VirtualBox

source: vbox/trunk/src/libs/openssl-3.1.7/crypto/bio/bss_dgram.c@ 108344

最後變更 在這個檔案從108344是 104078,由 vboxsync 提交於 12 月 前

openssl-3.1.5: Applied and adjusted our OpenSSL changes to 3.1.4. bugref:10638
檔案大小: 56.4 KB
 
1/*
2 * Copyright 2005-2022 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#ifndef _GNU_SOURCE
11# define _GNU_SOURCE
12#endif
13
14#include <stdio.h>
15#include <errno.h>
16
17#include "bio_local.h"
18#ifndef OPENSSL_NO_DGRAM
19
20# ifndef OPENSSL_NO_SCTP
21# include <netinet/sctp.h>
22# include <fcntl.h>
23# define OPENSSL_SCTP_DATA_CHUNK_TYPE 0x00
24# define OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE 0xc0
25# endif
26
27# if defined(OPENSSL_SYS_LINUX) && !defined(IP_MTU)
28# define IP_MTU 14 /* linux is lame */
29# endif
30
31# if OPENSSL_USE_IPV6 && !defined(IPPROTO_IPV6)
32# define IPPROTO_IPV6 41 /* windows is lame */
33# endif
34
35# if defined(__FreeBSD__) && defined(IN6_IS_ADDR_V4MAPPED)
36/* Standard definition causes type-punning problems. */
37# undef IN6_IS_ADDR_V4MAPPED
38# define s6_addr32 __u6_addr.__u6_addr32
39# define IN6_IS_ADDR_V4MAPPED(a) \
40 (((a)->s6_addr32[0] == 0) && \
41 ((a)->s6_addr32[1] == 0) && \
42 ((a)->s6_addr32[2] == htonl(0x0000ffff)))
43# endif
44
45static int dgram_write(BIO *h, const char *buf, int num);
46static int dgram_read(BIO *h, char *buf, int size);
47static int dgram_puts(BIO *h, const char *str);
48static long dgram_ctrl(BIO *h, int cmd, long arg1, void *arg2);
49static int dgram_new(BIO *h);
50static int dgram_free(BIO *data);
51static int dgram_clear(BIO *bio);
52
53# ifndef OPENSSL_NO_SCTP
54static int dgram_sctp_write(BIO *h, const char *buf, int num);
55static int dgram_sctp_read(BIO *h, char *buf, int size);
56static int dgram_sctp_puts(BIO *h, const char *str);
57static long dgram_sctp_ctrl(BIO *h, int cmd, long arg1, void *arg2);
58static int dgram_sctp_new(BIO *h);
59static int dgram_sctp_free(BIO *data);
60static int dgram_sctp_wait_for_dry(BIO *b);
61static int dgram_sctp_msg_waiting(BIO *b);
62# ifdef SCTP_AUTHENTICATION_EVENT
63static void dgram_sctp_handle_auth_free_key_event(BIO *b, union sctp_notification
64 *snp);
65# endif
66# endif
67
68static int BIO_dgram_should_retry(int s);
69
70static void get_current_time(struct timeval *t);
71
72static const BIO_METHOD methods_dgramp = {
73 BIO_TYPE_DGRAM,
74 "datagram socket",
75 bwrite_conv,
76 dgram_write,
77 bread_conv,
78 dgram_read,
79 dgram_puts,
80 NULL, /* dgram_gets, */
81 dgram_ctrl,
82 dgram_new,
83 dgram_free,
84 NULL, /* dgram_callback_ctrl */
85};
86
87# ifndef OPENSSL_NO_SCTP
88static const BIO_METHOD methods_dgramp_sctp = {
89 BIO_TYPE_DGRAM_SCTP,
90 "datagram sctp socket",
91 bwrite_conv,
92 dgram_sctp_write,
93 bread_conv,
94 dgram_sctp_read,
95 dgram_sctp_puts,
96 NULL, /* dgram_gets, */
97 dgram_sctp_ctrl,
98 dgram_sctp_new,
99 dgram_sctp_free,
100 NULL, /* dgram_callback_ctrl */
101};
102# endif
103
104typedef struct bio_dgram_data_st {
105 BIO_ADDR peer;
106 unsigned int connected;
107 unsigned int _errno;
108 unsigned int mtu;
109 struct timeval next_timeout;
110 struct timeval socket_timeout;
111 unsigned int peekmode;
112} bio_dgram_data;
113
114# ifndef OPENSSL_NO_SCTP
115typedef struct bio_dgram_sctp_save_message_st {
116 BIO *bio;
117 char *data;
118 int length;
119} bio_dgram_sctp_save_message;
120
121typedef struct bio_dgram_sctp_data_st {
122 BIO_ADDR peer;
123 unsigned int connected;
124 unsigned int _errno;
125 unsigned int mtu;
126 struct bio_dgram_sctp_sndinfo sndinfo;
127 struct bio_dgram_sctp_rcvinfo rcvinfo;
128 struct bio_dgram_sctp_prinfo prinfo;
129 BIO_dgram_sctp_notification_handler_fn handle_notifications;
130 void *notification_context;
131 int in_handshake;
132 int ccs_rcvd;
133 int ccs_sent;
134 int save_shutdown;
135 int peer_auth_tested;
136} bio_dgram_sctp_data;
137# endif
138
139const BIO_METHOD *BIO_s_datagram(void)
140{
141 return &methods_dgramp;
142}
143
144BIO *BIO_new_dgram(int fd, int close_flag)
145{
146 BIO *ret;
147
148 ret = BIO_new(BIO_s_datagram());
149 if (ret == NULL)
150 return NULL;
151 BIO_set_fd(ret, fd, close_flag);
152 return ret;
153}
154
155static int dgram_new(BIO *bi)
156{
157 bio_dgram_data *data = OPENSSL_zalloc(sizeof(*data));
158
159 if (data == NULL)
160 return 0;
161 bi->ptr = data;
162 return 1;
163}
164
165static int dgram_free(BIO *a)
166{
167 bio_dgram_data *data;
168
169 if (a == NULL)
170 return 0;
171 if (!dgram_clear(a))
172 return 0;
173
174 data = (bio_dgram_data *)a->ptr;
175 OPENSSL_free(data);
176
177 return 1;
178}
179
180static int dgram_clear(BIO *a)
181{
182 if (a == NULL)
183 return 0;
184 if (a->shutdown) {
185 if (a->init) {
186 BIO_closesocket(a->num);
187 }
188 a->init = 0;
189 a->flags = 0;
190 }
191 return 1;
192}
193
194static void dgram_adjust_rcv_timeout(BIO *b)
195{
196# if defined(SO_RCVTIMEO)
197 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
198
199 /* Is a timer active? */
200 if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0) {
201 struct timeval timenow, timeleft;
202
203 /* Read current socket timeout */
204# ifdef OPENSSL_SYS_WINDOWS
205 int timeout;
206
207 int sz = sizeof(timeout);
208 if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
209 (void *)&timeout, &sz) < 0) {
210 perror("getsockopt");
211 } else {
212 data->socket_timeout.tv_sec = timeout / 1000;
213 data->socket_timeout.tv_usec = (timeout % 1000) * 1000;
214 }
215# else
216 socklen_t sz = sizeof(data->socket_timeout);
217 if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
218 &(data->socket_timeout), &sz) < 0) {
219 perror("getsockopt");
220 } else
221 OPENSSL_assert((size_t)sz <= sizeof(data->socket_timeout));
222# endif
223
224 /* Get current time */
225 get_current_time(&timenow);
226
227 /* Calculate time left until timer expires */
228 memcpy(&timeleft, &(data->next_timeout), sizeof(struct timeval));
229 if (timeleft.tv_usec < timenow.tv_usec) {
230 timeleft.tv_usec = 1000000 - timenow.tv_usec + timeleft.tv_usec;
231 timeleft.tv_sec--;
232 } else {
233 timeleft.tv_usec -= timenow.tv_usec;
234 }
235 if (timeleft.tv_sec < timenow.tv_sec) {
236 timeleft.tv_sec = 0;
237 timeleft.tv_usec = 1;
238 } else {
239 timeleft.tv_sec -= timenow.tv_sec;
240 }
241
242 /*
243 * Adjust socket timeout if next handshake message timer will expire
244 * earlier.
