]>
Commit | Line | Data |
---|---|---|
846e33c7 | 1 | /* |
454afd98 | 2 | * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. |
d02b48c6 | 3 | * |
dffa7520 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
846e33c7 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
7e1b7485 | 8 | */ |
d02b48c6 | 9 | |
7e1b7485 | 10 | /* socket-related functions used by s_client and s_server */ |
8c197cc5 UM |
11 | #include <stdio.h> |
12 | #include <stdlib.h> | |
13 | #include <string.h> | |
14 | #include <errno.h> | |
15 | #include <signal.h> | |
f9e55034 | 16 | #include <openssl/opensslconf.h> |
8c197cc5 | 17 | |
0f113f3e MC |
18 | /* |
19 | * With IPv6, it looks like Digital has mixed up the proper order of | |
20 | * recursive header file inclusion, resulting in the compiler complaining | |
21 | * that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is | |
22 | * needed to have fileno() declared correctly... So let's define u_int | |
23 | */ | |
bc36ee62 | 24 | #if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT) |
0f113f3e | 25 | # define __U_INT |
7d7d2cbc UM |
26 | typedef unsigned int u_int; |
27 | #endif | |
28 | ||
4579924b RL |
29 | #ifndef OPENSSL_NO_SOCK |
30 | ||
ab69ac00 | 31 | # include "apps.h" |
ab69ac00 | 32 | # include "s_apps.h" |
0e97f1e1 | 33 | # include "internal/sockets.h" |
b764ab95 | 34 | |
08073700 RB |
35 | # if defined(__TANDEM) |
36 | # if defined(OPENSSL_TANDEM_FLOSS) | |
37 | # include <floss.h(floss_read)> | |
38 | # endif | |
39 | # endif | |
40 | ||
ab69ac00 RL |
41 | # include <openssl/bio.h> |
42 | # include <openssl/err.h> | |
863fe2ec | 43 | |
10ee7246 MC |
44 | /* Keep track of our peer's address for the cookie callback */ |
45 | BIO_ADDR *ourpeer = NULL; | |
46 | ||
ab69ac00 RL |
47 | /* |
48 | * init_client - helper routine to set up socket communication | |
49 | * @sock: pointer to storage of resulting socket. | |
50 | * @host: the host name or path (for AF_UNIX) to connect to. | |
51 | * @port: the port to connect to (ignored for AF_UNIX). | |
ebc01683 JH |
52 | * @bindhost: source host or path (for AF_UNIX). |
53 | * @bindport: source port (ignored for AF_UNIX). | |
ab69ac00 RL |
54 | * @family: desired socket family, may be AF_INET, AF_INET6, AF_UNIX or |
55 | * AF_UNSPEC | |
56 | * @type: socket type, must be SOCK_STREAM or SOCK_DGRAM | |
8ccc2377 | 57 | * @protocol: socket protocol, e.g. IPPROTO_TCP or IPPROTO_UDP (or 0 for any) |
ab69ac00 RL |
58 | * |
59 | * This will create a socket and use it to connect to a host:port, or if | |
60 | * family == AF_UNIX, to the path found in host. | |
61 | * | |
62 | * If the host has more than one address, it will try them one by one until | |
63 | * a successful connection is established. The resulting socket will be | |
64 | * found in *sock on success, it will be given INVALID_SOCKET otherwise. | |
65 | * | |
66 | * Returns 1 on success, 0 on failure. | |
67 | */ | |
68 | int init_client(int *sock, const char *host, const char *port, | |
ebc01683 | 69 | const char *bindhost, const char *bindport, |
8ccc2377 | 70 | int family, int type, int protocol) |
0f113f3e | 71 | { |
ab69ac00 | 72 | BIO_ADDRINFO *res = NULL; |
ebc01683 | 73 | BIO_ADDRINFO *bindaddr = NULL; |
ab69ac00 | 74 | const BIO_ADDRINFO *ai = NULL; |
ebc01683 JH |
75 | const BIO_ADDRINFO *bi = NULL; |
76 | int found = 0; | |
ab69ac00 | 77 | int ret; |
4d8743f4 | 78 | |
9e1d5e8d | 79 | if (BIO_sock_init() != 1) |
