[thirdparty/openssl.git] / apps / lib / s_socket.c

/*
 * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/* socket-related functions used by s_client and s_server */
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <signal.h>
#include <openssl/opensslconf.h>

/*
 * With IPv6, it looks like Digital has mixed up the proper order of
 * recursive header file inclusion, resulting in the compiler complaining
 * that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is
 * needed to have fileno() declared correctly...  So let's define u_int
 */
#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
# define __U_INT
typedef unsigned int u_int;
#endif

#ifndef OPENSSL_NO_SOCK

# include "apps.h"
# include "s_apps.h"
# include "internal/sockets.h"

# if defined(__TANDEM)
#  if defined(OPENSSL_TANDEM_FLOSS)
#   include <floss.h(floss_read)>
#  endif
# endif

# include <openssl/bio.h>
# include <openssl/err.h>

/* Keep track of our peer's address for the cookie callback */
BIO_ADDR *ourpeer = NULL;

/*
 * init_client - helper routine to set up socket communication
 * @sock: pointer to storage of resulting socket.
 * @host: the host name or path (for AF_UNIX) to connect to.
 * @port: the port to connect to (ignored for AF_UNIX).
 * @bindhost: source host or path (for AF_UNIX).
 * @bindport: source port (ignored for AF_UNIX).
 * @family: desired socket family, may be AF_INET, AF_INET6, AF_UNIX or
 *  AF_UNSPEC
 * @type: socket type, must be SOCK_STREAM or SOCK_DGRAM
 * @protocol: socket protocol, e.g. IPPROTO_TCP or IPPROTO_UDP (or 0 for any)
 *
 * This will create a socket and use it to connect to a host:port, or if
 * family == AF_UNIX, to the path found in host.
 *
 * If the host has more than one address, it will try them one by one until
 * a successful connection is established.  The resulting socket will be
 * found in *sock on success, it will be given INVALID_SOCKET otherwise.
 *
 * Returns 1 on success, 0 on failure.
 */
int init_client(int *sock, const char *host, const char *port,
                const char *bindhost, const char *bindport,
                int family, int type, int protocol)
{
    BIO_ADDRINFO *res = NULL;
    BIO_ADDRINFO *bindaddr = NULL;
    const BIO_ADDRINFO *ai = NULL;
    const BIO_ADDRINFO *bi = NULL;
    int found = 0;
    int ret;

    if (BIO_sock_init() != 1)
        return 0;

    ret = BIO_lookup_ex(host, port, BIO_LOOKUP_CLIENT, family, type, protocol,
                        &res);
    if (ret == 0) {
        ERR_print_errors(bio_err);
        return 0;
    }

    if (bindhost != NULL || bindport != NULL) {
        ret = BIO_lookup_ex(bindhost, bindport, BIO_LOOKUP_CLIENT,
                            family, type, protocol, &bindaddr);
        if (ret == 0) {
            ERR_print_errors (bio_err);
            goto out;
        }
    }

    ret = 0;
    for (ai = res; ai != NULL; ai = BIO_ADDRINFO_next(ai)) {
        /* Admittedly, these checks are quite paranoid, we should not get
         * anything in the BIO_ADDRINFO chain that we haven't
         * asked for. */
        OPENSSL_assert((family == AF_UNSPEC
                        || family == BIO_ADDRINFO_family(ai))
                       && (type == 0 || type == BIO_ADDRINFO_socktype(ai))
                       && (protocol == 0
                           || protocol == BIO_ADDRINFO_protocol(ai)));

        if (bindaddr != NULL) {
            for (bi = bindaddr; bi != NULL; bi = BIO_ADDRINFO_next(bi)) {
                if (BIO_ADDRINFO_family(bi) == BIO_ADDRINFO_family(ai))
                    break;
            }
            if (bi == NULL)
                continue;
            ++found;
        }

        *sock = BIO_socket(BIO_ADDRINFO_family(ai), BIO_ADDRINFO_socktype(ai),
                           BIO_ADDRINFO_protocol(ai), 0);
        if (*sock == INVALID_SOCKET) {
            /* Maybe the kernel doesn't support the socket family, even if
             * BIO_lookup() added it in the returned result...
             */
            continue;
        }

        if (bi != NULL) {
            if (!BIO_bind(*sock, BIO_ADDRINFO_address(bi),
                          BIO_SOCK_REUSEADDR)) {
                BIO_closesocket(*sock);
                *sock = INVALID_SOCKET;
                break;
            }
        }

