/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2005-2024 The OpenSSL Project Authors. All Rights Reserved.
*
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
+#ifndef _GNU_SOURCE
+# define _GNU_SOURCE
+#endif
+
#include <stdio.h>
#include <errno.h>
-#define USE_SOCKETS
-#include "internal/cryptlib.h"
-#include <openssl/bio.h>
+#include "internal/time.h"
+#include "bio_local.h"
#ifndef OPENSSL_NO_DGRAM
-# if !(defined(_WIN32) || defined(OPENSSL_SYS_VMS))
-# include <sys/time.h>
-# endif
-# if defined(OPENSSL_SYS_VMS)
-# include <sys/timeb.h>
-# endif
-
# ifndef OPENSSL_NO_SCTP
# include <netinet/sctp.h>
# include <fcntl.h>
((a)->s6_addr32[2] == htonl(0x0000ffff)))
# endif
-# ifdef WATT32
-# define sock_write SockWrite /* Watt-32 uses same names */
-# define sock_read SockRead
-# define sock_puts SockPuts
+/* Determine what method to use for BIO_sendmmsg and BIO_recvmmsg. */
+# define M_METHOD_NONE 0
+# define M_METHOD_RECVMMSG 1
+# define M_METHOD_RECVMSG 2
+# define M_METHOD_RECVFROM 3
+# define M_METHOD_WSARECVMSG 4
+
+# if defined(__GLIBC__) && defined(__GLIBC_PREREQ)
+# if !(__GLIBC_PREREQ(2, 14))
+# undef NO_RECVMMSG
+ /*
+ * Some old glibc versions may have recvmmsg and MSG_WAITFORONE flag, but
+ * not sendmmsg. We need both so force this to be disabled on these old
+ * versions
+ */
+# define NO_RECVMMSG
+# endif
+# endif
+# if defined(__GNU__)
+ /* GNU/Hurd does not have IP_PKTINFO yet */
+ #undef NO_RECVMSG
+ #define NO_RECVMSG
+# endif
+# if !defined(M_METHOD)
+# if defined(OPENSSL_SYS_WINDOWS) && defined(BIO_HAVE_WSAMSG) && !defined(NO_WSARECVMSG)
+# define M_METHOD M_METHOD_WSARECVMSG
+# elif !defined(OPENSSL_SYS_WINDOWS) && defined(MSG_WAITFORONE) && !defined(NO_RECVMMSG)
+# define M_METHOD M_METHOD_RECVMMSG
+# elif !defined(OPENSSL_SYS_WINDOWS) && defined(CMSG_LEN) && !defined(NO_RECVMSG)
+# define M_METHOD M_METHOD_RECVMSG
+# elif !defined(NO_RECVFROM)
+# define M_METHOD M_METHOD_RECVFROM
+# else
+# define M_METHOD M_METHOD_NONE
+# endif
+# endif
+
+# if defined(OPENSSL_SYS_WINDOWS)
+# define BIO_CMSG_SPACE(x) WSA_CMSG_SPACE(x)
+# define BIO_CMSG_FIRSTHDR(x) WSA_CMSG_FIRSTHDR(x)
+# define BIO_CMSG_NXTHDR(x, y) WSA_CMSG_NXTHDR(x, y)
+# define BIO_CMSG_DATA(x) WSA_CMSG_DATA(x)
+# define BIO_CMSG_LEN(x) WSA_CMSG_LEN(x)
+# define MSGHDR_TYPE WSAMSG
+# define CMSGHDR_TYPE WSACMSGHDR
+# else
+# define MSGHDR_TYPE struct msghdr
+# define CMSGHDR_TYPE struct cmsghdr
+# define BIO_CMSG_SPACE(x) CMSG_SPACE(x)
+# define BIO_CMSG_FIRSTHDR(x) CMSG_FIRSTHDR(x)
+# define BIO_CMSG_NXTHDR(x, y) CMSG_NXTHDR(x, y)
+# define BIO_CMSG_DATA(x) CMSG_DATA(x)
+# define BIO_CMSG_LEN(x) CMSG_LEN(x)
+# endif
+
+# if M_METHOD == M_METHOD_RECVMMSG \
+ || M_METHOD == M_METHOD_RECVMSG \
+ || M_METHOD == M_METHOD_WSARECVMSG
+# if defined(__APPLE__)
+ /*
+ * CMSG_SPACE is not a constant expression on OSX even though POSIX
+ * says it's supposed to be. This should be adequate.
+ */
+# define BIO_CMSG_ALLOC_LEN 64
+# else
+# if defined(IPV6_PKTINFO)
+# define BIO_CMSG_ALLOC_LEN_1 BIO_CMSG_SPACE(sizeof(struct in6_pktinfo))
+# else
+# define BIO_CMSG_ALLOC_LEN_1 0
+# endif
+# if defined(IP_PKTINFO)
+# define BIO_CMSG_ALLOC_LEN_2 BIO_CMSG_SPACE(sizeof(struct in_pktinfo))
+# else
+# define BIO_CMSG_ALLOC_LEN_2 0
+# endif
+# if defined(IP_RECVDSTADDR)
+# define BIO_CMSG_ALLOC_LEN_3 BIO_CMSG_SPACE(sizeof(struct in_addr))
+# else
+# define BIO_CMSG_ALLOC_LEN_3 0
+# endif
+# define BIO_MAX(X,Y) ((X) > (Y) ? (X) : (Y))
+# define BIO_CMSG_ALLOC_LEN \
+ BIO_MAX(BIO_CMSG_ALLOC_LEN_1, \
+ BIO_MAX(BIO_CMSG_ALLOC_LEN_2, BIO_CMSG_ALLOC_LEN_3))
+# endif
+# if (defined(IP_PKTINFO) || defined(IP_RECVDSTADDR)) && defined(IPV6_RECVPKTINFO)
+# define SUPPORT_LOCAL_ADDR
+# endif
# endif
+# define BIO_MSG_N(array, stride, n) (*(BIO_MSG *)((char *)(array) + (n)*(stride)))
+
static int dgram_write(BIO *h, const char *buf, int num);
static int dgram_read(BIO *h, char *buf, int size);
static int dgram_puts(BIO *h, const char *str);
static int dgram_new(BIO *h);
static int dgram_free(BIO *data);
static int dgram_clear(BIO *bio);
+static int dgram_sendmmsg(BIO *b, BIO_MSG *msg,
+ size_t stride, size_t num_msg,
+ uint64_t flags, size_t *num_processed);
+static int dgram_recvmmsg(BIO *b, BIO_MSG *msg,
+ size_t stride, size_t num_msg,
+ uint64_t flags, size_t *num_processed);
# ifndef OPENSSL_NO_SCTP
static int dgram_sctp_write(BIO *h, const char *buf, int num);
static long dgram_sctp_ctrl(BIO *h, int cmd, long arg1, void *arg2);
static int dgram_sctp_new(BIO *h);
static int dgram_sctp_free(BIO *data);
+static int dgram_sctp_wait_for_dry(BIO *b);
+static int dgram_sctp_msg_waiting(BIO *b);
# ifdef SCTP_AUTHENTICATION_EVENT
static void dgram_sctp_handle_auth_free_key_event(BIO *b, union sctp_notification
*snp);
static int BIO_dgram_should_retry(int s);
-static void get_current_time(struct timeval *t);
-
-static BIO_METHOD methods_dgramp = {
+static const BIO_METHOD methods_dgramp = {
BIO_TYPE_DGRAM,
"datagram socket",
+ bwrite_conv,
dgram_write,
+ bread_conv,
dgram_read,
dgram_puts,
- NULL, /* dgram_gets, */
+ NULL, /* dgram_gets, */
dgram_ctrl,
dgram_new,
dgram_free,
- NULL,
+ NULL, /* dgram_callback_ctrl */
+ dgram_sendmmsg,
+ dgram_recvmmsg,
};
# ifndef OPENSSL_NO_SCTP
-static BIO_METHOD methods_dgramp_sctp = {
+static const BIO_METHOD methods_dgramp_sctp = {
BIO_TYPE_DGRAM_SCTP,
"datagram sctp socket",
+ bwrite_conv,
dgram_sctp_write,
+ bread_conv,
dgram_sctp_read,
dgram_sctp_puts,
- NULL, /* dgram_gets, */
+ NULL, /* dgram_gets, */
dgram_sctp_ctrl,
dgram_sctp_new,
dgram_sctp_free,
- NULL,
+ NULL, /* dgram_callback_ctrl */
+ NULL, /* sendmmsg */
+ NULL, /* recvmmsg */
};
# endif
typedef struct bio_dgram_data_st {
- union {
- struct sockaddr sa;
- struct sockaddr_in sa_in;
-# if OPENSSL_USE_IPV6
- struct sockaddr_in6 sa_in6;
-# endif
- } peer;
+ BIO_ADDR peer;
+ BIO_ADDR local_addr;
unsigned int connected;
unsigned int _errno;
unsigned int mtu;
- struct timeval next_timeout;
- struct timeval socket_timeout;
+ OSSL_TIME next_timeout;
+ OSSL_TIME socket_timeout;
unsigned int peekmode;
+ char local_addr_enabled;
} bio_dgram_data;
# ifndef OPENSSL_NO_SCTP
int length;
} bio_dgram_sctp_save_message;
+/*
+ * Note: bio_dgram_data must be first here
+ * as we use dgram_ctrl for underlying dgram operations
+ * which will cast this struct to a bio_dgram_data
+ */
typedef struct bio_dgram_sctp_data_st {
- union {
- struct sockaddr sa;
- struct sockaddr_in sa_in;
-# if OPENSSL_USE_IPV6
- struct sockaddr_in6 sa_in6;
-# endif
- } peer;
- unsigned int connected;
- unsigned int _errno;
- unsigned int mtu;
+ bio_dgram_data dgram;
struct bio_dgram_sctp_sndinfo sndinfo;
struct bio_dgram_sctp_rcvinfo rcvinfo;
struct bio_dgram_sctp_prinfo prinfo;
- void (*handle_notifications) (BIO *bio, void *context, void *buf);
+ BIO_dgram_sctp_notification_handler_fn handle_notifications;
void *notification_context;
int in_handshake;
int ccs_rcvd;
int ccs_sent;
int save_shutdown;
int peer_auth_tested;
- bio_dgram_sctp_save_message saved_message;
} bio_dgram_sctp_data;
# endif
-BIO_METHOD *BIO_s_datagram(void)
+const BIO_METHOD *BIO_s_datagram(void)
{
- return (&methods_dgramp);
+ return &methods_dgramp;
}
BIO *BIO_new_dgram(int fd, int close_flag)
ret = BIO_new(BIO_s_datagram());
if (ret == NULL)
- return (NULL);
+ return NULL;
BIO_set_fd(ret, fd, close_flag);
- return (ret);
+ return ret;
}
static int dgram_new(BIO *bi)
if (data == NULL)
return 0;
bi->ptr = data;
- return (1);
+ return 1;
}
static int dgram_free(BIO *a)
bio_dgram_data *data;
if (a == NULL)
- return (0);
