2 * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
13 #include "bio_local.h"
14 #include "internal/bio_tfo.h"
15 #include "internal/ktls.h"
17 #ifndef OPENSSL_NO_SOCK
19 typedef struct bio_connect_st
{
22 int connect_sock_type
;
26 # ifndef OPENSSL_NO_KTLS
27 unsigned char record_type
;
31 BIO_ADDRINFO
*addr_first
;
32 const BIO_ADDRINFO
*addr_iter
;
34 * int socket; this will be kept in bio->num so that it is compatible
35 * with the bss_sock bio
38 * called when the connection is initially made callback(BIO,state,ret);
39 * The callback should return 'ret'. state is for compatibility with the
42 BIO_info_cb
*info_callback
;
44 * Used when connect_sock_type is SOCK_DGRAM. Owned by us; we forward
45 * read/write(mmsg) calls to this if present.
50 static int conn_write(BIO
*h
, const char *buf
, int num
);
51 static int conn_read(BIO
*h
, char *buf
, int size
);
52 static int conn_puts(BIO
*h
, const char *str
);
53 static int conn_gets(BIO
*h
, char *buf
, int size
);
54 static long conn_ctrl(BIO
*h
, int cmd
, long arg1
, void *arg2
);
55 static int conn_new(BIO
*h
);
56 static int conn_free(BIO
*data
);
57 static long conn_callback_ctrl(BIO
*h
, int cmd
, BIO_info_cb
*);
58 static int conn_sendmmsg(BIO
*h
, BIO_MSG
*m
, size_t s
, size_t n
,
59 uint64_t f
, size_t *mp
);
60 static int conn_recvmmsg(BIO
*h
, BIO_MSG
*m
, size_t s
, size_t n
,
61 uint64_t f
, size_t *mp
);
63 static int conn_state(BIO
*b
, BIO_CONNECT
*c
);
64 static void conn_close_socket(BIO
*data
);
65 static BIO_CONNECT
*BIO_CONNECT_new(void);
66 static void BIO_CONNECT_free(BIO_CONNECT
*a
);
68 #define BIO_CONN_S_BEFORE 1
69 #define BIO_CONN_S_GET_ADDR 2
70 #define BIO_CONN_S_CREATE_SOCKET 3
71 #define BIO_CONN_S_CONNECT 4
72 #define BIO_CONN_S_OK 5
73 #define BIO_CONN_S_BLOCKED_CONNECT 6
74 #define BIO_CONN_S_CONNECT_ERROR 7
76 static const BIO_METHOD methods_connectp
= {
93 static int conn_create_dgram_bio(BIO
*b
, BIO_CONNECT
*c
)
95 if (c
->connect_sock_type
!= SOCK_DGRAM
)
98 #ifndef OPENSSL_NO_DGRAM
99 c
->dgram_bio
= BIO_new_dgram(b
->num
, 0);
100 if (c
->dgram_bio
== NULL
)
107 c
->state
= BIO_CONN_S_CONNECT_ERROR
;
111 static int conn_state(BIO
*b
, BIO_CONNECT
*c
)
113 int ret
= -1, i
, opts
;
114 BIO_info_cb
*cb
= NULL
;
116 if (c
->info_callback
!= NULL
)
117 cb
= c
->info_callback
;
121 case BIO_CONN_S_BEFORE
:
122 if (c
->param_hostname
== NULL
&& c
->param_service
== NULL
) {
123 ERR_raise_data(ERR_LIB_BIO
,
124 BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED
,
125 "hostname=%s service=%s",
126 c
->param_hostname
, c
->param_service
);
129 c
->state
= BIO_CONN_S_GET_ADDR
;
132 case BIO_CONN_S_GET_ADDR
:
134 int family
= AF_UNSPEC
;
135 switch (c
->connect_family
) {
136 case BIO_FAMILY_IPV6
:
137 if (1) { /* This is a trick we use to avoid bit rot.
