]> git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/bio/bss_dgram.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Fix undefined ipi_spec_dst for cygwin build.
[thirdparty/openssl.git] / crypto / bio / bss_dgram.c
1 /*
2 * Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #ifndef _GNU_SOURCE
11 # define _GNU_SOURCE
12 #endif
13
14 #include <stdio.h>
15 #include <errno.h>
16
17 #include "bio_local.h"
18 #ifndef OPENSSL_NO_DGRAM
19
20 # ifndef OPENSSL_NO_SCTP
21 # include <netinet/sctp.h>
22 # include <fcntl.h>
23 # define OPENSSL_SCTP_DATA_CHUNK_TYPE 0x00
24 # define OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE 0xc0
25 # endif
26
27 # if defined(OPENSSL_SYS_LINUX) && !defined(IP_MTU)
28 # define IP_MTU 14 /* linux is lame */
29 # endif
30
31 # if OPENSSL_USE_IPV6 && !defined(IPPROTO_IPV6)
32 # define IPPROTO_IPV6 41 /* windows is lame */
33 # endif
34
35 # if defined(__FreeBSD__) && defined(IN6_IS_ADDR_V4MAPPED)
36 /* Standard definition causes type-punning problems. */
37 # undef IN6_IS_ADDR_V4MAPPED
38 # define s6_addr32 __u6_addr.__u6_addr32
39 # define IN6_IS_ADDR_V4MAPPED(a) \
40 (((a)->s6_addr32[0] == 0) && \
41 ((a)->s6_addr32[1] == 0) && \
42 ((a)->s6_addr32[2] == htonl(0x0000ffff)))
43 # endif
44
45 /* Determine what method to use for BIO_sendmmsg and BIO_recvmmsg. */
46 # define M_METHOD_NONE 0
47 # define M_METHOD_RECVMMSG 1
48 # define M_METHOD_RECVMSG 2
49 # define M_METHOD_RECVFROM 3
50 # define M_METHOD_WSARECVMSG 4
51
52 # if !defined(M_METHOD)
53 # if defined(OPENSSL_SYS_WINDOWS) && defined(BIO_HAVE_WSAMSG) && !defined(NO_WSARECVMSG)
54 # define M_METHOD M_METHOD_WSARECVMSG
55 # elif !defined(OPENSSL_SYS_WINDOWS) && defined(MSG_WAITFORONE) && !defined(NO_RECVMMSG)
56 # define M_METHOD M_METHOD_RECVMMSG
57 # elif !defined(OPENSSL_SYS_WINDOWS) && defined(CMSG_LEN) && !defined(NO_RECVMSG)
58 # define M_METHOD M_METHOD_RECVMSG
59 # elif !defined(NO_RECVFROM)
60 # define M_METHOD M_METHOD_RECVFROM
61 # else
62 # define M_METHOD M_METHOD_NONE
63 # endif
64 # endif
65
66 # if defined(OPENSSL_SYS_WINDOWS)
67 # define BIO_CMSG_SPACE(x) WSA_CMSG_SPACE(x)
68 # define BIO_CMSG_FIRSTHDR(x) WSA_CMSG_FIRSTHDR(x)
69 # define BIO_CMSG_NXTHDR(x, y) WSA_CMSG_NXTHDR(x, y)
70 # define BIO_CMSG_DATA(x) WSA_CMSG_DATA(x)
71 # define BIO_CMSG_LEN(x) WSA_CMSG_LEN(x)
72 # define MSGHDR_TYPE WSAMSG
73 # define CMSGHDR_TYPE WSACMSGHDR
74 # else
75 # define MSGHDR_TYPE struct msghdr
76 # define CMSGHDR_TYPE struct cmsghdr
77 # define BIO_CMSG_SPACE(x) CMSG_SPACE(x)
78 # define BIO_CMSG_FIRSTHDR(x) CMSG_FIRSTHDR(x)
79 # define BIO_CMSG_NXTHDR(x, y) CMSG_NXTHDR(x, y)
80 # define BIO_CMSG_DATA(x) CMSG_DATA(x)
81 # define BIO_CMSG_LEN(x) CMSG_LEN(x)
82 # endif
83
84 # if M_METHOD == M_METHOD_RECVMMSG \
85 || M_METHOD == M_METHOD_RECVMSG \
86 || M_METHOD == M_METHOD_WSARECVMSG
87 # if defined(__APPLE__)
88 /*
89 * CMSG_SPACE is not a constant expresson on OSX even though POSIX
90 * says it's supposed to be. This should be adequate.
91 */
92 # define BIO_CMSG_ALLOC_LEN 64
93 # else
94 # if defined(IPV6_PKTINFO)
95 # define BIO_CMSG_ALLOC_LEN_1 BIO_CMSG_SPACE(sizeof(struct in6_pktinfo))
96 # else
97 # define BIO_CMSG_ALLOC_LEN_1 0
98 # endif
99 # if defined(IP_PKTINFO)
100 # define BIO_CMSG_ALLOC_LEN_2 BIO_CMSG_SPACE(sizeof(struct in_pktinfo))
101 # else
102 # define BIO_CMSG_ALLOC_LEN_2 0
103 # endif
104 # if defined(IP_RECVDSTADDR)
105 # define BIO_CMSG_ALLOC_LEN_3 BIO_CMSG_SPACE(sizeof(struct in_addr))
106 # else
107 # define BIO_CMSG_ALLOC_LEN_3 0
108 # endif
109 # define BIO_MAX(X,Y) ((X) > (Y) ? (X) : (Y))
110 # define BIO_CMSG_ALLOC_LEN \
111 BIO_MAX(BIO_CMSG_ALLOC_LEN_1, \
112 BIO_MAX(BIO_CMSG_ALLOC_LEN_2, BIO_CMSG_ALLOC_LEN_3))
113 # endif
114 # if (defined(IP_PKTINFO) || defined(IP_RECVDSTADDR)) && defined(IPV6_RECVPKTINFO)
115 # define SUPPORT_LOCAL_ADDR
116 # endif
117 # endif
118
119 # define BIO_MSG_N(array, stride, n) (*(BIO_MSG *)((char *)(array) + (n)*(stride)))
120
121 static int dgram_write(BIO *h, const char *buf, int num);
122 static int dgram_read(BIO *h, char *buf, int size);
123 static int dgram_puts(BIO *h, const char *str);
124 static long dgram_ctrl(BIO *h, int cmd, long arg1, void *arg2);
125 static int dgram_new(BIO *h);
126 static int dgram_free(BIO *data);
127 static int dgram_clear(BIO *bio);
128 static int dgram_sendmmsg(BIO *b, BIO_MSG *msg,
129 size_t stride, size_t num_msg,
130 uint64_t flags, size_t *num_processed);
131 static int dgram_recvmmsg(BIO *b, BIO_MSG *msg,
132 size_t stride, size_t num_msg,
133 uint64_t flags, size_t *num_processed);
134
135 # ifndef OPENSSL_NO_SCTP
136 static int dgram_sctp_write(BIO *h, const char *buf, int num);
137 static int dgram_sctp_read(BIO *h, char *buf, int size);
138 static int dgram_sctp_puts(BIO *h, const char *str);
139 static long dgram_sctp_ctrl(BIO *h, int cmd, long arg1, void *arg2);
140 static int dgram_sctp_new(BIO *h);
141 static int dgram_sctp_free(BIO *data);
142 static int dgram_sctp_wait_for_dry(BIO *b);
143 static int dgram_sctp_msg_waiting(BIO *b);
144 # ifdef SCTP_AUTHENTICATION_EVENT
145 static void dgram_sctp_handle_auth_free_key_event(BIO *b, union sctp_notification
146 *snp);
147 # endif
148 # endif
149
150 static int BIO_dgram_should_retry(int s);
151
152 static void get_current_time(struct timeval *t);
153
154 static const BIO_METHOD methods_dgramp = {
155 BIO_TYPE_DGRAM,
156 "datagram socket",
157 bwrite_conv,
158 dgram_write,
159 bread_conv,
160 dgram_read,
161 dgram_puts,
162 NULL, /* dgram_gets, */
163 dgram_ctrl,
164 dgram_new,
165 dgram_free,
166 NULL, /* dgram_callback_ctrl */
167 dgram_sendmmsg,
168 dgram_recvmmsg,
169 };
170
171 # ifndef OPENSSL_NO_SCTP
172 static const BIO_METHOD methods_dgramp_sctp = {
173 BIO_TYPE_DGRAM_SCTP,
174 "datagram sctp socket",
175 bwrite_conv,
176 dgram_sctp_write,
177 bread_conv,
178 dgram_sctp_read,
179 dgram_sctp_puts,
180 NULL, /* dgram_gets, */
181 dgram_sctp_ctrl,
182 dgram_sctp_new,
183 dgram_sctp_free,
184 NULL, /* dgram_callback_ctrl */
185 NULL, /* sendmmsg */
186 NULL, /* recvmmsg */
187 };
188 # endif
189
190 typedef struct bio_dgram_data_st {
191 BIO_ADDR peer;
192 BIO_ADDR local_addr;
193 unsigned int connected;
194 unsigned int _errno;
195 unsigned int mtu;
196 struct timeval next_timeout;
197 struct timeval socket_timeout;
198 unsigned int peekmode;
199 char local_addr_enabled;
200 } bio_dgram_data;
201
202 # ifndef OPENSSL_NO_SCTP
203 typedef struct bio_dgram_sctp_save_message_st {
204 BIO *bio;
205 char *data;
206 int length;
207 } bio_dgram_sctp_save_message;
208
209 typedef struct bio_dgram_sctp_data_st {
210 BIO_ADDR peer;
211 unsigned int connected;
212 unsigned int _errno;
213 unsigned int mtu;
214 struct bio_dgram_sctp_sndinfo sndinfo;
215 struct bio_dgram_sctp_rcvinfo rcvinfo;
216 struct bio_dgram_sctp_prinfo prinfo;
217 BIO_dgram_sctp_notification_handler_fn handle_notifications;
218 void *notification_context;
219 int in_handshake;
220 int ccs_rcvd;
221 int ccs_sent;
222 int save_shutdown;
223 int peer_auth_tested;
224 } bio_dgram_sctp_data;
225 # endif
226
227 const BIO_METHOD *BIO_s_datagram(void)
228 {
229 return &methods_dgramp;
230 }
231
232 BIO *BIO_new_dgram(int fd, int close_flag)
233 {
234 BIO *ret;
235
236 ret = BIO_new(BIO_s_datagram());
237 if (ret == NULL)
238 return NULL;
239 BIO_set_fd(ret, fd, close_flag);
240 return ret;
241 }
242
243 static int dgram_new(BIO *bi)
244 {
245 bio_dgram_data *data = OPENSSL_zalloc(sizeof(*data));
246
247 if (data == NULL)
248 return 0;
249 bi->ptr = data;
250 return 1;
251 }
252
253 static int dgram_free(BIO *a)
254 {
255 bio_dgram_data *data;
256
257 if (a == NULL)
258 return 0;
259 if (!dgram_clear(a))
260 return 0;
261
262 data = (bio_dgram_data *)a->ptr;
263 OPENSSL_free(data);
264
265 return 1;
266 }
267
268 static int dgram_clear(BIO *a)
269 {
270 if (a == NULL)
271 return 0;
272 if (a->shutdown) {
273 if (a->init) {
274 BIO_closesocket(a->num);
275 }
276 a->init = 0;
277 a->flags = 0;
278 }
279 return 1;
280 }
281
282 static void dgram_adjust_rcv_timeout(BIO *b)
283 {
284 # if defined(SO_RCVTIMEO)
285 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
286
287 /* Is a timer active? */
288 if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0) {
289 struct timeval timenow, timeleft;
290
291 /* Read current socket timeout */
292 # ifdef OPENSSL_SYS_WINDOWS
293 int timeout;
294
295 int sz = sizeof(timeout);
296 if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
297 (void *)&timeout, &sz) < 0) {
298 perror("getsockopt");
299 } else {
300 data->socket_timeout.tv_sec = timeout / 1000;
301 data->socket_timeout.tv_usec = (timeout % 1000) * 1000;
302 }
303 # else
304 socklen_t sz = sizeof(data->socket_timeout);
305 if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
306 &(data->socket_timeout), &sz) < 0) {
307 perror("getsockopt");
308 } else
309 OPENSSL_assert(sz <= sizeof(data->socket_timeout));
310 # endif
311
312 /* Get current time */
313 get_current_time(&timenow);
314
315 /* Calculate time left until timer expires */
316 memcpy(&timeleft, &(data->next_timeout), sizeof(struct timeval));
317 if (timeleft.tv_usec < timenow.tv_usec) {
318 timeleft.tv_usec = 1000000 - timenow.tv_usec + timeleft.tv_usec;
319 timeleft.tv_sec--;
320 } else {
321 timeleft.tv_usec -= timenow.tv_usec;
322 }
323 if (timeleft.tv_sec < timenow.tv_sec) {
324 timeleft.tv_sec = 0;
325 timeleft.tv_usec = 1;
326 } else {
327 timeleft.tv_sec -= timenow.tv_sec;
328 }
329
330 /*
331 * Adjust socket timeout if next handshake message timer will expire
332 * earlier.