+ return 0;
if (!dgram_clear(a))
return 0;
data = (bio_dgram_data *)a->ptr;
OPENSSL_free(data);
- return (1);
+ return 1;
}
static int dgram_clear(BIO *a)
{
if (a == NULL)
- return (0);
+ return 0;
if (a->shutdown) {
if (a->init) {
- SHUTDOWN2(a->num);
+ BIO_closesocket(a->num);
}
a->init = 0;
a->flags = 0;
}
- return (1);
+ return 1;
}
static void dgram_adjust_rcv_timeout(BIO *b)
{
# if defined(SO_RCVTIMEO)
bio_dgram_data *data = (bio_dgram_data *)b->ptr;
- union {
- size_t s;
- int i;
- } sz = {
- 0
- };
+ OSSL_TIME timeleft;
/* Is a timer active? */
- if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0) {
- struct timeval timenow, timeleft;
-
+ if (!ossl_time_is_zero(data->next_timeout)) {
/* Read current socket timeout */
# ifdef OPENSSL_SYS_WINDOWS
int timeout;
+ int sz = sizeof(timeout);
- sz.i = sizeof(timeout);
if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
- (void *)&timeout, &sz.i) < 0) {
- perror("getsockopt");
- } else {
- data->socket_timeout.tv_sec = timeout / 1000;
- data->socket_timeout.tv_usec = (timeout % 1000) * 1000;
- }
+ (void *)&timeout, &sz) < 0)
+ ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
+ "calling getsockopt()");
+ else
+ data->socket_timeout = ossl_ms2time(timeout);
# else
- sz.i = sizeof(data->socket_timeout);
- if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
- &(data->socket_timeout), (void *)&sz) < 0) {
- perror("getsockopt");
- } else if (sizeof(sz.s) != sizeof(sz.i) && sz.i == 0)
- OPENSSL_assert(sz.s <= sizeof(data->socket_timeout));
-# endif
+ struct timeval tv;
+ socklen_t sz = sizeof(tv);
- /* Get current time */
- get_current_time(&timenow);
+ if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &tv, &sz) < 0)
+ ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
+ "calling getsockopt()");
+ else
+ data->socket_timeout = ossl_time_from_timeval(tv);
+# endif
/* Calculate time left until timer expires */
- memcpy(&timeleft, &(data->next_timeout), sizeof(struct timeval));
- if (timeleft.tv_usec < timenow.tv_usec) {
- timeleft.tv_usec = 1000000 - timenow.tv_usec + timeleft.tv_usec;
- timeleft.tv_sec--;
- } else {
- timeleft.tv_usec -= timenow.tv_usec;
- }
- if (timeleft.tv_sec < timenow.tv_sec) {
- timeleft.tv_sec = 0;
- timeleft.tv_usec = 1;
- } else {
- timeleft.tv_sec -= timenow.tv_sec;
- }
+ timeleft = ossl_time_subtract(data->next_timeout, ossl_time_now());
+ if (ossl_time_compare(timeleft, ossl_ticks2time(OSSL_TIME_US)) < 0)
+ timeleft = ossl_ticks2time(OSSL_TIME_US);
/*
- * Adjust socket timeout if next handhake message timer will expire
+ * Adjust socket timeout if next handshake message timer will expire
* earlier.
*/
- if ((data->socket_timeout.tv_sec == 0
- && data->socket_timeout.tv_usec == 0)
- || (data->socket_timeout.tv_sec > timeleft.tv_sec)
- || (data->socket_timeout.tv_sec == timeleft.tv_sec
- && data->socket_timeout.tv_usec >= timeleft.tv_usec)) {
+ if (ossl_time_is_zero(data->socket_timeout)
+ || ossl_time_compare(data->socket_timeout, timeleft) >= 0) {
# ifdef OPENSSL_SYS_WINDOWS
- timeout = timeleft.tv_sec * 1000 + timeleft.tv_usec / 1000;
+ timeout = (int)ossl_time2ms(timeleft);
if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
- (void *)&timeout, sizeof(timeout)) < 0) {
- perror("setsockopt");
- }
+ (void *)&timeout, sizeof(timeout)) < 0)
+ ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
+ "calling setsockopt()");
# else
- if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &timeleft,
- sizeof(struct timeval)) < 0) {
- perror("setsockopt");
- }
+ tv = ossl_time_to_timeval(timeleft);
+ if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &tv,
+ sizeof(tv)) < 0)
+ ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
+ "calling setsockopt()");
# endif
}
}
# endif
}
+static void dgram_update_local_addr(BIO *b)
+{
+ bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+ socklen_t addr_len = sizeof(data->local_addr);
+
+ if (getsockname(b->num, &data->local_addr.sa, &addr_len) < 0)
+ /*
+ * This should not be possible, but zero-initialize and return
+ * anyway.
+ */
+ BIO_ADDR_clear(&data->local_addr);
+}
+
+# if M_METHOD == M_METHOD_RECVMMSG || M_METHOD == M_METHOD_RECVMSG || M_METHOD == M_METHOD_WSARECVMSG
+static int dgram_get_sock_family(BIO *b)
+{
+ bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+ return data->local_addr.sa.sa_family;
+}
+# endif
+
static void dgram_reset_rcv_timeout(BIO *b)
{
# if defined(SO_RCVTIMEO)
bio_dgram_data *data = (bio_dgram_data *)b->ptr;
/* Is a timer active? */
- if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0) {
+ if (!ossl_time_is_zero(data->next_timeout)) {
# ifdef OPENSSL_SYS_WINDOWS
- int timeout = data->socket_timeout.tv_sec * 1000 +
- data->socket_timeout.tv_usec / 1000;
+ int timeout = (int)ossl_time2ms(data->socket_timeout);
+
if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
- (void *)&timeout, sizeof(timeout)) < 0) {
- perror("setsockopt");
- }
+ (void *)&timeout, sizeof(timeout)) < 0)
+ ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
+ "calling setsockopt()");
# else
- if (setsockopt
- (b->num, SOL_SOCKET, SO_RCVTIMEO, &(data->socket_timeout),
- sizeof(struct timeval)) < 0) {
- perror("setsockopt");
- }
+ struct timeval tv = ossl_time_to_timeval(data->socket_timeout);
+
+ if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv)) < 0)
+ ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
+ "calling setsockopt()");
# endif
}
# endif
bio_dgram_data *data = (bio_dgram_data *)b->ptr;
int flags = 0;
- struct {
- /*
- * See commentary in b_sock.c. <appro>
- */
- union {
- size_t s;
- int i;
- } len;
- union {
- struct sockaddr sa;
- struct sockaddr_in sa_in;
-# if OPENSSL_USE_IPV6
- struct sockaddr_in6 sa_in6;
-# endif
- } peer;
- } sa;
-
- sa.len.s = 0;
- sa.len.i = sizeof(sa.peer);
+ BIO_ADDR peer;
+ socklen_t len = sizeof(peer);
if (out != NULL) {
clear_socket_error();
- memset(&sa.peer, 0, sizeof(sa.peer));
+ BIO_ADDR_clear(&peer);
dgram_adjust_rcv_timeout(b);
if (data->peekmode)
flags = MSG_PEEK;
- ret = recvfrom(b->num, out, outl, flags, &sa.peer.sa, (void *)&sa.len);
- if (sizeof(sa.len.i) != sizeof(sa.len.s) && sa.len.i == 0) {
- OPENSSL_assert(sa.len.s <= sizeof(sa.peer));
- sa.len.i = (int)sa.len.s;
- }
+ ret = recvfrom(b->num, out, outl, flags,
+ BIO_ADDR_sockaddr_noconst(&peer), &len);
if (!data->connected && ret >= 0)
- BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &sa.peer);
+ BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &peer);
BIO_clear_retry_flags(b);
if (ret < 0) {
dgram_reset_rcv_timeout(b);
}
- return (ret);
+ return ret;
}
static int dgram_write(BIO *b, const char *in, int inl)
if (data->connected)
ret = writesocket(b->num, in, inl);
else {
- int peerlen = sizeof(data->peer);
+ int peerlen = BIO_ADDR_sockaddr_size(&data->peer);
- if (data->peer.sa.sa_family == AF_INET)
- peerlen = sizeof(data->peer.sa_in);
-# if OPENSSL_USE_IPV6
- else if (data->peer.sa.sa_family == AF_INET6)
- peerlen = sizeof(data->peer.sa_in6);
-# endif
-# if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK)
- ret = sendto(b->num, (char *)in, inl, 0, &data->peer.sa, peerlen);
-# else
- ret = sendto(b->num, in, inl, 0, &data->peer.sa, peerlen);
-# endif
+ ret = sendto(b->num, in, inl, 0,
+ BIO_ADDR_sockaddr(&data->peer), peerlen);
}
BIO_clear_retry_flags(b);
data->_errno = get_last_socket_error();
}
}
- return (ret);
+ return ret;
}
static long dgram_get_mtu_overhead(bio_dgram_data *data)
{
long ret;
- switch (data->peer.sa.sa_family) {
+ switch (BIO_ADDR_family(&data->peer)) {
case AF_INET:
/*