138 * at least the "else" part will always be
145 ERR_raise(ERR_LIB_BIO
, BIO_R_UNAVAILABLE_IP_FAMILY
);
149 case BIO_FAMILY_IPV4
:
152 case BIO_FAMILY_IPANY
:
156 ERR_raise(ERR_LIB_BIO
, BIO_R_UNSUPPORTED_IP_FAMILY
);
159 if (BIO_lookup(c
->param_hostname
, c
->param_service
,
161 family
, c
->connect_sock_type
,
162 &c
->addr_first
) == 0)
165 if (c
->addr_first
== NULL
) {
166 ERR_raise(ERR_LIB_BIO
, BIO_R_LOOKUP_RETURNED_NOTHING
);
169 c
->addr_iter
= c
->addr_first
;
170 c
->state
= BIO_CONN_S_CREATE_SOCKET
;
173 case BIO_CONN_S_CREATE_SOCKET
:
174 ret
= BIO_socket(BIO_ADDRINFO_family(c
->addr_iter
),
175 BIO_ADDRINFO_socktype(c
->addr_iter
),
176 BIO_ADDRINFO_protocol(c
->addr_iter
), 0);
177 if (ret
== (int)INVALID_SOCKET
) {
178 ERR_raise_data(ERR_LIB_SYS
, get_last_socket_error(),
179 "calling socket(%s, %s)",
180 c
->param_hostname
, c
->param_service
);
181 ERR_raise(ERR_LIB_BIO
, BIO_R_UNABLE_TO_CREATE_SOCKET
);
185 c
->state
= BIO_CONN_S_CONNECT
;
188 case BIO_CONN_S_CONNECT
:
189 BIO_clear_retry_flags(b
);
192 opts
= c
->connect_mode
;
193 if (BIO_ADDRINFO_socktype(c
->addr_iter
) == SOCK_STREAM
)
194 opts
|= BIO_SOCK_KEEPALIVE
;
196 ret
= BIO_connect(b
->num
, BIO_ADDRINFO_address(c
->addr_iter
), opts
);
199 if (BIO_sock_should_retry(ret
)) {
200 BIO_set_retry_special(b
);
201 c
->state
= BIO_CONN_S_BLOCKED_CONNECT
;
202 b
->retry_reason
= BIO_RR_CONNECT
;
204 } else if ((c
->addr_iter
= BIO_ADDRINFO_next(c
->addr_iter
))
207 * if there are more addresses to try, do that first
209 BIO_closesocket(b
->num
);
210 c
->state
= BIO_CONN_S_CREATE_SOCKET
;
214 ERR_clear_last_mark();
215 ERR_raise_data(ERR_LIB_SYS
, get_last_socket_error(),
216 "calling connect(%s, %s)",
217 c
->param_hostname
, c
->param_service
);
218 c
->state
= BIO_CONN_S_CONNECT_ERROR
;
223 ERR_clear_last_mark();
224 if (!conn_create_dgram_bio(b
, c
))
226 c
->state
= BIO_CONN_S_OK
;
230 case BIO_CONN_S_BLOCKED_CONNECT
:
231 /* wait for socket being writable, before querying BIO_sock_error */
232 if (BIO_socket_wait(b
->num
, 0, time(NULL
)) == 0)
234 i
= BIO_sock_error(b
->num
);
236 BIO_clear_retry_flags(b
);
237 if ((c
->addr_iter
= BIO_ADDRINFO_next(c
->addr_iter
)) != NULL
) {
239 * if there are more addresses to try, do that first
241 BIO_closesocket(b
->num
);
242 c
->state
= BIO_CONN_S_CREATE_SOCKET
;
245 ERR_raise_data(ERR_LIB_SYS
, i
,
246 "calling connect(%s, %s)",
247 c
->param_hostname
, c
->param_service
);
248 ERR_raise(ERR_LIB_BIO
, BIO_R_NBIO_CONNECT_ERROR
);
252 if (!conn_create_dgram_bio(b
, c
))
254 c
->state
= BIO_CONN_S_OK
;
255 # ifndef OPENSSL_NO_KTLS
257 * The new socket is created successfully regardless of ktls_enable.
258 * ktls_enable doesn't change any functionality of the socket, except
259 * changing the setsockopt to enable the processing of ktls_start.