333 */
334 if ((data->socket_timeout.tv_sec == 0
335 && data->socket_timeout.tv_usec == 0)
336 || (data->socket_timeout.tv_sec > timeleft.tv_sec)
337 || (data->socket_timeout.tv_sec == timeleft.tv_sec
338 && data->socket_timeout.tv_usec >= timeleft.tv_usec)) {
339 # ifdef OPENSSL_SYS_WINDOWS
340 timeout = timeleft.tv_sec * 1000 + timeleft.tv_usec / 1000;
341 if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
342 (void *)&timeout, sizeof(timeout)) < 0) {
343 perror("setsockopt");
344 }
345 # else
346 if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &timeleft,
347 sizeof(struct timeval)) < 0) {
348 perror("setsockopt");
349 }
350 # endif
351 }
352 }
353 # endif
354 }
355
356 static void dgram_update_local_addr(BIO *b)
357 {
358 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
359 socklen_t addr_len = sizeof(data->local_addr);
360
361 if (getsockname(b->num, &data->local_addr.sa, &addr_len) < 0)
362 /*
363 * This should not be possible, but zero-initialize and return
364 * anyway.
365 */
366 BIO_ADDR_clear(&data->local_addr);
367 }
368
369 # if M_METHOD == M_METHOD_RECVMMSG || M_METHOD == M_METHOD_RECVMSG || M_METHOD == M_METHOD_WSARECVMSG
370 static int dgram_get_sock_family(BIO *b)
371 {
372 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
373 return data->local_addr.sa.sa_family;
374 }
375 # endif
376
377 static void dgram_reset_rcv_timeout(BIO *b)
378 {
379 # if defined(SO_RCVTIMEO)
380 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
381
382 /* Is a timer active? */
383 if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0) {
384 # ifdef OPENSSL_SYS_WINDOWS
385 int timeout = data->socket_timeout.tv_sec * 1000 +
386 data->socket_timeout.tv_usec / 1000;
387 if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
388 (void *)&timeout, sizeof(timeout)) < 0) {
389 perror("setsockopt");
390 }
391 # else
392 if (setsockopt
393 (b->num, SOL_SOCKET, SO_RCVTIMEO, &(data->socket_timeout),
394 sizeof(struct timeval)) < 0) {
395 perror("setsockopt");
396 }
397 # endif
398 }
399 # endif
400 }
401
402 static int dgram_read(BIO *b, char *out, int outl)
403 {
404 int ret = 0;
405 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
406 int flags = 0;
407
408 BIO_ADDR peer;
409 socklen_t len = sizeof(peer);
410
411 if (out != NULL) {
412 clear_socket_error();
413 BIO_ADDR_clear(&peer);
414 dgram_adjust_rcv_timeout(b);
415 if (data->peekmode)
416 flags = MSG_PEEK;
417 ret = recvfrom(b->num, out, outl, flags,
418 BIO_ADDR_sockaddr_noconst(&peer), &len);
419
420 if (!data->connected && ret >= 0)
421 BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &peer);
422
423 BIO_clear_retry_flags(b);
424 if (ret < 0) {
425 if (BIO_dgram_should_retry(ret)) {
426 BIO_set_retry_read(b);
427 data->_errno = get_last_socket_error();
428 }
429 }
430
431 dgram_reset_rcv_timeout(b);
432 }
433 return ret;
434 }
435
436 static int dgram_write(BIO *b, const char *in, int inl)
437 {
438 int ret;
439 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
440 clear_socket_error();
441
442 if (data->connected)
443 ret = writesocket(b->num, in, inl);
444 else {
445 int peerlen = BIO_ADDR_sockaddr_size(&data->peer);
446
447 ret = sendto(b->num, in, inl, 0,
448 BIO_ADDR_sockaddr(&data->peer), peerlen);
449 }
450
451 BIO_clear_retry_flags(b);
452 if (ret <= 0) {
453 if (BIO_dgram_should_retry(ret)) {
454 BIO_set_retry_write(b);
455 data->_errno = get_last_socket_error();
456 }
457 }
458 return ret;
459 }
460
461 static long dgram_get_mtu_overhead(bio_dgram_data *data)
462 {
463 long ret;
464
465 switch (BIO_ADDR_family(&data->peer)) {
466 case AF_INET:
467 /*
468 * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP
469 */
470 ret = 28;
471 break;
472 # if OPENSSL_USE_IPV6
473 case AF_INET6:
474 {
475 # ifdef IN6_IS_ADDR_V4MAPPED
476 struct in6_addr tmp_addr;
477 if (BIO_ADDR_rawaddress(&data->peer, &tmp_addr, NULL)
478 && IN6_IS_ADDR_V4MAPPED(&tmp_addr))
479 /*
480 * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP
481 */
482 ret = 28;
483 else
484 # endif
485 /*
486 * Assume this is UDP - 40 bytes for IP, 8 bytes for UDP
487 */
488 ret = 48;
489 }
490 break;
491 # endif
492 default:
493 /* We don't know. Go with the historical default */
494 ret = 28;
495 break;
496 }
497 return ret;
498 }
499
500 /* Enables appropriate destination address reception option on the socket. */
501 # if defined(SUPPORT_LOCAL_ADDR)
502 static int enable_local_addr(BIO *b, int enable) {
503 int af = dgram_get_sock_family(b);
504
505 if (af == AF_INET) {
506 # if defined(IP_PKTINFO)
507 /* IP_PKTINFO is preferred */
508 if (setsockopt(b->num, IPPROTO_IP, IP_PKTINFO,
509 (void *)&enable, sizeof(enable)) < 0)
510 return 0;
511
512 return 1;
513
514 # elif defined(IP_RECVDSTADDR)
515 /* Fall back to IP_RECVDSTADDR */
516
517 if (setsockopt(b->num, IPPROTO_IP, IP_RECVDSTADDR,
518 &enable, sizeof(enable)) < 0)
519 return 0;
520
521 return 1;
522 # endif
523 }
524
525 # if OPENSSL_USE_IPV6
526 if (af == AF_INET6) {
527 # if defined(IPV6_RECVPKTINFO)
528 if (setsockopt(b->num, IPPROTO_IPV6, IPV6_RECVPKTINFO,
529 &enable, sizeof(enable)) < 0)
530 return 0;
531
532 return 1;
533 # endif
534 }
535 # endif
536
537 return 0;
538 }
539 # endif
540
541 static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
542 {
543 long ret = 1;
544 int *ip;
545 bio_dgram_data *data = NULL;
546 int sockopt_val = 0;
547 int d_errno;
548 # if defined(OPENSSL_SYS_LINUX) && (defined(IP_MTU_DISCOVER) || defined(IP_MTU))
549 socklen_t sockopt_len; /* assume that system supporting IP_MTU is
550 * modern enough to define socklen_t */
551 socklen_t addr_len;
552 BIO_ADDR addr;
553 # endif
554
555 data = (bio_dgram_data *)b->ptr;
556
557 switch (cmd) {
558 case BIO_CTRL_RESET:
559 num = 0;
560 ret = 0;
561 break;
562 case BIO_CTRL_INFO:
563 ret = 0;
564 break;
565 case BIO_C_SET_FD:
566 dgram_clear(b);
567 b->num = *((int *)ptr);
568 b->shutdown = (int)num;
569 b->init = 1;
570 dgram_update_local_addr(b);
571 # if defined(SUPPORT_LOCAL_ADDR)
572 if (data->local_addr_enabled) {
573 if (enable_local_addr(b, 1) < 1)
574 data->local_addr_enabled = 0;
575 }
576 # endif
577 break;
578 case BIO_C_GET_FD:
579 if (b->init) {
580 ip = (int *)ptr;
581 if (ip != NULL)
582 *ip = b->num;
583 ret = b->num;
584 } else
585 ret = -1;
586 break;
587 case BIO_CTRL_GET_CLOSE:
588 ret = b->shutdown;
589 break;
590 case BIO_CTRL_SET_CLOSE:
591 b->shutdown = (int)num;
592 break;
593 case BIO_CTRL_PENDING:
594 case BIO_CTRL_WPENDING:
595 ret = 0;
596 break;
597 case BIO_CTRL_DUP:
598 case BIO_CTRL_FLUSH:
599 ret = 1;
600 break;
601 case BIO_CTRL_DGRAM_CONNECT:
602 BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr));
603 break;
604 /* (Linux)kernel sets DF bit on outgoing IP packets */
605 case BIO_CTRL_DGRAM_MTU_DISCOVER:
606 # if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO)
607 addr_len = (socklen_t) sizeof(addr);
608 BIO_ADDR_clear(&addr);
609 if (getsockname(b->num, &addr.sa, &addr_len) < 0) {
610 ret = 0;
611 break;
612 }
613 switch (addr.sa.sa_family) {
614 case AF_INET:
615 sockopt_val = IP_PMTUDISC_DO;
616 if ((ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER,
617 &sockopt_val, sizeof(sockopt_val))) < 0)
618 perror("setsockopt");
619 break;
620 # if OPENSSL_USE_IPV6 && defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_DO)
621 case AF_INET6:
622 sockopt_val = IPV6_PMTUDISC_DO;
623 if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
624 &sockopt_val, sizeof(sockopt_val))) < 0)
625 perror("setsockopt");
626 break;
627 # endif
628 default:
629 ret = -1;
630 break;
631 }
632 # else
633 ret = -1;
634 # endif
635 break;
636 case BIO_CTRL_DGRAM_QUERY_MTU:
637 # if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU)
638 addr_len = (socklen_t) sizeof(addr);
639 BIO_ADDR_clear(&addr);
640 if (getsockname(b->num, &addr.sa, &addr_len) < 0) {
641 ret = 0;
642 break;
643 }
644 sockopt_len = sizeof(sockopt_val);
645 switch (addr.sa.sa_family) {
646 case AF_INET:
647 if ((ret =
648 getsockopt(b->num, IPPROTO_IP, IP_MTU, (void *)&sockopt_val,
649 &sockopt_len)) < 0 || sockopt_val < 0) {
650 ret = 0;
651 } else {
652 /*
653 * we assume that the transport protocol is UDP and no IP
654 * options are used.
655 */
656 data->mtu = sockopt_val - 8 - 20;
657 ret = data->mtu;
658 }
659 break;
660 # if OPENSSL_USE_IPV6 && defined(IPV6_MTU)
661 case AF_INET6:
662 if ((ret =
663 getsockopt(b->num, IPPROTO_IPV6, IPV6_MTU,
664 (void *)&sockopt_val, &sockopt_len)) < 0
665 || sockopt_val < 0) {
666 ret = 0;
667 } else {
668 /*
669 * we assume that the transport protocol is UDP and no IPV6
670 * options are used.
671 */
672 data->mtu = sockopt_val - 8 - 40;
673 ret = data->mtu;
674 }
675 break;
676 # endif
677 default:
678 ret = 0;
679 break;
680 }
681 # else
682 ret = 0;
683 # endif
684 break;
685 case BIO_CTRL_DGRAM_GET_FALLBACK_MTU:
686 ret = -dgram_get_mtu_overhead(data);
687 switch (BIO_ADDR_family(&data->peer)) {
688 case AF_INET:
689 ret += 576;
690 break;
691 # if OPENSSL_USE_IPV6
692 case AF_INET6:
693 {
694 # ifdef IN6_IS_ADDR_V4MAPPED
695 struct in6_addr tmp_addr;
696 if (BIO_ADDR_rawaddress(&data->peer, &tmp_addr, NULL)
697 && IN6_IS_ADDR_V4MAPPED(&tmp_addr))
698 ret += 576;
699 else
700 # endif
701 ret += 1280;
702 }
703 break;
704 # endif
705 default:
706 ret += 576;
707 break;
708 }
709 break;
710 case BIO_CTRL_DGRAM_GET_MTU:
711 return data->mtu;
712 case BIO_CTRL_DGRAM_SET_MTU:
713 data->mtu = num;
714 ret = num;
715 break;
716 case BIO_CTRL_DGRAM_SET_CONNECTED:
717 if (ptr != NULL) {
718 data->connected = 1;
719 BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr));
720 } else {
721 data->connected = 0;
722 BIO_ADDR_clear(&data->peer);
723 }
724 break;
725 case BIO_CTRL_DGRAM_GET_PEER:
726 ret = BIO_ADDR_sockaddr_size(&data->peer);
727 /* FIXME: if num < ret, we will only return part of an address.
