From 664e096cf94b1a2f72b3c562dd93db7e13b235f4 Mon Sep 17 00:00:00 2001 From: Hugo Landau Date: Mon, 9 May 2022 14:24:33 +0100 Subject: [PATCH] BIO_dgram support for BIO_sendmmsg/BIO_recvmmsg Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/18270) --- CHANGES.md | 6 + crypto/bio/bio_err.c | 3 + crypto/bio/bio_local.h | 6 + crypto/bio/bio_sock.c | 38 ++ crypto/bio/bss_dgram.c | 902 ++++++++++++++++++++++++++++++- crypto/err/openssl.txt | 2 + include/crypto/bioerr.h | 2 +- include/internal/sockets.h | 7 + include/openssl/bioerr.h | 4 +- test/bio_dgram_test.c | 463 ++++++++++++++++ test/build.info | 6 +- test/recipes/04-test_bio_dgram.t | 12 + 12 files changed, 1443 insertions(+), 8 deletions(-) create mode 100644 test/bio_dgram_test.c create mode 100644 test/recipes/04-test_bio_dgram.t diff --git a/CHANGES.md b/CHANGES.md index 68792f8793..27172e08a7 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -173,6 +173,12 @@ OpenSSL 3.1 *David von Oheimb* + * Add new BIO_sendmmsg() and BIO_recvmmsg() BIO methods which allow + sending and receiving multiple messages in a single call. An implementation + is provided for BIO_dgram. For further details, see BIO_sendmmsg(3). + + *Hugo Landau* + OpenSSL 3.0 ----------- diff --git a/crypto/bio/bio_err.c b/crypto/bio/bio_err.c index 87a744ec49..7f8ae17245 100644 --- a/crypto/bio/bio_err.c +++ b/crypto/bio/bio_err.c @@ -46,6 +46,7 @@ static const ERR_STRING_DATA BIO_str_reasons[] = { "no hostname or service specified"}, {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NO_PORT_DEFINED), "no port defined"}, {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NO_SUCH_FILE), "no such file"}, + {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_PORT_MISMATCH), "port mismatch"}, {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_TFO_DISABLED), "tfo disabled"}, {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_TFO_NO_KERNEL_SUPPORT), "tfo no kernel support"}, @@ -79,6 +80,8 @@ static const ERR_STRING_DATA BIO_str_reasons[] = { "local address not available"}, {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NON_FATAL), "non-fatal or transient error"}, + {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_PORT_MISMATCH), + "port mismatch"}, {0, NULL} }; diff --git a/crypto/bio/bio_local.h b/crypto/bio/bio_local.h index 87779c8e02..bcb383f0ea 100644 --- a/crypto/bio/bio_local.h +++ b/crypto/bio/bio_local.h @@ -142,6 +142,12 @@ struct sockaddr *BIO_ADDR_sockaddr_noconst(BIO_ADDR *ap); socklen_t BIO_ADDR_sockaddr_size(const BIO_ADDR *ap); socklen_t BIO_ADDRINFO_sockaddr_size(const BIO_ADDRINFO *bai); const struct sockaddr *BIO_ADDRINFO_sockaddr(const BIO_ADDRINFO *bai); + +# if defined(OPENSSL_SYS_WINDOWS) && defined(WSAID_WSARECVMSG) +# define BIO_HAVE_WSAMSG +extern LPFN_WSARECVMSG bio_WSARecvMsg; +extern LPFN_WSASENDMSG bio_WSASendMsg; +# endif #endif extern CRYPTO_RWLOCK *bio_type_lock; diff --git a/crypto/bio/bio_sock.c b/crypto/bio/bio_sock.c index fef6934998..48a9e7d5e6 100644 --- a/crypto/bio/bio_sock.c +++ b/crypto/bio/bio_sock.c @@ -130,6 +130,11 @@ struct hostent *BIO_gethostbyname(const char *name) } # endif +# ifdef BIO_HAVE_WSAMSG +LPFN_WSARECVMSG bio_WSARecvMsg; +LPFN_WSASENDMSG bio_WSASendMsg; +# endif + int BIO_sock_init(void) { # ifdef OPENSSL_SYS_WINDOWS @@ -150,6 +155,39 @@ int BIO_sock_init(void) ERR_raise(ERR_LIB_BIO, BIO_R_WSASTARTUP); return -1; } + + /* + * On Windows, some socket functions are not exposed as a prototype. + * Instead, their function pointers must be loaded via this elaborate + * process... + */ +# ifdef BIO_HAVE_WSAMSG + { + GUID id_WSARecvMsg = WSAID_WSARECVMSG; + GUID id_WSASendMsg = WSAID_WSASENDMSG; + DWORD len_out = 0; + SOCKET s; + + s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); + if (s != INVALID_SOCKET) { + if (WSAIoctl(s, SIO_GET_EXTENSION_FUNCTION_POINTER, + &id_WSARecvMsg, sizeof(id_WSARecvMsg), + &bio_WSARecvMsg, sizeof(bio_WSARecvMsg), + &len_out, NULL, NULL) != 0 + || len_out != sizeof(bio_WSARecvMsg)) + bio_WSARecvMsg = NULL; + + if (WSAIoctl(s, SIO_GET_EXTENSION_FUNCTION_POINTER, + &id_WSASendMsg, sizeof(id_WSASendMsg), + &bio_WSASendMsg, sizeof(bio_WSASendMsg), + &len_out, NULL, NULL) != 0 + || len_out != sizeof(bio_WSASendMsg)) + bio_WSASendMsg = NULL; + + closesocket(s); + } + } +# endif } # endif /* OPENSSL_SYS_WINDOWS */ # ifdef WATT32 diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c index 06042b1792..2675a03874 100644 --- a/crypto/bio/bss_dgram.c +++ b/crypto/bio/bss_dgram.c @@ -42,6 +42,82 @@ ((a)->s6_addr32[2] == htonl(0x0000ffff))) # endif +/* Determine what method to use for BIO_sendmmsg and BIO_recvmmsg. */ +# define M_METHOD_NONE 0 +# define M_METHOD_RECVMMSG 1 +# define M_METHOD_RECVMSG 2 +# define M_METHOD_RECVFROM 3 +# define M_METHOD_WSARECVMSG 4 + +# if !defined(M_METHOD) +# if defined(OPENSSL_SYS_WINDOWS) && defined(BIO_HAVE_WSAMSG) && !defined(NO_WSARECVMSG) +# define M_METHOD M_METHOD_WSARECVMSG +# elif !defined(OPENSSL_SYS_WINDOWS) && defined(MSG_WAITFORONE) && !defined(NO_RECVMMSG) +# define M_METHOD M_METHOD_RECVMMSG +# elif !defined(OPENSSL_SYS_WINDOWS) && defined(CMSG_LEN) && !defined(NO_RECVMSG) +# define M_METHOD M_METHOD_RECVMSG +# elif !defined(NO_RECVFROM) +# define M_METHOD M_METHOD_RECVFROM +# else +# define M_METHOD M_METHOD_NONE +# endif +# endif + +# if defined(OPENSSL_SYS_WINDOWS) +# define BIO_CMSG_SPACE(x) WSA_CMSG_SPACE(x) +# define BIO_CMSG_FIRSTHDR(x) WSA_CMSG_FIRSTHDR(x) +# define BIO_CMSG_NXTHDR(x, y) WSA_CMSG_NXTHDR(x, y) +# define BIO_CMSG_DATA(x) WSA_CMSG_DATA(x) +# define BIO_CMSG_LEN(x) WSA_CMSG_LEN(x) +# define MSGHDR_TYPE WSAMSG +# define CMSGHDR_TYPE WSACMSGHDR +# else +# define MSGHDR_TYPE struct msghdr +# define CMSGHDR_TYPE struct cmsghdr +# define BIO_CMSG_SPACE(x) CMSG_SPACE(x) +# define BIO_CMSG_FIRSTHDR(x) CMSG_FIRSTHDR(x) +# define BIO_CMSG_NXTHDR(x, y) CMSG_NXTHDR(x, y) +# define