]>
git.ipfire.org Git - thirdparty/openssl.git/blob - apps/lib/s_socket.c
2 * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* socket-related functions used by s_client and s_server */
16 #include <openssl/opensslconf.h>
19 * With IPv6, it looks like Digital has mixed up the proper order of
20 * recursive header file inclusion, resulting in the compiler complaining
21 * that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is
22 * needed to have fileno() declared correctly... So let's define u_int
24 #if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
26 typedef unsigned int u_int
;
32 /* MSVC renamed some POSIX functions to have an underscore prefix. */
34 # define getpid _getpid
38 #ifndef OPENSSL_NO_SOCK
42 # include "internal/sockets.h"
44 # if defined(__TANDEM)
45 # if defined(OPENSSL_TANDEM_FLOSS)
46 # include <floss.h(floss_read)>
50 # include <openssl/bio.h>
51 # include <openssl/err.h>
53 /* Keep track of our peer's address for the cookie callback */
54 BIO_ADDR
*ourpeer
= NULL
;
57 * init_client - helper routine to set up socket communication
58 * @sock: pointer to storage of resulting socket.
59 * @host: the host name or path (for AF_UNIX) to connect to.
60 * @port: the port to connect to (ignored for AF_UNIX).
61 * @bindhost: source host or path (for AF_UNIX).
62 * @bindport: source port (ignored for AF_UNIX).
63 * @family: desired socket family, may be AF_INET, AF_INET6, AF_UNIX or
65 * @type: socket type, must be SOCK_STREAM or SOCK_DGRAM
66 * @protocol: socket protocol, e.g. IPPROTO_TCP or IPPROTO_UDP (or 0 for any)
67 * @tfo: flag to enable TCP Fast Open
68 * @ba_ret: BIO_ADDR that was connected to for TFO, to be freed by caller
70 * This will create a socket and use it to connect to a host:port, or if
71 * family == AF_UNIX, to the path found in host.
73 * If the host has more than one address, it will try them one by one until
74 * a successful connection is established. The resulting socket will be
75 * found in *sock on success, it will be given INVALID_SOCKET otherwise.
77 * Returns 1 on success, 0 on failure.
79 int init_client(int *sock
, const char *host
, const char *port
,
80 const char *bindhost
, const char *bindport
,
81 int family
, int type
, int protocol
, int tfo
,
84 BIO_ADDRINFO
*res
= NULL
;
85 BIO_ADDRINFO
*bindaddr
= NULL
;
86 const BIO_ADDRINFO
*ai
= NULL
;
87 const BIO_ADDRINFO
*bi
= NULL
;
92 if (tfo
&& ba_ret
!= NULL
)
95 if (BIO_sock_init() != 1)
98 ret
= BIO_lookup_ex(host
, port
, BIO_LOOKUP_CLIENT
, family
, type
, protocol
,
101 ERR_print_errors(bio_err
);
105 if (bindhost
!= NULL
|| bindport
!= NULL
) {
106 ret
= BIO_lookup_ex(bindhost
, bindport
, BIO_LOOKUP_CLIENT
,
107 family
, type
, protocol
, &bindaddr
);
109 ERR_print_errors (bio_err
);
115 for (ai
= res
; ai
!= NULL
; ai
= BIO_ADDRINFO_next(ai
)) {
116 /* Admittedly, these checks are quite paranoid, we should not get
117 * anything in the BIO_ADDRINFO chain that we haven't
119 OPENSSL_assert((family
== AF_UNSPEC
120 || family
== BIO_ADDRINFO_family(ai
))
121 && (type
== 0 || type
== BIO_ADDRINFO_socktype(ai
))
123 || protocol
== BIO_ADDRINFO_protocol(ai
)));
125 if (bindaddr
!= NULL
) {
126 for (bi
= bindaddr
; bi
!= NULL
; bi
= BIO_ADDRINFO_next(bi
)) {
127 if (BIO_ADDRINFO_family(bi
) == BIO_ADDRINFO_family(ai
))
135 *sock
= BIO_socket(BIO_ADDRINFO_family(ai
), BIO_ADDRINFO_socktype(ai
),
136 BIO_ADDRINFO_protocol(ai
), 0);
137 if (*sock
== INVALID_SOCKET
) {
138 /* Maybe the kernel doesn't support the socket family, even if
139 * BIO_lookup() added it in the returned result...