728 That should bee an error, no? */
729 if (num == 0 || num > ret)
730 num = ret;
731 memcpy(ptr, &data->peer, (ret = num));
732 break;
733 case BIO_CTRL_DGRAM_SET_PEER:
734 BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr));
735 break;
736 case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT:
737 memcpy(&(data->next_timeout), ptr, sizeof(struct timeval));
738 break;
739 # if defined(SO_RCVTIMEO)
740 case BIO_CTRL_DGRAM_SET_RECV_TIMEOUT:
741 # ifdef OPENSSL_SYS_WINDOWS
742 {
743 struct timeval *tv = (struct timeval *)ptr;
744 int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000;
745 if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
746 (void *)&timeout, sizeof(timeout)) < 0) {
747 perror("setsockopt");
748 ret = -1;
749 }
750 }
751 # else
752 if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, ptr,
753 sizeof(struct timeval)) < 0) {
754 perror("setsockopt");
755 ret = -1;
756 }
757 # endif
758 break;
759 case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT:
760 {
761 # ifdef OPENSSL_SYS_WINDOWS
762 int sz = 0;
763 int timeout;
764 struct timeval *tv = (struct timeval *)ptr;
765
766 sz = sizeof(timeout);
767 if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
768 (void *)&timeout, &sz) < 0) {
769 perror("getsockopt");
770 ret = -1;
771 } else {
772 tv->tv_sec = timeout / 1000;
773 tv->tv_usec = (timeout % 1000) * 1000;
774 ret = sizeof(*tv);
775 }
776 # else
777 socklen_t sz = sizeof(struct timeval);
778 if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
779 ptr, &sz) < 0) {
780 perror("getsockopt");
781 ret = -1;
782 } else {
783 OPENSSL_assert(sz <= sizeof(struct timeval));
784 ret = (int)sz;
785 }
786 # endif
787 }
788 break;
789 # endif
790 # if defined(SO_SNDTIMEO)
791 case BIO_CTRL_DGRAM_SET_SEND_TIMEOUT:
792 # ifdef OPENSSL_SYS_WINDOWS
793 {
794 struct timeval *tv = (struct timeval *)ptr;
795 int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000;
796 if (setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
797 (void *)&timeout, sizeof(timeout)) < 0) {
798 perror("setsockopt");
799 ret = -1;
800 }
801 }
802 # else
803 if (setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, ptr,
804 sizeof(struct timeval)) < 0) {
805 perror("setsockopt");
806 ret = -1;
807 }
808 # endif
809 break;
810 case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT:
811 {
812 # ifdef OPENSSL_SYS_WINDOWS
813 int sz = 0;
814 int timeout;
815 struct timeval *tv = (struct timeval *)ptr;
816
817 sz = sizeof(timeout);
818 if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
819 (void *)&timeout, &sz) < 0) {
820 perror("getsockopt");
821 ret = -1;
822 } else {
823 tv->tv_sec = timeout / 1000;
824 tv->tv_usec = (timeout % 1000) * 1000;
825 ret = sizeof(*tv);
826 }
827 # else
828 socklen_t sz = sizeof(struct timeval);
829 if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
830 ptr, &sz) < 0) {
831 perror("getsockopt");
832 ret = -1;
833 } else {
834 OPENSSL_assert(sz <= sizeof(struct timeval));
835 ret = (int)sz;
836 }
837 # endif
838 }
839 break;
840 # endif
841 case BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP:
842 /* fall-through */
843 case BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP:
844 # ifdef OPENSSL_SYS_WINDOWS
845 d_errno = (data->_errno == WSAETIMEDOUT);
846 # else
847 d_errno = (data->_errno == EAGAIN);
848 # endif
849 if (d_errno) {
850 ret = 1;
851 data->_errno = 0;
852 } else
853 ret = 0;
854 break;
855 # ifdef EMSGSIZE
856 case BIO_CTRL_DGRAM_MTU_EXCEEDED:
857 if (data->_errno == EMSGSIZE) {
858 ret = 1;
859 data->_errno = 0;
860 } else
861 ret = 0;
862 break;
863 # endif
864 case BIO_CTRL_DGRAM_SET_DONT_FRAG:
865 sockopt_val = num ? 1 : 0;
866
867 switch (data->peer.sa.sa_family) {
868 case AF_INET:
869 # if defined(IP_DONTFRAG)
870 if ((ret = setsockopt(b->num, IPPROTO_IP, IP_DONTFRAG,
871 &sockopt_val, sizeof(sockopt_val))) < 0) {
872 perror("setsockopt");
873 ret = -1;
874 }
875 # elif defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined (IP_PMTUDISC_PROBE)
876 if ((sockopt_val = num ? IP_PMTUDISC_PROBE : IP_PMTUDISC_DONT),
877 (ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER,
878 &sockopt_val, sizeof(sockopt_val))) < 0) {
879 perror("setsockopt");
880 ret = -1;
881 }
882 # elif defined(OPENSSL_SYS_WINDOWS) && defined(IP_DONTFRAGMENT)
883 if ((ret = setsockopt(b->num, IPPROTO_IP, IP_DONTFRAGMENT,
884 (const char *)&sockopt_val,
885 sizeof(sockopt_val))) < 0) {
886 perror("setsockopt");
887 ret = -1;
888 }
889 # else
890 ret = -1;
891 # endif
892 break;
893 # if OPENSSL_USE_IPV6
894 case AF_INET6:
895 # if defined(IPV6_DONTFRAG)
896 if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_DONTFRAG,
897 (const void *)&sockopt_val,
898 sizeof(sockopt_val))) < 0) {
899 perror("setsockopt");
900 ret = -1;
901 }
902 # elif defined(OPENSSL_SYS_LINUX) && defined(IPV6_MTUDISCOVER)
903 if ((sockopt_val = num ? IP_PMTUDISC_PROBE : IP_PMTUDISC_DONT),
904 (ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
905 &sockopt_val, sizeof(sockopt_val))) < 0) {
906 perror("setsockopt");
907 ret = -1;
908 }
909 # else
910 ret = -1;
911 # endif
912 break;
913 # endif
914 default:
915 ret = -1;
916 break;
917 }
918 break;
919 case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD:
920 ret = dgram_get_mtu_overhead(data);
921 break;
922
923 /*
924 * BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE is used here for compatibility
925 * reasons. When BIO_CTRL_DGRAM_SET_PEEK_MODE was first defined its value
926 * was incorrectly clashing with BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE. The
927 * value has been updated to a non-clashing value. However to preserve
928 * binary compatibility we now respond to both the old value and the new one
929 */
930 case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE:
931 case BIO_CTRL_DGRAM_SET_PEEK_MODE:
932 data->peekmode = (unsigned int)num;
933 break;
934
935 case BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP:
936 # if defined(SUPPORT_LOCAL_ADDR)
937 ret = 1;
938 # else
939 ret = 0;
940 # endif
941 break;
942
943 case BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE:
944 # if defined(SUPPORT_LOCAL_ADDR)
945 num = num > 0;
946 if (num != data->local_addr_enabled) {
947 if (enable_local_addr(b, num) < 1) {
948 ret = 0;
949 break;
950 }
951
952 data->local_addr_enabled = (char)num;
953 }
954 # else
955 ret = 0;
956 # endif
957 break;
958
959 case BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE:
960 *(int *)ptr = data->local_addr_enabled;
961 break;
962
963 default:
964 ret = 0;
965 break;
966 }
967 return ret;
968 }
969
970 static int dgram_puts(BIO *bp, const char *str)
971 {
972 int n, ret;
973
974 n = strlen(str);
975 ret = dgram_write(bp, str, n);
976 return ret;
977 }
978
979 # if M_METHOD == M_METHOD_WSARECVMSG
980 static void translate_msg_win(BIO *b, WSAMSG *mh, WSABUF *iov,
981 unsigned char *control, BIO_MSG *msg)
982 {
983 iov->len = msg->data_len;
984 iov->buf = msg->data;
985
986 /* Windows requires namelen to be set exactly */
987 mh->name = msg->peer != NULL ? &msg->peer->sa : NULL;
988 if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET)
989 mh->namelen = sizeof(struct sockaddr_in);
990 # if OPENSSL_USE_IPV6
991 else if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET6)
992 mh->namelen = sizeof(struct sockaddr_in6);
993 # endif
994 else
995 mh->namelen = 0;
996
997 /*
998 * When local address reception (IP_PKTINFO, etc.) is enabled, on Windows
999 * this causes WSARecvMsg to fail if the control buffer is too small to hold
1000 * the structure, or if no control buffer is passed. So we need to give it
1001 * the control buffer even if we aren't actually going to examine the
1002 * result.
1003 */
1004 mh->lpBuffers = iov;
1005 mh->dwBufferCount = 1;
1006 mh->Control.len = BIO_CMSG_ALLOC_LEN;
1007 mh->Control.buf = control;
1008 mh->dwFlags = 0;
1009 }
1010 # endif
1011
1012 # if M_METHOD == M_METHOD_RECVMMSG || M_METHOD == M_METHOD_RECVMSG
1013 /* Translates a BIO_MSG to a msghdr and iovec. */
1014 static void translate_msg(BIO *b, struct msghdr *mh, struct iovec *iov,
1015 unsigned char *control, BIO_MSG *msg)
1016 {
1017 iov->iov_base = msg->data;
1018 iov->iov_len = msg->data_len;
1019
1020 /* macOS requires msg_namelen be 0 if msg_name is NULL */
1021 mh->msg_name = msg->peer != NULL ? &msg->peer->sa : NULL;
1022 if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET)
1023 mh->msg_namelen = sizeof(struct sockaddr_in);
1024 # if OPENSSL_USE_IPV6
1025 else if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET6)
1026 mh->msg_namelen = sizeof(struct sockaddr_in6);
1027 # endif
1028 else
1029 mh->msg_namelen = 0;
1030
1031 mh->msg_iov = iov;
1032 mh->msg_iovlen = 1;
1033 mh->msg_control = msg->local != NULL ? control : NULL;
1034 mh->msg_controllen = msg->local != NULL ? BIO_CMSG_ALLOC_LEN : 0;
1035 mh->msg_flags = 0;
1036 }
1037 # endif
1038
1039 # if M_METHOD == M_METHOD_RECVMMSG || M_METHOD == M_METHOD_RECVMSG || M_METHOD == M_METHOD_WSARECVMSG
1040 /* Extracts destination address from the control buffer. */
1041 static int extract_local(BIO *b, MSGHDR_TYPE *mh, BIO_ADDR *local) {
1042 # if defined(IP_PKTINFO) || defined(IP_RECVDSTADDR) || defined(IPV6_PKTINFO)
1043 CMSGHDR_TYPE *cmsg;
1044 int af = dgram_get_sock_family(b);
1045
1046 for (cmsg = BIO_CMSG_FIRSTHDR(mh); cmsg != NULL;
1047 cmsg = BIO_CMSG_NXTHDR(mh, cmsg)) {
1048 if (af == AF_INET) {
1049 if (cmsg->cmsg_level != IPPROTO_IP)
1050 continue;
1051
1052 # if defined(IP_PKTINFO)
1053 if (cmsg->cmsg_type != IP_PKTINFO)
1054 continue;
1055
1056 local->s_in.sin_addr =
1057 ((struct in_pktinfo *)BIO_CMSG_DATA(cmsg))->ipi_addr;
1058
1059 # elif defined(IP_RECVDSTADDR)
1060 if (cmsg->cmsg_type != IP_RECVDSTADDR)
1061 continue;
1062
1063 local->s_in.sin_addr = *(struct in_addr *)BIO_CMSG_DATA(cmsg);
1064 # endif
1065
1066 # if defined(IP_PKTINFO) || defined(IP_RECVDSTADDR)
1067 {
1068 bio_dgram_data *data = b->ptr;
1069
1070 local->s_in.sin_family = AF_INET;
1071 local->s_in.sin_port = data->local_addr.s_in.sin_port;
1072 }
1073 return 1;
1074 # endif
1075 }
1076 # if OPENSSL_USE_IPV6
1077 else if (af == AF_INET6) {
1078 if (cmsg->cmsg_level != IPPROTO_IPV6)
1079 continue;
1080
1081 # if defined(IPV6_RECVPKTINFO)
1082 if (cmsg->cmsg_type != IPV6_PKTINFO)
1083 continue;
1084
1085 {
1086 bio_dgram_data *data = b->ptr;
1087
1088 local->s_in6.sin6_addr =
1089 ((struct in6_pktinfo *)BIO_CMSG_DATA(cmsg))->ipi6_addr;
1090 local->s_in6.sin6_family = AF_INET6;
1091 local->s_in6.sin6_port = data->local_addr.s_in6.sin6_port;
1092 local->s_in6.sin6_scope_id =
1093 data->local_addr.s_in6.sin6_scope_id;
1094 local->s_in6.sin6_flowinfo = 0;
1095 }
1096 return 1;
1097 # endif
1098 }
1099 # endif
1100 }
1101 # endif
1102
1103 return 0;
1104 }
1105
1106 static int pack_local(BIO *b, MSGHDR_TYPE *mh, const BIO_ADDR *local) {
1107 int af = dgram_get_sock_family(b);
1108 # if defined(IP_PKTINFO) || defined(IP_RECVDSTADDR) || defined(IPV6_PKTINFO)
1109 CMSGHDR_TYPE *cmsg;
1110 bio_dgram_data *data = b->ptr;
1111 # endif
1112
1113 if (af == AF_INET) {
1114 # if defined(IP_PKTINFO)
1115 struct in_pktinfo *info;
1116
1117 # if defined(OPENSSL_SYS_WINDOWS)
1118 cmsg = (CMSGHDR_TYPE *)mh->Control.buf;
1119 # else
1120 cmsg = (CMSGHDR_TYPE *)mh->msg_control;
1121 # endif
1122
1123 cmsg->cmsg_len = BIO_CMSG_LEN(sizeof(struct in_pktinfo));
1124 cmsg->cmsg_level = IPPROTO_IP;
1125 cmsg->cmsg_type = IP_PKTINFO;
1126
1127 info = (struct in_pktinfo *)BIO_CMSG_DATA(cmsg);
1128 # if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_CYGWIN)
1129 info->ipi_spec_dst = local->s_in.sin_addr;
1130 # endif
1131 info->ipi_addr.s_addr = 0;
1132 info->ipi_ifindex = 0;
1133
1134 /*
1135 * We cannot override source port using this API, therefore
1136 * ensure the application specified a source port of 0
1137 * or the one we are bound to. (Better to error than silently
1138 * ignore this.)