BIO_CMSG_DATA(x) CMSG_DATA(x) +# define BIO_CMSG_LEN(x) CMSG_LEN(x) +# endif + +# if M_METHOD == M_METHOD_RECVMMSG \ + || M_METHOD == M_METHOD_RECVMSG \ + || M_METHOD == M_METHOD_WSARECVMSG +# if defined(__APPLE__) + /* + * CMSG_SPACE is not a constant expresson on OSX even though POSIX + * says it's supposed to be. This should be adequate. + */ +# define BIO_CMSG_ALLOC_LEN 64 +# else +# if defined(IPV6_PKTINFO) +# define BIO_CMSG_ALLOC_LEN_1 BIO_CMSG_SPACE(sizeof(struct in6_pktinfo)) +# else +# define BIO_CMSG_ALLOC_LEN_1 0 +# endif +# if defined(IP_PKTINFO) +# define BIO_CMSG_ALLOC_LEN_2 BIO_CMSG_SPACE(sizeof(struct in_pktinfo)) +# else +# define BIO_CMSG_ALLOC_LEN_2 0 +# endif +# if defined(IP_RECVDSTADDR) +# define BIO_CMSG_ALLOC_LEN_3 BIO_CMSG_SPACE(sizeof(struct in_addr)) +# else +# define BIO_CMSG_ALLOC_LEN_3 0 +# endif +# define BIO_MAX(X,Y) ((X) > (Y) ? (X) : (Y)) +# define BIO_CMSG_ALLOC_LEN \ + BIO_MAX(BIO_CMSG_ALLOC_LEN_1, \ + BIO_MAX(BIO_CMSG_ALLOC_LEN_2, BIO_CMSG_ALLOC_LEN_3)) +# endif +# if (defined(IP_PKTINFO) || defined(IP_RECVDSTADDR)) && defined(IPV6_RECVPKTINFO) +# define SUPPORT_LOCAL_ADDR +# endif +# endif + +# define BIO_MSG_N(array, stride, n) (*(BIO_MSG *)((char *)(array) + (n)*(stride))) + static int dgram_write(BIO *h, const char *buf, int num); static int dgram_read(BIO *h, char *buf, int size); static int dgram_puts(BIO *h, const char *str); @@ -49,6 +125,12 @@ static long dgram_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int dgram_new(BIO *h); static int dgram_free(BIO *data); static int dgram_clear(BIO *bio); +static int dgram_sendmmsg(BIO *b, BIO_MSG *msg, + size_t stride, size_t num_msg, + uint64_t flags, size_t *num_processed); +static int dgram_recvmmsg(BIO *b, BIO_MSG *msg, + size_t stride, size_t num_msg, + uint64_t flags, size_t *num_processed); # ifndef OPENSSL_NO_SCTP static int dgram_sctp_write(BIO *h, const char *buf, int num); @@ -82,6 +164,8 @@ static const BIO_METHOD methods_dgramp = { dgram_new, dgram_free, NULL, /* dgram_callback_ctrl */ + dgram_sendmmsg, + dgram_recvmmsg, }; # ifndef OPENSSL_NO_SCTP @@ -98,17 +182,21 @@ static const BIO_METHOD methods_dgramp_sctp = { dgram_sctp_new, dgram_sctp_free, NULL, /* dgram_callback_ctrl */ + NULL, /* sendmmsg */ + NULL, /* recvmmsg */ }; # endif typedef struct bio_dgram_data_st { BIO_ADDR peer; + BIO_ADDR local_addr; unsigned int connected; unsigned int _errno; unsigned int mtu; struct timeval next_timeout; struct timeval socket_timeout; unsigned int peekmode; + char local_addr_enabled; } bio_dgram_data; # ifndef OPENSSL_NO_SCTP @@ -265,6 +353,27 @@ static void dgram_adjust_rcv_timeout(BIO *b) # endif } +static void dgram_update_local_addr(BIO *b) +{ + bio_dgram_data *data = (bio_dgram_data *)b->ptr; + socklen_t addr_len = sizeof(data->local_addr); + + if (getsockname(b->num, &data->local_addr.sa, &addr_len) < 0) + /* + * This should not be possible, but zero-initialize and return + * anyway. + */ + BIO_ADDR_clear(&data->local_addr); +} + +# if M_METHOD == M_METHOD_RECVMMSG || M_METHOD == M_METHOD_RECVMSG || M_METHOD == M_METHOD_WSARECVMSG +static int dgram_get_sock_family(BIO *b) +{ + bio_dgram_data *data = (bio_dgram_data *)b->ptr; + return data->local_addr.sa.sa_family; +} +# endif + static void dgram_reset_rcv_timeout(BIO *b) { # if defined(SO_RCVTIMEO) @@ -301,7 +410,7 @@ static int dgram_read(BIO *b, char *out, int outl) if (out != NULL) { clear_socket_error(); - memset(&peer, 0, sizeof(peer)); + BIO_ADDR_clear(&peer); dgram_adjust_rcv_timeout(b); if (data->peekmode) flags = MSG_PEEK; @@ -388,6 +497,47 @@ static long dgram_get_mtu_overhead(bio_dgram_data *data) return ret; } +/* Enables appropriate destination address reception option on the socket. */ +# if defined(SUPPORT_LOCAL_ADDR) +static int enable_local_addr(BIO *b, int enable) { + int af = dgram_get_sock_family(b); + + if (af == AF_INET) { +# if defined(IP_PKTINFO) + /* IP_PKTINFO is preferred */ + if (setsockopt(b->num, IPPROTO_IP, IP_PKTINFO, + (void *)&enable, sizeof(enable)) < 0) + return 0; + + return 1; + +# elif defined(IP_RECVDSTADDR) + /* Fall back to IP_RECVDSTADDR */ + + if (setsockopt(b->num, IPPROTO_IP, IP_RECVDSTADDR, + &enable, sizeof(enable)) < 0) + return 0; + + return 1; +# endif + } + +# if OPENSSL_USE_IPV6 + if (af == AF_INET6) { +# if defined(IPV6_RECVPKTINFO) + if (setsockopt(b->num, IPPROTO_IPV6, IPV6_RECVPKTINFO, + &enable, sizeof(enable)) < 0) + return 0; + + return 1; +# endif + } +# endif + + return 0; +} +# endif + static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) { long ret = 1; @@ -417,6 +567,13 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) b->num = *((int *)ptr); b->shutdown = (int)num; b->init = 1; + dgram_update_local_addr(b); +# if defined(SUPPORT_LOCAL_ADDR) + if (data->local_addr_enabled) { + if (enable_local_addr(b, 1) < 1) + data->local_addr_enabled = 0; + } +# endif break; case BIO_C_GET_FD: if (b->init) { @@ -448,7 +605,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) case BIO_CTRL_DGRAM_MTU_DISCOVER: # if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO) addr_len = (socklen_t) sizeof(addr); - memset(&addr, 0, sizeof(addr)); + BIO_ADDR_clear(&addr); if (getsockname(b->num, &addr.sa, &addr_len) < 0) { ret = 0; break; @@ -479,7 +636,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) case BIO_CTRL_DGRAM_QUERY_MTU: # if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU) addr_len = (socklen_t) sizeof(addr); - memset(&addr, 0, sizeof(addr)); + BIO_ADDR_clear(&addr); if (getsockname(b->num, &addr.sa, &addr_len) < 0) { ret = 0; break; @@ -562,7 +719,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr)); } else { data->connected = 0; - memset(&data->peer, 0, sizeof(data->peer)); + BIO_ADDR_clear(&data->peer); } break; case BIO_CTRL_DGRAM_GET_PEER: @@ -774,6 +931,35 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) case