145 if (!BIO_bind(*sock
, BIO_ADDRINFO_address(bi
),
146 BIO_SOCK_REUSEADDR
)) {
147 BIO_closesocket(*sock
);
148 *sock
= INVALID_SOCKET
;
153 #ifndef OPENSSL_NO_SCTP
154 if (protocol
== IPPROTO_SCTP
) {
156 * For SCTP we have to set various options on the socket prior to
157 * connecting. This is done automatically by BIO_new_dgram_sctp().
158 * We don't actually need the created BIO though so we free it again
161 BIO
*tmpbio
= BIO_new_dgram_sctp(*sock
, BIO_NOCLOSE
);
163 if (tmpbio
== NULL
) {
164 ERR_print_errors(bio_err
);
170 if (BIO_ADDRINFO_protocol(ai
) == IPPROTO_TCP
) {
171 options
|= BIO_SOCK_NODELAY
;
173 options
|= BIO_SOCK_TFO
;
176 if (!BIO_connect(*sock
, BIO_ADDRINFO_address(ai
), options
)) {
177 BIO_closesocket(*sock
);
178 *sock
= INVALID_SOCKET
;
182 /* Save the address */
183 if (tfo
&& ba_ret
!= NULL
)
184 *ba_ret
= BIO_ADDR_dup(BIO_ADDRINFO_address(ai
));
186 /* Success, don't try any more addresses */
190 if (*sock
== INVALID_SOCKET
) {
191 if (bindaddr
!= NULL
&& !found
) {
192 BIO_printf(bio_err
, "Can't bind %saddress for %s%s%s\n",
194 BIO_ADDRINFO_family(res
) == AF_INET6
? "IPv6 " :
196 BIO_ADDRINFO_family(res
) == AF_INET
? "IPv4 " :
197 BIO_ADDRINFO_family(res
) == AF_UNIX
? "unix " : "",
198 bindhost
!= NULL
? bindhost
: "",
199 bindport
!= NULL
? ":" : "",
200 bindport
!= NULL
? bindport
: "");
204 ERR_print_errors(bio_err
);
206 char *hostname
= NULL
;
208 hostname
= BIO_ADDR_hostname_string(BIO_ADDRINFO_address(ai
), 1);
209 if (hostname
!= NULL
) {
210 BIO_printf(bio_out
, "Connecting to %s\n", hostname
);
211 OPENSSL_free(hostname
);
213 /* Remove any stale errors from previous connection attempts */
218 if (bindaddr
!= NULL
) {
219 BIO_ADDRINFO_free (bindaddr
);
221 BIO_ADDRINFO_free(res
);
225 void get_sock_info_address(int asock
, char **hostname
, char **service
)
227 union BIO_sock_info_u info
;
229 if (hostname
!= NULL
)
234 if ((info
.addr
= BIO_ADDR_new()) != NULL
235 && BIO_sock_info(asock
, BIO_SOCK_INFO_ADDRESS
, &info
)) {
236 if (hostname
!= NULL
)
237 *hostname
= BIO_ADDR_hostname_string(info
.addr
, 1);
239 *service
= BIO_ADDR_service_string(info
.addr
, 1);
241 BIO_ADDR_free(info
.addr
);
244 int report_server_accept(BIO
*out
, int asock
, int with_address
, int with_pid
)
248 if (BIO_printf(out
, "ACCEPT") <= 0)
251 char *hostname
, *service
;
253 get_sock_info_address(asock
, &hostname
, &service
);
254 success
= hostname
!= NULL
&& service
!= NULL
;
256 success
= BIO_printf(out
,
257 strchr(hostname
, ':') == NULL
258 ? /* IPv4 */ " %s:%s"
259 : /* IPv6 */ " [%s]:%s",
260 hostname
, service
) > 0;
262 (void)BIO_printf(out
, "unknown:error\n");
263 OPENSSL_free(hostname
);
264 OPENSSL_free(service
);
267 success
*= BIO_printf(out
, " PID=%d", getpid()) > 0;
268 success
*= BIO_printf(out
, "\n") > 0;
269 (void)BIO_flush(out
);
275 * do_server - helper routine to perform a server operation
276 * @accept_sock: pointer to storage of resulting socket.