1139 */
1140 if (local->s_in.sin_port != 0
1141 && data->local_addr.s_in.sin_port != local->s_in.sin_port) {
1142 ERR_raise(ERR_LIB_BIO, BIO_R_PORT_MISMATCH);
1143 return 0;
1144 }
1145
1146 # if defined(OPENSSL_SYS_WINDOWS)
1147 mh->Control.len = BIO_CMSG_SPACE(sizeof(struct in_pktinfo));
1148 # else
1149 mh->msg_controllen = BIO_CMSG_SPACE(sizeof(struct in_pktinfo));
1150 # endif
1151 return 1;
1152
1153 # elif defined(IP_SENDSRCADDR)
1154 struct in_addr *info;
1155
1156 cmsg = (struct cmsghdr *)mh->msg_control;
1157 cmsg->cmsg_len = BIO_CMSG_LEN(sizeof(struct in_addr));
1158 cmsg->cmsg_level = IPPROTO_IP;
1159 cmsg->cmsg_type = IP_SENDSRCADDR;
1160
1161 info = (struct in_addr *)BIO_CMSG_DATA(cmsg);
1162 *info = local->s_in.sin_addr;
1163
1164 /* See comment above. */
1165 if (local->s_in.sin_port != 0
1166 && data->local_addr.s_in.sin_port != local->s_in.sin_port) {
1167 ERR_raise(ERR_LIB_BIO, BIO_R_PORT_MISMATCH);
1168 return 0;
1169 }
1170
1171 mh->msg_controllen = BIO_CMSG_SPACE(sizeof(struct in_addr));
1172 return 1;
1173 # endif
1174 }
1175 # if OPENSSL_USE_IPV6
1176 else if (af == AF_INET6) {
1177 # if defined(IPV6_PKTINFO)
1178 struct in6_pktinfo *info;
1179
1180 # if defined(OPENSSL_SYS_WINDOWS)
1181 cmsg = (CMSGHDR_TYPE *)mh->Control.buf;
1182 # else
1183 cmsg = (CMSGHDR_TYPE *)mh->msg_control;
1184 # endif
1185 cmsg->cmsg_len = BIO_CMSG_LEN(sizeof(struct in6_pktinfo));
1186 cmsg->cmsg_level = IPPROTO_IPV6;
1187 cmsg->cmsg_type = IPV6_PKTINFO;
1188
1189 info = (struct in6_pktinfo *)BIO_CMSG_DATA(cmsg);
1190 info->ipi6_addr = local->s_in6.sin6_addr;
1191 info->ipi6_ifindex = 0;
1192
1193 /*
1194 * See comment above, but also applies to the other fields
1195 * in sockaddr_in6.
1196 */
1197 if (local->s_in6.sin6_port != 0
1198 && data->local_addr.s_in6.sin6_port != local->s_in6.sin6_port) {
1199 ERR_raise(ERR_LIB_BIO, BIO_R_PORT_MISMATCH);
1200 return 0;
1201 }
1202
1203 if (local->s_in6.sin6_scope_id != 0
1204 && data->local_addr.s_in6.sin6_scope_id != local->s_in6.sin6_scope_id) {
1205 ERR_raise(ERR_LIB_BIO, BIO_R_PORT_MISMATCH);
1206 return 0;
1207 }
1208
1209 # if defined(OPENSSL_SYS_WINDOWS)
1210 mh->Control.len = BIO_CMSG_SPACE(sizeof(struct in6_pktinfo));
1211 # else
1212 mh->msg_controllen = BIO_CMSG_SPACE(sizeof(struct in6_pktinfo));
1213 # endif
1214 return 1;
1215 # endif
1216 }
1217 # endif
1218
1219 return 0;
1220 }
1221 # endif
1222
1223 /*
1224 * Converts flags passed to BIO_sendmmsg or BIO_recvmmsg to syscall flags. You
1225 * should mask out any system flags returned by this function you cannot support
1226 * in a particular circumstance. Currently no flags are defined.
1227 */
1228 # if M_METHOD != M_METHOD_NONE
1229 static int translate_flags(uint64_t flags) {
1230 return 0;
1231 }
1232 # endif
1233
1234 static int dgram_sendmmsg(BIO *b, BIO_MSG *msg, size_t stride,
1235 size_t num_msg, uint64_t flags, size_t *num_processed)
1236 {
1237 # if M_METHOD != M_METHOD_NONE && M_METHOD != M_METHOD_RECVMSG
1238 int ret;
1239 # endif
1240 # if M_METHOD == M_METHOD_RECVMMSG
1241 # define BIO_MAX_MSGS_PER_CALL 64
1242 int sysflags;
1243 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
1244 size_t i;
1245 struct mmsghdr mh[BIO_MAX_MSGS_PER_CALL];
1246 struct iovec iov[BIO_MAX_MSGS_PER_CALL];
1247 unsigned char control[BIO_MAX_MSGS_PER_CALL][BIO_CMSG_ALLOC_LEN];
1248 int have_local_enabled = data->local_addr_enabled;
1249 # elif M_METHOD == M_METHOD_RECVMSG
1250 int sysflags;
1251 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
1252 ossl_ssize_t l;
1253 struct msghdr mh;
1254 struct iovec iov;
1255 unsigned char control[BIO_CMSG_ALLOC_LEN];
1256 int have_local_enabled = data->local_addr_enabled;
1257 # elif M_METHOD == M_METHOD_WSARECVMSG
1258 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
1259 int have_local_enabled = data->local_addr_enabled;
1260 WSAMSG wmsg;
1261 WSABUF wbuf;
1262 DWORD num_bytes_sent = 0;
1263 unsigned char control[BIO_CMSG_ALLOC_LEN];
1264 # endif
1265 # if M_METHOD == M_METHOD_RECVFROM || M_METHOD == M_METHOD_WSARECVMSG
1266 int sysflags;
1267 # endif
1268
1269 if (num_msg == 0) {
1270 *num_processed = 0;
1271 return 1;
1272 }
1273
1274 if (num_msg > OSSL_SSIZE_MAX)
1275 num_msg = OSSL_SSIZE_MAX;
1276
1277 # if M_METHOD != M_METHOD_NONE
1278 sysflags = translate_flags(flags);
1279 # endif
1280
1281 # if M_METHOD == M_METHOD_RECVMMSG
1282 /*
1283 * In the sendmmsg/recvmmsg case, we need to allocate our translated struct
1284 * msghdr and struct iovec on the stack to support multithreaded use. Thus
1285 * we place a fixed limit on the number of messages per call, in the
1286 * expectation that we will be called again if there were more messages to
1287 * be sent.
1288 */
1289 if (num_msg > BIO_MAX_MSGS_PER_CALL)
1290 num_msg = BIO_MAX_MSGS_PER_CALL;
1291
1292 for (i = 0; i < num_msg; ++i) {
1293 translate_msg(b, &mh[i].msg_hdr, &iov[i],
1294 control[i], &BIO_MSG_N(msg, stride, i));
1295
1296 /* If local address was requested, it must have been enabled */
1297 if (BIO_MSG_N(msg, stride, i).local != NULL) {
1298 if (!have_local_enabled) {
1299 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1300 *num_processed = 0;
1301 return 0;
1302 }
1303
1304 if (pack_local(b, &mh[i].msg_hdr,
1305 BIO_MSG_N(msg, stride, i).local) < 1) {
1306 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1307 *num_processed = 0;
1308 return 0;
1309 }
1310 }
1311 }
1312
1313 /* Do the batch */
1314 ret = sendmmsg(b->num, mh, num_msg, sysflags);
1315 if (ret < 0) {
1316 ERR_raise(ERR_LIB_SYS, get_last_socket_error());
1317 *num_processed = 0;
1318 return 0;
1319 }
1320
1321 for (i = 0; i < (size_t)ret; ++i) {
1322 BIO_MSG_N(msg, stride, i).data_len = mh[i].msg_len;
1323 BIO_MSG_N(msg, stride, i).flags = 0;
1324 }
1325
1326 *num_processed = (size_t)ret;
1327 return 1;
1328
1329 # elif M_METHOD == M_METHOD_RECVMSG
1330 /*
1331 * If sendmsg is available, use it.
1332 */
1333 translate_msg(b, &mh, &iov, control, msg);
1334
1335 if (msg->local != NULL) {
1336 if (!have_local_enabled) {
1337 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1338 *num_processed = 0;
1339 return 0;
1340 }
1341
1342 if (pack_local(b, &mh, msg->local) < 1) {
1343 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1344 *num_processed = 0;
1345 return 0;
1346 }
1347 }
1348
1349 l = sendmsg(b->num, &mh, sysflags);
1350 if (l < 0) {
1351 ERR_raise(ERR_LIB_SYS, get_last_socket_error());
1352 *num_processed = 0;
1353 return 0;
1354 }
1355
1356 msg->data_len = (size_t)l;
1357 msg->flags = 0;
1358 *num_processed = 1;
1359 return 1;
1360
1361 # elif M_METHOD == M_METHOD_WSARECVMSG || M_METHOD == M_METHOD_RECVFROM
1362 # if M_METHOD == M_METHOD_WSARECVMSG
1363 if (bio_WSASendMsg != NULL) {
1364 /* WSASendMsg-based implementation for Windows. */
1365 translate_msg_win(b, &wmsg, &wbuf, control, msg);
1366
1367 if (msg[0].local != NULL) {
1368 if (!have_local_enabled) {
1369 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1370 *num_processed = 0;
1371 return 0;
1372 }
1373
1374 if (pack_local(b, &wmsg, msg[0].local) < 1) {
1375 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1376 *num_processed = 0;
1377 return 0;
1378 }
1379 }
1380
1381 ret = WSASendMsg((SOCKET)b->num, &wmsg, 0, &num_bytes_sent, NULL, NULL);
1382 if (ret < 0) {
1383 ERR_raise(ERR_LIB_SYS, get_last_socket_error());
1384 *num_processed = 0;
1385 return 0;
1386 }
1387
1388 msg[0].data_len = num_bytes_sent;
1389 msg[0].flags = 0;
1390 *num_processed = 1;
1391 return 1;
1392 }
1393 # endif
1394
1395 /*
1396 * Fallback to sendto and send a single message.