BIO_CTRL_DGRAM_SET_PEEK_MODE: data->peekmode = (unsigned int)num; break; + + case BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP: +# if defined(SUPPORT_LOCAL_ADDR) + ret = 1; +# else + ret = 0; +# endif + break; + + case BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE: +# if defined(SUPPORT_LOCAL_ADDR) + num = num > 0; + if (num != data->local_addr_enabled) { + if (enable_local_addr(b, num) < 1) { + ret = 0; + break; + } + + data->local_addr_enabled = (char)num; + } +# else + ret = 0; +# endif + break; + + case BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE: + *(int *)ptr = data->local_addr_enabled; + break; + default: ret = 0; break; @@ -790,6 +976,714 @@ static int dgram_puts(BIO *bp, const char *str) return ret; } +# if M_METHOD == M_METHOD_WSARECVMSG +static void translate_msg_win(BIO *b, WSAMSG *mh, WSABUF *iov, + unsigned char *control, BIO_MSG *msg) +{ + iov->len = msg->data_len; + iov->buf = msg->data; + + /* Windows requires namelen to be set exactly */ + mh->name = msg->peer != NULL ? &msg->peer->sa : NULL; + if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET) + mh->namelen = sizeof(struct sockaddr_in); +# if OPENSSL_USE_IPV6 + else if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET6) + mh->namelen = sizeof(struct sockaddr_in6); +# endif + else + mh->namelen = 0; + + /* + * When local address reception (IP_PKTINFO, etc.) is enabled, on Windows + * this causes WSARecvMsg to fail if the control buffer is too small to hold + * the structure, or if no control buffer is passed. So we need to give it + * the control buffer even if we aren't actually going to examine the + * result. + */ + mh->lpBuffers = iov; + mh->dwBufferCount = 1; + mh->Control.len = BIO_CMSG_ALLOC_LEN; + mh->Control.buf = control; + mh->dwFlags = 0; +} +# endif + +# if M_METHOD == M_METHOD_RECVMMSG || M_METHOD == M_METHOD_RECVMSG +/* Translates a BIO_MSG to a msghdr and iovec. */ +static void translate_msg(BIO *b, struct msghdr *mh, struct iovec *iov, + unsigned char *control, BIO_MSG *msg) +{ + iov->iov_base = msg->data; + iov->iov_len = msg->data_len; + + /* macOS requires msg_namelen be 0 if msg_name is NULL */ + mh->msg_name = msg->peer != NULL ? &msg->peer->sa : NULL; + if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET) + mh->msg_namelen = sizeof(struct sockaddr_in); +# if OPENSSL_USE_IPV6 + else if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET6) + mh->msg_namelen = sizeof(struct sockaddr_in6); +# endif + else + mh->msg_namelen = 0; + + mh->msg_iov = iov; + mh->msg_iovlen = 1; + mh->msg_control = msg->local != NULL ? control : NULL; + mh->msg_controllen = msg->local != NULL ? BIO_CMSG_ALLOC_LEN : 0; + mh->msg_flags = 0; +} +# endif + +# if M_METHOD == M_METHOD_RECVMMSG || M_METHOD == M_METHOD_RECVMSG || M_METHOD == M_METHOD_WSARECVMSG +/* Extracts destination address from the control buffer. */ +static int extract_local(BIO *b, MSGHDR_TYPE *mh, BIO_ADDR *local) { +# if defined(IP_PKTINFO) || defined(IP_RECVDSTADDR) || defined(IPV6_PKTINFO) + CMSGHDR_TYPE *cmsg; + int af = dgram_get_sock_family(b); + + for (cmsg = BIO_CMSG_FIRSTHDR(mh); cmsg != NULL; + cmsg = BIO_CMSG_NXTHDR(mh, cmsg)) { + if (af == AF_INET) { + if (cmsg->cmsg_level != IPPROTO_IP) + continue; + +# if defined(IP_PKTINFO) + if (cmsg->cmsg_type != IP_PKTINFO) + continue; + + local->s_in.sin_addr = + ((struct in_pktinfo *)BIO_CMSG_DATA(cmsg))->ipi_addr; + +# elif defined(IP_RECVDSTADDR) + if (cmsg->cmsg_type != IP_RECVDSTADDR) + continue; + + local->s_in.sin_addr = *(struct in_addr *)BIO_CMSG_DATA(cmsg); +# endif + +# if defined(IP_PKTINFO) || defined(IP_RECVDSTADDR) + { + bio_dgram_data *data = b->ptr; + + local->s_in.sin_family = AF_INET; + local->s_in.sin_port = data->local_addr.s_in.sin_port; + } + return 1; +# endif + } +# if OPENSSL_USE_IPV6 + else if (af == AF_INET6) { + if (cmsg->cmsg_level != IPPROTO_IPV6) + continue; + +# if defined(IPV6_RECVPKTINFO) + if (cmsg->cmsg_type != IPV6_PKTINFO) + continue; + + { + bio_dgram_data *data = b->ptr; + + local->s_in6.sin6_addr = + ((struct in6_pktinfo *)BIO_CMSG_DATA(cmsg))->ipi6_addr; + local->s_in6.sin6_family = AF_INET6; + local->s_in6.sin6_port = data->local_addr.s_in6.sin6_port; + local->s_in6.sin6_scope_id = + data->local_addr.s_in6.sin6_scope_id; + local->s_in6.sin6_flowinfo = 0; + } + return 1; +# endif + } +# endif + } +# endif + + return 0; +} + +static int pack_local(BIO *b, MSGHDR_TYPE *mh, const BIO_ADDR *local) { + int af = dgram_get_sock_family(b); + + if (af == AF_INET) { +# if defined(IP_PKTINFO) + CMSGHDR_TYPE *cmsg; + struct in_pktinfo *info; + bio_dgram_data *data = b->ptr; + +# if defined(OPENSSL_SYS_WINDOWS) + cmsg = (CMSGHDR_TYPE *)mh->Control.buf; +# else + cmsg = (CMSGHDR_TYPE *)mh->msg_control; +# endif + + cmsg->cmsg_len = BIO_CMSG_LEN(sizeof(struct in_pktinfo)); + cmsg->cmsg_level = IPPROTO_IP; + cmsg->cmsg_type = IP_PKTINFO; + + info = (struct in_pktinfo *)BIO_CMSG_DATA(cmsg); + info->ipi_spec_dst = local->s_in.sin_addr; + info->ipi_addr.s_addr = 0; + info->ipi_ifindex = 0; + + /* + * We cannot override source port using this API, therefore + * ensure the application specified a source port of 0 + * or the one we are bound to. (Better to error than silently + * ignore this.) + */ + if (local->s_in.sin_port != 0 + && data->local_addr.s_in.sin_port != local->s_in.sin_port) { + ERR_raise(ERR_LIB_BIO, BIO_R_PORT_MISMATCH); + return 0; + } + +# if defined(OPENSSL_SYS_WINDOWS) + mh->Control.len = BIO_CMSG_SPACE(sizeof(struct in_pktinfo)); +# else + mh->msg_controllen = BIO_CMSG_SPACE(sizeof(struct in_pktinfo)); +# endif + return 1; + +# elif defined(IP_SENDSRCADDR) + { + struct cmsghdr *cmsg; + struct in_addr *info; + + cmsg = (struct cmsghdr *)mh->msg_control; + cmsg->cmsg_len = BIO_CMSG_LEN(sizeof(struct in_addr)); + cmsg->cmsg_level = IPPROTO_IP; + cmsg->cmsg_type = IP_SENDSRCADDR; + + info = (struct in_addr *)BIO_CMSG_DATA(cmsg); + *info = local->s_in.sin_addr; + } + + /* See comment above. */ + if (local->s_in.sin_port != 0 + && data->local_addr.s_in.sin_port != local->s_in.sin_port) { + ERR_raise(ERR_LIB_BIO, BIO_R_PORT_MISMATCH); + return 0; + } + + mh->msg_controllen = BIO_CMSG_SPACE(sizeof(struct in_addr)); + return 1; +# endif + } +# if OPENSSL_USE_IPV6 + else if (af == AF_INET6) { +# if defined(IPV6_PKTINFO) + CMSGHDR_TYPE *cmsg; + struct in6_pktinfo *info; + bio_dgram_data *data = b->ptr; + +# if defined(OPENSSL_SYS_WINDOWS) + cmsg = (CMSGHDR_TYPE *)mh->Control.buf; +# else + cmsg = (CMSGHDR_TYPE *)mh->msg_control; +# endif + cmsg->cmsg_len = BIO_CMSG_LEN(sizeof(struct in6_pktinfo)); + cmsg->cmsg_level = IPPROTO_IPV6; + cmsg->cmsg_type = IPV6_PKTINFO; + + info = (struct in6_pktinfo *)BIO_CMSG_DATA(cmsg); + info->ipi6_addr = local->s_in6.sin6_addr; + info->ipi6_ifindex = 0; + + /* + * See comment above, but also applies to the other fields + * in sockaddr_in6. + */ + if (local->s_in6.sin6_port != 0 + && data->local_addr.s_in6.sin6_port != local->s_in6.sin6_port) { + ERR_raise(ERR_LIB_BIO, BIO_R_PORT_MISMATCH); + return 0; + } + + if (local->s_in6.sin6_scope_id != 0 + && data->local_addr.s_in6.sin6_scope_id != local->s_in6.sin6_scope_id) { + ERR_raise(ERR_LIB_BIO, BIO_R_PORT_MISMATCH); + return 0; + } + +# if defined(OPENSSL_SYS_WINDOWS) + mh->Control.len = BIO_CMSG_SPACE(sizeof(struct in6_pktinfo)); +# else + mh->msg_controllen = BIO_CMSG_SPACE(sizeof(struct in6_pktinfo)); +# endif + return 1; +# endif + } +# endif + + return 0; +} +# endif + +/* + * Converts flags passed to BIO_sendmmsg or BIO_recvmmsg to syscall flags. You + * should mask out any system flags returned by this function you cannot support + * in a particular circumstance. Currently no flags are defined. + */ +# if M_METHOD != M_METHOD_NONE +static int translate_flags(uint64_t flags) { + return 0; +} +# endif + +static int dgram_sendmmsg(BIO *b, BIO_MSG *msg, size_t stride, + size_t num_msg, uint64_t flags, size_t *num_processed) +{ +# if M_METHOD != M_METHOD_NONE && M_METHOD != M_METHOD_RECVMSG + int ret; +# endif +# if M_METHOD == M_METHOD_RECVMMSG +# define BIO_MAX_MSGS_PER_CALL 64 + int sysflags; + bio_dgram_data *data = (bio_dgram_data *)b->ptr; + size_t i; + struct mmsghdr mh[BIO_MAX_MSGS_PER_CALL]; + struct iovec iov[BIO_MAX_MSGS_PER_CALL]; + unsigned char control[BIO_MAX_MSGS_PER_CALL][BIO_CMSG_ALLOC_LEN]; + int have_local_enabled = data->local_addr_enabled; +# elif M_METHOD == M_METHOD_RECVMSG + int sysflags; + bio_dgram_data *data = (bio_dgram_data *)b->ptr; + ossl_ssize_t l; + struct msghdr mh; + struct iovec iov; + unsigned char control[BIO_CMSG_ALLOC_LEN]; + int have_local_enabled = data->local_addr_enabled; +# elif M_METHOD == M_METHOD_WSARECVMSG + bio_dgram_data *data = (bio_dgram_data *)b->ptr; + int have_local_enabled = data->local_addr_enabled; + WSAMSG wmsg; + WSABUF wbuf; + DWORD num_bytes_sent = 0; + unsigned char control[BIO_CMSG_ALLOC_LEN]; +# endif +# if M_METHOD == M_METHOD_RECVFROM || M_METHOD == M_METHOD_WSARECVMSG + int sysflags; +# endif + + if (num_msg == 0) { + *num_processed = 0; + return 1; + } + + if (num_msg > OSSL_SSIZE_MAX) + num_msg = OSSL_SSIZE_MAX; + +# if M_METHOD != M_METHOD_NONE + sysflags = translate_flags(flags); +# endif + +# if M_METHOD == M_METHOD_RECVMMSG + /* + * In the sendmmsg/recvmmsg case, we need to allocate our translated struct + * msghdr and struct iovec on the stack to support multithreaded use. Thus + * we place a fixed limit on the number of messages per call, in the + * expectation that we will be called again if there were more messages to + * be sent. + */ + if (num_msg > BIO_MAX_MSGS_PER_CALL) + num_msg = BIO_MAX_MSGS_PER_CALL; + + for (i = 0; i < num_msg; ++i) { + translate_msg(b, &mh[i].msg_hdr, &iov[i], + control[i], &BIO_MSG_N(msg, stride, i)); + + /* If local address was requested, it must have been enabled */ + if (BIO_MSG_N(msg, stride, i).local != NULL) { + if (!have_local_enabled) { + ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE); + *num_processed = 0; + return 0; + } + + if (pack_local(b, &mh[i].msg_hdr, + BIO_MSG_N(msg, stride, i).local) < 1) { + ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE); + *num_processed = 0; + return 0; + } + } + } + + /* Do the batch */ + ret = sendmmsg(b->num, mh, num_msg, sysflags); + if (ret < 0) { + ERR_raise(ERR_LIB_SYS, get_last_socket_error()); + *num_processed = 0; + return 0; + } + + for (i = 0; i < (size_t)ret; ++i) { + BIO_MSG_N(msg, stride, i).data_len = mh[i].msg_len; + BIO_MSG_N(msg, stride, i).flags = 0; + } + + *num_processed = (size_t)ret; + return 1; + +# elif M_METHOD == M_METHOD_RECVMSG + /* + * If sendmsg is available, use it. + */ + translate_msg(b, &mh, &iov, control, msg); + + if (msg->local != NULL) { + if (!have_local_enabled) { + ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE); + *num_processed = 0; + return 0; + } + + if (pack_local(b, &mh, msg->local) < 1) { + ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE); + *num_processed = 0; + return 0; + } + } + + l = sendmsg(b->num, &mh, sysflags); + if (l < 0) { + ERR_raise(ERR_LIB_SYS, get_last_socket_error()); + *num_processed = 0; + return 0; + } + + msg->data_len = (size_t)l; + msg->flags = 0; + *num_processed = 1; + return 1; + +# elif M_METHOD == M_METHOD_WSARECVMSG || M_METHOD == M_METHOD_RECVFROM +# if M_METHOD == M_METHOD_WSARECVMSG + if (bio_WSASendMsg != NULL) { + /* WSASendMsg-based implementation for Windows. */ + translate_msg_win(b, &wmsg, &wbuf, control, msg); + + if (msg[0].local != NULL) { + if (!have_local_enabled) { + ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE); + *num_processed = 0; + return 0; + } + + if (pack_local(b, &wmsg, msg[0].local) < 1) { + ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE); + *num_processed = 0; + return 