ab69ac00 | 80 | return 0; |
0f113f3e | 81 | |
8ccc2377 MC |
82 | ret = BIO_lookup_ex(host, port, BIO_LOOKUP_CLIENT, family, type, protocol, |
83 | &res); | |
ab69ac00 RL |
84 | if (ret == 0) { |
85 | ERR_print_errors(bio_err); | |
86 | return 0; | |
0f113f3e | 87 | } |
0f113f3e | 88 | |
ebc01683 JH |
89 | if (bindhost != NULL || bindport != NULL) { |
90 | ret = BIO_lookup_ex(bindhost, bindport, BIO_LOOKUP_CLIENT, | |
91 | family, type, protocol, &bindaddr); | |
92 | if (ret == 0) { | |
93 | ERR_print_errors (bio_err); | |
94 | goto out; | |
95 | } | |
96 | } | |
97 | ||
ab69ac00 RL |
98 | ret = 0; |
99 | for (ai = res; ai != NULL; ai = BIO_ADDRINFO_next(ai)) { | |
f7c798e3 RS |
100 | /* Admittedly, these checks are quite paranoid, we should not get |
101 | * anything in the BIO_ADDRINFO chain that we haven't | |
102 | * asked for. */ | |
c90da922 MC |
103 | OPENSSL_assert((family == AF_UNSPEC |
104 | || family == BIO_ADDRINFO_family(ai)) | |
105 | && (type == 0 || type == BIO_ADDRINFO_socktype(ai)) | |
8ccc2377 | 106 | && (protocol == 0 |
c90da922 | 107 | || protocol == BIO_ADDRINFO_protocol(ai))); |
ab69ac00 | 108 | |
ebc01683 JH |
109 | if (bindaddr != NULL) { |
110 | for (bi = bindaddr; bi != NULL; bi = BIO_ADDRINFO_next(bi)) { | |
111 | if (BIO_ADDRINFO_family(bi) == BIO_ADDRINFO_family(ai)) | |
112 | break; | |
113 | } | |
114 | if (bi == NULL) | |
115 | continue; | |
116 | ++found; | |
117 | } | |
118 | ||
ab69ac00 | 119 | *sock = BIO_socket(BIO_ADDRINFO_family(ai), BIO_ADDRINFO_socktype(ai), |
c90da922 | 120 | BIO_ADDRINFO_protocol(ai), 0); |
ab69ac00 RL |
121 | if (*sock == INVALID_SOCKET) { |
122 | /* Maybe the kernel doesn't support the socket family, even if | |
123 | * BIO_lookup() added it in the returned result... | |
124 | */ | |
125 | continue; | |
126 | } | |
8ccc2377 | 127 | |
ebc01683 JH |
128 | if (bi != NULL) { |
129 | if (!BIO_bind(*sock, BIO_ADDRINFO_address(bi), | |
130 | BIO_SOCK_REUSEADDR)) { | |
131 | BIO_closesocket(*sock); | |
132 | *sock = INVALID_SOCKET; | |
133 | break; | |
134 | } | |
135 | } | |
136 | ||
8ccc2377 MC |
137 | #ifndef OPENSSL_NO_SCTP |
138 | if (protocol == IPPROTO_SCTP) { | |
139 | /* | |
140 | * For SCTP we have to set various options on the socket prior to | |
141 | * connecting. This is done automatically by BIO_new_dgram_sctp(). | |
142 | * We don't actually need the created BIO though so we free it again | |
143 | * immediately. | |
144 | */ | |
145 | BIO *tmpbio = BIO_new_dgram_sctp(*sock, BIO_NOCLOSE); | |
146 | ||
147 | if (tmpbio == NULL) { | |
148 | ERR_print_errors(bio_err); | |
149 | return 0; | |
150 | } | |
151 | BIO_free(tmpbio); | |
152 | } | |
153 | #endif | |
154 | ||
f478c8a7 | 155 | if (!BIO_connect(*sock, BIO_ADDRINFO_address(ai), |
6712ba93 | 156 | protocol == IPPROTO_TCP ? BIO_SOCK_NODELAY : 0)) { |
ab69ac00 RL |
157 | BIO_closesocket(*sock); |
158 | *sock = INVALID_SOCKET; | |
159 | continue; | |
0f113f3e | 160 | } |
0f113f3e | 161 | |
ab69ac00 RL |
162 | /* Success, don't try any more addresses */ |
163 | break; | |
0f113f3e MC |
164 | } |
165 | ||
ab69ac00 | 166 | if (*sock == INVALID_SOCKET) { |
ebc01683 JH |
167 | if (bindaddr != NULL && !found) { |
168 | BIO_printf(bio_err, "Can't bind %saddress for %s%s%s\n", | |
403ef8ce | 169 | #ifdef AF_INET6 |
ebc01683 | 170 | BIO_ADDRINFO_family(res) == AF_INET6 ? "IPv6 " : |
403ef8ce | 171 | #endif |
ebc01683 JH |
