]>
git.ipfire.org Git - thirdparty/openssl.git/blob - apps/lib/s_socket.c
2 * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* socket-related functions used by s_client and s_server */
16 #include <openssl/opensslconf.h>
19 * With IPv6, it looks like Digital has mixed up the proper order of
20 * recursive header file inclusion, resulting in the compiler complaining
21 * that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is
22 * needed to have fileno() declared correctly... So let's define u_int
24 #if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
26 typedef unsigned int u_int
;
31 * With MSVC, certain POSIX functions have been renamed to have an underscore
35 # define getpid _getpid
38 #ifndef OPENSSL_NO_SOCK
42 # include "internal/sockets.h"
44 # if defined(__TANDEM)
45 # if defined(OPENSSL_TANDEM_FLOSS)
46 # include <floss.h(floss_read)>
50 # include <openssl/bio.h>
51 # include <openssl/err.h>
53 /* Keep track of our peer's address for the cookie callback */
54 BIO_ADDR
*ourpeer
= NULL
;
57 * init_client - helper routine to set up socket communication
58 * @sock: pointer to storage of resulting socket.
59 * @host: the host name or path (for AF_UNIX) to connect to.
60 * @port: the port to connect to (ignored for AF_UNIX).
61 * @bindhost: source host or path (for AF_UNIX).
62 * @bindport: source port (ignored for AF_UNIX).
63 * @family: desired socket family, may be AF_INET, AF_INET6, AF_UNIX or
65 * @type: socket type, must be SOCK_STREAM or SOCK_DGRAM
66 * @protocol: socket protocol, e.g. IPPROTO_TCP or IPPROTO_UDP (or 0 for any)
68 * This will create a socket and use it to connect to a host:port, or if
69 * family == AF_UNIX, to the path found in host.
71 * If the host has more than one address, it will try them one by one until
72 * a successful connection is established. The resulting socket will be
73 * found in *sock on success, it will be given INVALID_SOCKET otherwise.
75 * Returns 1 on success, 0 on failure.
77 int init_client(int *sock
, const char *host
, const char *port
,
78 const char *bindhost
, const char *bindport
,
79 int family
, int type
, int protocol
)
81 BIO_ADDRINFO
*res
= NULL
;
82 BIO_ADDRINFO
*bindaddr
= NULL
;
83 const BIO_ADDRINFO
*ai
= NULL
;
84 const BIO_ADDRINFO
*bi
= NULL
;
88 if (BIO_sock_init() != 1)
91 ret
= BIO_lookup_ex(host
, port
, BIO_LOOKUP_CLIENT
, family
, type
, protocol
,
94 ERR_print_errors(bio_err
);
98 if (bindhost
!= NULL
|| bindport
!= NULL
) {
99 ret
= BIO_lookup_ex(bindhost
, bindport
, BIO_LOOKUP_CLIENT
,
100 family
, type
, protocol
, &bindaddr
);
102 ERR_print_errors (bio_err
);
108 for (ai
= res
; ai
!= NULL
; ai
= BIO_ADDRINFO_next(ai
)) {
109 /* Admittedly, these checks are quite paranoid, we should not get
110 * anything in the BIO_ADDRINFO chain that we haven't
112 OPENSSL_assert((family
== AF_UNSPEC
113 || family
== BIO_ADDRINFO_family(ai
))
114 && (type
== 0 || type
== BIO_ADDRINFO_socktype(ai
))
116 || protocol
== BIO_ADDRINFO_protocol(ai
)));
118 if (bindaddr
!= NULL
) {
119 for (bi
= bindaddr
; bi
!= NULL
; bi
= BIO_ADDRINFO_next(bi
)) {
120 if (BIO_ADDRINFO_family(bi
) == BIO_ADDRINFO_family(ai
))
128 *sock
= BIO_socket(BIO_ADDRINFO_family(ai
), BIO_ADDRINFO_socktype(ai
),
129 BIO_ADDRINFO_protocol(ai
), 0);
130 if (*sock
== INVALID_SOCKET
) {
131 /* Maybe the kernel doesn't support the socket family, even if
132 * BIO_lookup() added it in the returned result...
138 if (!BIO_bind(*sock
, BIO_ADDRINFO_address(bi
),
139 BIO_SOCK_REUSEADDR
)) {
140 BIO_closesocket(*sock
);
141 *sock
= INVALID_SOCKET
;
146 #ifndef OPENSSL_NO_SCTP
147 if (protocol
== IPPROTO_SCTP
) {
149 * For SCTP we have to set various options on the socket prior to
150 * connecting. This is done automatically by BIO_new_dgram_sctp().