277 * @host: the host name or path (for AF_UNIX) to connect to.
278 * @port: the port to connect to (ignored for AF_UNIX).
279 * @family: desired socket family, may be AF_INET, AF_INET6, AF_UNIX or
281 * @type: socket type, must be SOCK_STREAM or SOCK_DGRAM
282 * @cb: pointer to a function that receives the accepted socket and
283 * should perform the communication with the connecting client.
284 * @context: pointer to memory that's passed verbatim to the cb function.
285 * @naccept: number of times an incoming connect should be accepted. If -1,
288 * This will create a socket and use it to listen to a host:port, or if
289 * family == AF_UNIX, to the path found in host, then start accepting
290 * incoming connections and run cb on the resulting socket.
292 * 0 on failure, something other on success.
294 int do_server(int *accept_sock
, const char *host
, const char *port
,
295 int family
, int type
, int protocol
, do_server_cb cb
,
296 unsigned char *context
, int naccept
, BIO
*bio_s_out
,
302 BIO_ADDRINFO
*res
= NULL
;
303 const BIO_ADDRINFO
*next
;
304 int sock_family
, sock_type
, sock_protocol
, sock_port
;
305 const BIO_ADDR
*sock_address
;
306 int sock_family_fallback
= AF_UNSPEC
;
307 const BIO_ADDR
*sock_address_fallback
= NULL
;
308 int sock_options
= BIO_SOCK_REUSEADDR
;
311 if (BIO_sock_init() != 1)
314 if (!BIO_lookup_ex(host
, port
, BIO_LOOKUP_SERVER
, family
, type
, protocol
,
316 ERR_print_errors(bio_err
);
320 /* Admittedly, these checks are quite paranoid, we should not get
321 * anything in the BIO_ADDRINFO chain that we haven't asked for */
322 OPENSSL_assert((family
== AF_UNSPEC
|| family
== BIO_ADDRINFO_family(res
))
323 && (type
== 0 || type
== BIO_ADDRINFO_socktype(res
))
324 && (protocol
== 0 || protocol
== BIO_ADDRINFO_protocol(res
)));
326 sock_family
= BIO_ADDRINFO_family(res
);
327 sock_type
= BIO_ADDRINFO_socktype(res
);
328 sock_protocol
= BIO_ADDRINFO_protocol(res
);
329 sock_address
= BIO_ADDRINFO_address(res
);
330 next
= BIO_ADDRINFO_next(res
);
331 if (tfo
&& sock_type
== SOCK_STREAM
)
332 sock_options
|= BIO_SOCK_TFO
;
334 if (sock_family
== AF_INET6
)
335 sock_options
|= BIO_SOCK_V6_ONLY
;
337 && BIO_ADDRINFO_socktype(next
) == sock_type
338 && BIO_ADDRINFO_protocol(next
) == sock_protocol
) {
339 if (sock_family
== AF_INET
340 && BIO_ADDRINFO_family(next
) == AF_INET6
) {
341 /* In case AF_INET6 is returned but not supported by the
342 * kernel, retry with the first detected address family */
343 sock_family_fallback
= sock_family
;
344 sock_address_fallback
= sock_address
;
345 sock_family
= AF_INET6
;
346 sock_address
= BIO_ADDRINFO_address(next
);
347 } else if (sock_family
== AF_INET6
348 && BIO_ADDRINFO_family(next
) == AF_INET
) {
349 sock_options
&= ~BIO_SOCK_V6_ONLY
;
354 asock
= BIO_socket(sock_family
, sock_type
, sock_protocol
, 0);
355 if (asock
== INVALID_SOCKET
&& sock_family_fallback
!= AF_UNSPEC
) {
356 asock
= BIO_socket(sock_family_fallback
, sock_type
, sock_protocol
, 0);
357 sock_address
= sock_address_fallback
;
359 if (asock
== INVALID_SOCKET
360 || !BIO_listen(asock
, sock_address
, sock_options
)) {
361 BIO_ADDRINFO_free(res
);
362 ERR_print_errors(bio_err
);
363 if (asock
!= INVALID_SOCKET
)
364 BIO_closesocket(asock
);
368 #ifndef OPENSSL_NO_SCTP
369 if (protocol
== IPPROTO_SCTP
) {
371 * For SCTP we have to set various options on the socket prior to
372 * accepting. This is done automatically by BIO_new_dgram_sctp().