* Assume this is UDP - 20 bytes for IP, 8 bytes for UDP
break;
# if OPENSSL_USE_IPV6
case AF_INET6:
+ {
# ifdef IN6_IS_ADDR_V4MAPPED
- if (IN6_IS_ADDR_V4MAPPED(&data->peer.sa_in6.sin6_addr))
- /*
- * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP
- */
- ret = 28;
- else
+ struct in6_addr tmp_addr;
+ if (BIO_ADDR_rawaddress(&data->peer, &tmp_addr, NULL)
+ && IN6_IS_ADDR_V4MAPPED(&tmp_addr))
+ /*
+ * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP
+ */
+ ret = 28;
+ else
# endif
/*
* Assume this is UDP - 40 bytes for IP, 8 bytes for UDP
*/
ret = 48;
+ }
break;
# endif
default:
return ret;
}
+/* Enables appropriate destination address reception option on the socket. */
+# if defined(SUPPORT_LOCAL_ADDR)
+static int enable_local_addr(BIO *b, int enable) {
+ int af = dgram_get_sock_family(b);
+
+ if (af == AF_INET) {
+# if defined(IP_PKTINFO)
+ /* IP_PKTINFO is preferred */
+ if (setsockopt(b->num, IPPROTO_IP, IP_PKTINFO,
+ (void *)&enable, sizeof(enable)) < 0)
+ return 0;
+
+ return 1;
+
+# elif defined(IP_RECVDSTADDR)
+ /* Fall back to IP_RECVDSTADDR */
+
+ if (setsockopt(b->num, IPPROTO_IP, IP_RECVDSTADDR,
+ &enable, sizeof(enable)) < 0)
+ return 0;
+
+ return 1;
+# endif
+ }
+
+# if OPENSSL_USE_IPV6
+ if (af == AF_INET6) {
+# if defined(IPV6_RECVPKTINFO)
+ if (setsockopt(b->num, IPPROTO_IPV6, IPV6_RECVPKTINFO,
+ &enable, sizeof(enable)) < 0)
+ return 0;
+
+ return 1;
+# endif
+ }
+# endif
+
+ return 0;
+}
+# endif
+
static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
{
long ret = 1;
int *ip;
- struct sockaddr *to = NULL;
bio_dgram_data *data = NULL;
+# ifndef __DJGPP__
+ /* There are currently no cases where this is used on djgpp/watt32. */
int sockopt_val = 0;
+# endif
+ int d_errno;
# if defined(OPENSSL_SYS_LINUX) && (defined(IP_MTU_DISCOVER) || defined(IP_MTU))
socklen_t sockopt_len; /* assume that system supporting IP_MTU is
* modern enough to define socklen_t */
socklen_t addr_len;
- union {
- struct sockaddr sa;
- struct sockaddr_in s4;
-# if OPENSSL_USE_IPV6
- struct sockaddr_in6 s6;
-# endif
- } addr;
+ BIO_ADDR addr;
# endif
data = (bio_dgram_data *)b->ptr;
b->num = *((int *)ptr);
b->shutdown = (int)num;
b->init = 1;
+ dgram_update_local_addr(b);
+# if defined(SUPPORT_LOCAL_ADDR)
+ if (data->local_addr_enabled) {
+ if (enable_local_addr(b, 1) < 1)
+ data->local_addr_enabled = 0;
+ }
+# endif
break;
case BIO_C_GET_FD:
if (b->init) {
ret = 1;
break;
case BIO_CTRL_DGRAM_CONNECT:
- to = (struct sockaddr *)ptr;
- switch (to->sa_family) {
- case AF_INET:
- memcpy(&data->peer, to, sizeof(data->peer.sa_in));
- break;
-# if OPENSSL_USE_IPV6
- case AF_INET6:
- memcpy(&data->peer, to, sizeof(data->peer.sa_in6));
- break;
-# endif
- default:
- memcpy(&data->peer, to, sizeof(data->peer.sa));
- break;
- }
+ BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr));
break;
/* (Linux)kernel sets DF bit on outgoing IP packets */
case BIO_CTRL_DGRAM_MTU_DISCOVER:
# if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO)
addr_len = (socklen_t) sizeof(addr);
- memset(&addr, 0, sizeof(addr));
+ BIO_ADDR_clear(&addr);
if (getsockname(b->num, &addr.sa, &addr_len) < 0) {
ret = 0;
break;
sockopt_val = IP_PMTUDISC_DO;
if ((ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER,
&sockopt_val, sizeof(sockopt_val))) < 0)
- perror("setsockopt");
+ ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
+ "calling setsockopt()");
break;
# if OPENSSL_USE_IPV6 && defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_DO)
case AF_INET6:
sockopt_val = IPV6_PMTUDISC_DO;
if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
&sockopt_val, sizeof(sockopt_val))) < 0)
- perror("setsockopt");
+ ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
+ "calling setsockopt()");
break;
# endif
default:
case BIO_CTRL_DGRAM_QUERY_MTU:
# if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU)
addr_len = (socklen_t) sizeof(addr);
- memset(&addr, 0, sizeof(addr));
+ BIO_ADDR_clear(&addr);
if (getsockname(b->num, &addr.sa, &addr_len) < 0) {
ret = 0;
break;
break;
case BIO_CTRL_DGRAM_GET_FALLBACK_MTU:
ret = -dgram_get_mtu_overhead(data);
- switch (data->peer.sa.sa_family) {
+ switch (BIO_ADDR_family(&data->peer)) {
case AF_INET:
ret += 576;
break;
# if OPENSSL_USE_IPV6
case AF_INET6:
+ {
# ifdef IN6_IS_ADDR_V4MAPPED
- if (IN6_IS_ADDR_V4MAPPED(&data->peer.sa_in6.sin6_addr))
- ret += 576;
- else
+ struct in6_addr tmp_addr;
+ if (BIO_ADDR_rawaddress(&data->peer, &tmp_addr, NULL)
+ && IN6_IS_ADDR_V4MAPPED(&tmp_addr))
+ ret += 576;
+ else
# endif
- ret += 1280;
+ ret += 1280;
+ }
break;
# endif
default:
ret = num;
break;
case BIO_CTRL_DGRAM_SET_CONNECTED:
- to = (struct sockaddr *)ptr;
-
- if (to != NULL) {
+ if (ptr != NULL) {
data->connected = 1;
- switch (to->sa_family) {
- case AF_INET:
- memcpy(&data->peer, to, sizeof(data->peer.sa_in));
- break;
-# if OPENSSL_USE_IPV6
- case AF_INET6:
- memcpy(&data->peer, to, sizeof(data->peer.sa_in6));
- break;
-# endif
- default:
- memcpy(&data->peer, to, sizeof(data->peer.sa));
- break;
- }
+ BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr));
} else {
data->connected = 0;
- memset(&data->peer, 0, sizeof(data->peer));
+ BIO_ADDR_clear(&data->peer);
}
break;
case BIO_CTRL_DGRAM_GET_PEER:
- switch (data->peer.sa.sa_family) {
- case AF_INET:
- ret = sizeof(data->peer.sa_in);
- break;
-# if OPENSSL_USE_IPV6
- case AF_INET6:
- ret = sizeof(data->peer.sa_in6);
- break;
-# endif
- default:
- ret = sizeof(data->peer.sa);
- break;
- }
+ ret = BIO_ADDR_sockaddr_size(&data->peer);
+ /* FIXME: if num < ret, we will only return part of an address.
+ That should bee an error, no? */
if (num == 0 || num > ret)
num = ret;
memcpy(ptr, &data->peer, (ret = num));
break;
case BIO_CTRL_DGRAM_SET_PEER:
- to = (struct sockaddr *)ptr;
- switch (to->sa_family) {
+ BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr));
+ break;
+ case BIO_CTRL_DGRAM_DETECT_PEER_ADDR:
+ {
+ BIO_ADDR xaddr, *p = &data->peer;
+ socklen_t xaddr_len = sizeof(xaddr.sa);
+
+ if (BIO_ADDR_family(p) == AF_UNSPEC) {
+ if (getpeername(b->num, (void *)&xaddr.sa, &xaddr_len) == 0
+ && BIO_ADDR_family(&xaddr) != AF_UNSPEC) {
+ p = &xaddr;
+ } else {
+ ret = 0;
+ break;
+ }
+ }
+
+ ret = BIO_ADDR_sockaddr_size(p);
+ if (num == 0 || num > ret)
+ num = ret;
+
+ memcpy(ptr, p, (ret = num));
+ }
+ break;
+ case BIO_C_SET_NBIO:
+ if (!BIO_socket_nbio(b->num, num != 0))
+ ret = 0;
+ break;
+ case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT:
+ data->next_timeout = ossl_time_from_timeval(*(struct timeval *)ptr);
+ break;
+# if defined(SO_RCVTIMEO)
+ case BIO_CTRL_DGRAM_SET_RECV_TIMEOUT:
+# ifdef OPENSSL_SYS_WINDOWS
+ {
+ struct timeval *tv = (struct timeval *)ptr;
+ int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000;
+
+ if ((ret = setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+ (void *)&timeout, sizeof(timeout))) < 0)
+ ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
+ "calling setsockopt()");
+ }
+# else
+ if ((ret = setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, ptr,
+ sizeof(struct timeval))) < 0)
+ ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
+ "calling setsockopt()");
+# endif
+ break;
+ case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT:
+ {
+# ifdef OPENSSL_SYS_WINDOWS
+ int sz = 0;
+ int timeout;
+ struct timeval *tv = (struct timeval *)ptr;
+
+ sz = sizeof(timeout);
+ if ((ret = getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+ (void *)&timeout, &sz)) < 0) {
+ ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
+ "calling getsockopt()");
+ } else {
+ tv->tv_sec = timeout / 1000;