0; + } + } + + ret = WSASendMsg((SOCKET)b->num, &wmsg, 0, &num_bytes_sent, NULL, NULL); + if (ret < 0) { + ERR_raise(ERR_LIB_SYS, get_last_socket_error()); + *num_processed = 0; + return 0; + } + + msg[0].data_len = num_bytes_sent; + msg[0].flags = 0; + *num_processed = 1; + return 1; + } +# endif + + /* + * Fallback to sendto and send a single message. + */ + if (msg[0].local != NULL) { + /* + * We cannot set the local address if using sendto + * so fail in this case + */ + ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE); + *num_processed = 0; + return 0; + } + + ret = sendto(b->num, msg[0].data, +# if defined(OPENSSL_SYS_WINDOWS) + (int)msg[0].data_len, +# else + msg[0].data_len, +# endif + sysflags, + msg[0].peer != NULL ? &msg[0].peer->sa : NULL, + msg[0].peer != NULL ? sizeof(*msg[0].peer) : 0); + if (ret <= 0) { + ERR_raise(ERR_LIB_SYS, get_last_socket_error()); + *num_processed = 0; + return 0; + } + + msg[0].data_len = ret; + msg[0].flags = 0; + *num_processed = 1; + return 1; + +# else + ERR_raise(ERR_LIB_BIO, BIO_R_UNSUPPORTED_METHOD); + *num_processed = 0; + return 0; +# endif +} + +static int dgram_recvmmsg(BIO *b, BIO_MSG *msg, + size_t stride, size_t num_msg, + uint64_t flags, size_t *num_processed) +{ +# if M_METHOD != M_METHOD_NONE && M_METHOD != M_METHOD_RECVMSG + int ret; +# endif +# if M_METHOD == M_METHOD_RECVMMSG + int sysflags; + bio_dgram_data *data = (bio_dgram_data *)b->ptr; + size_t i; + struct mmsghdr mh[BIO_MAX_MSGS_PER_CALL]; + struct iovec iov[BIO_MAX_MSGS_PER_CALL]; + unsigned char control[BIO_MAX_MSGS_PER_CALL][BIO_CMSG_ALLOC_LEN]; + int have_local_enabled = data->local_addr_enabled; +# elif M_METHOD == M_METHOD_RECVMSG + int sysflags; + bio_dgram_data *data = (bio_dgram_data *)b->ptr; + ossl_ssize_t l; + struct msghdr mh; + struct iovec iov; + unsigned char control[BIO_CMSG_ALLOC_LEN]; + int have_local_enabled = data->local_addr_enabled; +# elif M_METHOD == M_METHOD_WSARECVMSG + bio_dgram_data *data = (bio_dgram_data *)b->ptr; + int have_local_enabled = data->local_addr_enabled; + WSAMSG wmsg; + WSABUF wbuf; + DWORD num_bytes_received = 0; + unsigned char control[BIO_CMSG_ALLOC_LEN]; +# endif +# if M_METHOD == M_METHOD_RECVFROM || M_METHOD == M_METHOD_WSARECVMSG + int sysflags; + socklen_t slen; +# endif + + if (num_msg == 0) { + *num_processed = 0; + return 1; + } + + if (num_msg > OSSL_SSIZE_MAX) + num_msg = OSSL_SSIZE_MAX; + +# if M_METHOD != M_METHOD_NONE + sysflags = translate_flags(flags); +# endif + +# if M_METHOD == M_METHOD_RECVMMSG + /* + * In the sendmmsg/recvmmsg case, we need to allocate our translated struct + * msghdr and struct iovec on the stack to support multithreaded use. Thus + * we place a fixed limit on the number of messages per call, in the + * expectation that we will be called again if there were more messages to + * be sent. + */ + if (num_msg > BIO_MAX_MSGS_PER_CALL) + num_msg = BIO_MAX_MSGS_PER_CALL; + + for (i = 0; i < num_msg; ++i) { + translate_msg(b, &mh[i].msg_hdr, &iov[i], + control[i], &BIO_MSG_N(msg, stride, i)); + + /* If local address was requested, it must have been enabled */ + if (BIO_MSG_N(msg, stride, i).local != NULL && !have_local_enabled) { + ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE); + *num_processed = 0; + return 0; + } + } + + /* Do the batch */ + ret = recvmmsg(b->num, mh, num_msg, sysflags, NULL); + if (ret < 0) { + ERR_raise(ERR_LIB_SYS, get_last_socket_error()); + *num_processed = 0; + return 0; + } + + for (i = 0; i < (size_t)ret; ++i) { + BIO_MSG_N(msg, stride, i).data_len = mh[i].msg_len; + BIO_MSG_N(msg, stride, i).flags = 0; + /* + * *(msg->peer) will have been filled in by recvmmsg; + * for msg->local we parse the control data returned + */ + if (BIO_MSG_N(msg, stride, i).local != NULL) + if (extract_local(b, &mh[i].msg_hdr, + BIO_MSG_N(msg, stride, i).local) < 1) { + if (i > 0) { + *num_processed = i; + return 1; + } else { + *num_processed = 0; + ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE); + return 0; + } + } + } + + *num_processed = (size_t)ret; + return 1; + +# elif M_METHOD == M_METHOD_RECVMSG + /* + * If recvmsg is available, use it. + */ + translate_msg(b, &mh, &iov, control, msg); + + /* If local address was requested, it must have been enabled */ + if (msg->local != NULL && !have_local_enabled) { + /* + * If we have done at least one message, we must return the + * count; if we haven't done any, we can give an error code + */ + ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE); + *num_processed = 0; + return 0; + } + + l = recvmsg(b->num, &mh, sysflags); + if (l < 0) { + ERR_raise(ERR_LIB_SYS, get_last_socket_error()); + *num_processed = 0; + return 0; + } + + msg->data_len = (size_t)l; + msg->flags = 0; + + if (msg->local != NULL) + if (extract_local(b, &mh, msg->local) < 1) { + /* + * OS X exhibits odd behaviour where it appears that if a packet is + * sent before the receiving interface enables IP_PKTINFO, it will + * sometimes not have any control data returned even if the + * receiving interface enables IP_PKTINFO before calling recvmsg(). + * This appears to occur non-deterministically. Presumably, OS X + * handles IP_PKTINFO at the time the packet is enqueued into a + * socket's receive queue, rather than at the time recvmsg() is + * called, unlike most other operating systems. Thus (if this + * hypothesis is correct) there is a race between where IP_PKTINFO + * is enabled by the process and when the kernel's network stack + * queues the incoming message. + * + * We cannot return the local address if we do not have it, but this + * is not a caller error either, so just return a zero address + * structure. + * + * We enable this workaround for Apple only as it should not + * be necessary otherwise. + */ +# if defined(__APPLE__) + BIO_ADDR_clear(msg->local); +# else + ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE); + *num_processed = 0; + return 0; +# endif + } + + *num_processed = 1; + return 1; + +# elif M_METHOD == M_METHOD_RECVFROM || M_METHOD == M_METHOD_WSARECVMSG +# if M_METHOD == M_METHOD_WSARECVMSG + if (bio_WSARecvMsg != NULL) { + /* WSARecvMsg-based implementation for Windows. */ + translate_msg_win(b, &wmsg, &wbuf, control, msg); + + /* If local address was requested, it must have been enabled */ + if (msg[0].local != NULL && !have_local_enabled) { + ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE); + *num_processed = 0; + return 0; + } + + ret = WSARecvMsg((SOCKET)b->num, &wmsg, &num_bytes_received, NULL, NULL); + if (ret < 0) { + ERR_raise(ERR_LIB_SYS, get_last_socket_error()); + *num_processed = 0; + return 0; + } + + msg[0].data_len = num_bytes_received; + msg[0].flags = 0; + if (msg[0].local != NULL) + if (extract_local(b, &wmsg, msg[0].local) < 1) + /* + * On Windows, loopback is not a "proper" interface and it works + * differently; packets are essentially short-circuited and + * don't go through all of the normal processing. A consequence + * of this is that packets sent from the local machine to the + * local machine _will not have IP_PKTINFO_ even if the + * IP_PKTINFO socket option is enabled. WSARecvMsg just sets + * Control.len to 0 on returning. + * + * This applies regardless of whether the loopback address, + * 127.0.0.1 is used, or a local interface address (e.g. + * 192.168.1.1); in both cases IP_PKTINFO will not be present. + * + * We report this condition by setting the local BIO_ADDR's + * family to 0. + */ + BIO_ADDR_clear(msg[0].local); + + *num_processed = 1; + return 1; + } +# endif + + /* + * Fallback to recvfrom and receive a single message. + */ + if (msg[0].local != NULL) { + /* + * We cannot determine the local address if using recvfrom + * so fail in this case + */ + ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE); + *num_processed = 0; + return 0; + } + + slen = sizeof(*msg[0].peer); + ret = recvfrom(b->num, msg[0].data, +# if defined(OPENSSL_SYS_WINDOWS) + (int)msg[0].data_len, +# else + msg[0].data_len, +# endif + sysflags, + msg[0].peer != NULL ? &msg[0].peer->sa : NULL, + msg[0].peer != NULL ? &slen : NULL); + if (ret <= 0) { + ERR_raise(ERR_LIB_SYS, get_last_socket_error()); + return 0; + } + + msg[0].data_len = ret; + msg[0].flags = 0; + *num_processed = 1; + return 1; + +# else + ERR_raise(ERR_LIB_BIO, BIO_R_UNSUPPORTED_METHOD); + *num_processed = 0; + return 0; +# endif +} + # ifndef OPENSSL_NO_SCTP const BIO_METHOD *BIO_s_datagram_sctp(void) { diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index e6db85e96c..693b7bc960 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -142,6 +142,7 @@ BIO_R_INVALID_SOCKET:135:invalid socket BIO_R_IN_USE:123:in use BIO_R_LENGTH_TOO_LONG:102:length too long BIO_R_LISTEN_V6_ONLY:136:listen v6 only +BIO_R_LOCAL_ADDR_NOT_AVAILABLE:111:local addr not available BIO_R_LOOKUP_RETURNED_NOTHING:142:lookup returned nothing BIO_R_MALFORMED_HOST_OR_SERVICE:130:malformed host or service BIO_R_NBIO_CONNECT_ERROR:110:nbio connect error @@ -150,6 +151,7 @@ BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED:143:\ BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED:144:no hostname or service specified BIO_R_NO_PORT_DEFINED:113:no port defined BIO_R_NO_SUCH_FILE:128:no such file +BIO_R_PORT_MISMATCH:150:port mismatch BIO_R_TFO_DISABLED:106:tfo disabled BIO_R_TFO_NO_KERNEL_SUPPORT:108:tfo no kernel support BIO_R_TRANSFER_ERROR:104:transfer error diff --git a/include/crypto/bioerr.h b/include/crypto/bioerr.h index a0c06099f7..e38b981ab5 100644 --- a/include/crypto/bioerr.h +++ b/include/crypto/bioerr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/internal/sockets.h b/include/internal/sockets.h index bc1de716df..d1bd283009 100644 --- a/include/internal/sockets.h +++ b/include/internal/sockets.h @@ -60,6 +60,13 @@ struct servent *PASCAL getservbyname(const char *, const char *); # endif # else +# if defined(__APPLE__) + /* + * This must be defined before including to get + * IPV6_RECVPKTINFO + */ +# define __APPLE_USE_RFC_3542 +# endif # ifndef NO_SYS_PARAM_H # include diff --git a/include/openssl/bioerr.h b/include/openssl/bioerr.h index c707d545fa..72b0b1ffa5 100644 --- a/include/openssl/bioerr.h +++ b/include/openssl/bioerr.h @@ -37,6 +37,7 @@ # define BIO_R_IN_USE 123 # define BIO_R_LENGTH_TOO_LONG 102 # define BIO_R_LISTEN_V6_ONLY 136 +# define BIO_R_LOCAL_ADDR_NOT_AVAILABLE 111 # define BIO_R_LOOKUP_RETURNED_NOTHING 142 # define BIO_R_MALFORMED_HOST_OR_SERVICE 130 # define BIO_R_NBIO_CONNECT_ERROR 110 @@ -44,7 +45,6 @@ # define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED 144 # define BIO_R_NO_PORT_DEFINED 113 # define BIO_R_NO_SUCH_FILE 128 -# define BIO_R_NULL_PARAMETER 115 /* unused */ # define BIO_R_TFO_DISABLED 106 # define BIO_R_TFO_NO_KERNEL_SUPPORT 108 # define BIO_R_TRANSFER_ERROR 104 @@ -64,7 +64,7 @@ # define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY 131 # define BIO_R_WRITE_TO_READ_ONLY_BIO 126 # define BIO_R_WSASTARTUP 122 -# define BIO_R_LOCAL_ADDR_NOT_AVAILABLE 148 # define BIO_R_NON_FATAL 149 +# define BIO_R_PORT_MISMATCH 150 #endif diff --git a/test/bio_dgram_test.c b/test/bio_dgram_test.c new file mode 100644 index 0000000000..4fcc49eb67 --- /dev/null +++ b/test/bio_dgram_test.c @@ -0,0 +1,463 @@ +/* + * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include "testutil.h" +#include "internal/sockets.h" + +#if !defined(OPENSSL_NO_DGRAM) && !defined(OPENSSL_NO_SOCK) + +static int compare_addr(const BIO_ADDR *a, const BIO_ADDR *b) +{ + struct in_addr xa, xb; +#if defined(OPENSSL_USE_IPV6) + struct in6_addr xa6, xb6; +#endif + void *pa, *pb; + size_t slen, tmplen; + + if (BIO_ADDR_family(a) != BIO_ADDR_family(b)) + return 0; + + if (BIO_ADDR_family(a) == AF_INET) { + pa = &xa; + pb = &xb; + slen = sizeof(xa); + } +#if