1397 */
1398 if (msg[0].local != NULL) {
1399 /*
1400 * We cannot set the local address if using sendto
1401 * so fail in this case
1402 */
1403 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1404 *num_processed = 0;
1405 return 0;
1406 }
1407
1408 ret = sendto(b->num, msg[0].data,
1409 # if defined(OPENSSL_SYS_WINDOWS)
1410 (int)msg[0].data_len,
1411 # else
1412 msg[0].data_len,
1413 # endif
1414 sysflags,
1415 msg[0].peer != NULL ? &msg[0].peer->sa : NULL,
1416 msg[0].peer != NULL ? sizeof(*msg[0].peer) : 0);
1417 if (ret <= 0) {
1418 ERR_raise(ERR_LIB_SYS, get_last_socket_error());
1419 *num_processed = 0;
1420 return 0;
1421 }
1422
1423 msg[0].data_len = ret;
1424 msg[0].flags = 0;
1425 *num_processed = 1;
1426 return 1;
1427
1428 # else
1429 ERR_raise(ERR_LIB_BIO, BIO_R_UNSUPPORTED_METHOD);
1430 *num_processed = 0;
1431 return 0;
1432 # endif
1433 }
1434
1435 static int dgram_recvmmsg(BIO *b, BIO_MSG *msg,
1436 size_t stride, size_t num_msg,
1437 uint64_t flags, size_t *num_processed)
1438 {
1439 # if M_METHOD != M_METHOD_NONE && M_METHOD != M_METHOD_RECVMSG
1440 int ret;
1441 # endif
1442 # if M_METHOD == M_METHOD_RECVMMSG
1443 int sysflags;
1444 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
1445 size_t i;
1446 struct mmsghdr mh[BIO_MAX_MSGS_PER_CALL];
1447 struct iovec iov[BIO_MAX_MSGS_PER_CALL];
1448 unsigned char control[BIO_MAX_MSGS_PER_CALL][BIO_CMSG_ALLOC_LEN];
1449 int have_local_enabled = data->local_addr_enabled;
1450 # elif M_METHOD == M_METHOD_RECVMSG
1451 int sysflags;
1452 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
1453 ossl_ssize_t l;
1454 struct msghdr mh;
1455 struct iovec iov;
1456 unsigned char control[BIO_CMSG_ALLOC_LEN];
1457 int have_local_enabled = data->local_addr_enabled;
1458 # elif M_METHOD == M_METHOD_WSARECVMSG
1459 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
1460 int have_local_enabled = data->local_addr_enabled;
1461 WSAMSG wmsg;
1462 WSABUF wbuf;
1463 DWORD num_bytes_received = 0;
1464 unsigned char control[BIO_CMSG_ALLOC_LEN];
1465 # endif
1466 # if M_METHOD == M_METHOD_RECVFROM || M_METHOD == M_METHOD_WSARECVMSG
1467 int sysflags;
1468 socklen_t slen;
1469 # endif
1470
1471 if (num_msg == 0) {
1472 *num_processed = 0;
1473 return 1;
1474 }
1475
1476 if (num_msg > OSSL_SSIZE_MAX)
1477 num_msg = OSSL_SSIZE_MAX;
1478
1479 # if M_METHOD != M_METHOD_NONE
1480 sysflags = translate_flags(flags);
1481 # endif
1482
1483 # if M_METHOD == M_METHOD_RECVMMSG
1484 /*
1485 * In the sendmmsg/recvmmsg case, we need to allocate our translated struct
1486 * msghdr and struct iovec on the stack to support multithreaded use. Thus
1487 * we place a fixed limit on the number of messages per call, in the
1488 * expectation that we will be called again if there were more messages to
1489 * be sent.
1490 */
1491 if (num_msg > BIO_MAX_MSGS_PER_CALL)
1492 num_msg = BIO_MAX_MSGS_PER_CALL;
1493
1494 for (i = 0; i < num_msg; ++i) {
1495 translate_msg(b, &mh[i].msg_hdr, &iov[i],
1496 control[i], &BIO_MSG_N(msg, stride, i));
1497
1498 /* If local address was requested, it must have been enabled */
1499 if (BIO_MSG_N(msg, stride, i).local != NULL && !have_local_enabled) {
1500 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1501 *num_processed = 0;
1502 return 0;
1503 }
1504 }
1505
1506 /* Do the batch */
1507 ret = recvmmsg(b->num, mh, num_msg, sysflags, NULL);
1508 if (ret < 0) {
1509 ERR_raise(ERR_LIB_SYS, get_last_socket_error());
1510 *num_processed = 0;
1511 return 0;
1512 }
1513
1514 for (i = 0; i < (size_t)ret; ++i) {
1515 BIO_MSG_N(msg, stride, i).data_len = mh[i].msg_len;
1516 BIO_MSG_N(msg, stride, i).flags = 0;
1517 /*
1518 * *(msg->peer) will have been filled in by recvmmsg;
1519 * for msg->local we parse the control data returned
1520 */
1521 if (BIO_MSG_N(msg, stride, i).local != NULL)
1522 if (extract_local(b, &mh[i].msg_hdr,
1523 BIO_MSG_N(msg, stride, i).local) < 1) {
1524 if (i > 0) {
1525 *num_processed = i;
1526 return 1;
1527 } else {
1528 *num_processed = 0;
1529 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1530 return 0;
1531 }
1532 }
1533 }
1534
1535 *num_processed = (size_t)ret;
1536 return 1;
1537
1538 # elif M_METHOD == M_METHOD_RECVMSG
1539 /*
1540 * If recvmsg is available, use it.
1541 */
1542 translate_msg(b, &mh, &iov, control, msg);
1543
1544 /* If local address was requested, it must have been enabled */
1545 if (msg->local != NULL && !have_local_enabled) {
1546 /*
1547 * If we have done at least one message, we must return the
1548 * count; if we haven't done any, we can give an error code
1549 */
1550 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1551 *num_processed = 0;
1552 return 0;
1553 }
1554
1555 l = recvmsg(b->num, &mh, sysflags);
1556 if (l < 0) {
1557 ERR_raise(ERR_LIB_SYS, get_last_socket_error());
1558 *num_processed = 0;
1559 return 0;
1560 }
1561
1562 msg->data_len = (size_t)l;
1563 msg->flags = 0;
1564
1565 if (msg->local != NULL)
1566 if (extract_local(b, &mh, msg->local) < 1) {
1567 /*
1568 * OS X exhibits odd behaviour where it appears that if a packet is
1569 * sent before the receiving interface enables IP_PKTINFO, it will
1570 * sometimes not have any control data returned even if the
1571 * receiving interface enables IP_PKTINFO before calling recvmsg().
1572 * This appears to occur non-deterministically. Presumably, OS X
1573 * handles IP_PKTINFO at the time the packet is enqueued into a
1574 * socket's receive queue, rather than at the time recvmsg() is
1575 * called, unlike most other operating systems. Thus (if this
1576 * hypothesis is correct) there is a race between where IP_PKTINFO
1577 * is enabled by the process and when the kernel's network stack
1578 * queues the incoming message.
1579 *
1580 * We cannot return the local address if we do not have it, but this
1581 * is not a caller error either, so just return a zero address
1582 * structure.
1583 *
1584 * We enable this workaround for Apple only as it should not
1585 * be necessary otherwise.
1586 */
1587 # if defined(__APPLE__)
1588 BIO_ADDR_clear(msg->local);
1589 # else
1590 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1591 *num_processed = 0;
1592 return 0;
1593 # endif
1594 }
1595
1596 *num_processed = 1;
1597 return 1;
1598
1599 # elif M_METHOD == M_METHOD_RECVFROM || M_METHOD == M_METHOD_WSARECVMSG
1600 # if M_METHOD == M_METHOD_WSARECVMSG
1601 if (bio_WSARecvMsg != NULL) {
1602 /* WSARecvMsg-based implementation for Windows. */
1603 translate_msg_win(b, &wmsg, &wbuf, control, msg);
1604
1605 /* If local address was requested, it must have been enabled */
1606 if (msg[0].local != NULL && !have_local_enabled) {
1607 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1608 *num_processed = 0;
1609 return 0;
1610 }
1611
1612 ret = WSARecvMsg((SOCKET)b->num, &wmsg, &num_bytes_received, NULL, NULL);
1613 if (ret < 0) {
1614 ERR_raise(ERR_LIB_SYS, get_last_socket_error());
1615 *num_processed = 0;
1616 return 0;
1617 }
1618
1619 msg[0].data_len = num_bytes_received;
1620 msg[0].flags = 0;
1621 if (msg[0].local != NULL)
1622 if (extract_local(b, &wmsg, msg[0].local) < 1)
1623 /*
1624 * On Windows, loopback is not a "proper" interface and it works
1625 * differently; packets are essentially short-circuited and
1626 * don't go through all of the normal processing. A consequence
1627 * of this is that packets sent from the local machine to the
1628 * local machine _will not have IP_PKTINFO_ even if the
1629 * IP_PKTINFO socket option is enabled. WSARecvMsg just sets
1630 * Control.len to 0 on returning.
1631 *
1632 * This applies regardless of whether the loopback address,
1633 * 127.0.0.1 is used, or a local interface address (e.g.
1634 * 192.168.1.1); in both cases IP_PKTINFO will not be present.
1635 *
1636 * We report this condition by setting the local BIO_ADDR's
1637 * family to 0.
1638 */
1639 BIO_ADDR_clear(msg[0].local);
1640
1641 *num_processed = 1;
1642 return 1;
1643 }
1644 # endif
1645
1646 /*
1647 * Fallback to recvfrom and receive a single message.
1648 */
1649 if (msg[0].local != NULL) {
1650 /*
1651 * We cannot determine the local address if using recvfrom
1652 * so fail in this case
1653 */
1654 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1655 *num_processed = 0;
1656 return 0;
1657 }
1658
1659 slen = sizeof(*msg[0].peer);
1660 ret = recvfrom(b->num, msg[0].data,
1661 # if defined(OPENSSL_SYS_WINDOWS)
1662 (int)msg[0].data_len,
1663 # else
1664 msg[0].data_len,
1665 # endif
1666 sysflags,
1667 msg[0].peer != NULL ? &msg[0].peer->sa : NULL,
1668 msg[0].peer != NULL ? &slen : NULL);
1669 if (ret <= 0) {
1670 ERR_raise(ERR_LIB_SYS, get_last_socket_error());
1671 return 0;
1672 }
1673
1674 msg[0].data_len = ret;
1675 msg[0].flags = 0;
1676 *num_processed = 1;
1677 return 1;
1678
1679 # else
1680 ERR_raise(ERR_LIB_BIO, BIO_R_UNSUPPORTED_METHOD);
1681 *num_processed = 0;
1682 return 0;
1683 # endif
1684 }
1685
1686 # ifndef OPENSSL_NO_SCTP
1687 const BIO_METHOD *BIO_s_datagram_sctp(void)
1688 {
1689 return &methods_dgramp_sctp;
1690 }
1691
1692 BIO *BIO_new_dgram_sctp(int fd, int close_flag)
1693 {
1694 BIO *bio;
1695 int ret, optval = 20000;
1696 int auth_data = 0, auth_forward = 0;
1697 unsigned char *p;
1698 struct sctp_authchunk auth;
1699 struct sctp_authchunks *authchunks;
1700 socklen_t sockopt_len;
1701 # ifdef SCTP_AUTHENTICATION_EVENT
1702 # ifdef SCTP_EVENT
1703 struct sctp_event event;
1704 # else
1705 struct sctp_event_subscribe event;
1706 # endif
1707 # endif
1708
1709 bio = BIO_new(BIO_s_datagram_sctp());
1710 if (bio == NULL)
1711 return NULL;
1712 BIO_set_fd(bio, fd, close_flag);
1713
1714 /* Activate SCTP-AUTH for DATA and FORWARD-TSN chunks */
1715 auth.sauth_chunk = OPENSSL_SCTP_DATA_CHUNK_TYPE;
1716 ret =
1717 setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth,
1718 sizeof(struct sctp_authchunk));
1719 if (ret < 0) {
1720 BIO_vfree(bio);
1721 ERR_raise_data(ERR_LIB_BIO, ERR_R_SYS_LIB,
1722 "Ensure SCTP AUTH chunks are enabled in kernel");
1723 return NULL;
1724 }
1725 auth.sauth_chunk = OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE;
1726 ret =
1727 setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth,
1728 sizeof(struct sctp_authchunk));
1729 if (ret < 0) {
1730 BIO_vfree(bio);
1731 ERR_raise_data(ERR_LIB_BIO, ERR_R_SYS_LIB,
1732 "Ensure SCTP AUTH chunks are enabled in kernel");
1733 return NULL;
1734 }
1735
1736 /*
1737 * Test if activation was successful. When using accept(), SCTP-AUTH has
1738 * to be activated for the listening socket already, otherwise the
1739 * connected socket won't use it. Similarly with connect(): the socket
1740 * prior to connection must be activated for SCTP-AUTH
1741 */
1742 sockopt_len = (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
1743 authchunks = OPENSSL_zalloc(sockopt_len);
1744 if (authchunks == NULL) {
1745 BIO_vfree(bio);
