[thirdparty/openssl.git] / apps / lib / s_socket.c

/*
 * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/* socket-related functions used by s_client and s_server */
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <signal.h>
#include <openssl/opensslconf.h>

/*
 * With IPv6, it looks like Digital has mixed up the proper order of
 * recursive header file inclusion, resulting in the compiler complaining
 * that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is
 * needed to have fileno() declared correctly...  So let's define u_int
 */
#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
# define __U_INT
typedef unsigned int u_int;
#endif

#ifndef OPENSSL_NO_SOCK

# include "apps.h"
# include "s_apps.h"
# include "internal/sockets.h"

# if defined(__TANDEM)
#  if defined(OPENSSL_TANDEM_FLOSS)
#   include <floss.h(floss_read)>
#  endif
# endif

# include <openssl/bio.h>
# include <openssl/err.h>

/* Keep track of our peer's address for the cookie callback */
BIO_ADDR *ourpeer = NULL;

/*
 * init_client - helper routine to set up socket communication
 * @sock: pointer to storage of resulting socket.
 * @host: the host name or path (for AF_UNIX) to connect to.
 * @port: the port to connect to (ignored for AF_UNIX).
 * @bindhost: source host or path (for AF_UNIX).
 * @bindport: source port (ignored for AF_UNIX).
 * @family: desired socket family, may be AF_INET, AF_INET6, AF_UNIX or
 *  AF_UNSPEC
 * @type: socket type, must be SOCK_STREAM or SOCK_DGRAM
 * @protocol: socket protocol, e.g. IPPROTO_TCP or IPPROTO_UDP (or 0 for any)
 *
 * This will create a socket and use it to connect to a host:port, or if
 * family == AF_UNIX, to the path found in host.
 *
 * If the host has more than one address, it will try them one by one until
 * a successful connection is established.  The resulting socket will be
 * found in *sock on success, it will be given INVALID_SOCKET otherwise.
 *
 * Returns 1 on success, 0 on failure.
 */
int init_client(int *sock, const char *host, const char *port,
                const char *bindhost, const char *bindport,
                int family, int type, int protocol)
{
    BIO_ADDRINFO *res = NULL;
    BIO_ADDRINFO *bindaddr = NULL;
    const BIO_ADDRINFO *ai = NULL;
    const BIO_ADDRINFO *bi = NULL;
    int found = 0;
    int ret;

    if (BIO_sock_init() != 1)
        return 0;

    ret = BIO_lookup_ex(host, port, BIO_LOOKUP_CLIENT, family, type, protocol,
                        &res);
    if (ret == 0) {
        ERR_print_errors(bio_err);
        return 0;
    }

    if (bindhost != NULL || bindport != NULL) {
        ret = BIO_lookup_ex(bindhost, bindport, BIO_LOOKUP_CLIENT,
                            family, type, protocol, &bindaddr);
        if (ret == 0) {
            ERR_print_errors (bio_err);
            goto out;
        }
    }

    ret = 0;
    for (ai = res; ai != NULL; ai = BIO_ADDRINFO_next(ai)) {
        /* Admittedly, these checks are quite paranoid, we should not get
         * anything in the BIO_ADDRINFO chain that we haven't
         * asked for. */
        OPENSSL_assert((family == AF_UNSPEC
                        || family == BIO_ADDRINFO_family(ai))
                       && (type == 0 || type == BIO_ADDRINFO_socktype(ai))
                       && (protocol == 0
                           || protocol == BIO_ADDRINFO_protocol(ai)));

        if (bindaddr != NULL) {
            for (bi = bindaddr; bi != NULL; bi = BIO_ADDRINFO_next(bi)) {
                if (BIO_ADDRINFO_family(bi) == BIO_ADDRINFO_family(ai))
                    break;
            }
            if (bi == NULL)
                continue;
            ++found;
        }

        *sock = BIO_socket(BIO_ADDRINFO_family(ai), BIO_ADDRINFO_socktype(ai),
                           BIO_ADDRINFO_protocol(ai), 0);
        if (*sock == INVALID_SOCKET) {
            /* Maybe the kernel doesn't support the socket family, even if
             * BIO_lookup() added it in the returned result...
             */
            continue;
        }

        if (bi != NULL) {
            if (!BIO_bind(*sock, BIO_ADDRINFO_address(bi),
                          BIO_SOCK_REUSEADDR)) {
                BIO_closesocket(*sock);
                *sock = INVALID_SOCKET;
                break;
            }
        }