151 * We don't actually need the created BIO though so we free it again
154 BIO
*tmpbio
= BIO_new_dgram_sctp(*sock
, BIO_NOCLOSE
);
156 if (tmpbio
== NULL
) {
157 ERR_print_errors(bio_err
);
164 if (!BIO_connect(*sock
, BIO_ADDRINFO_address(ai
),
165 protocol
== IPPROTO_TCP
? BIO_SOCK_NODELAY
: 0)) {
166 BIO_closesocket(*sock
);
167 *sock
= INVALID_SOCKET
;
171 /* Success, don't try any more addresses */
175 if (*sock
== INVALID_SOCKET
) {
176 if (bindaddr
!= NULL
&& !found
) {
177 BIO_printf(bio_err
, "Can't bind %saddress for %s%s%s\n",
179 BIO_ADDRINFO_family(res
) == AF_INET6
? "IPv6 " :
181 BIO_ADDRINFO_family(res
) == AF_INET
? "IPv4 " :
182 BIO_ADDRINFO_family(res
) == AF_UNIX
? "unix " : "",
183 bindhost
!= NULL
? bindhost
: "",
184 bindport
!= NULL
? ":" : "",
185 bindport
!= NULL
? bindport
: "");
189 ERR_print_errors(bio_err
);
191 /* Remove any stale errors from previous connection attempts */
196 if (bindaddr
!= NULL
) {
197 BIO_ADDRINFO_free (bindaddr
);
199 BIO_ADDRINFO_free(res
);
203 int report_server_accept(BIO
*out
, int asock
, int with_address
, int with_pid
)
207 if (BIO_printf(out
, "ACCEPT") <= 0)
210 union BIO_sock_info_u info
;
211 char *hostname
= NULL
;
212 char *service
= NULL
;
214 if ((info
.addr
= BIO_ADDR_new()) != NULL
215 && BIO_sock_info(asock
, BIO_SOCK_INFO_ADDRESS
, &info
)
216 && (hostname
= BIO_ADDR_hostname_string(info
.addr
, 1)) != NULL
217 && (service
= BIO_ADDR_service_string(info
.addr
, 1)) != NULL
) {
218 success
= BIO_printf(out
,
219 strchr(hostname
, ':') == NULL
220 ? /* IPv4 */ " %s:%s"
221 : /* IPv6 */ " [%s]:%s",
222 hostname
, service
) > 0;
224 (void)BIO_printf(out
, "unknown:error\n");
227 OPENSSL_free(hostname
);
228 OPENSSL_free(service
);
229 BIO_ADDR_free(info
.addr
);
232 success
= success
&& BIO_printf(out
, " PID=%d", getpid()) > 0;
233 success
= success
&& BIO_printf(out
, "\n") > 0;
234 (void)BIO_flush(out
);
240 * do_server - helper routine to perform a server operation
241 * @accept_sock: pointer to storage of resulting socket.
242 * @host: the host name or path (for AF_UNIX) to connect to.
243 * @port: the port to connect to (ignored for AF_UNIX).
244 * @family: desired socket family, may be AF_INET, AF_INET6, AF_UNIX or
246 * @type: socket type, must be SOCK_STREAM or SOCK_DGRAM
247 * @cb: pointer to a function that receives the accepted socket and
248 * should perform the communication with the connecting client.
249 * @context: pointer to memory that's passed verbatim to the cb function.
250 * @naccept: number of times an incoming connect should be accepted. If -1,
253 * This will create a socket and use it to listen to a host:port, or if
254 * family == AF_UNIX, to the path found in host, then start accepting
255 * incoming connections and run cb on the resulting socket.
257 * 0 on failure, something other on success.