245 */
246 if ((data->socket_timeout.tv_sec == 0
247 && data->socket_timeout.tv_usec == 0)
248 || (data->socket_timeout.tv_sec > timeleft.tv_sec)
249 || (data->socket_timeout.tv_sec == timeleft.tv_sec
250 && data->socket_timeout.tv_usec >= timeleft.tv_usec)) {
251# ifdef OPENSSL_SYS_WINDOWS
252 timeout = timeleft.tv_sec * 1000 + timeleft.tv_usec / 1000;
253 if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
254 (void *)&timeout, sizeof(timeout)) < 0) {
255 perror("setsockopt");
256 }
257# else
258 if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &timeleft,
259 sizeof(struct timeval)) < 0) {
260 perror("setsockopt");
261 }
262# endif
263 }
264 }
265# endif
266}
267
268static void dgram_reset_rcv_timeout(BIO *b)
269{
270# if defined(SO_RCVTIMEO)
271 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
272
273 /* Is a timer active? */
274 if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0) {
275# ifdef OPENSSL_SYS_WINDOWS
276 int timeout = data->socket_timeout.tv_sec * 1000 +
277 data->socket_timeout.tv_usec / 1000;
278 if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
279 (void *)&timeout, sizeof(timeout)) < 0) {
280 perror("setsockopt");
281 }
282# else
283 if (setsockopt
284 (b->num, SOL_SOCKET, SO_RCVTIMEO, &(data->socket_timeout),
285 sizeof(struct timeval)) < 0) {
286 perror("setsockopt");
287 }
288# endif
289 }
290# endif
291}
292
293static int dgram_read(BIO *b, char *out, int outl)
294{
295 int ret = 0;
296 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
297 int flags = 0;
298
299 BIO_ADDR peer;
300 socklen_t len = sizeof(peer);
301
302 if (out != NULL) {
303 clear_socket_error();
304 memset(&peer, 0, sizeof(peer));
305 dgram_adjust_rcv_timeout(b);
306 if (data->peekmode)
307 flags = MSG_PEEK;
308 ret = recvfrom(b->num, out, outl, flags,
309 BIO_ADDR_sockaddr_noconst(&peer), &len);
310
311 if (!data->connected && ret >= 0)
312 BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &peer);
313
314 BIO_clear_retry_flags(b);
315 if (ret < 0) {
316 if (BIO_dgram_should_retry(ret)) {
317 BIO_set_retry_read(b);
318 data->_errno = get_last_socket_error();
319 }
320 }
321
322 dgram_reset_rcv_timeout(b);
323 }
324 return ret;
325}
326
327static int dgram_write(BIO *b, const char *in, int inl)
328{
329 int ret;
330 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
331 clear_socket_error();
332
333 if (data->connected)
334 ret = writesocket(b->num, in, inl);
335 else {
336 int peerlen = BIO_ADDR_sockaddr_size(&data->peer);
337
338 ret = sendto(b->num, in, inl, 0,
339 BIO_ADDR_sockaddr(&data->peer), peerlen);
340 }
341
342 BIO_clear_retry_flags(b);
343 if (ret <= 0) {
344 if (BIO_dgram_should_retry(ret)) {
345 BIO_set_retry_write(b);
346 data->_errno = get_last_socket_error();
347 }
348 }
349 return ret;
350}
351
352static long dgram_get_mtu_overhead(bio_dgram_data *data)
353{
354 long ret;
355
356 switch (BIO_ADDR_family(&data->peer)) {
357 case AF_INET:
358 /*
359 * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP
360 */
361 ret = 28;
362 break;
363# if OPENSSL_USE_IPV6
364 case AF_INET6:
365 {
366# ifdef IN6_IS_ADDR_V4MAPPED
367 struct in6_addr tmp_addr;
368 if (BIO_ADDR_rawaddress(&data->peer, &tmp_addr, NULL)
369 && IN6_IS_ADDR_V4MAPPED(&tmp_addr))
370 /*
371 * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP
372 */
373 ret = 28;
374 else
375# endif
376 /*
377 * Assume this is UDP - 40 bytes for IP, 8 bytes for UDP
378 */
379 ret = 48;
380 }
381 break;
382# endif
383 default:
384 /* We don't know. Go with the historical default */
385 ret = 28;
386 break;
387 }
388 return ret;
389}
390
391static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
392{
393 long ret = 1;
394 int *ip;
395 bio_dgram_data *data = NULL;
396# ifndef __DJGPP__
397 int sockopt_val = 0;
398# endif
399 int d_errno;
400# if defined(OPENSSL_SYS_LINUX) && (defined(IP_MTU_DISCOVER) || defined(IP_MTU))
401 socklen_t sockopt_len; /* assume that system supporting IP_MTU is
402 * modern enough to define socklen_t */
403 socklen_t addr_len;
404 BIO_ADDR addr;
405# endif
406
407 data = (bio_dgram_data *)b->ptr;
408
409 switch (cmd) {
410 case BIO_CTRL_RESET:
411 num = 0;
412 ret = 0;
413 break;
414 case BIO_CTRL_INFO:
415 ret = 0;
416 break;
417 case BIO_C_SET_FD:
418 dgram_clear(b);
419 b->num = *((int *)ptr);
420 b->shutdown = (int)num;
421 b->init = 1;
422 break;
423 case BIO_C_GET_FD:
424 if (b->init) {
425 ip = (int *)ptr;
426 if (ip != NULL)
427 *ip = b->num;
428 ret = b->num;
429 } else
430 ret = -1;
431 break;
432 case BIO_CTRL_GET_CLOSE:
433 ret = b->shutdown;
434 break;
435 case BIO_CTRL_SET_CLOSE:
436 b->shutdown = (int)num;
437 break;
438 case BIO_CTRL_PENDING:
439 case BIO_CTRL_WPENDING:
440 ret = 0;
441 break;
442 case BIO_CTRL_DUP:
443 case BIO_CTRL_FLUSH:
444 ret = 1;
445 break;
446 case BIO_CTRL_DGRAM_CONNECT:
447 BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr));
448 break;
449 /* (Linux)kernel sets DF bit on outgoing IP packets */
450 case BIO_CTRL_DGRAM_MTU_DISCOVER:
451# if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO)
452 addr_len = (socklen_t) sizeof(addr);
453 memset(&addr, 0, sizeof(addr));
454 if (getsockname(b->num, &addr.sa, &addr_len) < 0) {
455 ret = 0;
456 break;
457 }
458 switch (addr.sa.sa_family) {
459 case AF_INET:
460 sockopt_val = IP_PMTUDISC_DO;
461 if ((ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER,
462 &sockopt_val, sizeof(sockopt_val))) < 0)
463 perror("setsockopt");
464 break;
465# if OPENSSL_USE_IPV6 && defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_DO)
466 case AF_INET6:
467 sockopt_val = IPV6_PMTUDISC_DO;
468 if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
469 &sockopt_val, sizeof(sockopt_val))) < 0)
470 perror("setsockopt");
471 break;
472# endif
473 default:
474 ret = -1;
475 break;
476 }
477# else
478 ret = -1;
479# endif
480 break;
481 case BIO_CTRL_DGRAM_QUERY_MTU:
482# if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU)
483 addr_len = (socklen_t) sizeof(addr);
484 memset(&addr, 0, sizeof(addr));
485 if (getsockname(b->num, &addr.sa, &addr_len) < 0) {
486 ret = 0;
487 break;
488 }
489 sockopt_len = sizeof(sockopt_val);
490 switch (addr.sa.sa_family) {
491 case AF_INET:
492 if ((ret =
493 getsockopt(b->num, IPPROTO_IP, IP_MTU, (void *)&sockopt_val,
494 &sockopt_len)) < 0 || sockopt_val < 0) {
495 ret = 0;
496 } else {
497 /*
498 * we assume that the transport protocol is UDP and no IP
499 * options are used.
500 */
501 data->mtu = sockopt_val - 8 - 20;
502 ret = data->mtu;
503 }
504 break;
505# if OPENSSL_USE_IPV6 && defined(IPV6_MTU)
506 case AF_INET6:
507 if ((ret =
508 getsockopt(b->num, IPPROTO_IPV6, IPV6_MTU,
509 (void *)&sockopt_val, &sockopt_len)) < 0
510 || sockopt_val < 0) {
511 ret = 0;
512 } else {
513 /*
514 * we assume that the transport protocol is UDP and no IPV6
515 * options are used.