+ tv->tv_usec = (timeout % 1000) * 1000;
+ ret = sizeof(*tv);
+ }
+# else
+ socklen_t sz = sizeof(struct timeval);
+ if ((ret = getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+ ptr, &sz)) < 0) {
+ ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
+ "calling getsockopt()");
+ } else {
+ OPENSSL_assert((size_t)sz <= sizeof(struct timeval));
+ ret = (int)sz;
+ }
+# endif
+ }
+ break;
+# endif
+# if defined(SO_SNDTIMEO)
+ case BIO_CTRL_DGRAM_SET_SEND_TIMEOUT:
+# ifdef OPENSSL_SYS_WINDOWS
+ {
+ struct timeval *tv = (struct timeval *)ptr;
+ int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000;
+
+ if ((ret = setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
+ (void *)&timeout, sizeof(timeout))) < 0)
+ ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
+ "calling setsockopt()");
+ }
+# else
+ if ((ret = setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, ptr,
+ sizeof(struct timeval))) < 0)
+ ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
+ "calling setsockopt()");
+# endif
+ break;
+ case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT:
+ {
+# ifdef OPENSSL_SYS_WINDOWS
+ int sz = 0;
+ int timeout;
+ struct timeval *tv = (struct timeval *)ptr;
+
+ sz = sizeof(timeout);
+ if ((ret = getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
+ (void *)&timeout, &sz)) < 0) {
+ ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
+ "calling getsockopt()");
+ } else {
+ tv->tv_sec = timeout / 1000;
+ tv->tv_usec = (timeout % 1000) * 1000;
+ ret = sizeof(*tv);
+ }
+# else
+ socklen_t sz = sizeof(struct timeval);
+
+ if ((ret = getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
+ ptr, &sz)) < 0) {
+ ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
+ "calling getsockopt()");
+ } else {
+ OPENSSL_assert((size_t)sz <= sizeof(struct timeval));
+ ret = (int)sz;
+ }
+# endif
+ }
+ break;
+# endif
+ case BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP:
+ /* fall-through */
+ case BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP:
+# ifdef OPENSSL_SYS_WINDOWS
+ d_errno = (data->_errno == WSAETIMEDOUT);
+# else
+ d_errno = (data->_errno == EAGAIN);
+# endif
+ if (d_errno) {
+ ret = 1;
+ data->_errno = 0;
+ } else
+ ret = 0;
+ break;
+# ifdef EMSGSIZE
+ case BIO_CTRL_DGRAM_MTU_EXCEEDED:
+ if (data->_errno == EMSGSIZE) {
+ ret = 1;
+ data->_errno = 0;
+ } else
+ ret = 0;
+ break;
+# endif
+ case BIO_CTRL_DGRAM_SET_DONT_FRAG:
+ switch (data->peer.sa.sa_family) {
case AF_INET:
- memcpy(&data->peer, to, sizeof(data->peer.sa_in));
+# if defined(IP_DONTFRAG)
+ sockopt_val = num ? 1 : 0;
+ if ((ret = setsockopt(b->num, IPPROTO_IP, IP_DONTFRAG,
+ &sockopt_val, sizeof(sockopt_val))) < 0)
+ ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
+ "calling setsockopt()");
+# elif defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined (IP_PMTUDISC_PROBE)
+ sockopt_val = num ? IP_PMTUDISC_PROBE : IP_PMTUDISC_DONT;
+ if ((ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER,
+ &sockopt_val, sizeof(sockopt_val))) < 0)
+ ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
+ "calling setsockopt()");
+# elif defined(OPENSSL_SYS_WINDOWS) && defined(IP_DONTFRAGMENT)
+ sockopt_val = num ? 1 : 0;
+ if ((ret = setsockopt(b->num, IPPROTO_IP, IP_DONTFRAGMENT,
+ (const char *)&sockopt_val,
+ sizeof(sockopt_val))) < 0)
+ ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
+ "calling setsockopt()");
+# else
+ ret = -1;
+# endif
break;
# if OPENSSL_USE_IPV6
case AF_INET6:
- memcpy(&data->peer, to, sizeof(data->peer.sa_in6));
+# if defined(IPV6_DONTFRAG)
+ sockopt_val = num ? 1 : 0;
+ if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_DONTFRAG,
+ (const void *)&sockopt_val,
+ sizeof(sockopt_val))) < 0)
+ ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
+ "calling setsockopt()");
+
+# elif defined(OPENSSL_SYS_LINUX) && defined(IPV6_MTUDISCOVER)
+ sockopt_val = num ? IP_PMTUDISC_PROBE : IP_PMTUDISC_DONT;
+ if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
+ &sockopt_val, sizeof(sockopt_val))) < 0)
+ ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
+ "calling setsockopt()");
+# else
+ ret = -1;
+# endif
break;
# endif
default:
- memcpy(&data->peer, to, sizeof(data->peer.sa));
+ ret = -1;
break;
}
break;
- case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT:
- memcpy(&(data->next_timeout), ptr, sizeof(struct timeval));
+ case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD:
+ ret = dgram_get_mtu_overhead(data);
break;
-# if defined(SO_RCVTIMEO)
- case BIO_CTRL_DGRAM_SET_RECV_TIMEOUT:
-# ifdef OPENSSL_SYS_WINDOWS
+
+ /*
+ * BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE is used here for compatibility
+ * reasons. When BIO_CTRL_DGRAM_SET_PEEK_MODE was first defined its value
+ * was incorrectly clashing with BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE. The
+ * value has been updated to a non-clashing value. However to preserve
+ * binary compatibility we now respond to both the old value and the new one
+ */
+ case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE:
+ case BIO_CTRL_DGRAM_SET_PEEK_MODE:
+ data->peekmode = (unsigned int)num;
+ break;
+
+ case BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP:
+# if defined(SUPPORT_LOCAL_ADDR)
+ ret = 1;
+# else
+ ret = 0;
+# endif
+ break;
+
+ case BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE:
+# if defined(SUPPORT_LOCAL_ADDR)
+ num = num > 0;
+ if (num != data->local_addr_enabled) {
+ if (enable_local_addr(b, num) < 1) {
+ ret = 0;
+ break;
+ }
+
+ data->local_addr_enabled = (char)num;
+ }
+# else
+ ret = 0;
+# endif
+ break;
+
+ case BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE:
+ *(int *)ptr = data->local_addr_enabled;
+ break;
+
+ case BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS:
+ ret = (long)(BIO_DGRAM_CAP_HANDLES_DST_ADDR
+ | BIO_DGRAM_CAP_HANDLES_SRC_ADDR
+ | BIO_DGRAM_CAP_PROVIDES_DST_ADDR
+ | BIO_DGRAM_CAP_PROVIDES_SRC_ADDR);
+ break;
+
+ case BIO_CTRL_GET_RPOLL_DESCRIPTOR:
+ case BIO_CTRL_GET_WPOLL_DESCRIPTOR:
{
- struct timeval *tv = (struct timeval *)ptr;
- int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000;
- if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
- (void *)&timeout, sizeof(timeout)) < 0) {
- perror("setsockopt");
- ret = -1;
+ BIO_POLL_DESCRIPTOR *pd = ptr;
+
+ pd->type = BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD;
+ pd->value.fd = b->num;
+ }
+ break;
+
+ default:
+ ret = 0;
+ break;
+ }
+ /* Normalize if error */
+ if (ret < 0)
+ ret = -1;
+ return ret;
+}
+
+static int dgram_puts(BIO *bp, const char *str)
+{
+ int n, ret;
+
+ n = strlen(str);
+ ret = dgram_write(bp, str, n);
+ return ret;
+}
+
+# if M_METHOD == M_METHOD_WSARECVMSG
+static void translate_msg_win(BIO *b, WSAMSG *mh, WSABUF *iov,
+ unsigned char *control, BIO_MSG *msg)
+{
+ iov->len = msg->data_len;
+ iov->buf = msg->data;
+
+ /* Windows requires namelen to be set exactly */
+ mh->name = msg->peer != NULL ? &msg->peer->sa : NULL;
+ if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET)
+ mh->namelen = sizeof(struct sockaddr_in);
+# if OPENSSL_USE_IPV6
+ else if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET6)
+ mh->namelen = sizeof(struct sockaddr_in6);
+# endif
+ else
+ mh->namelen = 0;
+
+ /*
+ * When local address reception (IP_PKTINFO, etc.) is enabled, on Windows
+ * this causes WSARecvMsg to fail if the control buffer is too small to hold
+ * the structure, or if no control buffer is passed. So we need to give it
+ * the control buffer even if we aren't actually going to examine the
+ * result.