#ifndef OPENSSL_NO_SCTP
        if (protocol == IPPROTO_SCTP) {
            /*
             * For SCTP we have to set various options on the socket prior to
             * connecting. This is done automatically by BIO_new_dgram_sctp().
             * We don't actually need the created BIO though so we free it again
             * immediately.
             */
            BIO *tmpbio = BIO_new_dgram_sctp(*sock, BIO_NOCLOSE);

            if (tmpbio == NULL) {
                ERR_print_errors(bio_err);
                return 0;
            }
            BIO_free(tmpbio);
        }
#endif

        if (!BIO_connect(*sock, BIO_ADDRINFO_address(ai),
                         protocol == IPPROTO_TCP ? BIO_SOCK_NODELAY : 0)) {
            BIO_closesocket(*sock);
            *sock = INVALID_SOCKET;
            continue;
        }

        /* Success, don't try any more addresses */
        break;
    }

    if (*sock == INVALID_SOCKET) {
        if (bindaddr != NULL && !found) {
            BIO_printf(bio_err, "Can't bind %saddress for %s%s%s\n",
#ifdef AF_INET6
                       BIO_ADDRINFO_family(res) == AF_INET6 ? "IPv6 " :
#endif
                       BIO_ADDRINFO_family(res) == AF_INET ? "IPv4 " :
                       BIO_ADDRINFO_family(res) == AF_UNIX ? "unix " : "",
                       bindhost != NULL ? bindhost : "",
                       bindport != NULL ? ":" : "",
                       bindport != NULL ? bindport : "");
            ERR_clear_error();
            ret = 0;
        }
        ERR_print_errors(bio_err);
    } else {
        /* Remove any stale errors from previous connection attempts */
        ERR_clear_error();
        ret = 1;
    }
out:
    if (bindaddr != NULL) {
        BIO_ADDRINFO_free (bindaddr);
    }
    BIO_ADDRINFO_free(res);
    return ret;
}

int report_server_accept(BIO *out, int asock, int with_address)
{
    int success = 0;

    if (with_address) {
        union BIO_sock_info_u info;
        char *hostname = NULL;
        char *service = NULL;

        if ((info.addr = BIO_ADDR_new()) != NULL
            && BIO_sock_info(asock, BIO_SOCK_INFO_ADDRESS, &info)
            && (hostname = BIO_ADDR_hostname_string(info.addr, 1)) != NULL
            && (service = BIO_ADDR_service_string(info.addr, 1)) != NULL
            && BIO_printf(out,
                          strchr(hostname, ':') == NULL
                          ? /* IPv4 */ "ACCEPT %s:%s\n"
                          : /* IPv6 */ "ACCEPT [%s]:%s\n",
                          hostname, service) > 0)
            success = 1;

        OPENSSL_free(hostname);
        OPENSSL_free(service);
        BIO_ADDR_free(info.addr);
    } else {
        (void)BIO_printf(out, "ACCEPT\n");
        success = 1;
    }
    (void)BIO_flush(out);

    return success;
}

/*
 * do_server - helper routine to perform a server operation
 * @accept_sock: pointer to storage of resulting socket.
 * @host: the host name or path (for AF_UNIX) to connect to.
 * @port: the port to connect to (ignored for AF_UNIX).
 * @family: desired socket family, may be AF_INET, AF_INET6, AF_UNIX or
 *  AF_UNSPEC
 * @type: socket type, must be SOCK_STREAM or SOCK_DGRAM
 * @cb: pointer to a function that receives the accepted socket and
 *  should perform the communication with the connecting client.
 * @context: pointer to memory that's passed verbatim to the cb function.
 * @naccept: number of times an incoming connect should be accepted.  If -1,
 *  unlimited number.
 *
 * This will create a socket and use it to listen to a host:port, or if
 * family == AF_UNIX, to the path found in host, then start accepting
 * incoming connections and run cb on the resulting socket.
 *
 * 0 on failure, something other on success.
 */
int do_server(int *accept_sock, const char *host, const char *port,
              int family, int type, int protocol, do_server_cb cb,
              unsigned char *context, int naccept, BIO *bio_s_out)
{
    int asock = 0;
    int sock;
    int i;
    BIO_ADDRINFO *res = NULL;
    const BIO_ADDRINFO *next;
    int sock_family, sock_type, sock_protocol, sock_port;
    const BIO_ADDR *sock_address;
    int sock_options = BIO_SOCK_REUSEADDR;
    int ret = 0;

    if (BIO_sock_init() != 1)
        return 0;

    if (!BIO_lookup_ex(host, port, BIO_LOOKUP_SERVER, family, type, protocol,
                       &res)) {
        ERR_print_errors(bio_err);
        return 0;
    }