373 * We don't actually need the created BIO though so we free it again
376 BIO
*tmpbio
= BIO_new_dgram_sctp(asock
, BIO_NOCLOSE
);
378 if (tmpbio
== NULL
) {
379 BIO_closesocket(asock
);
380 ERR_print_errors(bio_err
);
387 sock_port
= BIO_ADDR_rawport(sock_address
);
389 BIO_ADDRINFO_free(res
);
392 if (!report_server_accept(bio_s_out
, asock
, sock_port
== 0, 0)) {
393 BIO_closesocket(asock
);
394 ERR_print_errors(bio_err
);
398 if (accept_sock
!= NULL
)
399 *accept_sock
= asock
;
402 struct timeval timeout
;
405 if (type
== SOCK_STREAM
) {
406 BIO_ADDR_free(ourpeer
);
407 ourpeer
= BIO_ADDR_new();
408 if (ourpeer
== NULL
) {
409 BIO_closesocket(asock
);
410 ERR_print_errors(bio_err
);
414 sock
= BIO_accept_ex(asock
, ourpeer
, 0);
415 } while (sock
< 0 && BIO_sock_should_retry(sock
));
417 ERR_print_errors(bio_err
);
418 BIO_closesocket(asock
);
421 BIO_set_tcp_ndelay(sock
, 1);
422 i
= (*cb
)(sock
, type
, protocol
, context
);
425 * If we ended with an alert being sent, but still with data in the
426 * network buffer to be read, then calling BIO_closesocket() will
427 * result in a TCP-RST being sent. On some platforms (notably
428 * Windows) then this will result in the peer immediately abandoning
429 * the connection including any buffered alert data before it has
430 * had a chance to be read. Shutting down the sending side first,
431 * and then closing the socket sends TCP-FIN first followed by
432 * TCP-RST. This seems to allow the peer to read the alert data.
434 shutdown(sock
, 1); /* SHUT_WR */
436 * We just said we have nothing else to say, but it doesn't mean
437 * that the other side has nothing. It's even recommended to
438 * consume incoming data. [In testing context this ensures that
439 * alerts are passed on...]
442 timeout
.tv_usec
= 500000; /* some extreme round-trip */
445 openssl_fdset(sock
, &readfds
);
446 } while (select(sock
+ 1, &readfds
, NULL
, NULL
, &timeout
) > 0
447 && readsocket(sock
, sink
, sizeof(sink
)) > 0);
449 BIO_closesocket(sock
);
451 i
= (*cb
)(asock
, type
, protocol
, context
);
456 if (i
< 0 || naccept
== 0) {
457 BIO_closesocket(asock
);
464 if (family
== AF_UNIX
)
467 BIO_ADDR_free(ourpeer
);
472 void do_ssl_shutdown(SSL
*ssl
)
477 /* We only do unidirectional shutdown */
478 ret
= SSL_shutdown(ssl
);
480 switch (SSL_get_error(ssl
, ret
)) {
481 case SSL_ERROR_WANT_READ
:
482 case SSL_ERROR_WANT_WRITE
:
483 case SSL_ERROR_WANT_ASYNC
:
484 case SSL_ERROR_WANT_ASYNC_JOB
:
485 /* We just do busy waiting. Nothing clever */
493 #endif /* OPENSSL_NO_SOCK */