+ */
+ mh->lpBuffers = iov;
+ mh->dwBufferCount = 1;
+ mh->Control.len = BIO_CMSG_ALLOC_LEN;
+ mh->Control.buf = control;
+ mh->dwFlags = 0;
+}
+# endif
+
+# if M_METHOD == M_METHOD_RECVMMSG || M_METHOD == M_METHOD_RECVMSG
+/* Translates a BIO_MSG to a msghdr and iovec. */
+static void translate_msg(BIO *b, struct msghdr *mh, struct iovec *iov,
+ unsigned char *control, BIO_MSG *msg)
+{
+ iov->iov_base = msg->data;
+ iov->iov_len = msg->data_len;
+
+ /* macOS requires msg_namelen be 0 if msg_name is NULL */
+ mh->msg_name = msg->peer != NULL ? &msg->peer->sa : NULL;
+ if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET)
+ mh->msg_namelen = sizeof(struct sockaddr_in);
+# if OPENSSL_USE_IPV6
+ else if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET6)
+ mh->msg_namelen = sizeof(struct sockaddr_in6);
+# endif
+ else
+ mh->msg_namelen = 0;
+
+ mh->msg_iov = iov;
+ mh->msg_iovlen = 1;
+ mh->msg_control = msg->local != NULL ? control : NULL;
+ mh->msg_controllen = msg->local != NULL ? BIO_CMSG_ALLOC_LEN : 0;
+ mh->msg_flags = 0;
+}
+# endif
+
+# if M_METHOD == M_METHOD_RECVMMSG || M_METHOD == M_METHOD_RECVMSG || M_METHOD == M_METHOD_WSARECVMSG
+/* Extracts destination address from the control buffer. */
+static int extract_local(BIO *b, MSGHDR_TYPE *mh, BIO_ADDR *local) {
+# if defined(IP_PKTINFO) || defined(IP_RECVDSTADDR) || defined(IPV6_PKTINFO)
+ CMSGHDR_TYPE *cmsg;
+ int af = dgram_get_sock_family(b);
+
+ for (cmsg = BIO_CMSG_FIRSTHDR(mh); cmsg != NULL;
+ cmsg = BIO_CMSG_NXTHDR(mh, cmsg)) {
+ if (af == AF_INET) {
+ if (cmsg->cmsg_level != IPPROTO_IP)
+ continue;
+
+# if defined(IP_PKTINFO)
+ if (cmsg->cmsg_type != IP_PKTINFO)
+ continue;
+
+ local->s_in.sin_addr =
+ ((struct in_pktinfo *)BIO_CMSG_DATA(cmsg))->ipi_addr;
+
+# elif defined(IP_RECVDSTADDR)
+ if (cmsg->cmsg_type != IP_RECVDSTADDR)
+ continue;
+
+ local->s_in.sin_addr = *(struct in_addr *)BIO_CMSG_DATA(cmsg);
+# endif
+
+# if defined(IP_PKTINFO) || defined(IP_RECVDSTADDR)
+ {
+ bio_dgram_data *data = b->ptr;
+
+ local->s_in.sin_family = AF_INET;
+ local->s_in.sin_port = data->local_addr.s_in.sin_port;
+ }
+ return 1;
+# endif
+ }
+# if OPENSSL_USE_IPV6
+ else if (af == AF_INET6) {
+ if (cmsg->cmsg_level != IPPROTO_IPV6)
+ continue;
+
+# if defined(IPV6_RECVPKTINFO)
+ if (cmsg->cmsg_type != IPV6_PKTINFO)
+ continue;
+
+ {
+ bio_dgram_data *data = b->ptr;
+
+ local->s_in6.sin6_addr =
+ ((struct in6_pktinfo *)BIO_CMSG_DATA(cmsg))->ipi6_addr;
+ local->s_in6.sin6_family = AF_INET6;
+ local->s_in6.sin6_port = data->local_addr.s_in6.sin6_port;
+ local->s_in6.sin6_scope_id =
+ data->local_addr.s_in6.sin6_scope_id;
+ local->s_in6.sin6_flowinfo = 0;
}
+ return 1;
+# endif
+ }
+# endif
+ }
+# endif
+
+ return 0;
+}
+
+static int pack_local(BIO *b, MSGHDR_TYPE *mh, const BIO_ADDR *local) {
+ int af = dgram_get_sock_family(b);
+# if defined(IP_PKTINFO) || defined(IP_RECVDSTADDR) || defined(IPV6_PKTINFO)
+ CMSGHDR_TYPE *cmsg;
+ bio_dgram_data *data = b->ptr;
+# endif
+
+ if (af == AF_INET) {
+# if defined(IP_PKTINFO)
+ struct in_pktinfo *info;
+
+# if defined(OPENSSL_SYS_WINDOWS)
+ cmsg = (CMSGHDR_TYPE *)mh->Control.buf;
+# else
+ cmsg = (CMSGHDR_TYPE *)mh->msg_control;
+# endif
+
+ cmsg->cmsg_len = BIO_CMSG_LEN(sizeof(struct in_pktinfo));
+ cmsg->cmsg_level = IPPROTO_IP;
+ cmsg->cmsg_type = IP_PKTINFO;
+
+ info = (struct in_pktinfo *)BIO_CMSG_DATA(cmsg);
+# if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_CYGWIN) && !defined(__FreeBSD__)
+ info->ipi_spec_dst = local->s_in.sin_addr;
+# endif
+ info->ipi_addr.s_addr = 0;
+ info->ipi_ifindex = 0;
+
+ /*
+ * We cannot override source port using this API, therefore
+ * ensure the application specified a source port of 0
+ * or the one we are bound to. (Better to error than silently
+ * ignore this.)
+ */
+ if (local->s_in.sin_port != 0
+ && data->local_addr.s_in.sin_port != local->s_in.sin_port) {
+ ERR_raise(ERR_LIB_BIO, BIO_R_PORT_MISMATCH);
+ return 0;
+ }
+
+# if defined(OPENSSL_SYS_WINDOWS)
+ mh->Control.len = BIO_CMSG_SPACE(sizeof(struct in_pktinfo));
+# else
+ mh->msg_controllen = BIO_CMSG_SPACE(sizeof(struct in_pktinfo));
+# endif
+ return 1;
+
+# elif defined(IP_SENDSRCADDR)
+ struct in_addr *info;
+
+ /*
+ * At least FreeBSD is very pedantic about using IP_SENDSRCADDR when we
+ * are not bound to 0.0.0.0 or ::, even if the address matches what we
+ * bound to. Support this by not packing the structure if the address
+ * matches our understanding of our local address. IP_SENDSRCADDR is a
+ * BSD thing, so we don't need an explicit test for BSD here.
+ */
+ if (local->s_in.sin_addr.s_addr == data->local_addr.s_in.sin_addr.s_addr) {
+ mh->msg_control = NULL;
+ mh->msg_controllen = 0;
+ return 1;
+ }
+
+ cmsg = (struct cmsghdr *)mh->msg_control;
+ cmsg->cmsg_len = BIO_CMSG_LEN(sizeof(struct in_addr));
+ cmsg->cmsg_level = IPPROTO_IP;
+ cmsg->cmsg_type = IP_SENDSRCADDR;
+
+ info = (struct in_addr *)BIO_CMSG_DATA(cmsg);
+ *info = local->s_in.sin_addr;
+
+ /* See comment above. */
+ if (local->s_in.sin_port != 0
+ && data->local_addr.s_in.sin_port != local->s_in.sin_port) {
+ ERR_raise(ERR_LIB_BIO, BIO_R_PORT_MISMATCH);
+ return 0;
+ }
+
+ mh->msg_controllen = BIO_CMSG_SPACE(sizeof(struct in_addr));
+ return 1;
+# endif
+ }
+# if OPENSSL_USE_IPV6
+ else if (af == AF_INET6) {
+# if defined(IPV6_PKTINFO)
+ struct in6_pktinfo *info;
+
+# if defined(OPENSSL_SYS_WINDOWS)
+ cmsg = (CMSGHDR_TYPE *)mh->Control.buf;
+# else
+ cmsg = (CMSGHDR_TYPE *)mh->msg_control;
+# endif
+ cmsg->cmsg_len = BIO_CMSG_LEN(sizeof(struct in6_pktinfo));
+ cmsg->cmsg_level = IPPROTO_IPV6;
+ cmsg->cmsg_type = IPV6_PKTINFO;
+
+ info = (struct in6_pktinfo *)BIO_CMSG_DATA(cmsg);
+ info->ipi6_addr = local->s_in6.sin6_addr;
+ info->ipi6_ifindex = 0;
+
+ /*
+ * See comment above, but also applies to the other fields
+ * in sockaddr_in6.
+ */
+ if (local->s_in6.sin6_port != 0
+ && data->local_addr.s_in6.sin6_port != local->s_in6.sin6_port) {
+ ERR_raise(ERR_LIB_BIO, BIO_R_PORT_MISMATCH);
+ return 0;
+ }
+
+ if (local->s_in6.sin6_scope_id != 0
+ && data->local_addr.s_in6.sin6_scope_id != local->s_in6.sin6_scope_id) {
+ ERR_raise(ERR_LIB_BIO, BIO_R_PORT_MISMATCH);
+ return 0;
+ }
+
+# if defined(OPENSSL_SYS_WINDOWS)
+ mh->Control.len = BIO_CMSG_SPACE(sizeof(struct in6_pktinfo));
+# else
+ mh->msg_controllen = BIO_CMSG_SPACE(sizeof(struct in6_pktinfo));
+# endif
+ return 1;
+# endif
+ }
+# endif
+
+ return 0;
+}
+# endif
+
+/*
+ * Converts flags passed to BIO_sendmmsg or BIO_recvmmsg to syscall flags. You
+ * should mask out any system flags returned by this function you cannot support
+ * in a particular circumstance. Currently no flags are defined.
+ */
+# if M_METHOD != M_METHOD_NONE
+static int translate_flags(uint64_t flags) {
+ return 0;
+}
+# endif
+
+static int dgram_sendmmsg(BIO *b, BIO_MSG *msg, size_t stride,
+ size_t num_msg, uint64_t flags, size_t *num_processed)
+{
+# if M_METHOD != M_METHOD_NONE && M_METHOD != M_METHOD_RECVMSG
+ int ret;
+# endif
+# if M_METHOD == M_METHOD_RECVMMSG
+# define BIO_MAX_MSGS_PER_CALL 64
+ int sysflags;
+ bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+ size_t i;
+ struct mmsghdr mh[BIO_MAX_MSGS_PER_CALL];
+ struct iovec iov[BIO_MAX_MSGS_PER_CALL];
+ unsigned char control[BIO_MAX_MSGS_PER_CALL][BIO_CMSG_ALLOC_LEN];
+ int have_local_enabled = data->local_addr_enabled;
+# elif M_METHOD == M_METHOD_RECVMSG
+ int sysflags;
+ bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+ ossl_ssize_t l;
+ struct msghdr mh;
+ struct iovec iov;
+ unsigned char control[BIO_CMSG_ALLOC_LEN];
+ int have_local_enabled = data->local_addr_enabled;
+# elif M_METHOD == M_METHOD_WSARECVMSG
+ bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+ int have_local_enabled = data->local_addr_enabled;
+ WSAMSG wmsg;
+ WSABUF wbuf;
+ DWORD num_bytes_sent = 0;
+ unsigned char control[BIO_CMSG_ALLOC_LEN];
+# endif
+# if M_METHOD == M_METHOD_RECVFROM || M_METHOD == M_METHOD_WSARECVMSG
+ int sysflags;
+# endif
+
+ if (num_msg == 0) {
+ *num_processed = 0;
+ return 1;
+ }
+
+ if (num_msg > OSSL_SSIZE_MAX)
+ num_msg = OSSL_SSIZE_MAX;
+
+# if M_METHOD != M_METHOD_NONE
+ sysflags = translate_flags(flags);
+# endif
+
+# if M_METHOD == M_METHOD_RECVMMSG
+ /*
+ * In the sendmmsg/recvmmsg case, we need to allocate our translated struct
+ * msghdr and struct iovec on the stack to support multithreaded use. Thus
+ * we place a fixed limit on the number of messages per call, in the
+ * expectation that we will be called again if there were more messages to
+ * be sent.