    /* Admittedly, these checks are quite paranoid, we should not get
     * anything in the BIO_ADDRINFO chain that we haven't asked for */
    OPENSSL_assert((family == AF_UNSPEC || family == BIO_ADDRINFO_family(res))
                   && (type == 0 || type == BIO_ADDRINFO_socktype(res))
                   && (protocol == 0 || protocol == BIO_ADDRINFO_protocol(res)));

    sock_family = BIO_ADDRINFO_family(res);
    sock_type = BIO_ADDRINFO_socktype(res);
    sock_protocol = BIO_ADDRINFO_protocol(res);
    sock_address = BIO_ADDRINFO_address(res);
    next = BIO_ADDRINFO_next(res);
#ifdef AF_INET6
    if (sock_family == AF_INET6)
        sock_options |= BIO_SOCK_V6_ONLY;
    if (next != NULL
            && BIO_ADDRINFO_socktype(next) == sock_type
            && BIO_ADDRINFO_protocol(next) == sock_protocol) {
        if (sock_family == AF_INET
                && BIO_ADDRINFO_family(next) == AF_INET6) {
            sock_family = AF_INET6;
            sock_address = BIO_ADDRINFO_address(next);
        } else if (sock_family == AF_INET6
                   && BIO_ADDRINFO_family(next) == AF_INET) {
            sock_options &= ~BIO_SOCK_V6_ONLY;
        }
    }
#endif

    asock = BIO_socket(sock_family, sock_type, sock_protocol, 0);
    if (asock == INVALID_SOCKET
        || !BIO_listen(asock, sock_address, sock_options)) {
        BIO_ADDRINFO_free(res);
        ERR_print_errors(bio_err);
        if (asock != INVALID_SOCKET)
            BIO_closesocket(asock);
        goto end;
    }

#ifndef OPENSSL_NO_SCTP
    if (protocol == IPPROTO_SCTP) {
        /*
         * For SCTP we have to set various options on the socket prior to
         * accepting. This is done automatically by BIO_new_dgram_sctp().
         * We don't actually need the created BIO though so we free it again
         * immediately.
         */
        BIO *tmpbio = BIO_new_dgram_sctp(asock, BIO_NOCLOSE);

        if (tmpbio == NULL) {
            BIO_closesocket(asock);
            ERR_print_errors(bio_err);
            goto end;
        }
        BIO_free(tmpbio);
    }
#endif

    sock_port = BIO_ADDR_rawport(sock_address);

    BIO_ADDRINFO_free(res);
    res = NULL;

    if (!report_server_accept(bio_s_out, asock, sock_port == 0)) {
        BIO_closesocket(asock);
        ERR_print_errors(bio_err);
        goto end;
    }

    if (accept_sock != NULL)
        *accept_sock = asock;
    for (;;) {
        char sink[64];
        struct timeval timeout;
        fd_set readfds;

        if (type == SOCK_STREAM) {
            BIO_ADDR_free(ourpeer);
            ourpeer = BIO_ADDR_new();
            if (ourpeer == NULL) {
                BIO_closesocket(asock);
                ERR_print_errors(bio_err);
                goto end;
            }
            do {
                sock = BIO_accept_ex(asock, ourpeer, 0);
            } while (sock < 0 && BIO_sock_should_retry(sock));
            if (sock < 0) {
                ERR_print_errors(bio_err);
                BIO_closesocket(asock);
                break;
            }
            BIO_set_tcp_ndelay(sock, 1);
            i = (*cb)(sock, type, protocol, context);

            /*
             * If we ended with an alert being sent, but still with data in the
             * network buffer to be read, then calling BIO_closesocket() will
             * result in a TCP-RST being sent. On some platforms (notably
             * Windows) then this will result in the peer immediately abandoning
             * the connection including any buffered alert data before it has
             * had a chance to be read. Shutting down the sending side first,
             * and then closing the socket sends TCP-FIN first followed by
             * TCP-RST. This seems to allow the peer to read the alert data.
             */
            shutdown(sock, 1); /* SHUT_WR */
            /*
             * We just said we have nothing else to say, but it doesn't mean
             * that the other side has nothing. It's even recommended to
             * consume incoming data. [In testing context this ensures that
             * alerts are passed on...]
             */
            timeout.tv_sec = 0;
            timeout.tv_usec = 500000;  /* some extreme round-trip */
            do {
                FD_ZERO(&readfds);
                openssl_fdset(sock, &readfds);
            } while (select(sock + 1, &readfds, NULL, NULL, &timeout) > 0
                     && readsocket(sock, sink, sizeof(sink)) > 0);