259 int do_server(int *accept_sock
, const char *host
, const char *port
,
260 int family
, int type
, int protocol
, do_server_cb cb
,
261 unsigned char *context
, int naccept
, BIO
*bio_s_out
)
266 BIO_ADDRINFO
*res
= NULL
;
267 const BIO_ADDRINFO
*next
;
268 int sock_family
, sock_type
, sock_protocol
, sock_port
;
269 const BIO_ADDR
*sock_address
;
270 int sock_options
= BIO_SOCK_REUSEADDR
;
273 if (BIO_sock_init() != 1)
276 if (!BIO_lookup_ex(host
, port
, BIO_LOOKUP_SERVER
, family
, type
, protocol
,
278 ERR_print_errors(bio_err
);
282 /* Admittedly, these checks are quite paranoid, we should not get
283 * anything in the BIO_ADDRINFO chain that we haven't asked for */
284 OPENSSL_assert((family
== AF_UNSPEC
|| family
== BIO_ADDRINFO_family(res
))
285 && (type
== 0 || type
== BIO_ADDRINFO_socktype(res
))
286 && (protocol
== 0 || protocol
== BIO_ADDRINFO_protocol(res
)));
288 sock_family
= BIO_ADDRINFO_family(res
);
289 sock_type
= BIO_ADDRINFO_socktype(res
);
290 sock_protocol
= BIO_ADDRINFO_protocol(res
);
291 sock_address
= BIO_ADDRINFO_address(res
);
292 next
= BIO_ADDRINFO_next(res
);
294 if (sock_family
== AF_INET6
)
295 sock_options
|= BIO_SOCK_V6_ONLY
;
297 && BIO_ADDRINFO_socktype(next
) == sock_type
298 && BIO_ADDRINFO_protocol(next
) == sock_protocol
) {
299 if (sock_family
== AF_INET
300 && BIO_ADDRINFO_family(next
) == AF_INET6
) {
301 sock_family
= AF_INET6
;
302 sock_address
= BIO_ADDRINFO_address(next
);
303 } else if (sock_family
== AF_INET6
304 && BIO_ADDRINFO_family(next
) == AF_INET
) {
305 sock_options
&= ~BIO_SOCK_V6_ONLY
;
310 asock
= BIO_socket(sock_family
, sock_type
, sock_protocol
, 0);
311 if (asock
== INVALID_SOCKET
312 || !BIO_listen(asock
, sock_address
, sock_options
)) {
313 BIO_ADDRINFO_free(res
);
314 ERR_print_errors(bio_err
);
315 if (asock
!= INVALID_SOCKET
)
316 BIO_closesocket(asock
);
320 #ifndef OPENSSL_NO_SCTP
321 if (protocol
== IPPROTO_SCTP
) {
323 * For SCTP we have to set various options on the socket prior to
324 * accepting. This is done automatically by BIO_new_dgram_sctp().
325 * We don't actually need the created BIO though so we free it again
328 BIO
*tmpbio
= BIO_new_dgram_sctp(asock
, BIO_NOCLOSE
);
330 if (tmpbio
== NULL
) {
331 BIO_closesocket(asock
);
332 ERR_print_errors(bio_err
);
339 sock_port
= BIO_ADDR_rawport(sock_address
);
341 BIO_ADDRINFO_free(res
);
344 if (!report_server_accept(bio_s_out
, asock
, sock_port
== 0, 0)) {
345 BIO_closesocket(asock
);
346 ERR_print_errors(bio_err
);
350 if (accept_sock
!= NULL
)
351 *accept_sock
= asock
;
354 struct timeval timeout
;
357 if (type
== SOCK_STREAM
) {
358 BIO_ADDR_free(ourpeer
);
359 ourpeer
= BIO_ADDR_new();
360 if (ourpeer
== NULL
) {
361 BIO_closesocket(asock
);
362 ERR_print_errors(bio_err
);
366 sock
= BIO_accept_ex(asock
, ourpeer
, 0);
367 } while (sock
< 0 && BIO_sock_should_retry(sock
));
369 ERR_print_errors(bio_err
);
370 BIO_closesocket(asock
);
373 BIO_set_tcp_ndelay(sock
, 1);
374 i
= (*cb
)(sock
, type
, protocol
, context
);
377 * If we ended with an alert being sent, but still with data in the
378 * network buffer to be read, then calling BIO_closesocket() will
379 * result in a TCP-RST being sent. On some platforms (notably
380 * Windows) then this will result in the peer immediately abandoning
381 * the connection including any buffered alert data before it has
382 * had a chance to be read. Shutting down the sending side first,
383 * and then closing the socket sends TCP-FIN first followed by
384 * TCP-RST. This seems to allow the peer to read the alert data.
386 shutdown(sock
, 1); /* SHUT_WR */
388 * We just said we have nothing else to say, but it doesn't mean
389 * that the other side has nothing. It's even recommended to
390 * consume incoming data. [In testing context this ensures that
391 * alerts are passed on...]
394 timeout
.tv_usec
= 500000; /* some extreme round-trip */
397 openssl_fdset(sock
, &readfds
);
398 } while (select(sock
+ 1, &readfds
, NULL
, NULL
, &timeout
) > 0
399 && readsocket(sock
, sink
, sizeof(sink
)) > 0);
401 BIO_closesocket(sock
);
403 i
= (*cb
)(asock
, type
, protocol
, context
);
408 if (i
< 0 || naccept
== 0) {
409 BIO_closesocket(asock
);
416 if (family
== AF_UNIX
)
419 BIO_ADDR_free(ourpeer
);
424 void do_ssl_shutdown(SSL
*ssl
)
429 /* We only do unidirectional shutdown */
430 ret
= SSL_shutdown(ssl
);
432 switch (SSL_get_error(ssl
, ret
)) {
433 case SSL_ERROR_WANT_READ
:
434 case SSL_ERROR_WANT_WRITE
:
435 case SSL_ERROR_WANT_ASYNC
:
436 case SSL_ERROR_WANT_ASYNC_JOB
:
437 /* We just do busy waiting. Nothing clever */
445 #endif /* OPENSSL_NO_SOCK */