+ */
+ if (num_msg > BIO_MAX_MSGS_PER_CALL)
+ num_msg = BIO_MAX_MSGS_PER_CALL;
+
+ for (i = 0; i < num_msg; ++i) {
+ translate_msg(b, &mh[i].msg_hdr, &iov[i],
+ control[i], &BIO_MSG_N(msg, stride, i));
+
+ /* If local address was requested, it must have been enabled */
+ if (BIO_MSG_N(msg, stride, i).local != NULL) {
+ if (!have_local_enabled) {
+ ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
+ *num_processed = 0;
+ return 0;
+ }
+
+ if (pack_local(b, &mh[i].msg_hdr,
+ BIO_MSG_N(msg, stride, i).local) < 1) {
+ ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
+ *num_processed = 0;
+ return 0;
+ }
+ }
+ }
+
+ /* Do the batch */
+ ret = sendmmsg(b->num, mh, num_msg, sysflags);
+ if (ret < 0) {
+ ERR_raise(ERR_LIB_SYS, get_last_socket_error());
+ *num_processed = 0;
+ return 0;
+ }
+
+ for (i = 0; i < (size_t)ret; ++i) {
+ BIO_MSG_N(msg, stride, i).data_len = mh[i].msg_len;
+ BIO_MSG_N(msg, stride, i).flags = 0;
+ }
+
+ *num_processed = (size_t)ret;
+ return 1;
+
+# elif M_METHOD == M_METHOD_RECVMSG
+ /*
+ * If sendmsg is available, use it.
+ */
+ translate_msg(b, &mh, &iov, control, msg);
+
+ if (msg->local != NULL) {
+ if (!have_local_enabled) {
+ ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
+ *num_processed = 0;
+ return 0;
}
-# else
- if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, ptr,
- sizeof(struct timeval)) < 0) {
- perror("setsockopt");
- ret = -1;
+
+ if (pack_local(b, &mh, msg->local) < 1) {
+ ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
+ *num_processed = 0;
+ return 0;
}
-# endif
- break;
- case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT:
- {
- union {
- size_t s;
- int i;
- } sz = {
- 0
- };
-# ifdef OPENSSL_SYS_WINDOWS
- int timeout;
- struct timeval *tv = (struct timeval *)ptr;
+ }
- sz.i = sizeof(timeout);
- if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
- (void *)&timeout, &sz.i) < 0) {
- perror("getsockopt");
- ret = -1;
- } else {
- tv->tv_sec = timeout / 1000;
- tv->tv_usec = (timeout % 1000) * 1000;
- ret = sizeof(*tv);
+ l = sendmsg(b->num, &mh, sysflags);
+ if (l < 0) {
+ ERR_raise(ERR_LIB_SYS, get_last_socket_error());
+ *num_processed = 0;
+ return 0;
+ }
+
+ msg->data_len = (size_t)l;
+ msg->flags = 0;
+ *num_processed = 1;
+ return 1;
+
+# elif M_METHOD == M_METHOD_WSARECVMSG || M_METHOD == M_METHOD_RECVFROM
+# if M_METHOD == M_METHOD_WSARECVMSG
+ if (bio_WSASendMsg != NULL) {
+ /* WSASendMsg-based implementation for Windows. */
+ translate_msg_win(b, &wmsg, &wbuf, control, msg);
+
+ if (msg[0].local != NULL) {
+ if (!have_local_enabled) {
+ ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
+ *num_processed = 0;
+ return 0;
}
-# else
- sz.i = sizeof(struct timeval);
- if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
- ptr, (void *)&sz) < 0) {
- perror("getsockopt");
- ret = -1;
- } else if (sizeof(sz.s) != sizeof(sz.i) && sz.i == 0) {
- OPENSSL_assert(sz.s <= sizeof(struct timeval));
- ret = (int)sz.s;
- } else
- ret = sz.i;
-# endif
- }
- break;
-# endif
-# if defined(SO_SNDTIMEO)
- case BIO_CTRL_DGRAM_SET_SEND_TIMEOUT:
-# ifdef OPENSSL_SYS_WINDOWS
- {
- struct timeval *tv = (struct timeval *)ptr;
- int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000;
- if (setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
- (void *)&timeout, sizeof(timeout)) < 0) {
- perror("setsockopt");
- ret = -1;
+
+ if (pack_local(b, &wmsg, msg[0].local) < 1) {
+ ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
+ *num_processed = 0;
+ return 0;
}
}
-# else
- if (setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, ptr,
- sizeof(struct timeval)) < 0) {
- perror("setsockopt");
- ret = -1;
+
+ ret = WSASendMsg((SOCKET)b->num, &wmsg, 0, &num_bytes_sent, NULL, NULL);
+ if (ret < 0) {
+ ERR_raise(ERR_LIB_SYS, get_last_socket_error());
+ *num_processed = 0;
+ return 0;
}
+
+ msg[0].data_len = num_bytes_sent;
+ msg[0].flags = 0;
+ *num_processed = 1;
+ return 1;
+ }
# endif
- break;
- case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT:
- {
- union {
- size_t s;
- int i;
- } sz = {
- 0
- };
-# ifdef OPENSSL_SYS_WINDOWS
- int timeout;
- struct timeval *tv = (struct timeval *)ptr;
- sz.i = sizeof(timeout);
- if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
- (void *)&timeout, &sz.i) < 0) {
- perror("getsockopt");
- ret = -1;
- } else {
- tv->tv_sec = timeout / 1000;
- tv->tv_usec = (timeout % 1000) * 1000;
- ret = sizeof(*tv);
- }
+ /*
+ * Fallback to sendto and send a single message.
+ */
+ if (msg[0].local != NULL) {
+ /*
+ * We cannot set the local address if using sendto
+ * so fail in this case
+ */
+ ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
+ *num_processed = 0;
+ return 0;
+ }
+
+ ret = sendto(b->num, msg[0].data,
+# if defined(OPENSSL_SYS_WINDOWS)
+ (int)msg[0].data_len,
# else
- sz.i = sizeof(struct timeval);
- if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
- ptr, (void *)&sz) < 0) {
- perror("getsockopt");
- ret = -1;
- } else if (sizeof(sz.s) != sizeof(sz.i) && sz.i == 0) {
- OPENSSL_assert(sz.s <= sizeof(struct timeval));
- ret = (int)sz.s;
- } else
- ret = sz.i;
+ msg[0].data_len,
# endif
- }
- break;
-# endif
- case BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP:
- /* fall-through */
- case BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP:
-# ifdef OPENSSL_SYS_WINDOWS
- if (data->_errno == WSAETIMEDOUT)
+ sysflags,
+ msg[0].peer != NULL ? BIO_ADDR_sockaddr(msg[0].peer) : NULL,
+ msg[0].peer != NULL ? BIO_ADDR_sockaddr_size(msg[0].peer) : 0);
+ if (ret <= 0) {
+ ERR_raise(ERR_LIB_SYS, get_last_socket_error());
+ *num_processed = 0;
+ return 0;
+ }
+
+ msg[0].data_len = ret;
+ msg[0].flags = 0;
+ *num_processed = 1;
+ return 1;
+
# else
- if (data->_errno == EAGAIN)
+ ERR_raise(ERR_LIB_BIO, BIO_R_UNSUPPORTED_METHOD);
+ *num_processed = 0;
+ return 0;
# endif
- {
- ret = 1;
- data->_errno = 0;
- } else
- ret = 0;
- break;
-# ifdef EMSGSIZE
- case BIO_CTRL_DGRAM_MTU_EXCEEDED:
- if (data->_errno == EMSGSIZE) {
- ret = 1;
- data->_errno = 0;
- } else
- ret = 0;
- break;
+}
+
+static int dgram_recvmmsg(BIO *b, BIO_MSG *msg,
+ size_t stride, size_t num_msg,
+ uint64_t flags, size_t *num_processed)
+{
+# if M_METHOD != M_METHOD_NONE && M_METHOD != M_METHOD_RECVMSG
+ int ret;
+# endif
+# if M_METHOD == M_METHOD_RECVMMSG
+ int sysflags;
+ bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+ size_t i;
+ struct mmsghdr mh[BIO_MAX_MSGS_PER_CALL];
+ struct iovec iov[BIO_MAX_MSGS_PER_CALL];
+ unsigned char control[BIO_MAX_MSGS_PER_CALL][BIO_CMSG_ALLOC_LEN];
+ int have_local_enabled = data->local_addr_enabled;
+# elif M_METHOD == M_METHOD_RECVMSG
+ int sysflags;
+ bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+ ossl_ssize_t l;
+ struct msghdr mh;
+ struct iovec iov;
+ unsigned char control[BIO_CMSG_ALLOC_LEN];
+ int have_local_enabled = data->local_addr_enabled;
+# elif M_METHOD == M_METHOD_WSARECVMSG
+ bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+ int have_local_enabled = data->local_addr_enabled;
+ WSAMSG wmsg;
+ WSABUF wbuf;
+ DWORD num_bytes_received = 0;
+ unsigned char control[BIO_CMSG_ALLOC_LEN];
+# endif
+# if M_METHOD == M_METHOD_RECVFROM || M_METHOD == M_METHOD_WSARECVMSG
+ int sysflags;
+ socklen_t slen;
# endif
- case BIO_CTRL_DGRAM_SET_DONT_FRAG:
- sockopt_val = num ? 1 : 0;
- switch (data->peer.sa.sa_family) {
- case AF_INET:
-# if defined(IP_DONTFRAG)
- if ((ret = setsockopt(b->num, IPPROTO_IP, IP_DONTFRAG,
- &sockopt_val, sizeof(sockopt_val))) < 0) {
- perror("setsockopt");
- ret = -1;
- }
-# elif defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined (IP_PMTUDISC_PROBE)
- if ((sockopt_val = num ? IP_PMTUDISC_PROBE : IP_PMTUDISC_DONT),
- (ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER,
- &sockopt_val, sizeof(sockopt_val))) < 0) {
- perror("setsockopt");
- ret = -1;
- }
-# elif defined(OPENSSL_SYS_WINDOWS) && defined(IP_DONTFRAGMENT)
- if ((ret = setsockopt(b->num, IPPROTO_IP, IP_DONTFRAGMENT,
- (const char *)&sockopt_val,
- sizeof(sockopt_val))) < 0) {
- perror("setsockopt");
- ret = -1;
- }
-# else
- ret = -1;
+ if (num_msg == 0) {
+ *num_processed = 0;
+ return 1;
+ }
+
+ if (num_msg > OSSL_SSIZE_MAX)
+ num_msg = OSSL_SSIZE_MAX;
+
+# if M_METHOD != M_METHOD_NONE
+ sysflags = translate_flags(flags);
# endif
- break;
-# if OPENSSL_USE_IPV6
- case AF_INET6:
-# if defined(IPV6_DONTFRAG)
- if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_DONTFRAG,
- (const void *)&sockopt_val,
- sizeof(sockopt_val))) < 0) {
- perror("setsockopt");
- ret = -1;
- }
-# elif defined(OPENSSL_SYS_LINUX) && defined(IPV6_MTUDISCOVER)
- if ((sockopt_val = num ? IP_PMTUDISC_PROBE : IP_PMTUDISC_DONT),
- (ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
- &sockopt_val, sizeof(sockopt_val))) < 0) {
- perror("setsockopt");
- ret = -1;
- }
+
+# if M_METHOD == M_METHOD_RECVMMSG
+ /*
+ * In the sendmmsg/recvmmsg case, we need to allocate our translated struct
+ * msghdr and struct iovec on the stack to support multithreaded use. Thus
+ * we place a fixed limit on the number of messages per call, in the
+ * expectation that we will be called again if there were more messages to
+ * be sent.