#ifndef OPENSSL_NO_SCTP
        if (protocol == IPPROTO_SCTP) {
            /*
             * For SCTP we have to set various options on the socket prior to
             * connecting. This is done automatically by BIO_new_dgram_sctp().
             * We don't actually need the created BIO though so we free it again
             * immediately.
             */
            BIO *tmpbio = BIO_new_dgram_sctp(*sock, BIO_NOCLOSE);

            if (tmpbio == NULL) {
                ERR_print_errors(bio_err);
                return 0;
            }
            BIO_free(tmpbio);
        }
#endif

        if (!BIO_connect(*sock, BIO_ADDRINFO_address(ai),
                         protocol == IPPROTO_TCP ? BIO_SOCK_NODELAY : 0)) {
            BIO_closesocket(*sock);
            *sock = INVALID_SOCKET;
            continue;
        }

        /* Success, don't try any more addresses */
        break;
    }

    if (*sock == INVALID_SOCKET) {
        if (bindaddr != NULL && !found) {
            BIO_printf(bio_err, "Can't bind %saddress for %s%s%s\n",
                       BIO_ADDRINFO_family(res) == AF_INET6 ? "IPv6 " :
                       BIO_ADDRINFO_family(res) == AF_INET ? "IPv4 " :
                       BIO_ADDRINFO_family(res) == AF_UNIX ? "unix " : "",
                       bindhost != NULL ? bindhost : "",
                       bindport != NULL ? ":" : "",
                       bindport != NULL ? bindport : "");
            ERR_clear_error();
            ret = 0;
        }
        ERR_print_errors(bio_err);
    } else {
        /* Remove any stale errors from previous connection attempts */
        ERR_clear_error();
        ret = 1;
    }
out:
    if (bindaddr != NULL) {
        BIO_ADDRINFO_free (bindaddr);
    }
    BIO_ADDRINFO_free(res);
    return ret;
}

/*
 * do_server - helper routine to perform a server operation
 * @accept_sock: pointer to storage of resulting socket.
 * @host: the host name or path (for AF_UNIX) to connect to.
 * @port: the port to connect to (ignored for AF_UNIX).
 * @family: desired socket family, may be AF_INET, AF_INET6, AF_UNIX or
 *  AF_UNSPEC
 * @type: socket type, must be SOCK_STREAM or SOCK_DGRAM
 * @cb: pointer to a function that receives the accepted socket and
 *  should perform the communication with the connecting client.
 * @context: pointer to memory that's passed verbatim to the cb function.
 * @naccept: number of times an incoming connect should be accepted.  If -1,
 *  unlimited number.
 *
 * This will create a socket and use it to listen to a host:port, or if
 * family == AF_UNIX, to the path found in host, then start accepting
 * incoming connections and run cb on the resulting socket.
 *
 * 0 on failure, something other on success.
 */
int do_server(int *accept_sock, const char *host, const char *port,
              int family, int type, int protocol, do_server_cb cb,
              unsigned char *context, int naccept, BIO *bio_s_out)
{
    int asock = 0;
    int sock;
    int i;
    BIO_ADDRINFO *res = NULL;
    const BIO_ADDRINFO *next;
    int sock_family, sock_type, sock_protocol, sock_port;
    const BIO_ADDR *sock_address;
    int sock_options = BIO_SOCK_REUSEADDR;
    int ret = 0;

    if (BIO_sock_init() != 1)
        return 0;

    if (!BIO_lookup_ex(host, port, BIO_LOOKUP_SERVER, family, type, protocol,
                       &res)) {
        ERR_print_errors(bio_err);
        return 0;
    }

    /* Admittedly, these checks are quite paranoid, we should not get
     * anything in the BIO_ADDRINFO chain that we haven't asked for */
    OPENSSL_assert((family == AF_UNSPEC || family == BIO_ADDRINFO_family(res))
                   && (type == 0 || type == BIO_ADDRINFO_socktype(res))
                   && (protocol == 0 || protocol == BIO_ADDRINFO_protocol(res)));