516 */
517 data->mtu = sockopt_val - 8 - 40;
518 ret = data->mtu;
519 }
520 break;
521# endif
522 default:
523 ret = 0;
524 break;
525 }
526# else
527 ret = 0;
528# endif
529 break;
530 case BIO_CTRL_DGRAM_GET_FALLBACK_MTU:
531 ret = -dgram_get_mtu_overhead(data);
532 switch (BIO_ADDR_family(&data->peer)) {
533 case AF_INET:
534 ret += 576;
535 break;
536# if OPENSSL_USE_IPV6
537 case AF_INET6:
538 {
539# ifdef IN6_IS_ADDR_V4MAPPED
540 struct in6_addr tmp_addr;
541 if (BIO_ADDR_rawaddress(&data->peer, &tmp_addr, NULL)
542 && IN6_IS_ADDR_V4MAPPED(&tmp_addr))
543 ret += 576;
544 else
545# endif
546 ret += 1280;
547 }
548 break;
549# endif
550 default:
551 ret += 576;
552 break;
553 }
554 break;
555 case BIO_CTRL_DGRAM_GET_MTU:
556 return data->mtu;
557 case BIO_CTRL_DGRAM_SET_MTU:
558 data->mtu = num;
559 ret = num;
560 break;
561 case BIO_CTRL_DGRAM_SET_CONNECTED:
562 if (ptr != NULL) {
563 data->connected = 1;
564 BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr));
565 } else {
566 data->connected = 0;
567 memset(&data->peer, 0, sizeof(data->peer));
568 }
569 break;
570 case BIO_CTRL_DGRAM_GET_PEER:
571 ret = BIO_ADDR_sockaddr_size(&data->peer);
572 /* FIXME: if num < ret, we will only return part of an address.
573 That should bee an error, no? */
574 if (num == 0 || num > ret)
575 num = ret;
576 memcpy(ptr, &data->peer, (ret = num));
577 break;
578 case BIO_CTRL_DGRAM_SET_PEER:
579 BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr));
580 break;
581 case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT:
582 memcpy(&(data->next_timeout), ptr, sizeof(struct timeval));
583 break;
584# if defined(SO_RCVTIMEO)
585 case BIO_CTRL_DGRAM_SET_RECV_TIMEOUT:
586# ifdef OPENSSL_SYS_WINDOWS
587 {
588 struct timeval *tv = (struct timeval *)ptr;
589 int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000;
590 if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
591 (void *)&timeout, sizeof(timeout)) < 0) {
592 perror("setsockopt");
593 ret = -1;
594 }
595 }
596# else
597 if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, ptr,
598 sizeof(struct timeval)) < 0) {
599 perror("setsockopt");
600 ret = -1;
601 }
602# endif
603 break;
604 case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT:
605 {
606# ifdef OPENSSL_SYS_WINDOWS
607 int sz = 0;
608 int timeout;
609 struct timeval *tv = (struct timeval *)ptr;
610
611 sz = sizeof(timeout);
612 if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
613 (void *)&timeout, &sz) < 0) {
614 perror("getsockopt");
615 ret = -1;
616 } else {
617 tv->tv_sec = timeout / 1000;
618 tv->tv_usec = (timeout % 1000) * 1000;
619 ret = sizeof(*tv);
620 }
621# else
622 socklen_t sz = sizeof(struct timeval);
623 if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
624 ptr, &sz) < 0) {
625 perror("getsockopt");
626 ret = -1;
627 } else {
628 OPENSSL_assert((size_t)sz <= sizeof(struct timeval));
629 ret = (int)sz;
630 }
631# endif
632 }
633 break;
634# endif
635# if defined(SO_SNDTIMEO)
636 case BIO_CTRL_DGRAM_SET_SEND_TIMEOUT:
637# ifdef OPENSSL_SYS_WINDOWS
638 {
639 struct timeval *tv = (struct timeval *)ptr;
640 int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000;
641 if (setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
642 (void *)&timeout, sizeof(timeout)) < 0) {
643 perror("setsockopt");
644 ret = -1;
645 }
646 }
647# else
648 if (setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, ptr,
649 sizeof(struct timeval)) < 0) {
650 perror("setsockopt");
651 ret = -1;
652 }
653# endif
654 break;
655 case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT:
656 {
657# ifdef OPENSSL_SYS_WINDOWS
658 int sz = 0;
659 int timeout;
660 struct timeval *tv = (struct timeval *)ptr;
661
662 sz = sizeof(timeout);
663 if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
664 (void *)&timeout, &sz) < 0) {
665 perror("getsockopt");
666 ret = -1;
667 } else {
668 tv->tv_sec = timeout / 1000;
669 tv->tv_usec = (timeout % 1000) * 1000;
670 ret = sizeof(*tv);
671 }
672# else
673 socklen_t sz = sizeof(struct timeval);
674 if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
675 ptr, &sz) < 0) {
676 perror("getsockopt");
677 ret = -1;
678 } else {
679 OPENSSL_assert((size_t)sz <= sizeof(struct timeval));
680 ret = (int)sz;
681 }
682# endif
683 }
684 break;
685# endif
686 case BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP:
687 /* fall-through */
688 case BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP:
689# ifdef OPENSSL_SYS_WINDOWS
690 d_errno = (data->_errno == WSAETIMEDOUT);
691# else
692 d_errno = (data->_errno == EAGAIN);
693# endif
694 if (d_errno) {
695 ret = 1;
696 data->_errno = 0;
697 } else
698 ret = 0;
699 break;
700# ifdef EMSGSIZE
701 case BIO_CTRL_DGRAM_MTU_EXCEEDED:
702 if (data->_errno == EMSGSIZE) {
703 ret = 1;
704 data->_errno = 0;
705 } else
706 ret = 0;
707 break;
708# endif
709 case BIO_CTRL_DGRAM_SET_DONT_FRAG:
710 switch (data->peer.sa.sa_family) {
711 case AF_INET:
712# if defined(IP_DONTFRAG)
713 sockopt_val = num ? 1 : 0;
714 if ((ret = setsockopt(b->num, IPPROTO_IP, IP_DONTFRAG,
715 &sockopt_val, sizeof(sockopt_val))) < 0) {
716 perror("setsockopt");
717 ret = -1;
718 }
719# elif defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined (IP_PMTUDISC_PROBE)
720 sockopt_val = num ? IP_PMTUDISC_PROBE : IP_PMTUDISC_DONT;
721 if ((ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER,
722 &sockopt_val, sizeof(sockopt_val))) < 0) {
723 perror("setsockopt");
724 ret = -1;
725 }
726# elif defined(OPENSSL_SYS_WINDOWS) && defined(IP_DONTFRAGMENT)
727 sockopt_val = num ? 1 : 0;
728 if ((ret = setsockopt(b->num, IPPROTO_IP, IP_DONTFRAGMENT,
729 (const char *)&sockopt_val,
730 sizeof(sockopt_val))) < 0) {
731 perror("setsockopt");
732 ret = -1;
733 }
734# else
735 ret = -1;
736# endif
737 break;
738# if OPENSSL_USE_IPV6
739 case AF_INET6:
740# if defined(IPV6_DONTFRAG)
741 sockopt_val = num ? 1 : 0;
742 if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_DONTFRAG,
743 (const void *)&sockopt_val,
744 sizeof(sockopt_val))) < 0) {
745 perror("setsockopt");
746 ret = -1;
747 }
748# elif defined(OPENSSL_SYS_LINUX) && defined(IPV6_MTUDISCOVER)
749 sockopt_val = num ? IP_PMTUDISC_PROBE : IP_PMTUDISC_DONT;
750 if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
751 &sockopt_val, sizeof(sockopt_val))) < 0) {
752 perror("setsockopt");
753 ret = -1;
754 }
755# else
756 ret = -1;
757# endif
758 break;
759# endif
760 default:
761 ret = -1;
762 break;
763 }
764 break;
765 case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD:
766 ret = dgram_get_mtu_overhead(data);
767 break;
768
769 /*