172 | BIO_ADDRINFO_family(res) == AF_INET ? "IPv4 " : |
173 | BIO_ADDRINFO_family(res) == AF_UNIX ? "unix " : "", | |
174 | bindhost != NULL ? bindhost : "", | |
175 | bindport != NULL ? ":" : "", | |
176 | bindport != NULL ? bindport : ""); | |
177 | ERR_clear_error(); | |
178 | ret = 0; | |
179 | } | |
ab69ac00 RL |
180 | ERR_print_errors(bio_err); |
181 | } else { | |
ea837d79 MC |
182 | /* Remove any stale errors from previous connection attempts */ |
183 | ERR_clear_error(); | |
ab69ac00 | 184 | ret = 1; |
0f113f3e | 185 | } |
ebc01683 JH |
186 | out: |
187 | if (bindaddr != NULL) { | |
188 | BIO_ADDRINFO_free (bindaddr); | |
189 | } | |
ab69ac00 RL |
190 | BIO_ADDRINFO_free(res); |
191 | return ret; | |
0f113f3e | 192 | } |
a9351320 | 193 | |
a12da5da RL |
194 | int report_server_accept(BIO *out, int asock, int with_address) |
195 | { | |
196 | int success = 0; | |
197 | ||
198 | if (with_address) { | |
199 | union BIO_sock_info_u info; | |
200 | char *hostname = NULL; | |
201 | char *service = NULL; | |
202 | ||
203 | if ((info.addr = BIO_ADDR_new()) != NULL | |
204 | && BIO_sock_info(asock, BIO_SOCK_INFO_ADDRESS, &info) | |
205 | && (hostname = BIO_ADDR_hostname_string(info.addr, 1)) != NULL | |
206 | && (service = BIO_ADDR_service_string(info.addr, 1)) != NULL | |
207 | && BIO_printf(out, | |
208 | strchr(hostname, ':') == NULL | |
209 | ? /* IPv4 */ "ACCEPT %s:%s\n" | |
210 | : /* IPv6 */ "ACCEPT [%s]:%s\n", | |
211 | hostname, service) > 0) | |
212 | success = 1; | |
213 | ||
214 | OPENSSL_free(hostname); | |
215 | OPENSSL_free(service); | |
216 | BIO_ADDR_free(info.addr); | |
217 | } else { | |
218 | (void)BIO_printf(out, "ACCEPT\n"); | |
219 | success = 1; | |
220 | } | |
221 | (void)BIO_flush(out); | |
222 | ||
223 | return success; | |
224 | } | |
225 | ||
ab69ac00 RL |
226 | /* |
227 | * do_server - helper routine to perform a server operation | |
228 | * @accept_sock: pointer to storage of resulting socket. | |
229 | * @host: the host name or path (for AF_UNIX) to connect to. | |
230 | * @port: the port to connect to (ignored for AF_UNIX). | |
231 | * @family: desired socket family, may be AF_INET, AF_INET6, AF_UNIX or | |
232 | * AF_UNSPEC | |
233 | * @type: socket type, must be SOCK_STREAM or SOCK_DGRAM | |
234 | * @cb: pointer to a function that receives the accepted socket and | |
235 | * should perform the communication with the connecting client. | |
236 | * @context: pointer to memory that's passed verbatim to the cb function. | |
237 | * @naccept: number of times an incoming connect should be accepted. If -1, | |
238 | * unlimited number. | |
239 | * | |
240 | * This will create a socket and use it to listen to a host:port, or if | |
241 | * family == AF_UNIX, to the path found in host, then start accepting | |
242 | * incoming connections and run cb on the resulting socket. | |
243 | * | |
244 | * 0 on failure, something other on success. | |
245 | */ | |
246 | int do_server(int *accept_sock, const char *host, const char *port, | |
72d0bc84 | 247 | int family, int type, int protocol, do_server_cb cb, |
5540eb70 | 248 | unsigned char *context, int naccept, BIO *bio_s_out) |
0f113f3e | 249 | { |
ab69ac00 | 250 | int asock = 0; |
0f113f3e | 251 | int sock; |
0f113f3e | 252 | int i; |
ab69ac00 | 253 | BIO_ADDRINFO *res = NULL; |
eee8a40a | 254 | const BIO_ADDRINFO *next; |
b3199e54 | 255 | int sock_family, sock_type, sock_protocol, sock_port; |