260 * Thus, it is not a problem to call it for non-TLS sockets.
267 case BIO_CONN_S_CONNECT_ERROR
:
268 ERR_raise(ERR_LIB_BIO
, BIO_R_CONNECT_ERROR
);
281 if ((ret
= cb((BIO
*)b
, c
->state
, ret
)) == 0)
286 /* Loop does not exit */
289 ret
= cb((BIO
*)b
, c
->state
, ret
);
294 static BIO_CONNECT
*BIO_CONNECT_new(void)
298 if ((ret
= OPENSSL_zalloc(sizeof(*ret
))) == NULL
)
300 ret
->state
= BIO_CONN_S_BEFORE
;
301 ret
->connect_family
= BIO_FAMILY_IPANY
;
302 ret
->connect_sock_type
= SOCK_STREAM
;
306 static void BIO_CONNECT_free(BIO_CONNECT
*a
)
310 OPENSSL_free(a
->param_hostname
);
311 OPENSSL_free(a
->param_service
);
312 BIO_ADDRINFO_free(a
->addr_first
);
316 const BIO_METHOD
*BIO_s_connect(void)
318 return &methods_connectp
;
321 static int conn_new(BIO
*bi
)
324 bi
->num
= (int)INVALID_SOCKET
;
326 if ((bi
->ptr
= (char *)BIO_CONNECT_new()) == NULL
)
332 static void conn_close_socket(BIO
*bio
)
336 c
= (BIO_CONNECT
*)bio
->ptr
;
337 if (bio
->num
!= (int)INVALID_SOCKET
) {
338 /* Only do a shutdown if things were established */
339 if (c
->state
== BIO_CONN_S_OK
)
340 shutdown(bio
->num
, 2);
341 BIO_closesocket(bio
->num
);
342 bio
->num
= (int)INVALID_SOCKET
;
346 static int conn_free(BIO
*a
)
352 data
= (BIO_CONNECT
*)a
->ptr
;
354 BIO_free(data
->dgram_bio
);
357 conn_close_socket(a
);
358 BIO_CONNECT_free(data
);
366 static int conn_read(BIO
*b
, char *out
, int outl
)
371 data
= (BIO_CONNECT
*)b
->ptr
;
372 if (data
->state
!= BIO_CONN_S_OK
) {
373 ret
= conn_state(b
, data
);
378 if (data
->dgram_bio
!= NULL
) {
379 BIO_clear_retry_flags(b
);
380 ret
= BIO_read(data
->dgram_bio
, out
, outl
);
381 BIO_set_flags(b
, BIO_get_retry_flags(data
->dgram_bio
));
386 clear_socket_error();
387 # ifndef OPENSSL_NO_KTLS
388 if (BIO_get_ktls_recv(b
))
389 ret
= ktls_read_record(b
->num
, out
, outl
);
392 ret
= readsocket(b
->num
, out
, outl
);
393 BIO_clear_retry_flags(b
);
395 if (BIO_sock_should_retry(ret
))
396 BIO_set_retry_read(b
);
398 b
->flags
|= BIO_FLAGS_IN_EOF
;
404 static int conn_write(BIO
*b
, const char *in
, int inl
)
409 data
= (BIO_CONNECT
*)b
->ptr
;
410 if (data
->state
!= BIO_CONN_S_OK
) {
411 ret
= conn_state(b
, data
);
416 if (data
->dgram_bio
!= NULL
) {
417 BIO_clear_retry_flags(b
);
418 ret
= BIO_write(data
->dgram_bio
, in
, inl
);
419 BIO_set_flags(b
, BIO_get_retry_flags(data
->dgram_bio
));
423 clear_socket_error();
424 # ifndef OPENSSL_NO_KTLS
425 if (BIO_should_ktls_ctrl_msg_flag(b
)) {
426 ret
= ktls_send_ctrl_message(b
->num
, data
->record_type
, in
, inl
);
429 BIO_clear_ktls_ctrl_msg_flag(b
);
433 # if defined(OSSL_TFO_SENDTO)
434 if (data
->tfo_first
) {
435 int peerlen
= BIO_ADDRINFO_sockaddr_size(data