+ */
+ if (num_msg > BIO_MAX_MSGS_PER_CALL)
+ num_msg = BIO_MAX_MSGS_PER_CALL;
+
+ for (i = 0; i < num_msg; ++i) {
+ translate_msg(b, &mh[i].msg_hdr, &iov[i],
+ control[i], &BIO_MSG_N(msg, stride, i));
+
+ /* If local address was requested, it must have been enabled */
+ if (BIO_MSG_N(msg, stride, i).local != NULL && !have_local_enabled) {
+ ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
+ *num_processed = 0;
+ return 0;
+ }
+ }
+
+ /* Do the batch */
+ ret = recvmmsg(b->num, mh, num_msg, sysflags, NULL);
+ if (ret < 0) {
+ ERR_raise(ERR_LIB_SYS, get_last_socket_error());
+ *num_processed = 0;
+ return 0;
+ }
+
+ for (i = 0; i < (size_t)ret; ++i) {
+ BIO_MSG_N(msg, stride, i).data_len = mh[i].msg_len;
+ BIO_MSG_N(msg, stride, i).flags = 0;
+ /*
+ * *(msg->peer) will have been filled in by recvmmsg;
+ * for msg->local we parse the control data returned
+ */
+ if (BIO_MSG_N(msg, stride, i).local != NULL)
+ if (extract_local(b, &mh[i].msg_hdr,
+ BIO_MSG_N(msg, stride, i).local) < 1)
+ /*
+ * It appears BSDs do not support local addresses for
+ * loopback sockets. In this case, just clear the local
+ * address, as for OS X and Windows in some circumstances
+ * (see below).
+ */
+ BIO_ADDR_clear(msg->local);
+ }
+
+ *num_processed = (size_t)ret;
+ return 1;
+
+# elif M_METHOD == M_METHOD_RECVMSG
+ /*
+ * If recvmsg is available, use it.
+ */
+ translate_msg(b, &mh, &iov, control, msg);
+
+ /* If local address was requested, it must have been enabled */
+ if (msg->local != NULL && !have_local_enabled) {
+ /*
+ * If we have done at least one message, we must return the
+ * count; if we haven't done any, we can give an error code
+ */
+ ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
+ *num_processed = 0;
+ return 0;
+ }
+
+ l = recvmsg(b->num, &mh, sysflags);
+ if (l < 0) {
+ ERR_raise(ERR_LIB_SYS, get_last_socket_error());
+ *num_processed = 0;
+ return 0;
+ }
+
+ msg->data_len = (size_t)l;
+ msg->flags = 0;
+
+ if (msg->local != NULL)
+ if (extract_local(b, &mh, msg->local) < 1)
+ /*
+ * OS X exhibits odd behaviour where it appears that if a packet is
+ * sent before the receiving interface enables IP_PKTINFO, it will
+ * sometimes not have any control data returned even if the
+ * receiving interface enables IP_PKTINFO before calling recvmsg().
+ * This appears to occur non-deterministically. Presumably, OS X
+ * handles IP_PKTINFO at the time the packet is enqueued into a
+ * socket's receive queue, rather than at the time recvmsg() is
+ * called, unlike most other operating systems. Thus (if this
+ * hypothesis is correct) there is a race between where IP_PKTINFO
+ * is enabled by the process and when the kernel's network stack
+ * queues the incoming message.
+ *
+ * We cannot return the local address if we do not have it, but this
+ * is not a caller error either, so just return a zero address
+ * structure. This is similar to how we handle Windows loopback
+ * interfaces (see below). We enable this workaround for all
+ * platforms, not just Apple, as this kind of quirk in OS networking
+ * stacks seems to be common enough that failing hard if a local
+ * address is not provided appears to be too brittle.
+ */
+ BIO_ADDR_clear(msg->local);
+
+ *num_processed = 1;
+ return 1;
+
+# elif M_METHOD == M_METHOD_RECVFROM || M_METHOD == M_METHOD_WSARECVMSG
+# if M_METHOD == M_METHOD_WSARECVMSG
+ if (bio_WSARecvMsg != NULL) {
+ /* WSARecvMsg-based implementation for Windows. */
+ translate_msg_win(b, &wmsg, &wbuf, control, msg);
+
+ /* If local address was requested, it must have been enabled */
+ if (msg[0].local != NULL && !have_local_enabled) {
+ ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
+ *num_processed = 0;
+ return 0;
+ }
+
+ ret = WSARecvMsg((SOCKET)b->num, &wmsg, &num_bytes_received, NULL, NULL);
+ if (ret < 0) {
+ ERR_raise(ERR_LIB_SYS, get_last_socket_error());
+ *num_processed = 0;
+ return 0;
+ }
+
+ msg[0].data_len = num_bytes_received;
+ msg[0].flags = 0;
+ if (msg[0].local != NULL)
+ if (extract_local(b, &wmsg, msg[0].local) < 1)
+ /*
+ * On Windows, loopback is not a "proper" interface and it works
+ * differently; packets are essentially short-circuited and
+ * don't go through all of the normal processing. A consequence
+ * of this is that packets sent from the local machine to the
+ * local machine _will not have IP_PKTINFO_ even if the
+ * IP_PKTINFO socket option is enabled. WSARecvMsg just sets
+ * Control.len to 0 on returning.
+ *
+ * This applies regardless of whether the loopback address,
+ * 127.0.0.1 is used, or a local interface address (e.g.
+ * 192.168.1.1); in both cases IP_PKTINFO will not be present.
+ *
+ * We report this condition by setting the local BIO_ADDR's
+ * family to 0.
+ */
+ BIO_ADDR_clear(msg[0].local);
+
+ *num_processed = 1;
+ return 1;
+ }
+# endif
+
+ /*
+ * Fallback to recvfrom and receive a single message.
+ */
+ if (msg[0].local != NULL) {
+ /*
+ * We cannot determine the local address if using recvfrom
+ * so fail in this case
+ */
+ ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
+ *num_processed = 0;
+ return 0;
+ }
+
+ slen = sizeof(*msg[0].peer);
+ ret = recvfrom(b->num, msg[0].data,
+# if defined(OPENSSL_SYS_WINDOWS)
+ (int)msg[0].data_len,
# else
- ret = -1;
+ msg[0].data_len,
# endif
- break;
-# endif
- default:
- ret = -1;
- break;
- }
- break;
- case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD:
- ret = dgram_get_mtu_overhead(data);
- break;
- case BIO_CTRL_DGRAM_SET_PEEK_MODE:
- data->peekmode = (unsigned int)num;
- break;
- default:
- ret = 0;
- break;
+ sysflags,
+ msg[0].peer != NULL ? &msg[0].peer->sa : NULL,
+ msg[0].peer != NULL ? &slen : NULL);
+ if (ret <= 0) {
+ ERR_raise(ERR_LIB_SYS, get_last_socket_error());
+ return 0;
}
- return (ret);
-}
-static int dgram_puts(BIO *bp, const char *str)
-{
- int n, ret;
+ msg[0].data_len = ret;
+ msg[0].flags = 0;
+ *num_processed = 1;
+ return 1;
- n = strlen(str);
- ret = dgram_write(bp, str, n);
- return (ret);
+# else
+ ERR_raise(ERR_LIB_BIO, BIO_R_UNSUPPORTED_METHOD);
+ *num_processed = 0;
+ return 0;
+# endif
}
# ifndef OPENSSL_NO_SCTP
-BIO_METHOD *BIO_s_datagram_sctp(void)
+const BIO_METHOD *BIO_s_datagram_sctp(void)
{
- return (&methods_dgramp_sctp);
+ return &methods_dgramp_sctp;
}
BIO *BIO_new_dgram_sctp(int fd, int close_flag)
bio = BIO_new(BIO_s_datagram_sctp());
if (bio == NULL)
- return (NULL);
+ return NULL;
BIO_set_fd(bio, fd, close_flag);
/* Activate SCTP-AUTH for DATA and FORWARD-TSN chunks */
sizeof(struct sctp_authchunk));
if (ret < 0) {
BIO_vfree(bio);
- return (NULL);
+ ERR_raise_data(ERR_LIB_BIO, ERR_R_SYS_LIB,
+ "Ensure SCTP AUTH chunks are enabled in kernel");
+ return NULL;
}
auth.sauth_chunk = OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE;
ret =
sizeof(struct sctp_authchunk));
if (ret < 0) {
BIO_vfree(bio);
- return (NULL);
+ ERR_raise_data(ERR_LIB_BIO, ERR_R_SYS_LIB,
+ "Ensure SCTP AUTH chunks are enabled in kernel");
+ return NULL;
}
/*
* Test if activation was successful. When using accept(), SCTP-AUTH has
* to be activated for the listening socket already, otherwise the
- * connected socket won't use it.