    sock_family = BIO_ADDRINFO_family(res);
    sock_type = BIO_ADDRINFO_socktype(res);
    sock_protocol = BIO_ADDRINFO_protocol(res);
    sock_address = BIO_ADDRINFO_address(res);
    next = BIO_ADDRINFO_next(res);
    if (sock_family == AF_INET6)
        sock_options |= BIO_SOCK_V6_ONLY;
    if (next != NULL
            && BIO_ADDRINFO_socktype(next) == sock_type
            && BIO_ADDRINFO_protocol(next) == sock_protocol) {
        if (sock_family == AF_INET
                && BIO_ADDRINFO_family(next) == AF_INET6) {
            sock_family = AF_INET6;
            sock_address = BIO_ADDRINFO_address(next);
        } else if (sock_family == AF_INET6
                   && BIO_ADDRINFO_family(next) == AF_INET) {
            sock_options &= ~BIO_SOCK_V6_ONLY;
        }
    }

    asock = BIO_socket(sock_family, sock_type, sock_protocol, 0);
    if (asock == INVALID_SOCKET
        || !BIO_listen(asock, sock_address, sock_options)) {
        BIO_ADDRINFO_free(res);
        ERR_print_errors(bio_err);
        if (asock != INVALID_SOCKET)
            BIO_closesocket(asock);
        goto end;
    }

#ifndef OPENSSL_NO_SCTP
    if (protocol == IPPROTO_SCTP) {
        /*
         * For SCTP we have to set various options on the socket prior to
         * accepting. This is done automatically by BIO_new_dgram_sctp().
         * We don't actually need the created BIO though so we free it again
         * immediately.
         */
        BIO *tmpbio = BIO_new_dgram_sctp(asock, BIO_NOCLOSE);

        if (tmpbio == NULL) {
            BIO_closesocket(asock);
            ERR_print_errors(bio_err);
            goto end;
        }
        BIO_free(tmpbio);
    }
#endif

    sock_port = BIO_ADDR_rawport(sock_address);

    BIO_ADDRINFO_free(res);
    res = NULL;

    if (sock_port == 0) {
        /* dynamically allocated port, report which one */
        union BIO_sock_info_u info;
        char *hostname = NULL;
        char *service = NULL;
        int success = 0;

        if ((info.addr = BIO_ADDR_new()) != NULL
            && BIO_sock_info(asock, BIO_SOCK_INFO_ADDRESS, &info)
            && (hostname = BIO_ADDR_hostname_string(info.addr, 1)) != NULL
            && (service = BIO_ADDR_service_string(info.addr, 1)) != NULL
            && BIO_printf(bio_s_out,
                          strchr(hostname, ':') == NULL
                          ? /* IPv4 */ "ACCEPT %s:%s\n"
                          : /* IPv6 */ "ACCEPT [%s]:%s\n",
                          hostname, service) > 0)
            success = 1;

        (void)BIO_flush(bio_s_out);
        OPENSSL_free(hostname);
        OPENSSL_free(service);
        BIO_ADDR_free(info.addr);
        if (!success) {
            BIO_closesocket(asock);
            ERR_print_errors(bio_err);
            goto end;
        }
    } else {
        (void)BIO_printf(bio_s_out, "ACCEPT\n");
        (void)BIO_flush(bio_s_out);
    }

    if (accept_sock != NULL)
        *accept_sock = asock;
    for (;;) {
        char sink[64];
        struct timeval timeout;
        fd_set readfds;

        if (type == SOCK_STREAM) {
            BIO_ADDR_free(ourpeer);
            ourpeer = BIO_ADDR_new();
            if (ourpeer == NULL) {
                BIO_closesocket(asock);
                ERR_print_errors(bio_err);
                goto end;
            }
            do {
                sock = BIO_accept_ex(asock, ourpeer, 0);
            } while (sock < 0 && BIO_sock_should_retry(sock));
            if (sock < 0) {
                ERR_print_errors(bio_err);
                BIO_closesocket(asock);
                break;
            }
            BIO_set_tcp_ndelay(sock, 1);
            i = (*cb)(sock, type, protocol, context);

            /*
             * If we ended with an alert being sent, but still with data in the
             * network buffer to be read, then calling BIO_closesocket() will
             * result in a TCP-RST being sent. On some platforms (notably
             * Windows) then this will result in the peer immediately abandoning
             * the connection including any buffered alert data before it has
             * had a chance to be read. Shutting down the sending side first,
             * and then closing the socket sends TCP-FIN first followed by
             * TCP-RST. This seems to allow the peer to read the alert data.
             */
            shutdown(sock, 1); /* SHUT_WR */
            /*
             * We just said we have nothing else to say, but it doesn't mean
             * that the other side has nothing. It's even recommended to
             * consume incoming data. [In testing context this ensures that
             * alerts are passed on...]
             */
            timeout.tv_sec = 0;
            timeout.tv_usec = 500000;  /* some extreme round-trip */
            do {
                FD_ZERO(&readfds);
                openssl_fdset(sock, &readfds);
            } while (select(sock + 1, &readfds, NULL, NULL, &timeout) > 0
                     && readsocket(sock, sink, sizeof(sink)) > 0);