770 * BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE is used here for compatibility
771 * reasons. When BIO_CTRL_DGRAM_SET_PEEK_MODE was first defined its value
772 * was incorrectly clashing with BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE. The
773 * value has been updated to a non-clashing value. However to preserve
774 * binary compatibility we now respond to both the old value and the new one
775 */
776 case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE:
777 case BIO_CTRL_DGRAM_SET_PEEK_MODE:
778 data->peekmode = (unsigned int)num;
779 break;
780 default:
781 ret = 0;
782 break;
783 }
784 return ret;
785}
786
787static int dgram_puts(BIO *bp, const char *str)
788{
789 int n, ret;
790
791 n = strlen(str);
792 ret = dgram_write(bp, str, n);
793 return ret;
794}
795
796# ifndef OPENSSL_NO_SCTP
797const BIO_METHOD *BIO_s_datagram_sctp(void)
798{
799 return &methods_dgramp_sctp;
800}
801
802BIO *BIO_new_dgram_sctp(int fd, int close_flag)
803{
804 BIO *bio;
805 int ret, optval = 20000;
806 int auth_data = 0, auth_forward = 0;
807 unsigned char *p;
808 struct sctp_authchunk auth;
809 struct sctp_authchunks *authchunks;
810 socklen_t sockopt_len;
811# ifdef SCTP_AUTHENTICATION_EVENT
812# ifdef SCTP_EVENT
813 struct sctp_event event;
814# else
815 struct sctp_event_subscribe event;
816# endif
817# endif
818
819 bio = BIO_new(BIO_s_datagram_sctp());
820 if (bio == NULL)
821 return NULL;
822 BIO_set_fd(bio, fd, close_flag);
823
824 /* Activate SCTP-AUTH for DATA and FORWARD-TSN chunks */
825 auth.sauth_chunk = OPENSSL_SCTP_DATA_CHUNK_TYPE;
826 ret =
827 setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth,
828 sizeof(struct sctp_authchunk));
829 if (ret < 0) {
830 BIO_vfree(bio);
831 ERR_raise_data(ERR_LIB_BIO, ERR_R_SYS_LIB,
832 "Ensure SCTP AUTH chunks are enabled in kernel");
833 return NULL;
834 }
835 auth.sauth_chunk = OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE;
836 ret =
837 setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth,
838 sizeof(struct sctp_authchunk));
839 if (ret < 0) {
840 BIO_vfree(bio);
841 ERR_raise_data(ERR_LIB_BIO, ERR_R_SYS_LIB,
842 "Ensure SCTP AUTH chunks are enabled in kernel");
843 return NULL;
844 }
845
846 /*
847 * Test if activation was successful. When using accept(), SCTP-AUTH has
848 * to be activated for the listening socket already, otherwise the
849 * connected socket won't use it. Similarly with connect(): the socket
850 * prior to connection must be activated for SCTP-AUTH
851 */
852 sockopt_len = (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
853 authchunks = OPENSSL_zalloc(sockopt_len);
854 if (authchunks == NULL) {
855 BIO_vfree(bio);
856 return NULL;
857 }
858 ret = getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks,
859 &sockopt_len);
860 if (ret < 0) {
861 OPENSSL_free(authchunks);
862 BIO_vfree(bio);
863 return NULL;
864 }
865
866 for (p = (unsigned char *)authchunks->gauth_chunks;
867 p < (unsigned char *)authchunks + sockopt_len;
868 p += sizeof(uint8_t)) {
869 if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE)
870 auth_data = 1;
871 if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE)
872 auth_forward = 1;
873 }
874
875 OPENSSL_free(authchunks);
876
877 if (!auth_data || !auth_forward) {
878 BIO_vfree(bio);
879 ERR_raise_data(ERR_LIB_BIO, ERR_R_SYS_LIB,
880 "Ensure SCTP AUTH chunks are enabled on the "
881 "underlying socket");
882 return NULL;
883 }
884
885# ifdef SCTP_AUTHENTICATION_EVENT
886# ifdef SCTP_EVENT
887 memset(&event, 0, sizeof(event));
888 event.se_assoc_id = 0;
889 event.se_type = SCTP_AUTHENTICATION_EVENT;
890 event.se_on = 1;
891 ret =
892 setsockopt(fd, IPPROTO_SCTP, SCTP_EVENT, &event,
893 sizeof(struct sctp_event));
894 if (ret < 0) {
895 BIO_vfree(bio);
896 return NULL;
897 }
898# else
899 sockopt_len = (socklen_t) sizeof(struct sctp_event_subscribe);
900 ret = getsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event, &sockopt_len);
901 if (ret < 0) {
902 BIO_vfree(bio);
903 return NULL;
904 }
905
906 event.sctp_authentication_event = 1;
907
908 ret =
909 setsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event,
910 sizeof(struct sctp_event_subscribe));
911 if (ret < 0) {
912 BIO_vfree(bio);
913 return NULL;
914 }
915# endif
916# endif
917
918 /*
919 * Disable partial delivery by setting the min size larger than the max
920 * record size of 2^14 + 2048 + 13
921 */
922 ret =
923 setsockopt(fd, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT, &optval,
924 sizeof(optval));
925 if (ret < 0) {
926 BIO_vfree(bio);
927 return NULL;
928 }
929
930 return bio;
931}
932
933int BIO_dgram_is_sctp(BIO *bio)
934{
935 return (BIO_method_type(bio) == BIO_TYPE_DGRAM_SCTP);
936}
937
938static int dgram_sctp_new(BIO *bi)
939{
940 bio_dgram_sctp_data *data = NULL;
941
942 bi->init = 0;
943 bi->num = 0;
944 if ((data = OPENSSL_zalloc(sizeof(*data))) == NULL) {
945 ERR_raise(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE);
946 return 0;
947 }
948# ifdef SCTP_PR_SCTP_NONE
949 data->prinfo.pr_policy = SCTP_PR_SCTP_NONE;
950# endif
951 bi->ptr = data;
952
953 bi->flags = 0;
954 return 1;
955}
956
957static int dgram_sctp_free(BIO *a)
958{
959 bio_dgram_sctp_data *data;
960
961 if (a == NULL)
962 return 0;
963 if (!dgram_clear(a))
964 return 0;
965
966 data = (bio_dgram_sctp_data *) a->ptr;
967 if (data != NULL)
968 OPENSSL_free(data);
969
970 return 1;
971}
972
973# ifdef SCTP_AUTHENTICATION_EVENT
974void dgram_sctp_handle_auth_free_key_event(BIO *b,
975 union sctp_notification *snp)
976{
977 int ret;
978 struct sctp_authkey_event *authkeyevent = &snp->sn_auth_event;
979
980 if (authkeyevent->auth_indication == SCTP_AUTH_FREE_KEY) {
981 struct sctp_authkeyid authkeyid;
982
983 /* delete key */
984 authkeyid.scact_keynumber = authkeyevent->auth_keynumber;
985 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DELETE_KEY,
986 &authkeyid, sizeof(struct sctp_authkeyid));
987 }
988}
989# endif
990
991static int dgram_sctp_read(BIO *b, char *out, int outl)
992{
993 int ret = 0, n = 0, i, optval;
994 socklen_t optlen;
995 bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
996 struct msghdr msg;
997 struct iovec iov;
998 struct cmsghdr *cmsg;
999 char cmsgbuf[512];
1000
1001 if (out != NULL) {
1002 clear_socket_error();
1003
1004 do {
1005 memset(&data->rcvinfo, 0, sizeof(data->rcvinfo));
1006 iov.iov_base = out;
1007 iov.iov_len = outl;
1008 msg.msg_name = NULL;
1009 msg.msg_namelen = 0;
1010 msg.msg_iov = &iov;
1011 msg.msg_iovlen = 1;
1012 msg.msg_control = cmsgbuf;
1013 msg.msg_controllen = 512;
1014 msg.msg_flags = 0;
1015 n = recvmsg(b->num, &msg, 0);
1016
1017 if (n <= 0) {
1018 if (n < 0)
1019 ret = n;