1746 return NULL;
1747 }
1748 ret = getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks,
1749 &sockopt_len);
1750 if (ret < 0) {
1751 OPENSSL_free(authchunks);
1752 BIO_vfree(bio);
1753 return NULL;
1754 }
1755
1756 for (p = (unsigned char *)authchunks->gauth_chunks;
1757 p < (unsigned char *)authchunks + sockopt_len;
1758 p += sizeof(uint8_t)) {
1759 if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE)
1760 auth_data = 1;
1761 if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE)
1762 auth_forward = 1;
1763 }
1764
1765 OPENSSL_free(authchunks);
1766
1767 if (!auth_data || !auth_forward) {
1768 BIO_vfree(bio);
1769 ERR_raise_data(ERR_LIB_BIO, ERR_R_SYS_LIB,
1770 "Ensure SCTP AUTH chunks are enabled on the "
1771 "underlying socket");
1772 return NULL;
1773 }
1774
1775 # ifdef SCTP_AUTHENTICATION_EVENT
1776 # ifdef SCTP_EVENT
1777 memset(&event, 0, sizeof(event));
1778 event.se_assoc_id = 0;
1779 event.se_type = SCTP_AUTHENTICATION_EVENT;
1780 event.se_on = 1;
1781 ret =
1782 setsockopt(fd, IPPROTO_SCTP, SCTP_EVENT, &event,
1783 sizeof(struct sctp_event));
1784 if (ret < 0) {
1785 BIO_vfree(bio);
1786 return NULL;
1787 }
1788 # else
1789 sockopt_len = (socklen_t) sizeof(struct sctp_event_subscribe);
1790 ret = getsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event, &sockopt_len);
1791 if (ret < 0) {
1792 BIO_vfree(bio);
1793 return NULL;
1794 }
1795
1796 event.sctp_authentication_event = 1;
1797
1798 ret =
1799 setsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event,
1800 sizeof(struct sctp_event_subscribe));
1801 if (ret < 0) {
1802 BIO_vfree(bio);
1803 return NULL;
1804 }
1805 # endif
1806 # endif
1807
1808 /*
1809 * Disable partial delivery by setting the min size larger than the max
1810 * record size of 2^14 + 2048 + 13
1811 */
1812 ret =
1813 setsockopt(fd, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT, &optval,
1814 sizeof(optval));
1815 if (ret < 0) {
1816 BIO_vfree(bio);
1817 return NULL;
1818 }
1819
1820 return bio;
1821 }
1822
1823 int BIO_dgram_is_sctp(BIO *bio)
1824 {
1825 return (BIO_method_type(bio) == BIO_TYPE_DGRAM_SCTP);
1826 }
1827
1828 static int dgram_sctp_new(BIO *bi)
1829 {
1830 bio_dgram_sctp_data *data = NULL;
1831
1832 bi->init = 0;
1833 bi->num = 0;
1834 if ((data = OPENSSL_zalloc(sizeof(*data))) == NULL) {
1835 ERR_raise(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE);
1836 return 0;
1837 }
1838 # ifdef SCTP_PR_SCTP_NONE
1839 data->prinfo.pr_policy = SCTP_PR_SCTP_NONE;
1840 # endif
1841 bi->ptr = data;
1842
1843 bi->flags = 0;
1844 return 1;
1845 }
1846
1847 static int dgram_sctp_free(BIO *a)
1848 {
1849 bio_dgram_sctp_data *data;
1850
1851 if (a == NULL)
1852 return 0;
1853 if (!dgram_clear(a))
1854 return 0;
1855
1856 data = (bio_dgram_sctp_data *) a->ptr;
1857 if (data != NULL)
1858 OPENSSL_free(data);
1859
1860 return 1;
1861 }
1862
1863 # ifdef SCTP_AUTHENTICATION_EVENT
1864 void dgram_sctp_handle_auth_free_key_event(BIO *b,
1865 union sctp_notification *snp)
1866 {
1867 int ret;
1868 struct sctp_authkey_event *authkeyevent = &snp->sn_auth_event;
1869
1870 if (authkeyevent->auth_indication == SCTP_AUTH_FREE_KEY) {
1871 struct sctp_authkeyid authkeyid;
1872
1873 /* delete key */
1874 authkeyid.scact_keynumber = authkeyevent->auth_keynumber;
1875 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DELETE_KEY,
1876 &authkeyid, sizeof(struct sctp_authkeyid));
1877 }
1878 }
1879 # endif
1880
1881 static int dgram_sctp_read(BIO *b, char *out, int outl)
1882 {
1883 int ret = 0, n = 0, i, optval;
1884 socklen_t optlen;
1885 bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
1886 struct msghdr msg;
1887 struct iovec iov;
1888 struct cmsghdr *cmsg;
1889 char cmsgbuf[512];
1890
1891 if (out != NULL) {
1892 clear_socket_error();
1893
1894 do {
1895 memset(&data->rcvinfo, 0, sizeof(data->rcvinfo));
1896 iov.iov_base = out;
1897 iov.iov_len = outl;
1898 msg.msg_name = NULL;
1899 msg.msg_namelen = 0;
1900 msg.msg_iov = &iov;
1901 msg.msg_iovlen = 1;
1902 msg.msg_control = cmsgbuf;
1903 msg.msg_controllen = 512;
1904 msg.msg_flags = 0;
1905 n = recvmsg(b->num, &msg, 0);
1906
1907 if (n <= 0) {
1908 if (n < 0)
1909 ret = n;
1910 break;
1911 }
1912
1913 if (msg.msg_controllen > 0) {
1914 for (cmsg = CMSG_FIRSTHDR(&msg); cmsg;
1915 cmsg = CMSG_NXTHDR(&msg, cmsg)) {
1916 if (cmsg->cmsg_level != IPPROTO_SCTP)
1917 continue;
1918 # ifdef SCTP_RCVINFO
1919 if (cmsg->cmsg_type == SCTP_RCVINFO) {
1920 struct sctp_rcvinfo *rcvinfo;
1921
1922 rcvinfo = (struct sctp_rcvinfo *)CMSG_DATA(cmsg);
1923 data->rcvinfo.rcv_sid = rcvinfo->rcv_sid;
1924 data->rcvinfo.rcv_ssn = rcvinfo->rcv_ssn;
1925 data->rcvinfo.rcv_flags = rcvinfo->rcv_flags;
1926 data->rcvinfo.rcv_ppid = rcvinfo->rcv_ppid;
1927 data->rcvinfo.rcv_tsn = rcvinfo->rcv_tsn;
1928 data->rcvinfo.rcv_cumtsn = rcvinfo->rcv_cumtsn;
1929 data->rcvinfo.rcv_context = rcvinfo->rcv_context;
1930 }
1931 # endif
1932 # ifdef SCTP_SNDRCV
1933 if (cmsg->cmsg_type == SCTP_SNDRCV) {
1934 struct sctp_sndrcvinfo *sndrcvinfo;
1935
1936 sndrcvinfo =
1937 (struct sctp_sndrcvinfo *)CMSG_DATA(cmsg);
1938 data->rcvinfo.rcv_sid = sndrcvinfo->sinfo_stream;
1939 data->rcvinfo.rcv_ssn = sndrcvinfo->sinfo_ssn;
1940 data->rcvinfo.rcv_flags = sndrcvinfo->sinfo_flags;
1941 data->rcvinfo.rcv_ppid = sndrcvinfo->sinfo_ppid;
1942 data->rcvinfo.rcv_tsn = sndrcvinfo->sinfo_tsn;
1943 data->rcvinfo.rcv_cumtsn = sndrcvinfo->sinfo_cumtsn;
1944 data->rcvinfo.rcv_context = sndrcvinfo->sinfo_context;
1945 }
1946 # endif
1947 }
1948 }
1949
1950 if (msg.msg_flags & MSG_NOTIFICATION) {
1951 union sctp_notification snp;
1952
1953 memcpy(&snp, out, sizeof(snp));
1954 if (snp.sn_header.sn_type == SCTP_SENDER_DRY_EVENT) {
1955 # ifdef SCTP_EVENT
1956 struct sctp_event event;
1957 # else
1958 struct sctp_event_subscribe event;
1959 socklen_t eventsize;
1960 # endif
1961
1962 /* disable sender dry event */
1963 # ifdef SCTP_EVENT
1964 memset(&event, 0, sizeof(event));
1965 event.se_assoc_id = 0;
1966 event.se_type = SCTP_SENDER_DRY_EVENT;
1967 event.se_on = 0;
1968 i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event,
1969 sizeof(struct sctp_event));
1970 if (i < 0) {
1971 ret = i;
1972 break;
1973 }
1974 # else
1975 eventsize = sizeof(struct sctp_event_subscribe);
1976 i = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
1977 &eventsize);
1978 if (i < 0) {
1979 ret = i;
1980 break;
1981 }
1982
1983 event.sctp_sender_dry_event = 0;
1984
1985 i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
1986 sizeof(struct sctp_event_subscribe));
1987 if (i < 0) {
1988 ret = i;
1989 break;
1990 }
1991 # endif
1992 }
1993 # ifdef SCTP_AUTHENTICATION_EVENT
1994 if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT)
1995 dgram_sctp_handle_auth_free_key_event(b, &snp);
1996 # endif
1997
1998 if (data->handle_notifications != NULL)
1999 data->handle_notifications(b, data->notification_context,
2000 (void *)out);
2001
2002 memset(&snp, 0, sizeof(snp));
2003 memset(out, 0, outl);
2004 } else {
2005 ret += n;
2006 }
2007 }
2008 while ((msg.msg_flags & MSG_NOTIFICATION) && (msg.msg_flags & MSG_EOR)
2009 && (ret < outl));
2010
2011 if (ret > 0 && !(msg.msg_flags & MSG_EOR)) {
2012 /* Partial message read, this should never happen! */
2013
2014 /*
2015 * The buffer was too small, this means the peer sent a message
2016 * that was larger than allowed.
2017 */
2018 if (ret == outl)
2019 return -1;
2020
2021 /*
2022 * Test if socket buffer can handle max record size (2^14 + 2048
2023 * + 13)
2024 */
2025 optlen = (socklen_t) sizeof(int);
2026 ret = getsockopt(b->num, SOL_SOCKET, SO_RCVBUF, &optval, &optlen);
2027 if (ret >= 0)
2028 OPENSSL_assert(optval >= 18445);
2029
2030 /*
2031 * Test if SCTP doesn't partially deliver below max record size
2032 * (2^14 + 2048 + 13)
2033 */
2034 optlen = (socklen_t) sizeof(int);
2035 ret =
2036 getsockopt(b->num, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT,
2037 &optval, &optlen);
2038 if (ret >= 0)
2039 OPENSSL_assert(optval >= 18445);
2040
2041 /*
2042 * Partially delivered notification??? Probably a bug....
2043 */
2044 OPENSSL_assert(!(msg.msg_flags & MSG_NOTIFICATION));
2045
2046 /*
2047 * Everything seems ok till now, so it's most likely a message
2048 * dropped by PR-SCTP.
2049 */
2050 memset(out, 0, outl);
2051 BIO_set_retry_read(b);
2052 return -1;
2053 }
2054
2055 BIO_clear_retry_flags(b);
2056 if (ret < 0) {
2057 if (BIO_dgram_should_retry(ret)) {
2058 BIO_set_retry_read(b);
2059 data->_errno = get_last_socket_error();
2060 }
2061 }
2062
2063 /* Test if peer uses SCTP-AUTH before continuing */
2064 if (!data->peer_auth_tested) {
2065 int ii, auth_data = 0, auth_forward = 0;
2066 unsigned char *p;
2067 struct sctp_authchunks *authchunks;
2068
2069 optlen =
2070 (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
2071 authchunks = OPENSSL_malloc(optlen);
2072 if (authchunks == NULL) {
2073 ERR_raise(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE);
2074 return -1;
2075 }
2076 memset(authchunks, 0, optlen);
2077 ii = getsockopt(b->num, IPPROTO_SCTP, SCTP_PEER_AUTH_CHUNKS,
2078 authchunks, &optlen);
2079
2080 if (ii >= 0)
2081 for (p = (unsigned char *)authchunks->gauth_chunks;
2082 p < (unsigned char *)authchunks + optlen;
2083 p += sizeof(uint8_t)) {
2084 if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE)
2085 auth_data = 1;
2086 if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE)
2087 auth_forward = 1;
2088 }
2089
2090 OPENSSL_free(authchunks);
2091
2092 if (!auth_data || !auth_forward) {
2093 ERR_raise(ERR_LIB_BIO, BIO_R_CONNECT_ERROR);
2094 return -1;
2095 }
2096
2097 data->peer_auth_tested = 1;
2098 }
2099 }
2100 return ret;
2101 }
2102
2103 /*
2104 * dgram_sctp_write - send message on SCTP socket
2105 * @b: BIO to write to
2106 * @in: data to send
2107 * @inl: amount of bytes in @in to send
2108 *
2109 * Returns -1 on error or the sent amount of bytes on success
2110 */
2111 static int dgram_sctp_write(BIO *b, const char *in, int inl)
2112 {
2113 int ret;
2114 bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
2115 struct bio_dgram_sctp_sndinfo *sinfo = &(data->sndinfo);
2116 struct bio_dgram_sctp_prinfo *pinfo = &(data->prinfo);
2117 struct bio_dgram_sctp_sndinfo handshake_sinfo;
2118 struct iovec iov[1];
2119 struct msghdr msg;
2120 struct cmsghdr *cmsg;
2121 # if defined(SCTP_SNDINFO) && defined(SCTP_PRINFO)
2122 char cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndinfo)) +
2123 CMSG_SPACE(sizeof(struct sctp_prinfo))];
2124 struct sctp_sndinfo *sndinfo;
2125 struct sctp_prinfo *prinfo;
2126 # else
2127 char cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndrcvinfo))];
2128 struct sctp_sndrcvinfo *sndrcvinfo;
2129 # endif
2130
2131 clear_socket_error();
2132
2133 /*
2134 * If we're send anything else than application data, disable all user
2135 * parameters and flags.