            BIO_closesocket(sock);
        } else {
            i = (*cb)(asock, type, protocol, context);
        }

        if (naccept != -1)
            naccept--;
        if (i < 0 || naccept == 0) {
            BIO_closesocket(asock);
            ret = i;
            break;
        }
    }
 end:
# ifdef AF_UNIX
    if (family == AF_UNIX)
        unlink(host);
# endif
    BIO_ADDR_free(ourpeer);
    ourpeer = NULL;
    return ret;
}

void do_ssl_shutdown(SSL *ssl)
{
    int ret;

    do {
        /* We only do unidirectional shutdown */
        ret = SSL_shutdown(ssl);
        if (ret < 0) {
            switch (SSL_get_error(ssl, ret)) {
            case SSL_ERROR_WANT_READ:
            case SSL_ERROR_WANT_WRITE:
            case SSL_ERROR_WANT_ASYNC:
            case SSL_ERROR_WANT_ASYNC_JOB:
                /* We just do busy waiting. Nothing clever */
                continue;
            }
            ret = 0;
        }
    } while (ret < 0);
}

#endif  /* OPENSSL_NO_SOCK */
Commit	Line	Data
846e33c7	1	/*
454afd98	2	* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
d02b48c6	3	*
dffa7520	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
846e33c7 RS	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
7e1b7485	8	*/
d02b48c6	9
7e1b7485	10	/* socket-related functions used by s_client and s_server */
8c197cc5 UM	11	#include <stdio.h>
	12	#include <stdlib.h>
	13	#include <string.h>
	14	#include <errno.h>
	15	#include <signal.h>
f9e55034	16	#include <openssl/opensslconf.h>
8c197cc5	17
0f113f3e MC	18	/*
	19	* With IPv6, it looks like Digital has mixed up the proper order of
	20	* recursive header file inclusion, resulting in the compiler complaining
	21	* that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is
	22	* needed to have fileno() declared correctly... So let's define u_int
	23	*/
bc36ee62	24	#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
0f113f3e	25	# define __U_INT
7d7d2cbc UM	26	typedef unsigned int u_int;
	27	#endif
	28
4579924b RL	29	#ifndef OPENSSL_NO_SOCK
4579924b RL	30
ab69ac00	31	# include "apps.h"
ab69ac00	32	# include "s_apps.h"
0e97f1e1	33	# include "internal/sockets.h"
b764ab95	34
08073700 RB	35	# if defined(__TANDEM)
	36	# if defined(OPENSSL_TANDEM_FLOSS)
	37	# include <floss.h(floss_read)>
	38	# endif
	39	# endif
	40
ab69ac00 RL	41	# include <openssl/bio.h>
ab69ac00 RL	42	# include <openssl/err.h>
863fe2ec	43
10ee7246 MC	44	/* Keep track of our peer's address for the cookie callback */
	45	BIO_ADDR *ourpeer = NULL;
	46
ab69ac00 RL	47	/*
	48	* init_client - helper routine to set up socket communication
	49	* @sock: pointer to storage of resulting socket.
	50	* @host: the host name or path (for AF_UNIX) to connect to.
	51	* @port: the port to connect to (ignored for AF_UNIX).
ebc01683 JH	52	* @bindhost: source host or path (for AF_UNIX).
ebc01683 JH	53	* @bindport: source port (ignored for AF_UNIX).
ab69ac00 RL	54	* @family: desired socket family, may be AF_INET, AF_INET6, AF_UNIX or
	55	* AF_UNSPEC
	56	* @type: socket type, must be SOCK_STREAM or SOCK_DGRAM
8ccc2377	57	* @protocol: socket protocol, e.g. IPPROTO_TCP or IPPROTO_UDP (or 0 for any)
ab69ac00 RL	58	*