1020 break;
1021 }
1022
1023 if (msg.msg_controllen > 0) {
1024 for (cmsg = CMSG_FIRSTHDR(&msg); cmsg;
1025 cmsg = CMSG_NXTHDR(&msg, cmsg)) {
1026 if (cmsg->cmsg_level != IPPROTO_SCTP)
1027 continue;
1028# ifdef SCTP_RCVINFO
1029 if (cmsg->cmsg_type == SCTP_RCVINFO) {
1030 struct sctp_rcvinfo *rcvinfo;
1031
1032 rcvinfo = (struct sctp_rcvinfo *)CMSG_DATA(cmsg);
1033 data->rcvinfo.rcv_sid = rcvinfo->rcv_sid;
1034 data->rcvinfo.rcv_ssn = rcvinfo->rcv_ssn;
1035 data->rcvinfo.rcv_flags = rcvinfo->rcv_flags;
1036 data->rcvinfo.rcv_ppid = rcvinfo->rcv_ppid;
1037 data->rcvinfo.rcv_tsn = rcvinfo->rcv_tsn;
1038 data->rcvinfo.rcv_cumtsn = rcvinfo->rcv_cumtsn;
1039 data->rcvinfo.rcv_context = rcvinfo->rcv_context;
1040 }
1041# endif
1042# ifdef SCTP_SNDRCV
1043 if (cmsg->cmsg_type == SCTP_SNDRCV) {
1044 struct sctp_sndrcvinfo *sndrcvinfo;
1045
1046 sndrcvinfo =
1047 (struct sctp_sndrcvinfo *)CMSG_DATA(cmsg);
1048 data->rcvinfo.rcv_sid = sndrcvinfo->sinfo_stream;
1049 data->rcvinfo.rcv_ssn = sndrcvinfo->sinfo_ssn;
1050 data->rcvinfo.rcv_flags = sndrcvinfo->sinfo_flags;
1051 data->rcvinfo.rcv_ppid = sndrcvinfo->sinfo_ppid;
1052 data->rcvinfo.rcv_tsn = sndrcvinfo->sinfo_tsn;
1053 data->rcvinfo.rcv_cumtsn = sndrcvinfo->sinfo_cumtsn;
1054 data->rcvinfo.rcv_context = sndrcvinfo->sinfo_context;
1055 }
1056# endif
1057 }
1058 }
1059
1060 if (msg.msg_flags & MSG_NOTIFICATION) {
1061 union sctp_notification snp;
1062
1063 memcpy(&snp, out, sizeof(snp));
1064 if (snp.sn_header.sn_type == SCTP_SENDER_DRY_EVENT) {
1065# ifdef SCTP_EVENT
1066 struct sctp_event event;
1067# else
1068 struct sctp_event_subscribe event;
1069 socklen_t eventsize;
1070# endif
1071
1072 /* disable sender dry event */
1073# ifdef SCTP_EVENT
1074 memset(&event, 0, sizeof(event));
1075 event.se_assoc_id = 0;
1076 event.se_type = SCTP_SENDER_DRY_EVENT;
1077 event.se_on = 0;
1078 i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event,
1079 sizeof(struct sctp_event));
1080 if (i < 0) {
1081 ret = i;
1082 break;
1083 }
1084# else
1085 eventsize = sizeof(struct sctp_event_subscribe);
1086 i = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
1087 &eventsize);
1088 if (i < 0) {
1089 ret = i;
1090 break;
1091 }
1092
1093 event.sctp_sender_dry_event = 0;
1094
1095 i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
1096 sizeof(struct sctp_event_subscribe));
1097 if (i < 0) {
1098 ret = i;
1099 break;
1100 }
1101# endif
1102 }
1103# ifdef SCTP_AUTHENTICATION_EVENT
1104 if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT)
1105 dgram_sctp_handle_auth_free_key_event(b, &snp);
1106# endif
1107
1108 if (data->handle_notifications != NULL)
1109 data->handle_notifications(b, data->notification_context,
1110 (void *)out);
1111
1112 memset(&snp, 0, sizeof(snp));
1113 memset(out, 0, outl);
1114 } else {
1115 ret += n;
1116 }
1117 }
1118 while ((msg.msg_flags & MSG_NOTIFICATION) && (msg.msg_flags & MSG_EOR)
1119 && (ret < outl));
1120
1121 if (ret > 0 && !(msg.msg_flags & MSG_EOR)) {
1122 /* Partial message read, this should never happen! */
1123
1124 /*
1125 * The buffer was too small, this means the peer sent a message
1126 * that was larger than allowed.
1127 */
1128 if (ret == outl)
1129 return -1;
1130
1131 /*
1132 * Test if socket buffer can handle max record size (2^14 + 2048
1133 * + 13)
1134 */
1135 optlen = (socklen_t) sizeof(int);
1136 ret = getsockopt(b->num, SOL_SOCKET, SO_RCVBUF, &optval, &optlen);
1137 if (ret >= 0)
1138 OPENSSL_assert(optval >= 18445);
1139
1140 /*
1141 * Test if SCTP doesn't partially deliver below max record size
1142 * (2^14 + 2048 + 13)
1143 */
1144 optlen = (socklen_t) sizeof(int);
1145 ret =
1146 getsockopt(b->num, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT,
1147 &optval, &optlen);
1148 if (ret >= 0)
1149 OPENSSL_assert(optval >= 18445);
1150
1151 /*
1152 * Partially delivered notification??? Probably a bug....
1153 */
1154 OPENSSL_assert(!(msg.msg_flags & MSG_NOTIFICATION));
1155
1156 /*
1157 * Everything seems ok till now, so it's most likely a message
1158 * dropped by PR-SCTP.
1159 */
1160 memset(out, 0, outl);
1161 BIO_set_retry_read(b);
1162 return -1;
1163 }
1164
1165 BIO_clear_retry_flags(b);
1166 if (ret < 0) {
1167 if (BIO_dgram_should_retry(ret)) {
1168 BIO_set_retry_read(b);
1169 data->_errno = get_last_socket_error();
1170 }
1171 }
1172
1173 /* Test if peer uses SCTP-AUTH before continuing */
1174 if (!data->peer_auth_tested) {
1175 int ii, auth_data = 0, auth_forward = 0;
1176 unsigned char *p;
1177 struct sctp_authchunks *authchunks;
1178
1179 optlen =
1180 (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
1181 authchunks = OPENSSL_malloc(optlen);
1182 if (authchunks == NULL) {
1183 ERR_raise(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE);
1184 return -1;
1185 }
1186 memset(authchunks, 0, optlen);
1187 ii = getsockopt(b->num, IPPROTO_SCTP, SCTP_PEER_AUTH_CHUNKS,
1188 authchunks, &optlen);
1189
1190 if (ii >= 0)
1191 for (p = (unsigned char *)authchunks->gauth_chunks;
1192 p < (unsigned char *)authchunks + optlen;
1193 p += sizeof(uint8_t)) {
1194 if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE)
1195 auth_data = 1;
1196 if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE)
1197 auth_forward = 1;
1198 }
1199
1200 OPENSSL_free(authchunks);
1201
1202 if (!auth_data || !auth_forward) {
1203 ERR_raise(ERR_LIB_BIO, BIO_R_CONNECT_ERROR);
1204 return -1;
1205 }
1206
1207 data->peer_auth_tested = 1;
1208 }
1209 }
1210 return ret;
1211}
1212
1213/*
1214 * dgram_sctp_write - send message on SCTP socket
1215 * @b: BIO to write to
1216 * @in: data to send
1217 * @inl: amount of bytes in @in to send
1218 *
1219 * Returns -1 on error or the sent amount of bytes on success
1220 */
1221static int dgram_sctp_write(BIO *b, const char *in, int inl)
1222{
1223 int ret;
1224 bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
1225 struct bio_dgram_sctp_sndinfo *sinfo = &(data->sndinfo);
1226 struct bio_dgram_sctp_prinfo *pinfo = &(data->prinfo);
1227 struct bio_dgram_sctp_sndinfo handshake_sinfo;
1228 struct iovec iov[1];
1229 struct msghdr msg;
1230 struct cmsghdr *cmsg;
1231# if defined(SCTP_SNDINFO) && defined(SCTP_PRINFO)
1232 char cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndinfo)) +
1233 CMSG_SPACE(sizeof(struct sctp_prinfo))];
1234 struct sctp_sndinfo *sndinfo;
1235 struct sctp_prinfo *prinfo;
1236# else
1237 char cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndrcvinfo))];
1238 struct sctp_sndrcvinfo *sndrcvinfo;
1239# endif
1240
1241 clear_socket_error();
1242
1243 /*
1244 * If we're send anything else than application data, disable all user
1245 * parameters and flags.