->addr_iter
);
437 ret
= sendto(b
->num
, in
, inl
, OSSL_TFO_SENDTO
,
438 BIO_ADDRINFO_sockaddr(data
->addr_iter
), peerlen
);
442 ret
= writesocket(b
->num
, in
, inl
);
443 BIO_clear_retry_flags(b
);
445 if (BIO_sock_should_retry(ret
))
446 BIO_set_retry_write(b
);
451 static long conn_ctrl(BIO
*b
, int cmd
, long num
, void *ptr
)
455 const char **pptr
= NULL
;
458 const BIO_ADDR
*dg_addr
;
459 # ifndef OPENSSL_NO_KTLS
460 ktls_crypto_info_t
*crypto_info
;
463 data
= (BIO_CONNECT
*)b
->ptr
;
468 data
->state
= BIO_CONN_S_BEFORE
;
469 conn_close_socket(b
);
470 BIO_ADDRINFO_free(data
->addr_first
);
471 data
->addr_first
= NULL
;
474 case BIO_C_DO_STATE_MACHINE
:
475 /* use this one to start the connection */
476 if (data
->state
!= BIO_CONN_S_OK
)
477 ret
= (long)conn_state(b
, data
);
481 case BIO_C_GET_CONNECT
:
483 pptr
= (const char **)ptr
;
485 *pptr
= data
->param_hostname
;
486 } else if (num
== 1) {
487 *pptr
= data
->param_service
;
488 } else if (num
== 2) {
489 *pptr
= (const char *)BIO_ADDRINFO_address(data
->addr_iter
);
490 } else if (num
== 3) {
491 switch (BIO_ADDRINFO_family(data
->addr_iter
)) {
492 # if OPENSSL_USE_IPV6
494 ret
= BIO_FAMILY_IPV6
;
498 ret
= BIO_FAMILY_IPV4
;
501 ret
= data
->connect_family
;
507 } else if (num
== 4) {
508 ret
= data
->connect_mode
;
516 case BIO_C_SET_CONNECT
:
519 if (num
== 0) { /* BIO_set_conn_hostname */
520 char *hold_service
= data
->param_service
;
521 /* We affect the hostname regardless. However, the input
522 * string might contain a host:service spec, so we must
523 * parse it, which might or might not affect the service
526 OPENSSL_free(data
->param_hostname
);
527 data
->param_hostname
= NULL
;
528 ret
= BIO_parse_hostserv(ptr
,
529 &data
->param_hostname
,
530 &data
->param_service
,
531 BIO_PARSE_PRIO_HOST
);
532 if (hold_service
!= data
->param_service
)
533 OPENSSL_free(hold_service
);
534 } else if (num
== 1) { /* BIO_set_conn_port */
535 OPENSSL_free(data
->param_service
);
536 if ((data
->param_service
= OPENSSL_strdup(ptr
)) == NULL
)
538 } else if (num
== 2) { /* BIO_set_conn_address */
539 const BIO_ADDR
*addr
= (const BIO_ADDR
*)ptr
;
540 char *host
= BIO_ADDR_hostname_string(addr
, 1);
541 char *service
= BIO_ADDR_service_string(addr
, 1);
543 ret
= host
!= NULL
&& service
!= NULL
;
545 OPENSSL_free(data
->param_hostname
);
546 data
->param_hostname
= host
;
547 OPENSSL_free(data
->param_service
);
548 data
->param_service
= service
;
549 BIO_ADDRINFO_free(data
->addr_first
);
550 data
->addr_first
= NULL
;
551 data
->addr_iter
= NULL
;
554 OPENSSL_free(service
);
556 } else if (num
== 3) { /* BIO_set_conn_ip_family */
557 data
->connect_family