	59	* This will create a socket and use it to connect to a host:port, or if
	60	* family == AF_UNIX, to the path found in host.
	61	*
	62	* If the host has more than one address, it will try them one by one until
	63	* a successful connection is established. The resulting socket will be
	64	* found in *sock on success, it will be given INVALID_SOCKET otherwise.
	65	*
	66	* Returns 1 on success, 0 on failure.
	67	*/
	68	int init_client(int sock, const char host, const char *port,
ebc01683	69	const char bindhost, const char bindport,
8ccc2377	70	int family, int type, int protocol)
0f113f3e	71	{
ab69ac00	72	BIO_ADDRINFO *res = NULL;
ebc01683	73	BIO_ADDRINFO *bindaddr = NULL;
ab69ac00	74	const BIO_ADDRINFO *ai = NULL;
ebc01683 JH	75	const BIO_ADDRINFO *bi = NULL;
ebc01683 JH	76	int found = 0;
ab69ac00	77	int ret;
4d8743f4	78
9e1d5e8d	79	if (BIO_sock_init() != 1)
ab69ac00	80	return 0;
0f113f3e	81
8ccc2377 MC	82	ret = BIO_lookup_ex(host, port, BIO_LOOKUP_CLIENT, family, type, protocol,
8ccc2377 MC	83	&res);
ab69ac00 RL	84	if (ret == 0) {
	85	ERR_print_errors(bio_err);
	86	return 0;
0f113f3e	87	}
0f113f3e	88
ebc01683 JH	89	if (bindhost != NULL \|\| bindport != NULL) {
	90	ret = BIO_lookup_ex(bindhost, bindport, BIO_LOOKUP_CLIENT,
	91	family, type, protocol, &bindaddr);
	92	if (ret == 0) {
	93	ERR_print_errors (bio_err);
	94	goto out;
	95	}
	96	}
	97
ab69ac00 RL	98	ret = 0;
ab69ac00 RL	99	for (ai = res; ai != NULL; ai = BIO_ADDRINFO_next(ai)) {
f7c798e3 RS	100	/* Admittedly, these checks are quite paranoid, we should not get
	101	* anything in the BIO_ADDRINFO chain that we haven't
	102	* asked for. */
c90da922 MC	103	OPENSSL_assert((family == AF_UNSPEC
	104	\|\| family == BIO_ADDRINFO_family(ai))
	105	&& (type == 0 \|\| type == BIO_ADDRINFO_socktype(ai))
8ccc2377	106	&& (protocol == 0
c90da922	107	\|\| protocol == BIO_ADDRINFO_protocol(ai)));
ab69ac00	108
ebc01683 JH	109	if (bindaddr != NULL) {
	110	for (bi = bindaddr; bi != NULL; bi = BIO_ADDRINFO_next(bi)) {
	111	if (BIO_ADDRINFO_family(bi) == BIO_ADDRINFO_family(ai))
	112	break;
	113	}
	114	if (bi == NULL)
	115	continue;
	116	++found;
	117	}
	118
ab69ac00	119	*sock = BIO_socket(BIO_ADDRINFO_family(ai), BIO_ADDRINFO_socktype(ai),
c90da922	120	BIO_ADDRINFO_protocol(ai), 0);
ab69ac00 RL	121	if (*sock == INVALID_SOCKET) {
	122	/* Maybe the kernel doesn't support the socket family, even if
	123	* BIO_lookup() added it in the returned result...
	124	*/
	125	continue;
	126	}
8ccc2377	127
ebc01683 JH	128	if (bi != NULL) {
	129	if (!BIO_bind(*sock, BIO_ADDRINFO_address(bi),
	130	BIO_SOCK_REUSEADDR)) {
	131	BIO_closesocket(*sock);
	132	*sock = INVALID_SOCKET;
	133	break;
	134	}
	135	}
	136
8ccc2377 MC	137	#ifndef OPENSSL_NO_SCTP
	138	if (protocol == IPPROTO_SCTP) {
	139	/*
	140	* For SCTP we have to set various options on the socket prior to
	141	* connecting. This is done automatically by BIO_new_dgram_sctp().
	142	* We don't actually need the created BIO though so we free it again
	143	* immediately.
	144	*/
	145	BIO tmpbio = BIO_new_dgram_sctp(sock, BIO_NOCLOSE);
	146
	147	if (tmpbio == NULL) {
	148	ERR_print_errors(bio_err);
	149	return 0;
	150	}
	151	BIO_free(tmpbio);
	152	}
	153	#endif