1246 */
1247 if (in[0] != 23) {
1248 memset(&handshake_sinfo, 0, sizeof(handshake_sinfo));
1249# ifdef SCTP_SACK_IMMEDIATELY
1250 handshake_sinfo.snd_flags = SCTP_SACK_IMMEDIATELY;
1251# endif
1252 sinfo = &handshake_sinfo;
1253 }
1254
1255 /* We can only send a shutdown alert if the socket is dry */
1256 if (data->save_shutdown) {
1257 ret = BIO_dgram_sctp_wait_for_dry(b);
1258 if (ret < 0)
1259 return -1;
1260 if (ret == 0) {
1261 BIO_clear_retry_flags(b);
1262 BIO_set_retry_write(b);
1263 return -1;
1264 }
1265 }
1266
1267 iov[0].iov_base = (char *)in;
1268 iov[0].iov_len = inl;
1269 msg.msg_name = NULL;
1270 msg.msg_namelen = 0;
1271 msg.msg_iov = iov;
1272 msg.msg_iovlen = 1;
1273 msg.msg_control = (caddr_t) cmsgbuf;
1274 msg.msg_controllen = 0;
1275 msg.msg_flags = 0;
1276# if defined(SCTP_SNDINFO) && defined(SCTP_PRINFO)
1277 cmsg = (struct cmsghdr *)cmsgbuf;
1278 cmsg->cmsg_level = IPPROTO_SCTP;
1279 cmsg->cmsg_type = SCTP_SNDINFO;
1280 cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndinfo));
1281 sndinfo = (struct sctp_sndinfo *)CMSG_DATA(cmsg);
1282 memset(sndinfo, 0, sizeof(*sndinfo));
1283 sndinfo->snd_sid = sinfo->snd_sid;
1284 sndinfo->snd_flags = sinfo->snd_flags;
1285 sndinfo->snd_ppid = sinfo->snd_ppid;
1286 sndinfo->snd_context = sinfo->snd_context;
1287 msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_sndinfo));
1288
1289 cmsg =
1290 (struct cmsghdr *)&cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndinfo))];
1291 cmsg->cmsg_level = IPPROTO_SCTP;
1292 cmsg->cmsg_type = SCTP_PRINFO;
1293 cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_prinfo));
1294 prinfo = (struct sctp_prinfo *)CMSG_DATA(cmsg);
1295 memset(prinfo, 0, sizeof(*prinfo));
1296 prinfo->pr_policy = pinfo->pr_policy;
1297 prinfo->pr_value = pinfo->pr_value;
1298 msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_prinfo));
1299# else
1300 cmsg = (struct cmsghdr *)cmsgbuf;
1301 cmsg->cmsg_level = IPPROTO_SCTP;
1302 cmsg->cmsg_type = SCTP_SNDRCV;
1303 cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndrcvinfo));
1304 sndrcvinfo = (struct sctp_sndrcvinfo *)CMSG_DATA(cmsg);
1305 memset(sndrcvinfo, 0, sizeof(*sndrcvinfo));
1306 sndrcvinfo->sinfo_stream = sinfo->snd_sid;
1307 sndrcvinfo->sinfo_flags = sinfo->snd_flags;
1308# ifdef __FreeBSD__
1309 sndrcvinfo->sinfo_flags |= pinfo->pr_policy;
1310# endif
1311 sndrcvinfo->sinfo_ppid = sinfo->snd_ppid;
1312 sndrcvinfo->sinfo_context = sinfo->snd_context;
1313 sndrcvinfo->sinfo_timetolive = pinfo->pr_value;
1314 msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_sndrcvinfo));
1315# endif
1316
1317 ret = sendmsg(b->num, &msg, 0);
1318
1319 BIO_clear_retry_flags(b);
1320 if (ret <= 0) {
1321 if (BIO_dgram_should_retry(ret)) {
1322 BIO_set_retry_write(b);
1323 data->_errno = get_last_socket_error();
1324 }
1325 }
1326 return ret;
1327}
1328
1329static long dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr)
1330{
1331 long ret = 1;
1332 bio_dgram_sctp_data *data = NULL;
1333 socklen_t sockopt_len = 0;
1334 struct sctp_authkeyid authkeyid;
1335 struct sctp_authkey *authkey = NULL;
1336
1337 data = (bio_dgram_sctp_data *) b->ptr;
1338
1339 switch (cmd) {
1340 case BIO_CTRL_DGRAM_QUERY_MTU:
1341 /*
1342 * Set to maximum (2^14) and ignore user input to enable transport
1343 * protocol fragmentation. Returns always 2^14.
1344 */
1345 data->mtu = 16384;
1346 ret = data->mtu;
1347 break;
1348 case BIO_CTRL_DGRAM_SET_MTU:
1349 /*
1350 * Set to maximum (2^14) and ignore input to enable transport
1351 * protocol fragmentation. Returns always 2^14.
1352 */
1353 data->mtu = 16384;
1354 ret = data->mtu;
1355 break;
1356 case BIO_CTRL_DGRAM_SET_CONNECTED:
1357 case BIO_CTRL_DGRAM_CONNECT:
1358 /* Returns always -1. */
1359 ret = -1;
1360 break;
1361 case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT:
1362 /*
1363 * SCTP doesn't need the DTLS timer Returns always 1.
1364 */
1365 break;
1366 case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD:
1367 /*
1368 * We allow transport protocol fragmentation so this is irrelevant
1369 */
1370 ret = 0;
1371 break;
1372 case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE:
1373 if (num > 0)
1374 data->in_handshake = 1;
1375 else
1376 data->in_handshake = 0;
1377
1378 ret =
1379 setsockopt(b->num, IPPROTO_SCTP, SCTP_NODELAY,
1380 &data->in_handshake, sizeof(int));
1381 break;
1382 case BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY:
1383 /*
1384 * New shared key for SCTP AUTH. Returns 0 on success, -1 otherwise.
1385 */
1386
1387 /* Get active key */
1388 sockopt_len = sizeof(struct sctp_authkeyid);
1389 ret =
1390 getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid,
1391 &sockopt_len);
1392 if (ret < 0)
1393 break;
1394
1395 /* Add new key */
1396 sockopt_len = sizeof(struct sctp_authkey) + 64 * sizeof(uint8_t);
1397 authkey = OPENSSL_malloc(sockopt_len);
1398 if (authkey == NULL) {
1399 ret = -1;
1400 break;
1401 }
1402 memset(authkey, 0, sockopt_len);
1403 authkey->sca_keynumber = authkeyid.scact_keynumber + 1;
1404# ifndef __FreeBSD__
1405 /*
1406 * This field is missing in FreeBSD 8.2 and earlier, and FreeBSD 8.3
1407 * and higher work without it.
1408 */
1409 authkey->sca_keylength = 64;
1410# endif
1411 memcpy(&authkey->sca_key[0], ptr, 64 * sizeof(uint8_t));
1412
1413 ret =
1414 setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_KEY, authkey,
1415 sockopt_len);
1416 OPENSSL_free(authkey);
1417 authkey = NULL;
1418 if (ret < 0)
1419 break;
1420
1421 /* Reset active key */
1422 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY,
1423 &authkeyid, sizeof(struct sctp_authkeyid));
1424 if (ret < 0)
1425 break;
1426
1427 break;
1428 case BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY:
1429 /* Returns 0 on success, -1 otherwise. */
1430
1431 /* Get active key */
1432 sockopt_len = sizeof(struct sctp_authkeyid);
1433 ret =
1434 getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid,
1435 &sockopt_len);
1436 if (ret < 0)
1437 break;
1438
1439 /* Set active key */
1440 authkeyid.scact_keynumber = authkeyid.scact_keynumber + 1;
1441 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY,
1442 &authkeyid, sizeof(struct sctp_authkeyid));
1443 if (ret < 0)
1444 break;
1445
1446 /*
1447 * CCS has been sent, so remember that and fall through to check if
1448 * we need to deactivate an old key
1449 */
1450 data->ccs_sent = 1;
1451 /* fall-through */
1452
1453 case BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD:
1454 /* Returns 0 on success, -1 otherwise. */
1455
1456 /*
1457 * Has this command really been called or is this just a
1458 * fall-through?