= *(int *)ptr
;
563 case BIO_C_SET_SOCK_TYPE
:
564 if ((num
!= SOCK_STREAM
&& num
!= SOCK_DGRAM
)
565 || data
->state
>= BIO_CONN_S_GET_ADDR
) {
570 data
->connect_sock_type
= (int)num
;
573 case BIO_C_GET_SOCK_TYPE
:
574 ret
= data
->connect_sock_type
;
576 case BIO_C_GET_DGRAM_BIO
:
577 if (data
->dgram_bio
!= NULL
) {
578 *(BIO
**)ptr
= data
->dgram_bio
;
584 case BIO_CTRL_DGRAM_GET_PEER
:
585 case BIO_CTRL_DGRAM_DETECT_PEER_ADDR
:
586 if (data
->state
!= BIO_CONN_S_OK
)
587 conn_state(b
, data
); /* best effort */
589 if (data
->state
>= BIO_CONN_S_CREATE_SOCKET
590 && data
->addr_iter
!= NULL
591 && (dg_addr
= BIO_ADDRINFO_address(data
->addr_iter
)) != NULL
) {
593 ret
= BIO_ADDR_sockaddr_size(dg_addr
);
594 if (num
== 0 || num
> ret
)
597 memcpy(ptr
, dg_addr
, num
);
604 case BIO_CTRL_GET_RPOLL_DESCRIPTOR
:
605 case BIO_CTRL_GET_WPOLL_DESCRIPTOR
:
607 BIO_POLL_DESCRIPTOR
*pd
= ptr
;
609 if (data
->state
!= BIO_CONN_S_OK
)
610 conn_state(b
, data
); /* best effort */
612 if (data
->state
>= BIO_CONN_S_CREATE_SOCKET
) {
613 pd
->type
= BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD
;
614 pd
->value
.fd
= b
->num
;
622 data
->connect_mode
|= BIO_SOCK_NONBLOCK
;
624 data
->connect_mode
&= ~BIO_SOCK_NONBLOCK
;
626 if (data
->dgram_bio
!= NULL
)
627 ret
= BIO_set_nbio(data
->dgram_bio
, num
);
630 #if defined(TCP_FASTOPEN) && !defined(OPENSSL_NO_TFO)
633 data
->connect_mode
|= BIO_SOCK_TFO
;
636 data
->connect_mode
&= ~BIO_SOCK_TFO
;
641 case BIO_C_SET_CONNECT_MODE
:
642 data
->connect_mode
= (int)num
;
643 if (num
& BIO_SOCK_TFO
)
657 case BIO_CTRL_GET_CLOSE
:
660 case BIO_CTRL_SET_CLOSE
:
661 b
->shutdown
= (int)num
;
663 case BIO_CTRL_PENDING
:
664 case BIO_CTRL_WPENDING
:
672 if (data
->param_hostname
)
673 BIO_set_conn_hostname(dbio
, data
->param_hostname
);
674 if (data
->param_service
)
675 BIO_set_conn_port(dbio
, data
->param_service
);
676 BIO_set_conn_ip_family(dbio
, data
->connect_family
);
677 BIO_set_conn_mode(dbio
, data
->connect_mode
);
679 * FIXME: the cast of the function seems unlikely to be a good
682 (void)BIO_set_info_callback(dbio
, data
->info_callback
);
685 case BIO_CTRL_SET_CALLBACK
:
686 ret
= 0; /* use callback ctrl */
688 case BIO_CTRL_GET_CALLBACK
:
692 fptr
= (BIO_info_cb
**)ptr
;
693 *fptr
= data
->info_callback
;
697 ret
= (b
->flags
& BIO_FLAGS_IN_EOF
) != 0;
699 # ifndef OPENSSL_NO_KTLS
700 case BIO_CTRL_SET_KTLS
:
701 crypto_info
= (ktls_crypto_info_t
*)ptr
;
702 ret
= ktls_start(b
->num
, crypto_info
, num
);
704 BIO_set_ktls_flag(b
, num
);
706 case BIO_CTRL_GET_KTLS_SEND
:
707 return BIO_should_ktls_flag(b
, 1) != 0;
708 case BIO_CTRL_GET_KTLS_RECV
:
709 return BIO_should_ktls_flag(b
, 0) != 0;