	154
f478c8a7	155	if (!BIO_connect(*sock, BIO_ADDRINFO_address(ai),
6712ba93	156	protocol == IPPROTO_TCP ? BIO_SOCK_NODELAY : 0)) {
ab69ac00 RL	157	BIO_closesocket(*sock);
	158	*sock = INVALID_SOCKET;
	159	continue;
0f113f3e	160	}
0f113f3e	161
ab69ac00 RL	162	/* Success, don't try any more addresses */
ab69ac00 RL	163	break;
0f113f3e MC	164	}
0f113f3e MC	165
ab69ac00	166	if (*sock == INVALID_SOCKET) {
ebc01683 JH	167	if (bindaddr != NULL && !found) {
	168	BIO_printf(bio_err, "Can't bind %saddress for %s%s%s\n",
	169	BIO_ADDRINFO_family(res) == AF_INET6 ? "IPv6 " :
	170	BIO_ADDRINFO_family(res) == AF_INET ? "IPv4 " :
	171	BIO_ADDRINFO_family(res) == AF_UNIX ? "unix " : "",
	172	bindhost != NULL ? bindhost : "",
	173	bindport != NULL ? ":" : "",
	174	bindport != NULL ? bindport : "");
	175	ERR_clear_error();
	176	ret = 0;
	177	}
ab69ac00 RL	178	ERR_print_errors(bio_err);
ab69ac00 RL	179	} else {
ea837d79 MC	180	/* Remove any stale errors from previous connection attempts */
ea837d79 MC	181	ERR_clear_error();
ab69ac00	182	ret = 1;
0f113f3e	183	}
ebc01683 JH	184	out:
	185	if (bindaddr != NULL) {
	186	BIO_ADDRINFO_free (bindaddr);
	187	}
ab69ac00 RL	188	BIO_ADDRINFO_free(res);
ab69ac00 RL	189	return ret;
0f113f3e	190	}
a9351320	191
ab69ac00 RL	192	/*
	193	* do_server - helper routine to perform a server operation
	194	* @accept_sock: pointer to storage of resulting socket.
	195	* @host: the host name or path (for AF_UNIX) to connect to.
	196	* @port: the port to connect to (ignored for AF_UNIX).
	197	* @family: desired socket family, may be AF_INET, AF_INET6, AF_UNIX or
	198	* AF_UNSPEC
	199	* @type: socket type, must be SOCK_STREAM or SOCK_DGRAM
	200	* @cb: pointer to a function that receives the accepted socket and
	201	* should perform the communication with the connecting client.
	202	* @context: pointer to memory that's passed verbatim to the cb function.
	203	* @naccept: number of times an incoming connect should be accepted. If -1,
	204	* unlimited number.
	205	*
	206	* This will create a socket and use it to listen to a host:port, or if
	207	* family == AF_UNIX, to the path found in host, then start accepting
	208	* incoming connections and run cb on the resulting socket.
	209	*
	210	* 0 on failure, something other on success.
	211	*/
	212	int do_server(int accept_sock, const char host, const char *port,
72d0bc84	213	int family, int type, int protocol, do_server_cb cb,
5540eb70	214	unsigned char context, int naccept, BIO bio_s_out)
0f113f3e	215	{
ab69ac00	216	int asock = 0;
0f113f3e	217	int sock;
0f113f3e	218	int i;
ab69ac00	219	BIO_ADDRINFO *res = NULL;
eee8a40a	220	const BIO_ADDRINFO *next;
b3199e54	221	int sock_family, sock_type, sock_protocol, sock_port;
eee8a40a BE	222	const BIO_ADDR *sock_address;
eee8a40a BE	223	int sock_options = BIO_SOCK_REUSEADDR;
ab69ac00	224	int ret = 0;
ab69ac00	225
9e1d5e8d	226	if (BIO_sock_init() != 1)
ab69ac00 RL	227	return 0;
ab69ac00 RL	228
72d0bc84 MC	229	if (!BIO_lookup_ex(host, port, BIO_LOOKUP_SERVER, family, type, protocol,
72d0bc84 MC	230	&res)) {
ab69ac00 RL	231	ERR_print_errors(bio_err);
	232	return 0;
	233	}
0f113f3e	234
f7c798e3 RS	235	/* Admittedly, these checks are quite paranoid, we should not get