defined(OPENSSL_USE_IPV6) + else if (BIO_ADDR_family(a) == AF_INET6) { + pa = &xa6; + pb = &xb6; + slen = sizeof(xa6); + } +#endif + else { + return 0; + } + + tmplen = slen; + if (!TEST_int_eq(BIO_ADDR_rawaddress(a, pa, &tmplen), 1)) + return 0; + + tmplen = slen; + if (!TEST_int_eq(BIO_ADDR_rawaddress(b, pb, &tmplen), 1)) + return 0; + + if (!TEST_mem_eq(pa, slen, pb, slen)) + return 0; + + if (!TEST_int_eq(BIO_ADDR_rawport(a), BIO_ADDR_rawport(b))) + return 0; + + return 1; +} + +static int do_sendmmsg(BIO *b, BIO_MSG *msg, + size_t num_msg, uint64_t flags, + size_t *num_processed) +{ + size_t done; + + for (done = 0; done < num_msg; ) { + if (!BIO_sendmmsg(b, msg + done, sizeof(BIO_MSG), + num_msg - done, flags, num_processed)) + return 0; + + done += *num_processed; + } + + *num_processed = done; + return 1; +} + +static int do_recvmmsg(BIO *b, BIO_MSG *msg, + size_t num_msg, uint64_t flags, + size_t *num_processed) +{ + size_t done; + + for (done = 0; done < num_msg; ) { + if (!BIO_recvmmsg(b, msg + done, sizeof(BIO_MSG), + num_msg - done, flags, num_processed)) + return 0; + + done += *num_processed; + } + + *num_processed = done; + return 1; +} + +static int test_bio_dgram_impl(int af, int use_local) +{ + int testresult = 0; + BIO *b1 = NULL, *b2 = NULL; + int fd1 = -1, fd2 = -1; + BIO_ADDR *addr1 = NULL, *addr2 = NULL, *addr3 = NULL, *addr4 = NULL, + *addr5 = NULL, *addr6 = NULL; + struct in_addr ina = {0}; +#if defined(OPENSSL_USE_IPV6) + struct in6_addr ina6 = {0}; +#endif + void *pina; + size_t inal, i; + union BIO_sock_info_u info1 = {0}, info2 = {0}; + char rx_buf[128], rx_buf2[128]; + BIO_MSG tx_msg[128], rx_msg[128]; + char tx_buf[128]; + size_t num_processed = 0; + + ina.s_addr = htonl(0x7f000001UL); + ina6.s6_addr[15] = 1; + + if (af == AF_INET) { + TEST_info("# Testing with AF_INET, local=%d\n", use_local); + pina = &ina; + inal = sizeof(ina); + } +#if defined(OPENSSL_USE_IPV6) + else if (af == AF_INET6) { + TEST_info("# Testing with AF_INET6, local=%d\n", use_local); + pina = &ina6; + inal = sizeof(ina6); + } +#endif + else { + goto err; + } + + addr1 = BIO_ADDR_new(); + if (!TEST_ptr(addr1)) + goto err; + + addr2 = BIO_ADDR_new(); + if (!TEST_ptr(addr2)) + goto err; + + addr3 = BIO_ADDR_new(); + if (!TEST_ptr(addr3)) + goto err; + + addr4 = BIO_ADDR_new(); + if (!TEST_ptr(addr4)) + goto err; + + addr5 = BIO_ADDR_new(); + if (!TEST_ptr(addr5)) + goto err; + + addr6 = BIO_ADDR_new(); + if (!TEST_ptr(addr6)) + goto err; + + if (!TEST_int_eq(BIO_ADDR_rawmake(addr1, af, pina, inal, 0), 1)) + goto err; + + if (!TEST_int_eq(BIO_ADDR_rawmake(addr2, af, pina, inal, 0), 1)) + goto err; + + fd1 = BIO_socket(af, SOCK_DGRAM, IPPROTO_UDP, 0); + if (!TEST_int_ge(fd1, 0)) + goto err; + + fd2 = BIO_socket(af, SOCK_DGRAM, IPPROTO_UDP, 0); + if (!TEST_int_ge(fd2, 0)) + goto err; + + if (!TEST_int_gt(BIO_bind(fd1, addr1, 0), 0)) + goto err; + + if (!TEST_int_gt(BIO_bind(fd2, addr2, 0), 0)) + goto err; + + info1.addr = addr1; + if (!TEST_int_gt(BIO_sock_info(fd1, BIO_SOCK_INFO_ADDRESS, &info1), 0)) + goto err; + + info2.addr = addr2; + if (!TEST_int_gt(BIO_sock_info(fd2, BIO_SOCK_INFO_ADDRESS, &info2), 0)) + goto err; + + if (!TEST_int_gt(BIO_ADDR_rawport(addr1), 0)) + goto err; + + if (!TEST_int_gt(BIO_ADDR_rawport(addr2), 0)) + goto err; + + b1 = BIO_new_dgram(fd1, 0); + if (!TEST_ptr(b1)) + goto err; + + b2 = BIO_new_dgram(fd2, 0); + if (!TEST_ptr(b2)) + goto err; + + if (!TEST_int_gt(BIO_dgram_set_peer(b1, addr2), 0)) + goto err; + + if (!TEST_int_gt(BIO_write(b1, "hello", 5), 0)) + goto err; + + /* Receiving automatically sets peer as source addr */ + if (!TEST_int_eq(BIO_read(b2, rx_buf, sizeof(rx_buf)), 5)) + goto err; + + if (!TEST_mem_eq(rx_buf, 5, "hello", 5)) + goto err; + + if (!TEST_int_gt(BIO_dgram_get_peer(b2, addr3), 0)) + goto err; + + if (!TEST_int_eq(compare_addr(addr3, addr1), 1)) + goto err; + + /* Clear peer */ + if (!TEST_int_gt(BIO_ADDR_rawmake(addr3, af, pina, inal, 0), 0)) + goto err; + + if (!TEST_int_gt(BIO_dgram_set_peer(b1, addr3), 0)) + goto err; + + if (!TEST_int_gt(BIO_dgram_set_peer(b2, addr3), 0)) + goto err; + + /* Now test using sendmmsg/recvmmsg with no peer set */ + tx_msg[0].data = "apple"; + tx_msg[0].data_len = 5; + tx_msg[0].peer = NULL; + tx_msg[0].local = NULL; + tx_msg[0].flags = 0; + + tx_msg[1].data = "orange"; + tx_msg[1].data_len = 6; + tx_msg[1].peer = NULL; + tx_msg[1].local = NULL; + tx_msg[1].flags = 0; + + /* First effort should fail due to missing destination address */ + if (!TEST_false(do_sendmmsg(b1, tx_msg, 2, 0, &num_processed)) + || !TEST_size_t_eq(num_processed, 0)) + goto err; + + /* + * Second effort should fail due to local being requested + * when not enabled + */ + tx_msg[0].peer = addr2; + tx_msg[0].local = addr1; + tx_msg[1].peer = addr2; + tx_msg[1].local = addr1; + if (!TEST_false(do_sendmmsg(b1, tx_msg, 2, 0, &num_processed) + || !TEST_size_t_eq(num_processed, 0))) + goto err; + + /* Enable local if we are using it */ + if (BIO_dgram_get_local_addr_cap(b1) > 0 && use_local) { + if (!TEST_int_eq(BIO_dgram_set_local_addr_enable(b1, 1), 1)) + goto err; + } else { + tx_msg[0].local = NULL; + tx_msg[1].local = NULL; + use_local = 0; + } + + /* Third effort should succeed */ + if (!TEST_true(do_sendmmsg(b1, tx_msg, 2, 0, &num_processed)) + || !TEST_size_t_eq(num_processed, 2)) + goto err; + + /* Now try receiving */ + rx_msg[0].data = rx_buf; + rx_msg[0].data_len = sizeof(rx_buf); + rx_msg[0].peer = addr3; + rx_msg[0].local = addr4; + rx_msg[0].flags = (1UL<<31); /* undefined flag, should be erased */ + memset(rx_buf, 0, sizeof(rx_buf)); + + rx_msg[1].data = rx_buf2; + rx_msg[1].data_len = sizeof(rx_buf2); + rx_msg[1].peer = addr5; + rx_msg[1].local = addr6; + rx_msg[1].flags = (1UL<<31); /* undefined flag, should be erased */ + memset(rx_buf2, 0, sizeof(rx_buf2)); + + /* + * Should fail