;
2706 }
2707 # endif
2708
2709 static int BIO_dgram_should_retry(int i)
2710 {
2711 int err;
2712
2713 if ((i == 0) || (i == -1)) {
2714 err = get_last_socket_error();
2715
2716 # if defined(OPENSSL_SYS_WINDOWS)
2717 /*
2718 * If the socket return value (i) is -1 and err is unexpectedly 0 at
2719 * this point, the error code was overwritten by another system call
2720 * before this error handling is called.
2721 */
2722 # endif
2723
2724 return BIO_dgram_non_fatal_error(err);
2725 }
2726 return 0;
2727 }
2728
2729 int BIO_dgram_non_fatal_error(int err)
2730 {
2731 switch (err) {
2732 # if defined(OPENSSL_SYS_WINDOWS)
2733 # if defined(WSAEWOULDBLOCK)
2734 case WSAEWOULDBLOCK:
2735 # endif
2736 # endif
2737
2738 # ifdef EWOULDBLOCK
2739 # ifdef WSAEWOULDBLOCK
2740 # if WSAEWOULDBLOCK != EWOULDBLOCK
2741 case EWOULDBLOCK:
2742 # endif
2743 # else
2744 case EWOULDBLOCK:
2745 # endif
2746 # endif
2747
2748 # ifdef EINTR
2749 case EINTR:
2750 # endif
2751
2752 # ifdef EAGAIN
2753 # if EWOULDBLOCK != EAGAIN
2754 case EAGAIN:
2755 # endif
2756 # endif
2757
2758 # ifdef EPROTO
2759 case EPROTO:
2760 # endif
2761
2762 # ifdef EINPROGRESS
2763 case EINPROGRESS:
2764 # endif
2765
2766 # ifdef EALREADY
2767 case EALREADY:
2768 # endif
2769
2770 return 1;
2771 default:
2772 break;
2773 }
2774 return 0;
2775 }
2776
2777 #endif
A mirror of the official openssl repository