f7c798e3 RS	236	* anything in the BIO_ADDRINFO chain that we haven't asked for */
ab69ac00	237	OPENSSL_assert((family == AF_UNSPEC \|\| family == BIO_ADDRINFO_family(res))
72d0bc84 MC	238	&& (type == 0 \|\| type == BIO_ADDRINFO_socktype(res))
72d0bc84 MC	239	&& (protocol == 0 \|\| protocol == BIO_ADDRINFO_protocol(res)));
ab69ac00	240
eee8a40a BE	241	sock_family = BIO_ADDRINFO_family(res);
	242	sock_type = BIO_ADDRINFO_socktype(res);
	243	sock_protocol = BIO_ADDRINFO_protocol(res);
	244	sock_address = BIO_ADDRINFO_address(res);
	245	next = BIO_ADDRINFO_next(res);
df05f155	246	if (sock_family == AF_INET6)
eee8a40a BE	247	sock_options \|= BIO_SOCK_V6_ONLY;
eee8a40a BE	248	if (next != NULL
df05f155 BE	249	&& BIO_ADDRINFO_socktype(next) == sock_type
	250	&& BIO_ADDRINFO_protocol(next) == sock_protocol) {
	251	if (sock_family == AF_INET
	252	&& BIO_ADDRINFO_family(next) == AF_INET6) {
eee8a40a BE	253	sock_family = AF_INET6;
eee8a40a BE	254	sock_address = BIO_ADDRINFO_address(next);
df05f155 BE	255	} else if (sock_family == AF_INET6
df05f155 BE	256	&& BIO_ADDRINFO_family(next) == AF_INET) {
eee8a40a	257	sock_options &= ~BIO_SOCK_V6_ONLY;
df05f155	258	}
eee8a40a BE	259	}
	260
	261	asock = BIO_socket(sock_family, sock_type, sock_protocol, 0);
ab69ac00	262	if (asock == INVALID_SOCKET
eee8a40a	263	\|\| !BIO_listen(asock, sock_address, sock_options)) {
ab69ac00 RL	264	BIO_ADDRINFO_free(res);
	265	ERR_print_errors(bio_err);
	266	if (asock != INVALID_SOCKET)
	267	BIO_closesocket(asock);
	268	goto end;
	269	}
0f113f3e	270
72d0bc84 MC	271	#ifndef OPENSSL_NO_SCTP
	272	if (protocol == IPPROTO_SCTP) {
	273	/*
	274	* For SCTP we have to set various options on the socket prior to
	275	* accepting. This is done automatically by BIO_new_dgram_sctp().
	276	* We don't actually need the created BIO though so we free it again
	277	* immediately.
	278	*/
	279	BIO *tmpbio = BIO_new_dgram_sctp(asock, BIO_NOCLOSE);
	280
	281	if (tmpbio == NULL) {
	282	BIO_closesocket(asock);
	283	ERR_print_errors(bio_err);
	284	goto end;
	285	}
	286	BIO_free(tmpbio);
	287	}
	288	#endif
	289
b3199e54 AP	290	sock_port = BIO_ADDR_rawport(sock_address);
b3199e54 AP	291
ab69ac00	292	BIO_ADDRINFO_free(res);
a773b52a	293	res = NULL;
ab69ac00	294
b3199e54	295	if (sock_port == 0) {
826e1544	296	/* dynamically allocated port, report which one */
5540eb70 RL	297	union BIO_sock_info_u info;
	298	char *hostname = NULL;
	299	char *service = NULL;
	300	int success = 0;
	301
	302	if ((info.addr = BIO_ADDR_new()) != NULL
	303	&& BIO_sock_info(asock, BIO_SOCK_INFO_ADDRESS, &info)
	304	&& (hostname = BIO_ADDR_hostname_string(info.addr, 1)) != NULL
	305	&& (service = BIO_ADDR_service_string(info.addr, 1)) != NULL
	306	&& BIO_printf(bio_s_out,
	307	strchr(hostname, ':') == NULL
	308	? /* IPv4 */ "ACCEPT %s:%s\n"
	309	: /* IPv6 */ "ACCEPT [%s]:%s\n",
	310	hostname, service) > 0)
	311	success = 1;
	312
	313	(void)BIO_flush(bio_s_out);
	314	OPENSSL_free(hostname);
	315	OPENSSL_free(service);
	316	BIO_ADDR_free(info.addr);
	317	if (!success) {
	318	BIO_closesocket(asock);
	319	ERR_print_errors(bio_err);
	320	goto end;
	321	}
826e1544 AP	322	} else {