2136 */
2137 if (in[0] != 23) {
2138 memset(&handshake_sinfo, 0, sizeof(handshake_sinfo));
2139 # ifdef SCTP_SACK_IMMEDIATELY
2140 handshake_sinfo.snd_flags = SCTP_SACK_IMMEDIATELY;
2141 # endif
2142 sinfo = &handshake_sinfo;
2143 }
2144
2145 /* We can only send a shutdown alert if the socket is dry */
2146 if (data->save_shutdown) {
2147 ret = BIO_dgram_sctp_wait_for_dry(b);
2148 if (ret < 0)
2149 return -1;
2150 if (ret == 0) {
2151 BIO_clear_retry_flags(b);
2152 BIO_set_retry_write(b);
2153 return -1;
2154 }
2155 }
2156
2157 iov[0].iov_base = (char *)in;
2158 iov[0].iov_len = inl;
2159 msg.msg_name = NULL;
2160 msg.msg_namelen = 0;
2161 msg.msg_iov = iov;
2162 msg.msg_iovlen = 1;
2163 msg.msg_control = (caddr_t) cmsgbuf;
2164 msg.msg_controllen = 0;
2165 msg.msg_flags = 0;
2166 # if defined(SCTP_SNDINFO) && defined(SCTP_PRINFO)
2167 cmsg = (struct cmsghdr *)cmsgbuf;
2168 cmsg->cmsg_level = IPPROTO_SCTP;
2169 cmsg->cmsg_type = SCTP_SNDINFO;
2170 cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndinfo));
2171 sndinfo = (struct sctp_sndinfo *)CMSG_DATA(cmsg);
2172 memset(sndinfo, 0, sizeof(*sndinfo));
2173 sndinfo->snd_sid = sinfo->snd_sid;
2174 sndinfo->snd_flags = sinfo->snd_flags;
2175 sndinfo->snd_ppid = sinfo->snd_ppid;
2176 sndinfo->snd_context = sinfo->snd_context;
2177 msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_sndinfo));
2178
2179 cmsg =
2180 (struct cmsghdr *)&cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndinfo))];
2181 cmsg->cmsg_level = IPPROTO_SCTP;
2182 cmsg->cmsg_type = SCTP_PRINFO;
2183 cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_prinfo));
2184 prinfo = (struct sctp_prinfo *)CMSG_DATA(cmsg);
2185 memset(prinfo, 0, sizeof(*prinfo));
2186 prinfo->pr_policy = pinfo->pr_policy;
2187 prinfo->pr_value = pinfo->pr_value;
2188 msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_prinfo));
2189 # else
2190 cmsg = (struct cmsghdr *)cmsgbuf;
2191 cmsg->cmsg_level = IPPROTO_SCTP;
2192 cmsg->cmsg_type = SCTP_SNDRCV;
2193 cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndrcvinfo));
2194 sndrcvinfo = (struct sctp_sndrcvinfo *)CMSG_DATA(cmsg);
2195 memset(sndrcvinfo, 0, sizeof(*sndrcvinfo));
2196 sndrcvinfo->sinfo_stream = sinfo->snd_sid;
2197 sndrcvinfo->sinfo_flags = sinfo->snd_flags;
2198 # ifdef __FreeBSD__
2199 sndrcvinfo->sinfo_flags |= pinfo->pr_policy;
2200 # endif
2201 sndrcvinfo->sinfo_ppid = sinfo->snd_ppid;
2202 sndrcvinfo->sinfo_context = sinfo->snd_context;
2203 sndrcvinfo->sinfo_timetolive = pinfo->pr_value;
2204 msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_sndrcvinfo));
2205 # endif
2206
2207 ret = sendmsg(b->num, &msg, 0);
2208
2209 BIO_clear_retry_flags(b);
2210 if (ret <= 0) {
2211 if (BIO_dgram_should_retry(ret)) {
2212 BIO_set_retry_write(b);
2213 data->_errno = get_last_socket_error();
2214 }
2215 }
2216 return ret;
2217 }
2218
2219 static long dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr)
2220 {
2221 long ret = 1;
2222 bio_dgram_sctp_data *data = NULL;
2223 socklen_t sockopt_len = 0;
2224 struct sctp_authkeyid authkeyid;
2225 struct sctp_authkey *authkey = NULL;
2226
2227 data = (bio_dgram_sctp_data *) b->ptr;
2228
2229 switch (cmd) {
2230 case BIO_CTRL_DGRAM_QUERY_MTU:
2231 /*
2232 * Set to maximum (2^14) and ignore user input to enable transport
2233 * protocol fragmentation. Returns always 2^14.
2234 */
2235 data->mtu = 16384;
2236 ret = data->mtu;
2237 break;
2238 case BIO_CTRL_DGRAM_SET_MTU:
2239 /*
2240 * Set to maximum (2^14) and ignore input to enable transport
2241 * protocol fragmentation. Returns always 2^14.
2242 */
2243 data->mtu = 16384;
2244 ret = data->mtu;
2245 break;
2246 case BIO_CTRL_DGRAM_SET_CONNECTED:
2247 case BIO_CTRL_DGRAM_CONNECT:
2248 /* Returns always -1. */
2249 ret = -1;
2250 break;
2251 case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT:
2252 /*
2253 * SCTP doesn't need the DTLS timer Returns always 1.
2254 */
2255 break;
2256 case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD:
2257 /*
2258 * We allow transport protocol fragmentation so this is irrelevant
2259 */
2260 ret = 0;
2261 break;
2262 case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE:
2263 if (num > 0)
2264 data->in_handshake = 1;
2265 else
2266 data->in_handshake = 0;
2267
2268 ret =
2269 setsockopt(b->num, IPPROTO_SCTP, SCTP_NODELAY,
2270 &data->in_handshake, sizeof(int));
2271 break;
2272 case BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY:
2273 /*
2274 * New shared key for SCTP AUTH. Returns 0 on success, -1 otherwise.
2275 */
2276
2277 /* Get active key */
2278 sockopt_len = sizeof(struct sctp_authkeyid);
2279 ret =
2280 getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid,
2281 &sockopt_len);
2282 if (ret < 0)
2283 break;
2284
2285 /* Add new key */
2286 sockopt_len = sizeof(struct sctp_authkey) + 64 * sizeof(uint8_t);
2287 authkey = OPENSSL_malloc(sockopt_len);
2288 if (authkey == NULL) {
2289 ret = -1;
2290 break;
2291 }
2292 memset(authkey, 0, sockopt_len);
2293 authkey->sca_keynumber = authkeyid.scact_keynumber + 1;
2294 # ifndef __FreeBSD__
2295 /*
2296 * This field is missing in FreeBSD 8.2 and earlier, and FreeBSD 8.3
2297 * and higher work without it.
2298 */
2299 authkey->sca_keylength = 64;
2300 # endif
2301 memcpy(&authkey->sca_key[0], ptr, 64 * sizeof(uint8_t));
2302
2303 ret =
2304 setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_KEY, authkey,
2305 sockopt_len);
2306 OPENSSL_free(authkey);
2307 authkey = NULL;
2308 if (ret < 0)
2309 break;
2310
2311 /* Reset active key */
2312 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY,
2313 &authkeyid, sizeof(struct sctp_authkeyid));
2314 if (ret < 0)
2315 break;
2316
2317 break;
2318 case BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY:
2319 /* Returns 0 on success, -1 otherwise. */
2320
2321 /* Get active key */
2322 sockopt_len = sizeof(struct sctp_authkeyid);
2323 ret =
2324 getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid,
2325 &sockopt_len);
2326 if (ret < 0)
2327 break;
2328
2329 /* Set active key */
2330 authkeyid.scact_keynumber = authkeyid.scact_keynumber + 1;
2331 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY,
2332 &authkeyid, sizeof(struct sctp_authkeyid));
2333 if (ret < 0)
2334 break;
2335
2336 /*
2337 * CCS has been sent, so remember that and fall through to check if
2338 * we need to deactivate an old key
2339 */
2340 data->ccs_sent = 1;
2341 /* fall-through */
2342
2343 case BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD:
2344 /* Returns 0 on success, -1 otherwise. */
2345
2346 /*
2347 * Has this command really been called or is this just a
2348 * fall-through?
2349 */
2350 if (cmd == BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD)
2351 data->ccs_rcvd = 1;
2352
2353 /*
2354 * CSS has been both, received and sent, so deactivate an old key
2355 */
2356 if (data->ccs_rcvd == 1 && data->ccs_sent == 1) {
2357 /* Get active key */
2358 sockopt_len = sizeof(struct sctp_authkeyid);
2359 ret =
2360 getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY,
2361 &authkeyid, &sockopt_len);
2362 if (ret < 0)
2363 break;
2364
2365 /*
2366 * Deactivate key or delete second last key if
2367 * SCTP_AUTHENTICATION_EVENT is not available.
2368 */
2369 authkeyid.scact_keynumber = authkeyid.scact_keynumber - 1;
2370 # ifdef SCTP_AUTH_DEACTIVATE_KEY
2371 sockopt_len = sizeof(struct sctp_authkeyid);
2372 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DEACTIVATE_KEY,
2373 &authkeyid, sockopt_len);
2374 if (ret < 0)
2375 break;
2376 # endif
2377 # ifndef SCTP_AUTHENTICATION_EVENT
2378 if (authkeyid.scact_keynumber > 0) {
2379 authkeyid.scact_keynumber = authkeyid.scact_keynumber - 1;
2380 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DELETE_KEY,
2381 &authkeyid, sizeof(struct sctp_authkeyid));
2382 if (ret < 0)
2383 break;
2384 }
2385 # endif
2386
2387 data->ccs_rcvd = 0;
2388 data->ccs_sent = 0;
2389 }
2390 break;
2391 case BIO_CTRL_DGRAM_SCTP_GET_SNDINFO:
2392 /* Returns the size of the copied struct. */
2393 if (num > (long)sizeof(struct bio_dgram_sctp_sndinfo))
2394 num = sizeof(struct bio_dgram_sctp_sndinfo);
2395
2396 memcpy(ptr, &(data->sndinfo), num);
2397 ret = num;
2398 break;
2399 case BIO_CTRL_DGRAM_SCTP_SET_SNDINFO:
2400 /* Returns the size of the copied struct. */
2401 if (num > (long)sizeof(struct bio_dgram_sctp_sndinfo))
2402 num = sizeof(struct bio_dgram_sctp_sndinfo);
2403
2404 memcpy(&(data->sndinfo), ptr, num);
2405 break;
2406 case BIO_CTRL_DGRAM_SCTP_GET_RCVINFO:
2407 /* Returns the size of the copied struct. */
2408 if (num > (long)sizeof(struct bio_dgram_sctp_rcvinfo))
2409 num = sizeof(struct bio_dgram_sctp_rcvinfo);
2410
2411 memcpy(ptr, &data->rcvinfo, num);
2412
2413 ret = num;
2414 break;
2415 case BIO_CTRL_DGRAM_SCTP_SET_RCVINFO:
2416 /* Returns the size of the copied struct. */
2417 if (num > (long)sizeof(struct bio_dgram_sctp_rcvinfo))
2418 num = sizeof(struct bio_dgram_sctp_rcvinfo);
2419
2420 memcpy(&(data->rcvinfo), ptr, num);
2421 break;
2422 case BIO_CTRL_DGRAM_SCTP_GET_PRINFO:
2423 /* Returns the size of the copied struct. */
2424 if (num > (long)sizeof(struct bio_dgram_sctp_prinfo))
2425 num = sizeof(struct bio_dgram_sctp_prinfo);
2426
2427 memcpy(ptr, &(data->prinfo), num);
2428 ret = num;
2429 break;
2430 case BIO_CTRL_DGRAM_SCTP_SET_PRINFO:
2431 /* Returns the size of the copied struct. */
2432 if (num > (long)sizeof(struct bio_dgram_sctp_prinfo))
2433 num = sizeof(struct bio_dgram_sctp_prinfo);
2434
2435 memcpy(&(data->prinfo), ptr, num);
2436 break;
2437 case BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN:
2438 /* Returns always 1. */
2439 if (num > 0)
2440 data->save_shutdown = 1;
2441 else
2442 data->save_shutdown = 0;
2443 break;
2444 case BIO_CTRL_DGRAM_SCTP_WAIT_FOR_DRY:
2445 return dgram_sctp_wait_for_dry(b);
2446 case BIO_CTRL_DGRAM_SCTP_MSG_WAITING:
2447 return dgram_sctp_msg_waiting(b);
2448
2449 default:
2450 /*
2451 * Pass to default ctrl function to process SCTP unspecific commands
2452 */
2453 ret = dgram_ctrl(b, cmd, num, ptr);
2454 break;
2455 }
2456 return ret;
2457 }
2458
2459 int BIO_dgram_sctp_notification_cb(BIO *b,
2460 BIO_dgram_sctp_notification_handler_fn handle_notifications,
2461 void *context)
2462 {
2463 bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
2464
2465 if (handle_notifications != NULL) {
2466 data->handle_notifications = handle_notifications;
2467 data->notification_context = context;
2468 } else
2469 return -1;
2470
2471 return 0;
2472 }
2473
2474 /*
2475 * BIO_dgram_sctp_wait_for_dry - Wait for SCTP SENDER_DRY event
2476 * @b: The BIO to check for the dry event
2477 *
2478 * Wait until the peer confirms all packets have been received, and so that
2479 * our kernel doesn't have anything to send anymore. This is only received by
2480 * the peer's kernel, not the application.