            BIO_closesocket(sock);
        } else {
            i = (*cb)(asock, type, protocol, context);
        }

        if (naccept != -1)
            naccept--;
        if (i < 0 || naccept == 0) {
            BIO_closesocket(asock);
            ret = i;
            break;
        }
    }
 end:
# ifdef AF_UNIX
    if (family == AF_UNIX)
        unlink(host);
# endif
    BIO_ADDR_free(ourpeer);
    ourpeer = NULL;
    return ret;
}

void do_ssl_shutdown(SSL *ssl)
{
    int ret;

    do {
        /* We only do unidirectional shutdown */
        ret = SSL_shutdown(ssl);
        if (ret < 0) {
            switch (SSL_get_error(ssl, ret)) {
            case SSL_ERROR_WANT_READ:
            case SSL_ERROR_WANT_WRITE:
            case SSL_ERROR_WANT_ASYNC:
            case SSL_ERROR_WANT_ASYNC_JOB:
                /* We just do busy waiting. Nothing clever */
                continue;
            }
            ret = 0;
        }
    } while (ret < 0);
}

#endif  /* OPENSSL_NO_SOCK */
Commit	Line	Data
846e33c7	1	/*
454afd98	2	* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
d02b48c6	3	*
dffa7520	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
846e33c7 RS	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
7e1b7485	8	*/
d02b48c6	9
7e1b7485	10	/* socket-related functions used by s_client and s_server */
8c197cc5 UM	11	#include <stdio.h>
	12	#include <stdlib.h>
	13	#include <string.h>
	14	#include <errno.h>
	15	#include <signal.h>
f9e55034	16	#include <openssl/opensslconf.h>
8c197cc5	17
0f113f3e MC	18	/*
	19	* With IPv6, it looks like Digital has mixed up the proper order of
	20	* recursive header file inclusion, resulting in the compiler complaining
	21	* that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is
	22	* needed to have fileno() declared correctly... So let's define u_int
	23	*/
bc36ee62	24	#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
0f113f3e	25	# define __U_INT
7d7d2cbc UM	26	typedef unsigned int u_int;
	27	#endif
	28
4579924b RL	29	#ifndef OPENSSL_NO_SOCK
4579924b RL	30
ab69ac00	31	# include "apps.h"
ab69ac00	32	# include "s_apps.h"
0e97f1e1	33	# include "internal/sockets.h"
b764ab95	34
08073700 RB	35	# if defined(__TANDEM)
	36	# if defined(OPENSSL_TANDEM_FLOSS)
	37	# include <floss.h(floss_read)>
	38	# endif
	39	# endif
	40
ab69ac00 RL	41	# include <openssl/bio.h>
ab69ac00 RL	42	# include <openssl/err.h>
863fe2ec	43
10ee7246 MC	44	/* Keep track of our peer's address for the cookie callback */
	45	BIO_ADDR *ourpeer = NULL;
	46
ab69ac00 RL	47	/*
	48	* init_client - helper routine to set up socket communication
	49	* @sock: pointer to storage of resulting socket.
	50	* @host: the host name or path (for AF_UNIX) to connect to.
	51	* @port: the port to connect to (ignored for AF_UNIX).
ebc01683 JH	52	* @bindhost: source host or path (for AF_UNIX).
ebc01683 JH	53	* @bindport: source port (ignored for AF_UNIX).
ab69ac00 RL	54	* @family: desired socket family, may be AF_INET, AF_INET6, AF_UNIX or
	55	* AF_UNSPEC
	56	* @type: socket type, must be SOCK_STREAM or SOCK_DGRAM
8ccc2377	57	* @protocol: socket protocol, e.g. IPPROTO_TCP or IPPROTO_UDP (or 0 for any)
ab69ac00 RL	58	*
	59	* This will create a socket and use it to connect to a host:port, or if