eee8a40a BE |
256 | const BIO_ADDR *sock_address; |
257 | int sock_options = BIO_SOCK_REUSEADDR; | |
ab69ac00 | 258 | int ret = 0; |
ab69ac00 | 259 | |
9e1d5e8d | 260 | if (BIO_sock_init() != 1) |
ab69ac00 RL |
261 | return 0; |
262 | ||
72d0bc84 MC |
263 | if (!BIO_lookup_ex(host, port, BIO_LOOKUP_SERVER, family, type, protocol, |
264 | &res)) { | |
ab69ac00 RL |
265 | ERR_print_errors(bio_err); |
266 | return 0; | |
267 | } | |
0f113f3e | 268 | |
f7c798e3 RS |
269 | /* Admittedly, these checks are quite paranoid, we should not get |
270 | * anything in the BIO_ADDRINFO chain that we haven't asked for */ | |
ab69ac00 | 271 | OPENSSL_assert((family == AF_UNSPEC || family == BIO_ADDRINFO_family(res)) |
72d0bc84 MC |
272 | && (type == 0 || type == BIO_ADDRINFO_socktype(res)) |
273 | && (protocol == 0 || protocol == BIO_ADDRINFO_protocol(res))); | |
ab69ac00 | 274 | |
eee8a40a BE |
275 | sock_family = BIO_ADDRINFO_family(res); |
276 | sock_type = BIO_ADDRINFO_socktype(res); | |
277 | sock_protocol = BIO_ADDRINFO_protocol(res); | |
278 | sock_address = BIO_ADDRINFO_address(res); | |
279 | next = BIO_ADDRINFO_next(res); | |
403ef8ce | 280 | #ifdef AF_INET6 |
df05f155 | 281 | if (sock_family == AF_INET6) |
eee8a40a BE |
282 | sock_options |= BIO_SOCK_V6_ONLY; |
283 | if (next != NULL | |
df05f155 BE |
284 | && BIO_ADDRINFO_socktype(next) == sock_type |
285 | && BIO_ADDRINFO_protocol(next) == sock_protocol) { | |
286 | if (sock_family == AF_INET | |
287 | && BIO_ADDRINFO_family(next) == AF_INET6) { | |
eee8a40a BE |
288 | sock_family = AF_INET6; |
289 | sock_address = BIO_ADDRINFO_address(next); | |
df05f155 BE |
290 | } else if (sock_family == AF_INET6 |
291 | && BIO_ADDRINFO_family(next) == AF_INET) { | |
eee8a40a | 292 | sock_options &= ~BIO_SOCK_V6_ONLY; |
df05f155 | 293 | } |
eee8a40a | 294 | } |
403ef8ce | 295 | #endif |
eee8a40a BE |
296 | |
297 | asock = BIO_socket(sock_family, sock_type, sock_protocol, 0); | |
ab69ac00 | 298 | if (asock == INVALID_SOCKET |
eee8a40a | 299 | || !BIO_listen(asock, sock_address, sock_options)) { |
ab69ac00 RL |
300 | BIO_ADDRINFO_free(res); |
301 | ERR_print_errors(bio_err); | |
302 | if (asock != INVALID_SOCKET) | |
303 | BIO_closesocket(asock); | |
304 | goto end; | |
305 | } | |
0f113f3e | 306 | |
72d0bc84 MC |
307 | #ifndef OPENSSL_NO_SCTP |
308 | if (protocol == IPPROTO_SCTP) { | |
309 | /* | |
310 | * For SCTP we have to set various options on the socket prior to | |
311 | * accepting. This is done automatically by BIO_new_dgram_sctp(). | |
312 | * We don't actually need the created BIO though so we free it again | |
313 | * immediately. | |
314 | */ | |
315 | BIO *tmpbio = BIO_new_dgram_sctp(asock, BIO_NOCLOSE); | |
316 | ||
317 | if (tmpbio == NULL) { | |
318 | BIO_closesocket(asock); | |
319 | ERR_print_errors(bio_err); | |
320 | goto end; | |
321 | } | |
322 | BIO_free(tmpbio); | |
323 | } | |
324 | #endif | |
325 | ||
b3199e54 AP |
326 | sock_port = BIO_ADDR_rawport(sock_address); |
327 | ||
ab69ac00 | 328 | BIO_ADDRINFO_free(res); |
a773b52a | 329 | res = NULL; |
ab69ac00 | 330 | |
a12da5da RL |
331 | if (!report_server_accept(bio_s_out, asock, sock_port == 0)) { |
332 | BIO_closesocket(asock); | |
333 | ERR_print_errors(bio_err); | |
334 | goto end; | |
5540eb70 RL |
335 | } |
336 | ||
a773b52a | 337 | if (accept_sock != NULL) |
ab69ac00 | 338 | *accept_sock = asock; |
0f113f3e | 339 | for (;;) { |
6671c775 AP |