2481 *
2482 * Returns:
2483 * -1 on error
2484 * 0 when not dry yet
2485 * 1 when dry
2486 */
2487 int BIO_dgram_sctp_wait_for_dry(BIO *b)
2488 {
2489 return (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SCTP_WAIT_FOR_DRY, 0, NULL);
2490 }
2491
2492 static int dgram_sctp_wait_for_dry(BIO *b)
2493 {
2494 int is_dry = 0;
2495 int sockflags = 0;
2496 int n, ret;
2497 union sctp_notification snp;
2498 struct msghdr msg;
2499 struct iovec iov;
2500 # ifdef SCTP_EVENT
2501 struct sctp_event event;
2502 # else
2503 struct sctp_event_subscribe event;
2504 socklen_t eventsize;
2505 # endif
2506 bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
2507
2508 /* set sender dry event */
2509 # ifdef SCTP_EVENT
2510 memset(&event, 0, sizeof(event));
2511 event.se_assoc_id = 0;
2512 event.se_type = SCTP_SENDER_DRY_EVENT;
2513 event.se_on = 1;
2514 ret =
2515 setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event,
2516 sizeof(struct sctp_event));
2517 # else
2518 eventsize = sizeof(struct sctp_event_subscribe);
2519 ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, &eventsize);
2520 if (ret < 0)
2521 return -1;
2522
2523 event.sctp_sender_dry_event = 1;
2524
2525 ret =
2526 setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
2527 sizeof(struct sctp_event_subscribe));
2528 # endif
2529 if (ret < 0)
2530 return -1;
2531
2532 /* peek for notification */
2533 memset(&snp, 0, sizeof(snp));
2534 iov.iov_base = (char *)&snp;
2535 iov.iov_len = sizeof(union sctp_notification);
2536 msg.msg_name = NULL;
2537 msg.msg_namelen = 0;
2538 msg.msg_iov = &iov;
2539 msg.msg_iovlen = 1;
2540 msg.msg_control = NULL;
2541 msg.msg_controllen = 0;
2542 msg.msg_flags = 0;
2543
2544 n = recvmsg(b->num, &msg, MSG_PEEK);
2545 if (n <= 0) {
2546 if ((n < 0) && (get_last_socket_error() != EAGAIN)
2547 && (get_last_socket_error() != EWOULDBLOCK))
2548 return -1;
2549 else
2550 return 0;
2551 }
2552
2553 /* if we find a notification, process it and try again if necessary */
2554 while (msg.msg_flags & MSG_NOTIFICATION) {
2555 memset(&snp, 0, sizeof(snp));
2556 iov.iov_base = (char *)&snp;
2557 iov.iov_len = sizeof(union sctp_notification);
2558 msg.msg_name = NULL;
2559 msg.msg_namelen = 0;
2560 msg.msg_iov = &iov;
2561 msg.msg_iovlen = 1;
2562 msg.msg_control = NULL;
2563 msg.msg_controllen = 0;
2564 msg.msg_flags = 0;
2565
2566 n = recvmsg(b->num, &msg, 0);
2567 if (n <= 0) {
2568 if ((n < 0) && (get_last_socket_error() != EAGAIN)
2569 && (get_last_socket_error() != EWOULDBLOCK))
2570 return -1;
2571 else
2572 return is_dry;
2573 }
2574
2575 if (snp.sn_header.sn_type == SCTP_SENDER_DRY_EVENT) {
2576 is_dry = 1;
2577
2578 /* disable sender dry event */
2579 # ifdef SCTP_EVENT
2580 memset(&event, 0, sizeof(event));
2581 event.se_assoc_id = 0;
2582 event.se_type = SCTP_SENDER_DRY_EVENT;
2583 event.se_on = 0;
2584 ret =
2585 setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event,
2586 sizeof(struct sctp_event));
2587 # else
2588 eventsize = (socklen_t) sizeof(struct sctp_event_subscribe);
2589 ret =
2590 getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
2591 &eventsize);
2592 if (ret < 0)
2593 return -1;
2594
2595 event.sctp_sender_dry_event = 0;
2596
2597 ret =
2598 setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
2599 sizeof(struct sctp_event_subscribe));
2600 # endif
2601 if (ret < 0)
2602 return -1;
2603 }
2604 # ifdef SCTP_AUTHENTICATION_EVENT
2605 if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT)
2606 dgram_sctp_handle_auth_free_key_event(b, &snp);
2607 # endif
2608
2609 if (data->handle_notifications != NULL)
2610 data->handle_notifications(b, data->notification_context,
2611 (void *)&snp);
2612
2613 /* found notification, peek again */
2614 memset(&snp, 0, sizeof(snp));
2615 iov.iov_base = (char *)&snp;
2616 iov.iov_len = sizeof(union sctp_notification);
2617 msg.msg_name = NULL;
2618 msg.msg_namelen = 0;
2619 msg.msg_iov = &iov;
2620 msg.msg_iovlen = 1;
2621 msg.msg_control = NULL;
2622 msg.msg_controllen = 0;
2623 msg.msg_flags = 0;
2624
2625 /* if we have seen the dry already, don't wait */
2626 if (is_dry) {
2627 sockflags = fcntl(b->num, F_GETFL, 0);
2628 fcntl(b->num, F_SETFL, O_NONBLOCK);
2629 }
2630
2631 n = recvmsg(b->num, &msg, MSG_PEEK);
2632
2633 if (is_dry) {
2634 fcntl(b->num, F_SETFL, sockflags);
2635 }
2636
2637 if (n <= 0) {
2638 if ((n < 0) && (get_last_socket_error() != EAGAIN)
2639 && (get_last_socket_error() != EWOULDBLOCK))
2640 return -1;
2641 else
2642 return is_dry;
2643 }
2644 }
2645
2646 /* read anything else */
2647 return is_dry;
2648 }
2649
2650 int BIO_dgram_sctp_msg_waiting(BIO *b)
2651 {
2652 return (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SCTP_MSG_WAITING, 0, NULL);
2653 }
2654
2655 static int dgram_sctp_msg_waiting(BIO *b)
2656 {
2657 int n, sockflags;
2658 union sctp_notification snp;
2659 struct msghdr msg;
2660 struct iovec iov;
2661 bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
2662
2663 /* Check if there are any messages waiting to be read */
2664 do {
2665 memset(&snp, 0, sizeof(snp));
2666 iov.iov_base = (char *)&snp;
2667 iov.iov_len = sizeof(union sctp_notification);
2668 msg.msg_name = NULL;
2669 msg.msg_namelen = 0;
2670 msg.msg_iov = &iov;
2671 msg.msg_iovlen = 1;
2672 msg.msg_control = NULL;
2673 msg.msg_controllen = 0;
2674 msg.msg_flags = 0;
2675
2676 sockflags = fcntl(b->num, F_GETFL, 0);
2677 fcntl(b->num, F_SETFL, O_NONBLOCK);
2678 n = recvmsg(b->num, &msg, MSG_PEEK);
2679 fcntl(b->num, F_SETFL, sockflags);
2680
2681 /* if notification, process and try again */
2682 if (n > 0 && (msg.msg_flags & MSG_NOTIFICATION)) {
2683 # ifdef SCTP_AUTHENTICATION_EVENT
2684 if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT)
2685 dgram_sctp_handle_auth_free_key_event(b, &snp);
2686 # endif
2687
2688 memset(&snp, 0, sizeof(snp));
2689 iov.iov_base = (char *)&snp;
2690 iov.iov_len = sizeof(union sctp_notification);
2691 msg.msg_name = NULL;
2692 msg.msg_namelen = 0;
2693 msg.msg_iov = &iov;
2694 msg.msg_iovlen = 1;
2695 msg.msg_control = NULL;
2696 msg.msg_controllen = 0;
2697 msg.msg_flags = 0;
2698 n = recvmsg(b->num, &msg, 0);
2699
2700 if (data->handle_notifications != NULL)
2701 data->handle_notifications(b, data->notification_context,
2702 (void *)&snp);
2703 }
2704
2705 } while (n > 0 && (msg.msg_flags & MSG_NOTIFICATION));
2706
2707 /* Return 1 if there is a message to be read, return 0 otherwise. */
2708 if (n > 0)
2709 return 1;
2710 else
2711 return 0;
2712 }
2713
2714 static int dgram_sctp_puts(BIO *bp, const char *str)
2715 {
2716 int n, ret;
2717
2718 n = strlen(str);
2719 ret = dgram_sctp_write(bp, str, n);
2720 return ret;
2721 }
2722 # endif
2723
2724 static int BIO_dgram_should_retry(int i)
2725 {
2726 int err;
2727
2728 if ((i == 0) || (i == -1)) {
2729 err = get_last_socket_error();
2730
2731 # if defined(OPENSSL_SYS_WINDOWS)
2732 /*
2733 * If the socket return value (i) is -1 and err is unexpectedly 0 at
2734 * this point, the error code was overwritten by another system call
2735 * before this error handling is called.
2736 */
2737 # endif
2738
2739 return BIO_dgram_non_fatal_error(err);
2740 }
2741 return 0;
2742 }
2743
2744 int BIO_dgram_non_fatal_error(int err)
2745 {
2746 switch (err) {
2747 # if defined(OPENSSL_SYS_WINDOWS)
2748 # if defined(WSAEWOULDBLOCK)
2749 case WSAEWOULDBLOCK:
2750 # endif
2751 # endif
2752
2753 # ifdef EWOULDBLOCK
2754 # ifdef WSAEWOULDBLOCK
2755 # if WSAEWOULDBLOCK != EWOULDBLOCK
2756 case EWOULDBLOCK:
2757 # endif
2758 # else
2759 case EWOULDBLOCK:
2760 # endif
2761 # endif
2762
2763 # ifdef EINTR
2764 case EINTR:
2765 # endif
2766
2767 # ifdef EAGAIN
2768 # if EWOULDBLOCK != EAGAIN
2769 case EAGAIN:
2770 # endif
2771 # endif
2772
2773 # ifdef EPROTO
2774 case EPROTO:
2775 # endif
2776
2777 # ifdef EINPROGRESS
2778 case EINPROGRESS:
2779 # endif
2780
2781 # ifdef EALREADY
2782 case EALREADY:
2783 # endif
2784
2785 return 1;
2786 default:
2787 break;
2788 }
2789 return 0;
2790 }
2791
2792 static void get_current_time(struct timeval *t)
2793 {
2794 # if defined(_WIN32)
2795 SYSTEMTIME st;
2796 unsigned __int64 now_ul;
2797 FILETIME now_ft;
2798
2799 GetSystemTime(&st);
2800 SystemTimeToFileTime(&st, &now_ft);
2801 now_ul = ((unsigned __int64)now_ft.dwHighDateTime << 32) | now_ft.dwLowDateTime;
2802 # ifdef __MINGW32__
2803 now_ul -= 116444736000000000ULL;
2804 # else
2805 now_ul -= 116444736000000000UI64; /* re-bias to 1/1/1970 */
2806 # endif
2807 t->tv_sec = (long)(now_ul / 10000000);
2808 t->tv_usec = ((int)(now_ul % 10000000)) / 10;
2809 # else
2810 if (gettimeofday(t, NULL) < 0)
2811 perror("gettimeofday");
2812 # endif
2813 }
2814
2815 #endif
A mirror of the official openssl repository