	60	* family == AF_UNIX, to the path found in host.
	61	*
	62	* If the host has more than one address, it will try them one by one until
	63	* a successful connection is established. The resulting socket will be
	64	* found in *sock on success, it will be given INVALID_SOCKET otherwise.
	65	*
	66	* Returns 1 on success, 0 on failure.
	67	*/
	68	int init_client(int sock, const char host, const char *port,
ebc01683	69	const char bindhost, const char bindport,
8ccc2377	70	int family, int type, int protocol)
0f113f3e	71	{
ab69ac00	72	BIO_ADDRINFO *res = NULL;
ebc01683	73	BIO_ADDRINFO *bindaddr = NULL;
ab69ac00	74	const BIO_ADDRINFO *ai = NULL;
ebc01683 JH	75	const BIO_ADDRINFO *bi = NULL;
ebc01683 JH	76	int found = 0;
ab69ac00	77	int ret;
4d8743f4	78
9e1d5e8d	79	if (BIO_sock_init() != 1)
ab69ac00	80	return 0;
0f113f3e	81
8ccc2377 MC	82	ret = BIO_lookup_ex(host, port, BIO_LOOKUP_CLIENT, family, type, protocol,
8ccc2377 MC	83	&res);
ab69ac00 RL	84	if (ret == 0) {
	85	ERR_print_errors(bio_err);
	86	return 0;
0f113f3e	87	}
0f113f3e	88
ebc01683 JH	89	if (bindhost != NULL \|\| bindport != NULL) {
	90	ret = BIO_lookup_ex(bindhost, bindport, BIO_LOOKUP_CLIENT,
	91	family, type, protocol, &bindaddr);
	92	if (ret == 0) {
	93	ERR_print_errors (bio_err);
	94	goto out;
	95	}
	96	}
	97
ab69ac00 RL	98	ret = 0;
ab69ac00 RL	99	for (ai = res; ai != NULL; ai = BIO_ADDRINFO_next(ai)) {
f7c798e3 RS	100	/* Admittedly, these checks are quite paranoid, we should not get
	101	* anything in the BIO_ADDRINFO chain that we haven't
	102	* asked for. */
c90da922 MC	103	OPENSSL_assert((family == AF_UNSPEC
	104	\|\| family == BIO_ADDRINFO_family(ai))
	105	&& (type == 0 \|\| type == BIO_ADDRINFO_socktype(ai))
8ccc2377	106	&& (protocol == 0
c90da922	107	\|\| protocol == BIO_ADDRINFO_protocol(ai)));
ab69ac00	108
ebc01683 JH	109	if (bindaddr != NULL) {
	110	for (bi = bindaddr; bi != NULL; bi = BIO_ADDRINFO_next(bi)) {
	111	if (BIO_ADDRINFO_family(bi) == BIO_ADDRINFO_family(ai))
	112	break;
	113	}
	114	if (bi == NULL)
	115	continue;
	116	++found;
	117	}
	118
ab69ac00	119	*sock = BIO_socket(BIO_ADDRINFO_family(ai), BIO_ADDRINFO_socktype(ai),
c90da922	120	BIO_ADDRINFO_protocol(ai), 0);
ab69ac00 RL	121	if (*sock == INVALID_SOCKET) {
	122	/* Maybe the kernel doesn't support the socket family, even if
	123	* BIO_lookup() added it in the returned result...
	124	*/
	125	continue;
	126	}
8ccc2377	127
ebc01683 JH	128	if (bi != NULL) {
	129	if (!BIO_bind(*sock, BIO_ADDRINFO_address(bi),
	130	BIO_SOCK_REUSEADDR)) {
	131	BIO_closesocket(*sock);
	132	*sock = INVALID_SOCKET;
	133	break;
	134	}
	135	}
	136
8ccc2377 MC	137	#ifndef OPENSSL_NO_SCTP
	138	if (protocol == IPPROTO_SCTP) {
	139	/*
	140	* For SCTP we have to set various options on the socket prior to
	141	* connecting. This is done automatically by BIO_new_dgram_sctp().
	142	* We don't actually need the created BIO though so we free it again
	143	* immediately.
	144	*/
	145	BIO tmpbio = BIO_new_dgram_sctp(sock, BIO_NOCLOSE);
	146
	147	if (tmpbio == NULL) {
	148	ERR_print_errors(bio_err);
	149	return 0;
	150	}
	151	BIO_free(tmpbio);
	152	}
	153	#endif
	154
f478c8a7	155	if (!BIO_connect(*sock, BIO_ADDRINFO_address(ai),