340 | char sink[64]; |
341 | struct timeval timeout; | |
342 | fd_set readfds; | |
343 | ||
0f113f3e | 344 | if (type == SOCK_STREAM) { |
10ee7246 MC |
345 | BIO_ADDR_free(ourpeer); |
346 | ourpeer = BIO_ADDR_new(); | |
347 | if (ourpeer == NULL) { | |
348 | BIO_closesocket(asock); | |
349 | ERR_print_errors(bio_err); | |
350 | goto end; | |
351 | } | |
a773b52a | 352 | do { |
10ee7246 | 353 | sock = BIO_accept_ex(asock, ourpeer, 0); |
daaaa3cb | 354 | } while (sock < 0 && BIO_sock_should_retry(sock)); |
ab69ac00 | 355 | if (sock < 0) { |
a773b52a | 356 | ERR_print_errors(bio_err); |
8731a4fc | 357 | BIO_closesocket(asock); |
a773b52a | 358 | break; |
0f113f3e | 359 | } |
dcf3d83f | 360 | BIO_set_tcp_ndelay(sock, 1); |
72d0bc84 | 361 | i = (*cb)(sock, type, protocol, context); |
d17bdfc2 | 362 | |
bac6abe1 MC |
363 | /* |
364 | * If we ended with an alert being sent, but still with data in the | |
365 | * network buffer to be read, then calling BIO_closesocket() will | |
366 | * result in a TCP-RST being sent. On some platforms (notably | |
367 | * Windows) then this will result in the peer immediately abandoning | |
368 | * the connection including any buffered alert data before it has | |
369 | * had a chance to be read. Shutting down the sending side first, | |
370 | * and then closing the socket sends TCP-FIN first followed by | |
371 | * TCP-RST. This seems to allow the peer to read the alert data. | |
372 | */ | |
803141f6 | 373 | shutdown(sock, 1); /* SHUT_WR */ |
6671c775 AP |
374 | /* |
375 | * We just said we have nothing else to say, but it doesn't mean | |
376 | * that the other side has nothing. It's even recommended to | |
377 | * consume incoming data. [In testing context this ensures that | |
378 | * alerts are passed on...] | |
379 | */ | |
380 | timeout.tv_sec = 0; | |
381 | timeout.tv_usec = 500000; /* some extreme round-trip */ | |
382 | do { | |
383 | FD_ZERO(&readfds); | |
384 | openssl_fdset(sock, &readfds); | |
385 | } while (select(sock + 1, &readfds, NULL, NULL, &timeout) > 0 | |
386 | && readsocket(sock, sink, sizeof(sink)) > 0); | |
387 | ||
8731a4fc | 388 | BIO_closesocket(sock); |
ab69ac00 | 389 | } else { |
72d0bc84 | 390 | i = (*cb)(asock, type, protocol, context); |
ab69ac00 RL |
391 | } |
392 | ||
0f113f3e MC |
393 | if (naccept != -1) |
394 | naccept--; | |
395 | if (i < 0 || naccept == 0) { | |
8731a4fc | 396 | BIO_closesocket(asock); |
ab69ac00 RL |
397 | ret = i; |
398 | break; | |
0f113f3e MC |
399 | } |
400 | } | |
401 | end: | |
ab69ac00 RL |
402 | # ifdef AF_UNIX |
403 | if (family == AF_UNIX) | |
404 | unlink(host); | |
0f113f3e | 405 | # endif |
10ee7246 MC |
406 | BIO_ADDR_free(ourpeer); |
407 | ourpeer = NULL; | |
ab69ac00 | 408 | return ret; |
0f113f3e | 409 | } |
d02b48c6 | 410 | |
edbb56ee DB |
411 | void do_ssl_shutdown(SSL *ssl) |
412 | { | |
413 | int ret; | |
414 | ||
415 | do { | |
416 | /* We only do unidirectional shutdown */ | |
417 | ret = SSL_shutdown(ssl); | |
418 | if (ret < 0) { | |
419 | switch (SSL_get_error(ssl, ret)) { | |
420 | case SSL_ERROR_WANT_READ: | |
421 | case SSL_ERROR_WANT_WRITE: | |
422 | case SSL_ERROR_WANT_ASYNC: | |
423 | case SSL_ERROR_WANT_ASYNC_JOB: | |
424 | /* We just do busy waiting. Nothing clever */ | |
425 | continue; | |
426 | } | |
427 | ret = 0; | |
428 | } | |
429 | } while (ret < 0); | |
430 | } | |
431 | ||
ab69ac00 | 432 | #endif /* OPENSSL_NO_SOCK */ |