	323	(void)BIO_printf(bio_s_out, "ACCEPT\n");
	324	(void)BIO_flush(bio_s_out);
5540eb70 RL	325	}
5540eb70 RL	326
a773b52a	327	if (accept_sock != NULL)
ab69ac00	328	*accept_sock = asock;
0f113f3e	329	for (;;) {
6671c775 AP	330	char sink[64];
	331	struct timeval timeout;
	332	fd_set readfds;
	333
0f113f3e	334	if (type == SOCK_STREAM) {
10ee7246 MC	335	BIO_ADDR_free(ourpeer);
	336	ourpeer = BIO_ADDR_new();
	337	if (ourpeer == NULL) {
	338	BIO_closesocket(asock);
	339	ERR_print_errors(bio_err);
	340	goto end;
	341	}
a773b52a	342	do {
10ee7246	343	sock = BIO_accept_ex(asock, ourpeer, 0);
daaaa3cb	344	} while (sock < 0 && BIO_sock_should_retry(sock));
ab69ac00	345	if (sock < 0) {
a773b52a	346	ERR_print_errors(bio_err);
8731a4fc	347	BIO_closesocket(asock);
a773b52a	348	break;
0f113f3e	349	}
dcf3d83f	350	BIO_set_tcp_ndelay(sock, 1);
72d0bc84	351	i = (*cb)(sock, type, protocol, context);
d17bdfc2	352
bac6abe1 MC	353	/*
	354	* If we ended with an alert being sent, but still with data in the
	355	* network buffer to be read, then calling BIO_closesocket() will
	356	* result in a TCP-RST being sent. On some platforms (notably
	357	* Windows) then this will result in the peer immediately abandoning
	358	* the connection including any buffered alert data before it has
	359	* had a chance to be read. Shutting down the sending side first,
	360	* and then closing the socket sends TCP-FIN first followed by
	361	* TCP-RST. This seems to allow the peer to read the alert data.
	362	*/
803141f6	363	shutdown(sock, 1); /* SHUT_WR */
6671c775 AP	364	/*
	365	* We just said we have nothing else to say, but it doesn't mean
	366	* that the other side has nothing. It's even recommended to
	367	* consume incoming data. [In testing context this ensures that
	368	* alerts are passed on...]
	369	*/
	370	timeout.tv_sec = 0;
	371	timeout.tv_usec = 500000; /* some extreme round-trip */
	372	do {
	373	FD_ZERO(&readfds);
	374	openssl_fdset(sock, &readfds);
	375	} while (select(sock + 1, &readfds, NULL, NULL, &timeout) > 0
	376	&& readsocket(sock, sink, sizeof(sink)) > 0);
	377
8731a4fc	378	BIO_closesocket(sock);
ab69ac00	379	} else {
72d0bc84	380	i = (*cb)(asock, type, protocol, context);
ab69ac00 RL	381	}
ab69ac00 RL	382
0f113f3e MC	383	if (naccept != -1)
	384	naccept--;
	385	if (i < 0 \|\| naccept == 0) {
8731a4fc	386	BIO_closesocket(asock);
ab69ac00 RL	387	ret = i;
ab69ac00 RL	388	break;
0f113f3e MC	389	}
	390	}
	391	end:
ab69ac00 RL	392	# ifdef AF_UNIX
	393	if (family == AF_UNIX)
	394	unlink(host);
0f113f3e	395	# endif
10ee7246 MC	396	BIO_ADDR_free(ourpeer);
10ee7246 MC	397	ourpeer = NULL;
ab69ac00	398	return ret;
0f113f3e	399	}
d02b48c6	400
edbb56ee DB	401	void do_ssl_shutdown(SSL *ssl)
	402	{
	403	int ret;
	404
	405	do {
	406	/* We only do unidirectional shutdown */
	407	ret = SSL_shutdown(ssl);
	408	if (ret < 0) {
	409	switch (SSL_get_error(ssl, ret)) {
	410	case SSL_ERROR_WANT_READ:
	411	case SSL_ERROR_WANT_WRITE:
	412	case SSL_ERROR_WANT_ASYNC:
	413	case SSL_ERROR_WANT_ASYNC_JOB:
	414	/* We just do busy waiting. Nothing clever */
	415	continue;
	416	}
	417	ret = 0;
	418	}
	419	} while (ret < 0);
	420	}
	421
ab69ac00	422	#endif /* OPENSSL_NO_SOCK */