6712ba93	156	protocol == IPPROTO_TCP ? BIO_SOCK_NODELAY : 0)) {
ab69ac00 RL	157	BIO_closesocket(*sock);
	158	*sock = INVALID_SOCKET;
	159	continue;
0f113f3e	160	}
0f113f3e	161
ab69ac00 RL	162	/* Success, don't try any more addresses */
ab69ac00 RL	163	break;
0f113f3e MC	164	}
0f113f3e MC	165
ab69ac00	166	if (*sock == INVALID_SOCKET) {
ebc01683 JH	167	if (bindaddr != NULL && !found) {
ebc01683 JH	168	BIO_printf(bio_err, "Can't bind %saddress for %s%s%s\n",
403ef8ce	169	#ifdef AF_INET6
ebc01683	170	BIO_ADDRINFO_family(res) == AF_INET6 ? "IPv6 " :
403ef8ce	171	#endif
ebc01683 JH	172	BIO_ADDRINFO_family(res) == AF_INET ? "IPv4 " :
	173	BIO_ADDRINFO_family(res) == AF_UNIX ? "unix " : "",
	174	bindhost != NULL ? bindhost : "",
	175	bindport != NULL ? ":" : "",
	176	bindport != NULL ? bindport : "");
	177	ERR_clear_error();
	178	ret = 0;
	179	}
ab69ac00 RL	180	ERR_print_errors(bio_err);
ab69ac00 RL	181	} else {
ea837d79 MC	182	/* Remove any stale errors from previous connection attempts */
ea837d79 MC	183	ERR_clear_error();
ab69ac00	184	ret = 1;
0f113f3e	185	}
ebc01683 JH	186	out:
	187	if (bindaddr != NULL) {
	188	BIO_ADDRINFO_free (bindaddr);
	189	}
ab69ac00 RL	190	BIO_ADDRINFO_free(res);
ab69ac00 RL	191	return ret;
0f113f3e	192	}
a9351320	193
a12da5da RL	194	int report_server_accept(BIO *out, int asock, int with_address)
	195	{
	196	int success = 0;
	197
	198	if (with_address) {
	199	union BIO_sock_info_u info;
	200	char *hostname = NULL;
	201	char *service = NULL;
	202
	203	if ((info.addr = BIO_ADDR_new()) != NULL
	204	&& BIO_sock_info(asock, BIO_SOCK_INFO_ADDRESS, &info)
	205	&& (hostname = BIO_ADDR_hostname_string(info.addr, 1)) != NULL
	206	&& (service = BIO_ADDR_service_string(info.addr, 1)) != NULL
	207	&& BIO_printf(out,
	208	strchr(hostname, ':') == NULL
	209	? /* IPv4 */ "ACCEPT %s:%s\n"
	210	: /* IPv6 */ "ACCEPT [%s]:%s\n",
	211	hostname, service) > 0)
	212	success = 1;
	213
	214	OPENSSL_free(hostname);
	215	OPENSSL_free(service);
	216	BIO_ADDR_free(info.addr);
	217	} else {
	218	(void)BIO_printf(out, "ACCEPT\n");
	219	success = 1;
	220	}
	221	(void)BIO_flush(out);
	222
	223	return success;
	224	}
	225
ab69ac00 RL	226	/*
	227	* do_server - helper routine to perform a server operation
	228	* @accept_sock: pointer to storage of resulting socket.
	229	* @host: the host name or path (for AF_UNIX) to connect to.
	230	* @port: the port to connect to (ignored for AF_UNIX).
	231	* @family: desired socket family, may be AF_INET, AF_INET6, AF_UNIX or
	232	* AF_UNSPEC
	233	* @type: socket type, must be SOCK_STREAM or SOCK_DGRAM
	234	* @cb: pointer to a function that receives the accepted socket and
	235	* should perform the communication with the connecting client.
	236	* @context: pointer to memory that's passed verbatim to the cb function.
	237	* @naccept: number of times an incoming connect should be accepted. If -1,
	238	* unlimited number.
	239	*
	240	* This will create a socket and use it to listen to a host:port, or if
	241	* family == AF_UNIX, to the path found in host, then start accepting
	242	* incoming connections and run cb on the resulting socket.
	243	*
	244	* 0 on failure, something other on success.
	245	*/
	246	int do_server(int accept_sock, const char host, const char *port,