at first due to local being requested when not + * enabled + */ + if (!TEST_false(do_recvmmsg(b2, rx_msg, 2, 0, &num_processed)) + || !TEST_size_t_eq(num_processed, 0)) + goto err; + + /* Fields have not been modified */ + if (!TEST_int_eq((int)rx_msg[0].data_len, sizeof(rx_buf))) + goto err; + + if (!TEST_int_eq((int)rx_msg[1].data_len, sizeof(rx_buf2))) + goto err; + + if (!TEST_ulong_eq((unsigned long)rx_msg[0].flags, 1UL<<31)) + goto err; + + if (!TEST_ulong_eq((unsigned long)rx_msg[1].flags, 1UL<<31)) + goto err; + + /* Enable local if we are using it */ + if (BIO_dgram_get_local_addr_cap(b2) > 0 && use_local) { + if (!TEST_int_eq(BIO_dgram_set_local_addr_enable(b2, 1), 1)) + goto err; + } else { + rx_msg[0].local = NULL; + rx_msg[1].local = NULL; + use_local = 0; + } + + /* Do the receive. */ + if (!TEST_true(do_recvmmsg(b2, rx_msg, 2, 0, &num_processed)) + || !TEST_size_t_eq(num_processed, 2)) + goto err; + + /* data_len should have been updated correctly */ + if (!TEST_int_eq((int)rx_msg[0].data_len, 5)) + goto err; + + if (!TEST_int_eq((int)rx_msg[1].data_len, 6)) + goto err; + + /* flags should have been zeroed */ + if (!TEST_int_eq((int)rx_msg[0].flags, 0)) + goto err; + + if (!TEST_int_eq((int)rx_msg[1].flags, 0)) + goto err; + + /* peer address should match expected */ + if (!TEST_int_eq(compare_addr(addr3, addr1), 1)) + goto err; + + if (!TEST_int_eq(compare_addr(addr5, addr1), 1)) + goto err; + + /* + * Do not test local address yet as some platforms do not reliably return + * local addresses for messages queued for RX before local address support + * was enabled. Instead, send some new messages and test they're received + * with the correct local addresses. + */ + if (!TEST_true(do_sendmmsg(b1, tx_msg, 2, 0, &num_processed)) + || !TEST_size_t_eq(num_processed, 2)) + goto err; + + /* Receive the messages. */ + rx_msg[0].data_len = sizeof(rx_buf); + rx_msg[1].data_len = sizeof(rx_buf2); + + if (!TEST_true(do_recvmmsg(b2, rx_msg, 2, 0, &num_processed)) + || !TEST_size_t_eq(num_processed, 2)) + goto err; + + if (rx_msg[0].local != NULL) { + /* If we are using local, it should match expected */ + if (!TEST_int_eq(compare_addr(addr4, addr2), 1)) + goto err; + + if (!TEST_int_eq(compare_addr(addr6, addr2), 1)) + goto err; + } + + /* + * Try sending more than can be handled in one sendmmsg call (when using the + * sendmmsg implementation) + */ + for (i = 0; i < OSSL_NELEM(tx_msg); ++i) { + tx_buf[i] = (char)i; + tx_msg[i].data = tx_buf + i; + tx_msg[i].data_len = 1; + tx_msg[i].peer = addr2; + tx_msg[i].local = use_local ? addr1 : NULL; + tx_msg[i].flags = 0; + } + if (!TEST_true(do_sendmmsg(b1, tx_msg, OSSL_NELEM(tx_msg), 0, &num_processed)) + || !TEST_size_t_eq(num_processed, OSSL_NELEM(tx_msg))) + goto err; + + /* + * Try receiving more than can be handled in one recvmmsg call (when using + * the recvmmsg implementation) + */ + for (i = 0; i < OSSL_NELEM(rx_msg); ++i) { + rx_buf[i] = '\0'; + rx_msg[i].data = rx_buf + i; + rx_msg[i].data_len = 1; + rx_msg[i].peer = NULL; + rx_msg[i].local = NULL; + rx_msg[i].flags = 0; + } + if (!TEST_true(do_recvmmsg(b2, rx_msg, OSSL_NELEM(rx_msg), 0, &num_processed)) + || !TEST_size_t_eq(num_processed, OSSL_NELEM(rx_msg))) + goto err; + + if (!TEST_mem_eq(tx_buf, OSSL_NELEM(tx_msg), rx_buf, OSSL_NELEM(tx_msg))) + goto err; + + testresult = 1; +err: + BIO_free(b1); + BIO_free(b2); + if (fd1 >= 0) + BIO_closesocket(fd1); + if (fd2 >= 0) + BIO_closesocket(fd2); + BIO_ADDR_free(addr1); + BIO_ADDR_free(addr2); + BIO_ADDR_free(addr3); + BIO_ADDR_free(addr4); + BIO_ADDR_free(addr5); + BIO_ADDR_free(addr6); + return testresult; +} + +struct bio_dgram_case { + int af, local; +}; + +static const struct bio_dgram_case bio_dgram_cases[] = { + /* Test without local */ + { AF_INET, 0 }, +#if defined(OPENSSL_USE_IPV6) + { AF_INET6, 0 }, +#endif + /* Test with local */ + { AF_INET, 1 }, +#if defined(OPENSSL_USE_IPV6) + { AF_INET6, 1 } +#endif +}; + +static int test_bio_dgram(int idx) +{ + return test_bio_dgram_impl(bio_dgram_cases[idx].af, + bio_dgram_cases[idx].local); +} + +#endif /* !defined(OPENSSL_NO_DGRAM) && !defined(OPENSSL_NO_SOCK) */ + +int setup_tests(void) +{ + if (!test_skip_common_options()) { + TEST_error("Error parsing test options\n"); + return 0; + } + +#if !defined(OPENSSL_NO_DGRAM) && !defined(OPENSSL_NO_SOCK) + ADD_ALL_TESTS(test_bio_dgram, OSSL_NELEM(bio_dgram_cases)); +#endif + return 1; +} diff --git a/test/build.info b/test/build.info index 29d6af0709..ccd969ab01 100644 --- a/test/build.info +++ b/test/build.info @@ -49,7 +49,7 @@ IF[{- !$disabled{tests} -}] packettest asynctest secmemtest srptest memleaktest stack_test \ dtlsv1listentest ct_test threadstest afalgtest d2i_test \ ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest \ - bio_callback_test bio_memleak_test bio_core_test param_build_test \ + bio_callback_test bio_memleak_test bio_core_test bio_dgram_test param_build_test \ bioprinttest sslapitest dtlstest sslcorrupttest \ bio_enc_test pkey_meth_test pkey_meth_kdf_test evp_kdf_test uitest \ cipherbytes_test threadstest_fips \ @@ -391,6 +391,10 @@ IF[{- !$disabled{tests} -}] INCLUDE[bio_core_test]=../include ../apps/include DEPEND[bio_core_test]=../libcrypto libtestutil.a + SOURCE[bio_dgram_test]=bio_dgram_test.c + INCLUDE[bio_dgram_test]=../include ../apps/include + DEPEND[bio_dgram_test]=../libcrypto libtestutil.a + SOURCE[bio_tfo_test]=bio_tfo_test.c INCLUDE[bio_tfo_test]=../include ../apps/include .. DEPEND[bio_tfo_test]=../libcrypto libtestutil.a diff --git a/test/recipes/04-test_bio_dgram.t b/test/recipes/04-test_bio_dgram.t new file mode 100644 index 0000000000..0ca2edb23a --- /dev/null +++ b/test/recipes/04-test_bio_dgram.t @@ -0,0 +1,12 @@ +#! /usr/bin/env perl +# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Simple; + +simple_test("test_bio_dgram", "bio_dgram_test"); -- 2.39.2