+ * connected socket won't use it. Similarly with connect(): the socket
+ * prior to connection must be activated for SCTP-AUTH
*/
sockopt_len = (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
authchunks = OPENSSL_zalloc(sockopt_len);
if (authchunks == NULL) {
BIO_vfree(bio);
- return (NULL);
+ return NULL;
}
ret = getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks,
&sockopt_len);
if (ret < 0) {
OPENSSL_free(authchunks);
BIO_vfree(bio);
- return (NULL);
+ return NULL;
}
for (p = (unsigned char *)authchunks->gauth_chunks;
OPENSSL_free(authchunks);
- OPENSSL_assert(auth_data);
- OPENSSL_assert(auth_forward);
+ if (!auth_data || !auth_forward) {
+ BIO_vfree(bio);
+ ERR_raise_data(ERR_LIB_BIO, ERR_R_SYS_LIB,
+ "Ensure SCTP AUTH chunks are enabled on the "
+ "underlying socket");
+ return NULL;
+ }
# ifdef SCTP_AUTHENTICATION_EVENT
# ifdef SCTP_EVENT
sizeof(struct sctp_event));
if (ret < 0) {
BIO_vfree(bio);
- return (NULL);
+ return NULL;
}
# else
sockopt_len = (socklen_t) sizeof(struct sctp_event_subscribe);
ret = getsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event, &sockopt_len);
if (ret < 0) {
BIO_vfree(bio);
- return (NULL);
+ return NULL;
}
event.sctp_authentication_event = 1;
sizeof(struct sctp_event_subscribe));
if (ret < 0) {
BIO_vfree(bio);
- return (NULL);
+ return NULL;
}
# endif
# endif
sizeof(optval));
if (ret < 0) {
BIO_vfree(bio);
- return (NULL);
+ return NULL;
}
- return (bio);
+ return bio;
}
int BIO_dgram_is_sctp(BIO *bio)
bi->init = 0;
bi->num = 0;
- data = OPENSSL_zalloc(sizeof(*data));
- if (data == NULL)
+ if ((data = OPENSSL_zalloc(sizeof(*data))) == NULL)
return 0;
# ifdef SCTP_PR_SCTP_NONE
data->prinfo.pr_policy = SCTP_PR_SCTP_NONE;
bi->ptr = data;
bi->flags = 0;
- return (1);
+ return 1;
}
static int dgram_sctp_free(BIO *a)
bio_dgram_sctp_data *data;
if (a == NULL)
- return (0);
+ return 0;
if (!dgram_clear(a))
return 0;
data = (bio_dgram_sctp_data *) a->ptr;
- if (data != NULL) {
- OPENSSL_free(data->saved_message.data);
+ if (data != NULL)
OPENSSL_free(data);
- }
- return (1);
+ return 1;
}
# ifdef SCTP_AUTHENTICATION_EVENT
int ret = 0, n = 0, i, optval;
socklen_t optlen;
bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
- union sctp_notification *snp;
struct msghdr msg;
struct iovec iov;
struct cmsghdr *cmsg;
}
if (msg.msg_flags & MSG_NOTIFICATION) {
- snp = (union sctp_notification *)out;
- if (snp->sn_header.sn_type == SCTP_SENDER_DRY_EVENT) {
+ union sctp_notification snp;
+
+ memcpy(&snp, out, sizeof(snp));
+ if (snp.sn_header.sn_type == SCTP_SENDER_DRY_EVENT) {
# ifdef SCTP_EVENT
struct sctp_event event;
# else
struct sctp_event_subscribe event;
socklen_t eventsize;
# endif
- /*
- * If a message has been delayed until the socket is dry,
- * it can be sent now.
- */
- if (data->saved_message.length > 0) {
- i = dgram_sctp_write(data->saved_message.bio,
- data->saved_message.data,
- data->saved_message.length);
- if (i < 0) {
- ret = i;
- break;
- }
- OPENSSL_free(data->saved_message.data);
- data->saved_message.data = NULL;
- data->saved_message.length = 0;
- }
/* disable sender dry event */
# ifdef SCTP_EVENT
# endif
}
# ifdef SCTP_AUTHENTICATION_EVENT
- if (snp->sn_header.sn_type == SCTP_AUTHENTICATION_EVENT)
- dgram_sctp_handle_auth_free_key_event(b, snp);
+ if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT)
+ dgram_sctp_handle_auth_free_key_event(b, &snp);
# endif
if (data->handle_notifications != NULL)
data->handle_notifications(b, data->notification_context,
(void *)out);
+ memset(&snp, 0, sizeof(snp));
memset(out, 0, outl);
- } else
+ } else {
ret += n;
+ }
}
while ((msg.msg_flags & MSG_NOTIFICATION) && (msg.msg_flags & MSG_EOR)
&& (ret < outl));
if (ret < 0) {
if (BIO_dgram_should_retry(ret)) {
BIO_set_retry_read(b);
- data->_errno = get_last_socket_error();
+ data->dgram._errno = get_last_socket_error();
}
}
optlen =
(socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
authchunks = OPENSSL_malloc(optlen);
- if (authchunks == NULL) {
- BIOerr(BIO_F_DGRAM_SCTP_READ, ERR_R_MALLOC_FAILURE);
+ if (authchunks == NULL)
return -1;
- }
memset(authchunks, 0, optlen);
ii = getsockopt(b->num, IPPROTO_SCTP, SCTP_PEER_AUTH_CHUNKS,
authchunks, &optlen);
OPENSSL_free(authchunks);
if (!auth_data || !auth_forward) {
- BIOerr(BIO_F_DGRAM_SCTP_READ, BIO_R_CONNECT_ERROR);
+ ERR_raise(ERR_LIB_BIO, BIO_R_CONNECT_ERROR);
return -1;
}
data->peer_auth_tested = 1;
}
}
- return (ret);
+ return ret;
}
/*
sinfo = &handshake_sinfo;
}
- /*
- * If we have to send a shutdown alert message and the socket is not dry
- * yet, we have to save it and send it as soon as the socket gets dry.
- */
+ /* We can only send a shutdown alert if the socket is dry */
if (data->save_shutdown) {
ret = BIO_dgram_sctp_wait_for_dry(b);
- if (ret < 0) {
+ if (ret < 0)
return -1;
- }
if (ret == 0) {
- char *tmp;
- data->saved_message.bio = b;
- if ((tmp = OPENSSL_malloc(inl)) == NULL) {
- BIOerr(BIO_F_DGRAM_SCTP_WRITE, ERR_R_MALLOC_FAILURE);
- return -1;
- }
- OPENSSL_free(data->saved_message.data);
- data->saved_message.data = tmp;
- memcpy(data->saved_message.data, in, inl);
- data->saved_message.length = inl;
- return inl;
+ BIO_clear_retry_flags(b);
+ BIO_set_retry_write(b);
+ return -1;
}
}
if (ret <= 0) {
if (BIO_dgram_should_retry(ret)) {
BIO_set_retry_write(b);
- data->_errno = get_last_socket_error();
+ data->dgram._errno = get_last_socket_error();
}
}
- return (ret);
+ return ret;
}
static long dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr)
* Set to maximum (2^14) and ignore user input to enable transport
* protocol fragmentation. Returns always 2^14.
*/
- data->mtu = 16384;
- ret = data->mtu;
+ data->dgram.mtu = 16384;
+ ret = data->dgram.mtu;
break;
case BIO_CTRL_DGRAM_SET_MTU:
/*
* Set to maximum (2^14) and ignore input to enable transport
* protocol fragmentation. Returns always 2^14.
*/
- data->mtu = 16384;
- ret = data->mtu;
+ data->dgram.mtu = 16384;
+ ret = data->dgram.mtu;
break;
case BIO_CTRL_DGRAM_SET_CONNECTED:
case BIO_CTRL_DGRAM_CONNECT:
* we need to deactivate an old key
*/
data->ccs_sent = 1;
+ /* fall-through */
case BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD:
/* Returns 0 on success, -1 otherwise. */
else
data->save_shutdown = 0;
break;
+ case BIO_CTRL_DGRAM_SCTP_WAIT_FOR_DRY:
+ return dgram_sctp_wait_for_dry(b);
+ case BIO_CTRL_DGRAM_SCTP_MSG_WAITING:
+ return dgram_sctp_msg_waiting(b);
default:
/*
ret = dgram_ctrl(b, cmd, num, ptr);
break;
}
- return (ret);
+ return ret;
}
int BIO_dgram_sctp_notification_cb(BIO *b,
- void (*handle_notifications) (BIO *bio,
- void
- *context,
- void *buf),
- void *context)
+ BIO_dgram_sctp_notification_handler_fn handle_notifications,
+ void *context)
{
bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
* 1 when dry
*/
int BIO_dgram_sctp_wait_for_dry(BIO *b)
+{
+ return (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SCTP_WAIT_FOR_DRY, 0, NULL);
+}
+
+static int dgram_sctp_wait_for_dry(BIO *b)
{
int is_dry = 0;
int sockflags = 0;
}
int BIO_dgram_sctp_msg_waiting(BIO *b)
+{
+ return (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SCTP_MSG_WAITING, 0, NULL);
+}
+
+static int dgram_sctp_msg_waiting(BIO *b)
{
int n, sockflags;
union sctp_notification snp;
n = strlen(str);
ret = dgram_sctp_write(bp, str, n);
- return (ret);
+ return ret;
}
# endif
*/
# endif
- return (BIO_dgram_non_fatal_error(err));
+ return BIO_dgram_non_fatal_error(err);
}
- return (0);
+ return 0;
}
int BIO_dgram_non_fatal_error(int err)
case EALREADY:
# endif
- return (1);
- /* break; */
+ return 1;
default:
break;
}
- return (0);
-}
-
-static void get_current_time(struct timeval *t)
-{
-# if defined(_WIN32)
- SYSTEMTIME st;
- union {
- unsigned __int64 ul;
- FILETIME ft;
- } now;
-
- GetSystemTime(&st);
- SystemTimeToFileTime(&st, &now.ft);
-# ifdef __MINGW32__
- now.ul -= 116444736000000000ULL;
-# else
- now.ul -= 116444736000000000UI64; /* re-bias to 1/1/1970 */
-# endif
- t->tv_sec = (long)(now.ul / 10000000);
- t->tv_usec = ((int)(now.ul % 10000000)) / 10;
-# elif defined(OPENSSL_SYS_VMS)
- struct timeb tb;
- ftime(&tb);
- t->tv_sec = (long)tb.time;
- t->tv_usec = (long)tb.millitm * 1000;
-# else
- gettimeofday(t, NULL);
-# endif
+ return 0;
}
#endif