72d0bc84	247	int family, int type, int protocol, do_server_cb cb,
5540eb70	248	unsigned char context, int naccept, BIO bio_s_out)
0f113f3e	249	{
ab69ac00	250	int asock = 0;
0f113f3e	251	int sock;
0f113f3e	252	int i;
ab69ac00	253	BIO_ADDRINFO *res = NULL;
eee8a40a	254	const BIO_ADDRINFO *next;
b3199e54	255	int sock_family, sock_type, sock_protocol, sock_port;
eee8a40a BE	256	const BIO_ADDR *sock_address;
eee8a40a BE	257	int sock_options = BIO_SOCK_REUSEADDR;
ab69ac00	258	int ret = 0;
ab69ac00	259
9e1d5e8d	260	if (BIO_sock_init() != 1)
ab69ac00 RL	261	return 0;
ab69ac00 RL	262
72d0bc84 MC	263	if (!BIO_lookup_ex(host, port, BIO_LOOKUP_SERVER, family, type, protocol,
72d0bc84 MC	264	&res)) {
ab69ac00 RL	265	ERR_print_errors(bio_err);
	266	return 0;
	267	}
0f113f3e	268
f7c798e3 RS	269	/* Admittedly, these checks are quite paranoid, we should not get
f7c798e3 RS	270	* anything in the BIO_ADDRINFO chain that we haven't asked for */
ab69ac00	271	OPENSSL_assert((family == AF_UNSPEC \|\| family == BIO_ADDRINFO_family(res))
72d0bc84 MC	272	&& (type == 0 \|\| type == BIO_ADDRINFO_socktype(res))
72d0bc84 MC	273	&& (protocol == 0 \|\| protocol == BIO_ADDRINFO_protocol(res)));
ab69ac00	274
eee8a40a BE	275	sock_family = BIO_ADDRINFO_family(res);
	276	sock_type = BIO_ADDRINFO_socktype(res);
	277	sock_protocol = BIO_ADDRINFO_protocol(res);
	278	sock_address = BIO_ADDRINFO_address(res);
	279	next = BIO_ADDRINFO_next(res);
403ef8ce	280	#ifdef AF_INET6
df05f155	281	if (sock_family == AF_INET6)
eee8a40a BE	282	sock_options \|= BIO_SOCK_V6_ONLY;
eee8a40a BE	283	if (next != NULL
df05f155 BE	284	&& BIO_ADDRINFO_socktype(next) == sock_type
	285	&& BIO_ADDRINFO_protocol(next) == sock_protocol) {
	286	if (sock_family == AF_INET
	287	&& BIO_ADDRINFO_family(next) == AF_INET6) {
eee8a40a BE	288	sock_family = AF_INET6;
eee8a40a BE	289	sock_address = BIO_ADDRINFO_address(next);
df05f155 BE	290	} else if (sock_family == AF_INET6
df05f155 BE	291	&& BIO_ADDRINFO_family(next) == AF_INET) {
eee8a40a	292	sock_options &= ~BIO_SOCK_V6_ONLY;
df05f155	293	}
eee8a40a	294	}
403ef8ce	295	#endif
eee8a40a BE	296
eee8a40a BE	297	asock = BIO_socket(sock_family, sock_type, sock_protocol, 0);
ab69ac00	298	if (asock == INVALID_SOCKET
eee8a40a	299	\|\| !BIO_listen(asock, sock_address, sock_options)) {
ab69ac00 RL	300	BIO_ADDRINFO_free(res);
	301	ERR_print_errors(bio_err);
	302	if (asock != INVALID_SOCKET)
	303	BIO_closesocket(asock);
	304	goto end;
	305	}
0f113f3e	306
72d0bc84 MC	307	#ifndef OPENSSL_NO_SCTP
	308	if (protocol == IPPROTO_SCTP) {
	309	/*
	310	* For SCTP we have to set various options on the socket prior to
	311	* accepting. This is done automatically by BIO_new_dgram_sctp().
	312	* We don't actually need the created BIO though so we free it again
	313	* immediately.
	314	*/
	315	BIO *tmpbio = BIO_new_dgram_sctp(asock, BIO_NOCLOSE);
	316
	317	if (tmpbio == NULL) {
	318	BIO_closesocket(asock);
	319	ERR_print_errors(bio_err);
	320	goto end;
	321	}
	322	BIO_free(tmpbio);
	323	}
	324	#endif
	325
b3199e54 AP	326	sock_port = BIO_ADDR_rawport(sock_address);
b3199e54 AP	327
ab69ac00	328	BIO_ADDRINFO_free(res);
a773b52a	329	res = NULL;
ab69ac00	330