1459 */
1460 if (cmd == BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD)
1461 data->ccs_rcvd = 1;
1462
1463 /*
1464 * CSS has been both, received and sent, so deactivate an old key
1465 */
1466 if (data->ccs_rcvd == 1 && data->ccs_sent == 1) {
1467 /* Get active key */
1468 sockopt_len = sizeof(struct sctp_authkeyid);
1469 ret =
1470 getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY,
1471 &authkeyid, &sockopt_len);
1472 if (ret < 0)
1473 break;
1474
1475 /*
1476 * Deactivate key or delete second last key if
1477 * SCTP_AUTHENTICATION_EVENT is not available.
1478 */
1479 authkeyid.scact_keynumber = authkeyid.scact_keynumber - 1;
1480# ifdef SCTP_AUTH_DEACTIVATE_KEY
1481 sockopt_len = sizeof(struct sctp_authkeyid);
1482 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DEACTIVATE_KEY,
1483 &authkeyid, sockopt_len);
1484 if (ret < 0)
1485 break;
1486# endif
1487# ifndef SCTP_AUTHENTICATION_EVENT
1488 if (authkeyid.scact_keynumber > 0) {
1489 authkeyid.scact_keynumber = authkeyid.scact_keynumber - 1;
1490 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DELETE_KEY,
1491 &authkeyid, sizeof(struct sctp_authkeyid));
1492 if (ret < 0)
1493 break;
1494 }
1495# endif
1496
1497 data->ccs_rcvd = 0;
1498 data->ccs_sent = 0;
1499 }
1500 break;
1501 case BIO_CTRL_DGRAM_SCTP_GET_SNDINFO:
1502 /* Returns the size of the copied struct. */
1503 if (num > (long)sizeof(struct bio_dgram_sctp_sndinfo))
1504 num = sizeof(struct bio_dgram_sctp_sndinfo);
1505
1506 memcpy(ptr, &(data->sndinfo), num);
1507 ret = num;
1508 break;
1509 case BIO_CTRL_DGRAM_SCTP_SET_SNDINFO:
1510 /* Returns the size of the copied struct. */
1511 if (num > (long)sizeof(struct bio_dgram_sctp_sndinfo))
1512 num = sizeof(struct bio_dgram_sctp_sndinfo);
1513
1514 memcpy(&(data->sndinfo), ptr, num);
1515 break;
1516 case BIO_CTRL_DGRAM_SCTP_GET_RCVINFO:
1517 /* Returns the size of the copied struct. */
1518 if (num > (long)sizeof(struct bio_dgram_sctp_rcvinfo))
1519 num = sizeof(struct bio_dgram_sctp_rcvinfo);
1520
1521 memcpy(ptr, &data->rcvinfo, num);
1522
1523 ret = num;
1524 break;
1525 case BIO_CTRL_DGRAM_SCTP_SET_RCVINFO:
1526 /* Returns the size of the copied struct. */
1527 if (num > (long)sizeof(struct bio_dgram_sctp_rcvinfo))
1528 num = sizeof(struct bio_dgram_sctp_rcvinfo);
1529
1530 memcpy(&(data->rcvinfo), ptr, num);
1531 break;
1532 case BIO_CTRL_DGRAM_SCTP_GET_PRINFO:
1533 /* Returns the size of the copied struct. */
1534 if (num > (long)sizeof(struct bio_dgram_sctp_prinfo))
1535 num = sizeof(struct bio_dgram_sctp_prinfo);
1536
1537 memcpy(ptr, &(data->prinfo), num);
1538 ret = num;
1539 break;
1540 case BIO_CTRL_DGRAM_SCTP_SET_PRINFO:
1541 /* Returns the size of the copied struct. */
1542 if (num > (long)sizeof(struct bio_dgram_sctp_prinfo))
1543 num = sizeof(struct bio_dgram_sctp_prinfo);
1544
1545 memcpy(&(data->prinfo), ptr, num);
1546 break;
1547 case BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN:
1548 /* Returns always 1. */
1549 if (num > 0)
1550 data->save_shutdown = 1;
1551 else
1552 data->save_shutdown = 0;
1553 break;
1554 case BIO_CTRL_DGRAM_SCTP_WAIT_FOR_DRY:
1555 return dgram_sctp_wait_for_dry(b);
1556 case BIO_CTRL_DGRAM_SCTP_MSG_WAITING:
1557 return dgram_sctp_msg_waiting(b);
1558
1559 default:
1560 /*
1561 * Pass to default ctrl function to process SCTP unspecific commands
1562 */
1563 ret = dgram_ctrl(b, cmd, num, ptr);
1564 break;
1565 }
1566 return ret;
1567}
1568
1569int BIO_dgram_sctp_notification_cb(BIO *b,
1570 BIO_dgram_sctp_notification_handler_fn handle_notifications,
1571 void *context)
1572{
1573 bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
1574
1575 if (handle_notifications != NULL) {
1576 data->handle_notifications = handle_notifications;
1577 data->notification_context = context;
1578 } else
1579 return -1;
1580
1581 return 0;
1582}
1583
1584/*
1585 * BIO_dgram_sctp_wait_for_dry - Wait for SCTP SENDER_DRY event
1586 * @b: The BIO to check for the dry event
1587 *
1588 * Wait until the peer confirms all packets have been received, and so that
1589 * our kernel doesn't have anything to send anymore. This is only received by
1590 * the peer's kernel, not the application.
1591 *
1592 * Returns:
1593 * -1 on error
1594 * 0 when not dry yet
1595 * 1 when dry
1596 */
1597int BIO_dgram_sctp_wait_for_dry(BIO *b)
1598{
1599 return (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SCTP_WAIT_FOR_DRY, 0, NULL);
1600}
1601
1602static int dgram_sctp_wait_for_dry(BIO *b)
1603{
1604 int is_dry = 0;
1605 int sockflags = 0;
1606 int n, ret;
1607 union sctp_notification snp;
1608 struct msghdr msg;
1609 struct iovec iov;
1610# ifdef SCTP_EVENT
1611 struct sctp_event event;
1612# else
1613 struct sctp_event_subscribe event;
1614 socklen_t eventsize;
1615# endif
1616 bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
1617
1618 /* set sender dry event */
1619# ifdef SCTP_EVENT
1620 memset(&event, 0, sizeof(event));
1621 event.se_assoc_id = 0;
1622 event.se_type = SCTP_SENDER_DRY_EVENT;
1623 event.se_on = 1;
1624 ret =
1625 setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event,
1626 sizeof(struct sctp_event));
1627# else
1628 eventsize = sizeof(struct sctp_event_subscribe);
1629 ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, &eventsize);
1630 if (ret < 0)
1631 return -1;
1632
1633 event.sctp_sender_dry_event = 1;
1634
1635 ret =
1636 setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
1637 sizeof(struct sctp_event_subscribe));
1638# endif
1639 if (ret < 0)
1640 return -1;
1641
1642 /* peek for notification */
1643 memset(&snp, 0, sizeof(snp));
1644 iov.iov_base = (char *)&snp;
1645 iov.iov_len = sizeof(union sctp_notification);
1646 msg.msg_name = NULL;
1647 msg.msg_namelen = 0;
1648 msg.msg_iov = &iov;
1649 msg.msg_iovlen = 1;
1650 msg.msg_control = NULL;
1651 msg.msg_controllen = 0;
1652 msg.msg_flags = 0;
1653
1654 n = recvmsg(b->num, &msg, MSG_PEEK);
1655 if (n <= 0) {
1656 if ((n < 0) && (get_last_socket_error() != EAGAIN)
1657 && (get_last_socket_error() != EWOULDBLOCK))
1658 return -1;
1659 else
1660 return 0;
1661 }
1662
1663 /* if we find a notification, process it and try again if necessary */
1664 while (msg.msg_flags & MSG_NOTIFICATION) {
1665 memset(&snp, 0, sizeof(snp));
1666 iov.iov_base = (char *)&snp;
1667 iov.iov_len = sizeof(union sctp_notification);
1668 msg.msg_name = NULL;
1669 msg.msg_namelen = 0;
1670 msg.msg_iov = &iov;
1671 msg.msg_iovlen = 1;