710 case BIO_CTRL_SET_KTLS_TX_SEND_CTRL_MSG
:
711 BIO_set_ktls_ctrl_msg_flag(b
);
712 data
->record_type
= num
;
715 case BIO_CTRL_CLEAR_KTLS_TX_CTRL_MSG
:
716 BIO_clear_ktls_ctrl_msg_flag(b
);
719 case BIO_CTRL_SET_KTLS_TX_ZEROCOPY_SENDFILE
:
720 ret
= ktls_enable_tx_zerocopy_sendfile(b
->num
);
722 BIO_set_ktls_zerocopy_sendfile_flag(b
);
732 static long conn_callback_ctrl(BIO
*b
, int cmd
, BIO_info_cb
*fp
)
737 data
= (BIO_CONNECT
*)b
->ptr
;
740 case BIO_CTRL_SET_CALLBACK
:
742 data
->info_callback
= fp
;
752 static int conn_puts(BIO
*bp
, const char *str
)
757 ret
= conn_write(bp
, str
, n
);
761 int conn_gets(BIO
*bio
, char *buf
, int size
)
768 ERR_raise(ERR_LIB_BIO
, ERR_R_PASSED_NULL_PARAMETER
);
772 ERR_raise(ERR_LIB_BIO
, BIO_R_INVALID_ARGUMENT
);
777 if (bio
== NULL
|| bio
->ptr
== NULL
) {
778 ERR_raise(ERR_LIB_BIO
, ERR_R_PASSED_NULL_PARAMETER
);
781 data
= (BIO_CONNECT
*)bio
->ptr
;
782 if (data
->state
!= BIO_CONN_S_OK
) {
783 ret
= conn_state(bio
, data
);
788 if (data
->dgram_bio
!= NULL
) {
789 ERR_raise(ERR_LIB_BIO
, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
);
793 clear_socket_error();
795 # ifndef OPENSSL_NO_KTLS
796 if (BIO_get_ktls_recv(bio
))
797 ret
= ktls_read_record(bio
->num
, ptr
, 1);
800 ret
= readsocket(bio
->num
, ptr
, 1);
801 BIO_clear_retry_flags(bio
);
803 if (BIO_sock_should_retry(ret
))
804 BIO_set_retry_read(bio
);
806 bio
->flags
|= BIO_FLAGS_IN_EOF
;
813 return ret
> 0 || (bio
->flags
& BIO_FLAGS_IN_EOF
) != 0 ? ptr
- buf
: ret
;
816 static int conn_sendmmsg(BIO
*bio
, BIO_MSG
*msg
, size_t stride
, size_t num_msgs
,
817 uint64_t flags
, size_t *msgs_processed
)
824 ERR_raise(ERR_LIB_BIO
, ERR_R_PASSED_NULL_PARAMETER
);
828 data
= (BIO_CONNECT
*)bio
->ptr
;
829 if (data
->state
!= BIO_CONN_S_OK
) {
830 ret
= conn_state(bio
, data
);
837 if (data
->dgram_bio
== NULL
) {
839 ERR_raise(ERR_LIB_BIO
, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
);
843 return BIO_sendmmsg(data
->dgram_bio
, msg
, stride
, num_msgs
,
844 flags
, msgs_processed
);
847 static int conn_recvmmsg(BIO
*bio
, BIO_MSG
*msg
, size_t stride
, size_t num_msgs
,
848 uint64_t flags
, size_t *msgs_processed
)
855 ERR_raise(ERR_LIB_BIO
, ERR_R_PASSED_NULL_PARAMETER
);
859 data
= (BIO_CONNECT
*)bio
->ptr
;
860 if (data
->state
!= BIO_CONN_S_OK
) {
861 ret
= conn_state(bio
, data
);
868 if (data
->dgram_bio
== NULL
) {
870 ERR_raise(ERR_LIB_BIO
, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
);
874 return BIO_recvmmsg(data
->dgram_bio
, msg
, stride
, num_msgs
,
875 flags
, msgs_processed
);
878 BIO
*BIO_new_connect(const char *str
)
882 ret
= BIO_new(BIO_s_connect());
885 if (BIO_set_conn_hostname(ret
, str
))