a12da5da RL	331	if (!report_server_accept(bio_s_out, asock, sock_port == 0)) {
	332	BIO_closesocket(asock);
	333	ERR_print_errors(bio_err);
	334	goto end;
5540eb70 RL	335	}
5540eb70 RL	336
a773b52a	337	if (accept_sock != NULL)
ab69ac00	338	*accept_sock = asock;
0f113f3e	339	for (;;) {
6671c775 AP	340	char sink[64];
	341	struct timeval timeout;
	342	fd_set readfds;
	343
0f113f3e	344	if (type == SOCK_STREAM) {
10ee7246 MC	345	BIO_ADDR_free(ourpeer);
	346	ourpeer = BIO_ADDR_new();
	347	if (ourpeer == NULL) {
	348	BIO_closesocket(asock);
	349	ERR_print_errors(bio_err);
	350	goto end;
	351	}
a773b52a	352	do {
10ee7246	353	sock = BIO_accept_ex(asock, ourpeer, 0);
daaaa3cb	354	} while (sock < 0 && BIO_sock_should_retry(sock));
ab69ac00	355	if (sock < 0) {
a773b52a	356	ERR_print_errors(bio_err);
8731a4fc	357	BIO_closesocket(asock);
a773b52a	358	break;
0f113f3e	359	}
dcf3d83f	360	BIO_set_tcp_ndelay(sock, 1);
72d0bc84	361	i = (*cb)(sock, type, protocol, context);
d17bdfc2	362
bac6abe1 MC	363	/*
	364	* If we ended with an alert being sent, but still with data in the
	365	* network buffer to be read, then calling BIO_closesocket() will
	366	* result in a TCP-RST being sent. On some platforms (notably
	367	* Windows) then this will result in the peer immediately abandoning
	368	* the connection including any buffered alert data before it has
	369	* had a chance to be read. Shutting down the sending side first,
	370	* and then closing the socket sends TCP-FIN first followed by
	371	* TCP-RST. This seems to allow the peer to read the alert data.
	372	*/
803141f6	373	shutdown(sock, 1); /* SHUT_WR */
6671c775 AP	374	/*
	375	* We just said we have nothing else to say, but it doesn't mean
	376	* that the other side has nothing. It's even recommended to
	377	* consume incoming data. [In testing context this ensures that
	378	* alerts are passed on...]
	379	*/
	380	timeout.tv_sec = 0;
	381	timeout.tv_usec = 500000; /* some extreme round-trip */
	382	do {
	383	FD_ZERO(&readfds);
	384	openssl_fdset(sock, &readfds);
	385	} while (select(sock + 1, &readfds, NULL, NULL, &timeout) > 0
	386	&& readsocket(sock, sink, sizeof(sink)) > 0);
	387
8731a4fc	388	BIO_closesocket(sock);
ab69ac00	389	} else {
72d0bc84	390	i = (*cb)(asock, type, protocol, context);
ab69ac00 RL	391	}
ab69ac00 RL	392
0f113f3e MC	393	if (naccept != -1)
	394	naccept--;
	395	if (i < 0 \|\| naccept == 0) {
8731a4fc	396	BIO_closesocket(asock);
ab69ac00 RL	397	ret = i;
ab69ac00 RL	398	break;
0f113f3e MC	399	}
	400	}
	401	end:
ab69ac00 RL	402	# ifdef AF_UNIX
	403	if (family == AF_UNIX)
	404	unlink(host);
0f113f3e	405	# endif
10ee7246 MC	406	BIO_ADDR_free(ourpeer);
10ee7246 MC	407	ourpeer = NULL;
ab69ac00	408	return ret;
0f113f3e	409	}
d02b48c6	410
edbb56ee DB	411	void do_ssl_shutdown(SSL *ssl)
	412	{
	413	int ret;
	414
	415	do {
	416	/* We only do unidirectional shutdown */
	417	ret = SSL_shutdown(ssl);
	418	if (ret < 0) {
	419	switch (SSL_get_error(ssl, ret)) {
	420	case SSL_ERROR_WANT_READ:
	421	case SSL_ERROR_WANT_WRITE:
	422	case SSL_ERROR_WANT_ASYNC:
	423	case SSL_ERROR_WANT_ASYNC_JOB:
	424	/* We just do busy waiting. Nothing clever */
	425	continue;
	426	}
	427	ret = 0;
	428	}
	429	} while (ret < 0);
	430	}
	431
ab69ac00	432	#endif /* OPENSSL_NO_SOCK */