1672 msg.msg_control = NULL;
1673 msg.msg_controllen = 0;
1674 msg.msg_flags = 0;
1675
1676 n = recvmsg(b->num, &msg, 0);
1677 if (n <= 0) {
1678 if ((n < 0) && (get_last_socket_error() != EAGAIN)
1679 && (get_last_socket_error() != EWOULDBLOCK))
1680 return -1;
1681 else
1682 return is_dry;
1683 }
1684
1685 if (snp.sn_header.sn_type == SCTP_SENDER_DRY_EVENT) {
1686 is_dry = 1;
1687
1688 /* disable sender dry event */
1689# ifdef SCTP_EVENT
1690 memset(&event, 0, sizeof(event));
1691 event.se_assoc_id = 0;
1692 event.se_type = SCTP_SENDER_DRY_EVENT;
1693 event.se_on = 0;
1694 ret =
1695 setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event,
1696 sizeof(struct sctp_event));
1697# else
1698 eventsize = (socklen_t) sizeof(struct sctp_event_subscribe);
1699 ret =
1700 getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
1701 &eventsize);
1702 if (ret < 0)
1703 return -1;
1704
1705 event.sctp_sender_dry_event = 0;
1706
1707 ret =
1708 setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
1709 sizeof(struct sctp_event_subscribe));
1710# endif
1711 if (ret < 0)
1712 return -1;
1713 }
1714# ifdef SCTP_AUTHENTICATION_EVENT
1715 if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT)
1716 dgram_sctp_handle_auth_free_key_event(b, &snp);
1717# endif
1718
1719 if (data->handle_notifications != NULL)
1720 data->handle_notifications(b, data->notification_context,
1721 (void *)&snp);
1722
1723 /* found notification, peek again */
1724 memset(&snp, 0, sizeof(snp));
1725 iov.iov_base = (char *)&snp;
1726 iov.iov_len = sizeof(union sctp_notification);
1727 msg.msg_name = NULL;
1728 msg.msg_namelen = 0;
1729 msg.msg_iov = &iov;
1730 msg.msg_iovlen = 1;
1731 msg.msg_control = NULL;
1732 msg.msg_controllen = 0;
1733 msg.msg_flags = 0;
1734
1735 /* if we have seen the dry already, don't wait */
1736 if (is_dry) {
1737 sockflags = fcntl(b->num, F_GETFL, 0);
1738 fcntl(b->num, F_SETFL, O_NONBLOCK);
1739 }
1740
1741 n = recvmsg(b->num, &msg, MSG_PEEK);
1742
1743 if (is_dry) {
1744 fcntl(b->num, F_SETFL, sockflags);
1745 }
1746
1747 if (n <= 0) {
1748 if ((n < 0) && (get_last_socket_error() != EAGAIN)
1749 && (get_last_socket_error() != EWOULDBLOCK))
1750 return -1;
1751 else
1752 return is_dry;
1753 }
1754 }
1755
1756 /* read anything else */
1757 return is_dry;
1758}
1759
1760int BIO_dgram_sctp_msg_waiting(BIO *b)
1761{
1762 return (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SCTP_MSG_WAITING, 0, NULL);
1763}
1764
1765static int dgram_sctp_msg_waiting(BIO *b)
1766{
1767 int n, sockflags;
1768 union sctp_notification snp;
1769 struct msghdr msg;
1770 struct iovec iov;
1771 bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
1772
1773 /* Check if there are any messages waiting to be read */
1774 do {
1775 memset(&snp, 0, sizeof(snp));
1776 iov.iov_base = (char *)&snp;
1777 iov.iov_len = sizeof(union sctp_notification);
1778 msg.msg_name = NULL;
1779 msg.msg_namelen = 0;
1780 msg.msg_iov = &iov;
1781 msg.msg_iovlen = 1;
1782 msg.msg_control = NULL;
1783 msg.msg_controllen = 0;
1784 msg.msg_flags = 0;
1785
1786 sockflags = fcntl(b->num, F_GETFL, 0);
1787 fcntl(b->num, F_SETFL, O_NONBLOCK);
1788 n = recvmsg(b->num, &msg, MSG_PEEK);
1789 fcntl(b->num, F_SETFL, sockflags);
1790
1791 /* if notification, process and try again */
1792 if (n > 0 && (msg.msg_flags & MSG_NOTIFICATION)) {
1793# ifdef SCTP_AUTHENTICATION_EVENT
1794 if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT)
1795 dgram_sctp_handle_auth_free_key_event(b, &snp);
1796# endif
1797
1798 memset(&snp, 0, sizeof(snp));
1799 iov.iov_base = (char *)&snp;
1800 iov.iov_len = sizeof(union sctp_notification);
1801 msg.msg_name = NULL;
1802 msg.msg_namelen = 0;
1803 msg.msg_iov = &iov;
1804 msg.msg_iovlen = 1;
1805 msg.msg_control = NULL;
1806 msg.msg_controllen = 0;
1807 msg.msg_flags = 0;
1808 n = recvmsg(b->num, &msg, 0);
1809
1810 if (data->handle_notifications != NULL)
1811 data->handle_notifications(b, data->notification_context,
1812 (void *)&snp);
1813 }
1814
1815 } while (n > 0 && (msg.msg_flags & MSG_NOTIFICATION));
1816
1817 /* Return 1 if there is a message to be read, return 0 otherwise. */
1818 if (n > 0)
1819 return 1;
1820 else
1821 return 0;
1822}
1823
1824static int dgram_sctp_puts(BIO *bp, const char *str)
1825{
1826 int n, ret;
1827
1828 n = strlen(str);
1829 ret = dgram_sctp_write(bp, str, n);
1830 return ret;
1831}
1832# endif
1833
1834static int BIO_dgram_should_retry(int i)
1835{
1836 int err;
1837
1838 if ((i == 0) || (i == -1)) {
1839 err = get_last_socket_error();
1840
1841# if defined(OPENSSL_SYS_WINDOWS)
1842 /*
1843 * If the socket return value (i) is -1 and err is unexpectedly 0 at
1844 * this point, the error code was overwritten by another system call
1845 * before this error handling is called.
1846 */
1847# endif
1848
1849 return BIO_dgram_non_fatal_error(err);
1850 }
1851 return 0;
1852}
1853
1854int BIO_dgram_non_fatal_error(int err)
1855{
1856 switch (err) {
1857# if defined(OPENSSL_SYS_WINDOWS)
1858# if defined(WSAEWOULDBLOCK)
1859 case WSAEWOULDBLOCK:
1860# endif
1861# endif
1862
1863# ifdef EWOULDBLOCK
1864# ifdef WSAEWOULDBLOCK
1865# if WSAEWOULDBLOCK != EWOULDBLOCK
1866 case EWOULDBLOCK:
1867# endif
1868# else
1869 case EWOULDBLOCK:
1870# endif
1871# endif
1872
1873# ifdef EINTR
1874 case EINTR:
1875# endif
1876
1877# ifdef EAGAIN
1878# if EWOULDBLOCK != EAGAIN
1879 case EAGAIN:
1880# endif
1881# endif
1882
1883# ifdef EPROTO
1884 case EPROTO:
1885# endif
1886
1887# ifdef EINPROGRESS
1888 case EINPROGRESS:
1889# endif
1890
1891# ifdef EALREADY
1892 case EALREADY:
1893# endif
1894
1895 return 1;
1896 default:
1897 break;
1898 }
1899 return 0;
1900}
1901
1902static void get_current_time(struct timeval *t)
1903{
1904# if defined(_WIN32)
1905 SYSTEMTIME st;
1906 unsigned __int64 now_ul;
1907 FILETIME now_ft;
1908
1909 GetSystemTime(&st);
1910 SystemTimeToFileTime(&st, &now_ft);
1911 now_ul = ((unsigned __int64)now_ft.dwHighDateTime << 32) | now_ft.dwLowDateTime;
1912# ifdef __MINGW32__
1913 now_ul -= 116444736000000000ULL;
1914# else
1915 now_ul -= 116444736000000000UI64; /* re-bias to 1/1/1970 */
1916# endif
1917 t->tv_sec = (long)(now_ul / 10000000);
1918 t->tv_usec = ((int)(now_ul % 10000000)) / 10;
1919# else
1920 if (gettimeofday(t, NULL) < 0)
1921 perror("gettimeofday");
1922# endif
1923}
1924
1925#endif
注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

© 2025 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette