2 * Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
17 #include "internal/time.h"
18 #include "bio_local.h"
19 #ifndef OPENSSL_NO_DGRAM
21 # ifndef OPENSSL_NO_SCTP
22 # include <netinet/sctp.h>
24 # define OPENSSL_SCTP_DATA_CHUNK_TYPE 0x00
25 # define OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE 0xc0
28 # if defined(OPENSSL_SYS_LINUX) && !defined(IP_MTU)
29 # define IP_MTU 14 /* linux is lame */
32 # if OPENSSL_USE_IPV6 && !defined(IPPROTO_IPV6)
33 # define IPPROTO_IPV6 41 /* windows is lame */
36 # if defined(__FreeBSD__) && defined(IN6_IS_ADDR_V4MAPPED)
37 /* Standard definition causes type-punning problems. */
38 # undef IN6_IS_ADDR_V4MAPPED
39 # define s6_addr32 __u6_addr.__u6_addr32
40 # define IN6_IS_ADDR_V4MAPPED(a) \
41 (((a)->s6_addr32[0] == 0) && \
42 ((a)->s6_addr32[1] == 0) && \
43 ((a)->s6_addr32[2] == htonl(0x0000ffff)))
46 /* Determine what method to use for BIO_sendmmsg and BIO_recvmmsg. */
47 # define M_METHOD_NONE 0
48 # define M_METHOD_RECVMMSG 1
49 # define M_METHOD_RECVMSG 2
50 # define M_METHOD_RECVFROM 3
51 # define M_METHOD_WSARECVMSG 4
53 # if !defined(M_METHOD)
54 # if defined(OPENSSL_SYS_WINDOWS) && defined(BIO_HAVE_WSAMSG) && !defined(NO_WSARECVMSG)
55 # define M_METHOD M_METHOD_WSARECVMSG
56 # elif !defined(OPENSSL_SYS_WINDOWS) && defined(MSG_WAITFORONE) && !defined(NO_RECVMMSG)
57 # define M_METHOD M_METHOD_RECVMMSG
58 # elif !defined(OPENSSL_SYS_WINDOWS) && defined(CMSG_LEN) && !defined(NO_RECVMSG)
59 # define M_METHOD M_METHOD_RECVMSG
60 # elif !defined(NO_RECVFROM)
61 # define M_METHOD M_METHOD_RECVFROM
63 # define M_METHOD M_METHOD_NONE
67 # if defined(OPENSSL_SYS_WINDOWS)
68 # define BIO_CMSG_SPACE(x) WSA_CMSG_SPACE(x)
69 # define BIO_CMSG_FIRSTHDR(x) WSA_CMSG_FIRSTHDR(x)
70 # define BIO_CMSG_NXTHDR(x, y) WSA_CMSG_NXTHDR(x, y)
71 # define BIO_CMSG_DATA(x) WSA_CMSG_DATA(x)
72 # define BIO_CMSG_LEN(x) WSA_CMSG_LEN(x)
73 # define MSGHDR_TYPE WSAMSG
74 # define CMSGHDR_TYPE WSACMSGHDR
76 # define MSGHDR_TYPE struct msghdr
77 # define CMSGHDR_TYPE struct cmsghdr
78 # define BIO_CMSG_SPACE(x) CMSG_SPACE(x)
79 # define BIO_CMSG_FIRSTHDR(x) CMSG_FIRSTHDR(x)
80 # define BIO_CMSG_NXTHDR(x, y) CMSG_NXTHDR(x, y)
81 # define BIO_CMSG_DATA(x) CMSG_DATA(x)
82 # define BIO_CMSG_LEN(x) CMSG_LEN(x)
85 # if M_METHOD == M_METHOD_RECVMMSG \
86 || M_METHOD == M_METHOD_RECVMSG \
87 || M_METHOD == M_METHOD_WSARECVMSG
88 # if defined(__APPLE__)
90 * CMSG_SPACE is not a constant expresson on OSX even though POSIX
91 * says it's supposed to be. This should be adequate.
93 # define BIO_CMSG_ALLOC_LEN 64
95 # if defined(IPV6_PKTINFO)
96 # define BIO_CMSG_ALLOC_LEN_1 BIO_CMSG_SPACE(sizeof(struct in6_pktinfo))
98 # define BIO_CMSG_ALLOC_LEN_1 0
100 # if defined(IP_PKTINFO)
101 # define BIO_CMSG_ALLOC_LEN_2 BIO_CMSG_SPACE(sizeof(struct in_pktinfo))
103 # define BIO_CMSG_ALLOC_LEN_2 0
105 # if defined(IP_RECVDSTADDR)
106 # define BIO_CMSG_ALLOC_LEN_3 BIO_CMSG_SPACE(sizeof(struct in_addr))
108 # define BIO_CMSG_ALLOC_LEN_3 0
110 # define BIO_MAX(X,Y) ((X) > (Y) ? (X) : (Y))
111 # define BIO_CMSG_ALLOC_LEN \
112 BIO_MAX(BIO_CMSG_ALLOC_LEN_1, \
113 BIO_MAX(BIO_CMSG_ALLOC_LEN_2, BIO_CMSG_ALLOC_LEN_3))
115 # if (defined(IP_PKTINFO) || defined(IP_RECVDSTADDR)) && defined(IPV6_RECVPKTINFO)
116 # define SUPPORT_LOCAL_ADDR
120 # define BIO_MSG_N(array, stride, n) (*(BIO_MSG *)((char *)(array) + (n)*(stride)))
122 static int dgram_write(BIO *h, const char *buf, int num);
123 static int dgram_read(BIO *h, char *buf, int size);
124 static int dgram_puts(BIO *h, const char *str);
125 static long dgram_ctrl(BIO *h, int cmd, long arg1, void *arg2);
126 static int dgram_new(BIO *h);
127 static int dgram_free(BIO *data);
128 static int dgram_clear(BIO *bio);
129 static int dgram_sendmmsg(BIO *b, BIO_MSG *msg,
130 size_t stride, size_t num_msg,
131 uint64_t flags, size_t *num_processed);
132 static int dgram_recvmmsg(BIO *b, BIO_MSG *msg,
133 size_t stride, size_t num_msg,
134 uint64_t flags, size_t *num_processed);
136 # ifndef OPENSSL_NO_SCTP
137 static int dgram_sctp_write(BIO *h, const char *buf, int num);
138 static int dgram_sctp_read(BIO *h, char *buf, int size);
139 static int dgram_sctp_puts(BIO *h, const char *str);
140 static long dgram_sctp_ctrl(BIO *h, int cmd, long arg1, void *arg2);
141 static int dgram_sctp_new(BIO *h);
142 static int dgram_sctp_free(BIO *data);
143 static int dgram_sctp_wait_for_dry(BIO *b);
144 static int dgram_sctp_msg_waiting(BIO *b);
145 # ifdef SCTP_AUTHENTICATION_EVENT
146 static void dgram_sctp_handle_auth_free_key_event(BIO *b, union sctp_notification
151 static int BIO_dgram_should_retry(int s);
153 static const BIO_METHOD methods_dgramp = {
161 NULL, /* dgram_gets, */
165 NULL, /* dgram_callback_ctrl */
170 # ifndef OPENSSL_NO_SCTP
171 static const BIO_METHOD methods_dgramp_sctp = {
173 "datagram sctp socket",
179 NULL, /* dgram_gets, */
183 NULL, /* dgram_callback_ctrl */
189 typedef struct bio_dgram_data_st {
192 unsigned int connected;
195 OSSL_TIME next_timeout;
196 OSSL_TIME socket_timeout;
197 unsigned int peekmode;
198 char local_addr_enabled;
201 # ifndef OPENSSL_NO_SCTP
202 typedef struct bio_dgram_sctp_save_message_st {
206 } bio_dgram_sctp_save_message;
208 typedef struct bio_dgram_sctp_data_st {
210 unsigned int connected;
213 struct bio_dgram_sctp_sndinfo sndinfo;
214 struct bio_dgram_sctp_rcvinfo rcvinfo;
215 struct bio_dgram_sctp_prinfo prinfo;
216 BIO_dgram_sctp_notification_handler_fn handle_notifications;
217 void *notification_context;
222 int peer_auth_tested;
223 } bio_dgram_sctp_data;
226 const BIO_METHOD *BIO_s_datagram(void)
228 return &methods_dgramp;
231 BIO *BIO_new_dgram(int fd, int close_flag)
235 ret = BIO_new(BIO_s_datagram());
238 BIO_set_fd(ret, fd, close_flag);
242 static int dgram_new(BIO *bi)
244 bio_dgram_data *data = OPENSSL_zalloc(sizeof(*data));
252 static int dgram_free(BIO *a)
254 bio_dgram_data *data;
261 data = (bio_dgram_data *)a->ptr;
267 static int dgram_clear(BIO *a)
273 BIO_closesocket(a->num);
281 static void dgram_adjust_rcv_timeout(BIO *b)
283 # if defined(SO_RCVTIMEO)
284 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
287 /* Is a timer active? */
288 if (!ossl_time_is_zero(data->next_timeout)) {
289 /* Read current socket timeout */
290 # ifdef OPENSSL_SYS_WINDOWS
292 int sz = sizeof(timeout);
294 if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
295 (void *)&timeout, &sz) < 0)
296 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
297 "calling getsockopt()");
299 data->socket_timeout = ossl_ms2time(timeout);
302 socklen_t sz = sizeof(tv);
304 if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &tv, &sz) < 0)
305 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
306 "calling getsockopt()");
308 data->socket_timeout = ossl_time_from_timeval(tv);
311 /* Calculate time left until timer expires */
312 timeleft = ossl_time_subtract(data->next_timeout, ossl_time_now());
313 if (ossl_time_compare(timeleft, ossl_ticks2time(OSSL_TIME_US)) < 0)
314 timeleft = ossl_ticks2time(OSSL_TIME_US);
317 * Adjust socket timeout if next handshake message timer will expire
320 if (ossl_time_is_zero(data->socket_timeout)
321 || ossl_time_compare(data->socket_timeout, timeleft) >= 0) {
322 # ifdef OPENSSL_SYS_WINDOWS
323 timeout = (int)ossl_time2ms(timeleft);
324 if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
325 (void *)&timeout, sizeof(timeout)) < 0)
326 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
327 "calling setsockopt()");
329 tv = ossl_time_to_timeval(timeleft);
330 if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &tv,
332 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
333 "calling setsockopt()");
340 static void dgram_update_local_addr(BIO *b)
342 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
343 socklen_t addr_len = sizeof(data->local_addr);
345 if (getsockname(b->num, &data->local_addr.sa, &addr_len) < 0)
347 * This should not be possible, but zero-initialize and return
350 BIO_ADDR_clear(&data->local_addr);
353 # if M_METHOD == M_METHOD_RECVMMSG || M_METHOD == M_METHOD_RECVMSG || M_METHOD == M_METHOD_WSARECVMSG
354 static int dgram_get_sock_family(BIO *b)
356 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
357 return data->local_addr.sa.sa_family;
361 static void dgram_reset_rcv_timeout(BIO *b)
363 # if defined(SO_RCVTIMEO)
364 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
366 /* Is a timer active? */
367 if (!ossl_time_is_zero(data->next_timeout)) {
368 # ifdef OPENSSL_SYS_WINDOWS
369 int timeout = (int)ossl_time2ms(data->socket_timeout);
371 if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
372 (void *)&timeout, sizeof(timeout)) < 0)
373 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
374 "calling setsockopt()");
376 struct timeval tv = ossl_time_to_timeval(data->socket_timeout);
378 if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv)) < 0)
379 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
380 "calling setsockopt()");
386 static int dgram_read(BIO *b, char *out, int outl)
389 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
393 socklen_t len = sizeof(peer);
396 clear_socket_error();
397 BIO_ADDR_clear(&peer);
398 dgram_adjust_rcv_timeout(b);
401 ret = recvfrom(b->num, out, outl, flags,
402 BIO_ADDR_sockaddr_noconst(&peer), &len);
404 if (!data->connected && ret >= 0)
405 BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &peer);
407 BIO_clear_retry_flags(b);
409 if (BIO_dgram_should_retry(ret)) {
410 BIO_set_retry_read(b);
411 data->_errno = get_last_socket_error();
415 dgram_reset_rcv_timeout(b);
420 static int dgram_write(BIO *b, const char *in, int inl)
423 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
424 clear_socket_error();
427 ret = writesocket(b->num, in, inl);
429 int peerlen = BIO_ADDR_sockaddr_size(&data->peer);
431 ret = sendto(b->num, in, inl, 0,
432 BIO_ADDR_sockaddr(&data->peer), peerlen);
435 BIO_clear_retry_flags(b);
437 if (BIO_dgram_should_retry(ret)) {
438 BIO_set_retry_write(b);
439 data->_errno = get_last_socket_error();
445 static long dgram_get_mtu_overhead(bio_dgram_data *data)
449 switch (BIO_ADDR_family(&data->peer)) {
452 * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP
456 # if OPENSSL_USE_IPV6
459 # ifdef IN6_IS_ADDR_V4MAPPED
460 struct in6_addr tmp_addr;
461 if (BIO_ADDR_rawaddress(&data->peer, &tmp_addr, NULL)
462 && IN6_IS_ADDR_V4MAPPED(&tmp_addr))
464 * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP
470 * Assume this is UDP - 40 bytes for IP, 8 bytes for UDP
477 /* We don't know. Go with the historical default */
484 /* Enables appropriate destination address reception option on the socket. */
485 # if defined(SUPPORT_LOCAL_ADDR)
486 static int enable_local_addr(BIO *b, int enable) {
487 int af = dgram_get_sock_family(b);
490 # if defined(IP_PKTINFO)
491 /* IP_PKTINFO is preferred */
492 if (setsockopt(b->num, IPPROTO_IP, IP_PKTINFO,
493 (void *)&enable, sizeof(enable)) < 0)
498 # elif defined(IP_RECVDSTADDR)
499 /* Fall back to IP_RECVDSTADDR */
501 if (setsockopt(b->num, IPPROTO_IP, IP_RECVDSTADDR,
502 &enable, sizeof(enable)) < 0)
509 # if OPENSSL_USE_IPV6
510 if (af == AF_INET6) {
511 # if defined(IPV6_RECVPKTINFO)
512 if (setsockopt(b->num, IPPROTO_IPV6, IPV6_RECVPKTINFO,
513 &enable, sizeof(enable)) < 0)
525 static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
529 bio_dgram_data *data = NULL;
531 /* There are currently no cases where this is used on djgpp/watt32. */
535 # if defined(OPENSSL_SYS_LINUX) && (defined(IP_MTU_DISCOVER) || defined(IP_MTU))
536 socklen_t sockopt_len; /* assume that system supporting IP_MTU is
537 * modern enough to define socklen_t */
542 data = (bio_dgram_data *)b->ptr;
554 b->num = *((int *)ptr);
555 b->shutdown = (int)num;
557 dgram_update_local_addr(b);
558 # if defined(SUPPORT_LOCAL_ADDR)
559 if (data->local_addr_enabled) {
560 if (enable_local_addr(b, 1) < 1)
561 data->local_addr_enabled = 0;
574 case BIO_CTRL_GET_CLOSE:
577 case BIO_CTRL_SET_CLOSE:
578 b->shutdown = (int)num;
580 case BIO_CTRL_PENDING:
581 case BIO_CTRL_WPENDING:
588 case BIO_CTRL_DGRAM_CONNECT:
589 BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr));
591 /* (Linux)kernel sets DF bit on outgoing IP packets */
592 case BIO_CTRL_DGRAM_MTU_DISCOVER:
593 # if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO)
594 addr_len = (socklen_t) sizeof(addr);
595 BIO_ADDR_clear(&addr);
596 if (getsockname(b->num, &addr.sa, &addr_len) < 0) {
600 switch (addr.sa.sa_family) {
602 sockopt_val = IP_PMTUDISC_DO;
603 if ((ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER,
604 &sockopt_val, sizeof(sockopt_val))) < 0)
605 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
606 "calling setsockopt()");
608 # if OPENSSL_USE_IPV6 && defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_DO)
610 sockopt_val = IPV6_PMTUDISC_DO;
611 if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
612 &sockopt_val, sizeof(sockopt_val))) < 0)
613 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
614 "calling setsockopt()");
625 case BIO_CTRL_DGRAM_QUERY_MTU:
626 # if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU)
627 addr_len = (socklen_t) sizeof(addr);
628 BIO_ADDR_clear(&addr);
629 if (getsockname(b->num, &addr.sa, &addr_len) < 0) {
633 sockopt_len = sizeof(sockopt_val);
634 switch (addr.sa.sa_family) {
637 getsockopt(b->num, IPPROTO_IP, IP_MTU, (void *)&sockopt_val,
638 &sockopt_len)) < 0 || sockopt_val < 0) {
642 * we assume that the transport protocol is UDP and no IP
645 data->mtu = sockopt_val - 8 - 20;
649 # if OPENSSL_USE_IPV6 && defined(IPV6_MTU)
652 getsockopt(b->num, IPPROTO_IPV6, IPV6_MTU,
653 (void *)&sockopt_val, &sockopt_len)) < 0
654 || sockopt_val < 0) {
658 * we assume that the transport protocol is UDP and no IPV6
661 data->mtu = sockopt_val - 8 - 40;
674 case BIO_CTRL_DGRAM_GET_FALLBACK_MTU:
675 ret = -dgram_get_mtu_overhead(data);
676 switch (BIO_ADDR_family(&data->peer)) {
680 # if OPENSSL_USE_IPV6
683 # ifdef IN6_IS_ADDR_V4MAPPED
684 struct in6_addr tmp_addr;
685 if (BIO_ADDR_rawaddress(&data->peer, &tmp_addr, NULL)
686 && IN6_IS_ADDR_V4MAPPED(&tmp_addr))
699 case BIO_CTRL_DGRAM_GET_MTU:
701 case BIO_CTRL_DGRAM_SET_MTU:
705 case BIO_CTRL_DGRAM_SET_CONNECTED:
708 BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr));
711 BIO_ADDR_clear(&data->peer);
714 case BIO_CTRL_DGRAM_GET_PEER:
715 ret = BIO_ADDR_sockaddr_size(&data->peer);
716 /* FIXME: if num < ret, we will only return part of an address.
717 That should bee an error, no? */
718 if (num == 0 || num > ret)
720 memcpy(ptr, &data->peer, (ret = num));
722 case BIO_CTRL_DGRAM_SET_PEER:
723 BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr));
725 case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT:
726 data->next_timeout = ossl_time_from_timeval(*(struct timeval *)ptr);
728 # if defined(SO_RCVTIMEO)
729 case BIO_CTRL_DGRAM_SET_RECV_TIMEOUT:
730 # ifdef OPENSSL_SYS_WINDOWS
732 struct timeval *tv = (struct timeval *)ptr;
733 int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000;
735 if ((ret = setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
736 (void *)&timeout, sizeof(timeout))) < 0)
737 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
738 "calling setsockopt()");
741 if ((ret = setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, ptr,
742 sizeof(struct timeval))) < 0)
743 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
744 "calling setsockopt()");
747 case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT:
749 # ifdef OPENSSL_SYS_WINDOWS
752 struct timeval *tv = (struct timeval *)ptr;
754 sz = sizeof(timeout);
755 if ((ret = getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
756 (void *)&timeout, &sz)) < 0) {
757 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
758 "calling getsockopt()");
760 tv->tv_sec = timeout / 1000;
761 tv->tv_usec = (timeout % 1000) * 1000;
765 socklen_t sz = sizeof(struct timeval);
766 if ((ret = getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
768 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
769 "calling getsockopt()");
771 OPENSSL_assert((size_t)sz <= sizeof(struct timeval));
778 # if defined(SO_SNDTIMEO)
779 case BIO_CTRL_DGRAM_SET_SEND_TIMEOUT:
780 # ifdef OPENSSL_SYS_WINDOWS
782 struct timeval *tv = (struct timeval *)ptr;
783 int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000;
785 if ((ret = setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
786 (void *)&timeout, sizeof(timeout))) < 0)
787 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
788 "calling setsockopt()");
791 if ((ret = setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, ptr,
792 sizeof(struct timeval))) < 0)
793 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
794 "calling setsockopt()");
797 case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT:
799 # ifdef OPENSSL_SYS_WINDOWS
802 struct timeval *tv = (struct timeval *)ptr;
804 sz = sizeof(timeout);
805 if ((ret = getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
806 (void *)&timeout, &sz)) < 0) {
807 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
808 "calling getsockopt()");
810 tv->tv_sec = timeout / 1000;
811 tv->tv_usec = (timeout % 1000) * 1000;
815 socklen_t sz = sizeof(struct timeval);
817 if ((ret = getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
819 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
820 "calling getsockopt()");
822 OPENSSL_assert((size_t)sz <= sizeof(struct timeval));
829 case BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP:
831 case BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP:
832 # ifdef OPENSSL_SYS_WINDOWS
833 d_errno = (data->_errno == WSAETIMEDOUT);
835 d_errno = (data->_errno == EAGAIN);
844 case BIO_CTRL_DGRAM_MTU_EXCEEDED:
845 if (data->_errno == EMSGSIZE) {
852 case BIO_CTRL_DGRAM_SET_DONT_FRAG:
853 switch (data->peer.sa.sa_family) {
855 # if defined(IP_DONTFRAG)
856 sockopt_val = num ? 1 : 0;
857 if ((ret = setsockopt(b->num, IPPROTO_IP, IP_DONTFRAG,
858 &sockopt_val, sizeof(sockopt_val))) < 0)
859 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
860 "calling setsockopt()");
861 # elif defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined (IP_PMTUDISC_PROBE)
862 sockopt_val = num ? IP_PMTUDISC_PROBE : IP_PMTUDISC_DONT;
863 if ((ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER,
864 &sockopt_val, sizeof(sockopt_val))) < 0)
865 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
866 "calling setsockopt()");
867 # elif defined(OPENSSL_SYS_WINDOWS) && defined(IP_DONTFRAGMENT)
868 sockopt_val = num ? 1 : 0;
869 if ((ret = setsockopt(b->num, IPPROTO_IP, IP_DONTFRAGMENT,
870 (const char *)&sockopt_val,
871 sizeof(sockopt_val))) < 0)
872 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
873 "calling setsockopt()");
878 # if OPENSSL_USE_IPV6
880 # if defined(IPV6_DONTFRAG)
881 sockopt_val = num ? 1 : 0;
882 if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_DONTFRAG,
883 (const void *)&sockopt_val,
884 sizeof(sockopt_val))) < 0)
885 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
886 "calling setsockopt()");
888 # elif defined(OPENSSL_SYS_LINUX) && defined(IPV6_MTUDISCOVER)
889 sockopt_val = num ? IP_PMTUDISC_PROBE : IP_PMTUDISC_DONT;
890 if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
891 &sockopt_val, sizeof(sockopt_val))) < 0)
892 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
893 "calling setsockopt()");
904 case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD:
905 ret = dgram_get_mtu_overhead(data);
909 * BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE is used here for compatibility
910 * reasons. When BIO_CTRL_DGRAM_SET_PEEK_MODE was first defined its value
911 * was incorrectly clashing with BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE. The
912 * value has been updated to a non-clashing value. However to preserve
913 * binary compatibility we now respond to both the old value and the new one
915 case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE:
916 case BIO_CTRL_DGRAM_SET_PEEK_MODE:
917 data->peekmode = (unsigned int)num;
920 case BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP:
921 # if defined(SUPPORT_LOCAL_ADDR)
928 case BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE:
929 # if defined(SUPPORT_LOCAL_ADDR)
931 if (num != data->local_addr_enabled) {
932 if (enable_local_addr(b, num) < 1) {
937 data->local_addr_enabled = (char)num;
944 case BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE:
945 *(int *)ptr = data->local_addr_enabled;
952 /* Normalize if error */
958 static int dgram_puts(BIO *bp, const char *str)
963 ret = dgram_write(bp, str, n);
967 # if M_METHOD == M_METHOD_WSARECVMSG
968 static void translate_msg_win(BIO *b, WSAMSG *mh, WSABUF *iov,
969 unsigned char *control, BIO_MSG *msg)
971 iov->len = msg->data_len;
972 iov->buf = msg->data;
974 /* Windows requires namelen to be set exactly */
975 mh->name = msg->peer != NULL ? &msg->peer->sa : NULL;
976 if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET)
977 mh->namelen = sizeof(struct sockaddr_in);
978 # if OPENSSL_USE_IPV6
979 else if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET6)
980 mh->namelen = sizeof(struct sockaddr_in6);
986 * When local address reception (IP_PKTINFO, etc.) is enabled, on Windows
987 * this causes WSARecvMsg to fail if the control buffer is too small to hold
988 * the structure, or if no control buffer is passed. So we need to give it
989 * the control buffer even if we aren't actually going to examine the
993 mh->dwBufferCount = 1;
994 mh->Control.len = BIO_CMSG_ALLOC_LEN;
995 mh->Control.buf = control;
1000 # if M_METHOD == M_METHOD_RECVMMSG || M_METHOD == M_METHOD_RECVMSG
1001 /* Translates a BIO_MSG to a msghdr and iovec. */
1002 static void translate_msg(BIO *b, struct msghdr *mh, struct iovec *iov,
1003 unsigned char *control, BIO_MSG *msg)
1005 iov->iov_base = msg->data;
1006 iov->iov_len = msg->data_len;
1008 /* macOS requires msg_namelen be 0 if msg_name is NULL */
1009 mh->msg_name = msg->peer != NULL ? &msg->peer->sa : NULL;
1010 if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET)
1011 mh->msg_namelen = sizeof(struct sockaddr_in);
1012 # if OPENSSL_USE_IPV6
1013 else if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET6)
1014 mh->msg_namelen = sizeof(struct sockaddr_in6);
1017 mh->msg_namelen = 0;
1021 mh->msg_control = msg->local != NULL ? control : NULL;
1022 mh->msg_controllen = msg->local != NULL ? BIO_CMSG_ALLOC_LEN : 0;
1027 # if M_METHOD == M_METHOD_RECVMMSG || M_METHOD == M_METHOD_RECVMSG || M_METHOD == M_METHOD_WSARECVMSG
1028 /* Extracts destination address from the control buffer. */
1029 static int extract_local(BIO *b, MSGHDR_TYPE *mh, BIO_ADDR *local) {
1030 # if defined(IP_PKTINFO) || defined(IP_RECVDSTADDR) || defined(IPV6_PKTINFO)
1032 int af = dgram_get_sock_family(b);
1034 for (cmsg = BIO_CMSG_FIRSTHDR(mh); cmsg != NULL;
1035 cmsg = BIO_CMSG_NXTHDR(mh, cmsg)) {
1036 if (af == AF_INET) {
1037 if (cmsg->cmsg_level != IPPROTO_IP)
1040 # if defined(IP_PKTINFO)
1041 if (cmsg->cmsg_type != IP_PKTINFO)
1044 local->s_in.sin_addr =
1045 ((struct in_pktinfo *)BIO_CMSG_DATA(cmsg))->ipi_addr;
1047 # elif defined(IP_RECVDSTADDR)
1048 if (cmsg->cmsg_type != IP_RECVDSTADDR)
1051 local->s_in.sin_addr = *(struct in_addr *)BIO_CMSG_DATA(cmsg);
1054 # if defined(IP_PKTINFO) || defined(IP_RECVDSTADDR)
1056 bio_dgram_data *data = b->ptr;
1058 local->s_in.sin_family = AF_INET;
1059 local->s_in.sin_port = data->local_addr.s_in.sin_port;
1064 # if OPENSSL_USE_IPV6
1065 else if (af == AF_INET6) {
1066 if (cmsg->cmsg_level != IPPROTO_IPV6)
1069 # if defined(IPV6_RECVPKTINFO)
1070 if (cmsg->cmsg_type != IPV6_PKTINFO)
1074 bio_dgram_data *data = b->ptr;
1076 local->s_in6.sin6_addr =
1077 ((struct in6_pktinfo *)BIO_CMSG_DATA(cmsg))->ipi6_addr;
1078 local->s_in6.sin6_family = AF_INET6;
1079 local->s_in6.sin6_port = data->local_addr.s_in6.sin6_port;
1080 local->s_in6.sin6_scope_id =
1081 data->local_addr.s_in6.sin6_scope_id;
1082 local->s_in6.sin6_flowinfo = 0;
1094 static int pack_local(BIO *b, MSGHDR_TYPE *mh, const BIO_ADDR *local) {
1095 int af = dgram_get_sock_family(b);
1096 # if defined(IP_PKTINFO) || defined(IP_RECVDSTADDR) || defined(IPV6_PKTINFO)
1098 bio_dgram_data *data = b->ptr;
1101 if (af == AF_INET) {
1102 # if defined(IP_PKTINFO)
1103 struct in_pktinfo *info;
1105 # if defined(OPENSSL_SYS_WINDOWS)
1106 cmsg = (CMSGHDR_TYPE *)mh->Control.buf;
1108 cmsg = (CMSGHDR_TYPE *)mh->msg_control;
1111 cmsg->cmsg_len = BIO_CMSG_LEN(sizeof(struct in_pktinfo));
1112 cmsg->cmsg_level = IPPROTO_IP;
1113 cmsg->cmsg_type = IP_PKTINFO;
1115 info = (struct in_pktinfo *)BIO_CMSG_DATA(cmsg);
1116 # if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_CYGWIN)
1117 info->ipi_spec_dst = local->s_in.sin_addr;
1119 info->ipi_addr.s_addr = 0;
1120 info->ipi_ifindex = 0;
1123 * We cannot override source port using this API, therefore
1124 * ensure the application specified a source port of 0
1125 * or the one we are bound to. (Better to error than silently
1128 if (local->s_in.sin_port != 0
1129 && data->local_addr.s_in.sin_port != local->s_in.sin_port) {
1130 ERR_raise(ERR_LIB_BIO, BIO_R_PORT_MISMATCH);
1134 # if defined(OPENSSL_SYS_WINDOWS)
1135 mh->Control.len = BIO_CMSG_SPACE(sizeof(struct in_pktinfo));
1137 mh->msg_controllen = BIO_CMSG_SPACE(sizeof(struct in_pktinfo));
1141 # elif defined(IP_SENDSRCADDR)
1142 struct in_addr *info;
1145 * At least FreeBSD is very pedantic about using IP_SENDSRCADDR when we
1146 * are not bound to 0.0.0.0 or ::, even if the address matches what we
1147 * bound to. Support this by not packing the structure if the address
1148 * matches our understanding of our local address. IP_SENDSRCADDR is a
1149 * BSD thing, so we don't need an explicit test for BSD here.
1151 if (local->s_in.sin_addr.s_addr == data->local_addr.s_in.sin_addr.s_addr) {
1152 mh->msg_control = NULL;
1153 mh->msg_controllen = 0;
1157 cmsg = (struct cmsghdr *)mh->msg_control;
1158 cmsg->cmsg_len = BIO_CMSG_LEN(sizeof(struct in_addr));
1159 cmsg->cmsg_level = IPPROTO_IP;
1160 cmsg->cmsg_type = IP_SENDSRCADDR;
1162 info = (struct in_addr *)BIO_CMSG_DATA(cmsg);
1163 *info = local->s_in.sin_addr;
1165 /* See comment above. */
1166 if (local->s_in.sin_port != 0
1167 && data->local_addr.s_in.sin_port != local->s_in.sin_port) {
1168 ERR_raise(ERR_LIB_BIO, BIO_R_PORT_MISMATCH);
1172 mh->msg_controllen = BIO_CMSG_SPACE(sizeof(struct in_addr));
1176 # if OPENSSL_USE_IPV6
1177 else if (af == AF_INET6) {
1178 # if defined(IPV6_PKTINFO)
1179 struct in6_pktinfo *info;
1181 # if defined(OPENSSL_SYS_WINDOWS)
1182 cmsg = (CMSGHDR_TYPE *)mh->Control.buf;
1184 cmsg = (CMSGHDR_TYPE *)mh->msg_control;
1186 cmsg->cmsg_len = BIO_CMSG_LEN(sizeof(struct in6_pktinfo));
1187 cmsg->cmsg_level = IPPROTO_IPV6;
1188 cmsg->cmsg_type = IPV6_PKTINFO;
1190 info = (struct in6_pktinfo *)BIO_CMSG_DATA(cmsg);
1191 info->ipi6_addr = local->s_in6.sin6_addr;
1192 info->ipi6_ifindex = 0;
1195 * See comment above, but also applies to the other fields
1198 if (local->s_in6.sin6_port != 0
1199 && data->local_addr.s_in6.sin6_port != local->s_in6.sin6_port) {
1200 ERR_raise(ERR_LIB_BIO, BIO_R_PORT_MISMATCH);
1204 if (local->s_in6.sin6_scope_id != 0
1205 && data->local_addr.s_in6.sin6_scope_id != local->s_in6.sin6_scope_id) {
1206 ERR_raise(ERR_LIB_BIO, BIO_R_PORT_MISMATCH);
1210 # if defined(OPENSSL_SYS_WINDOWS)
1211 mh->Control.len = BIO_CMSG_SPACE(sizeof(struct in6_pktinfo));
1213 mh->msg_controllen = BIO_CMSG_SPACE(sizeof(struct in6_pktinfo));
1225 * Converts flags passed to BIO_sendmmsg or BIO_recvmmsg to syscall flags. You
1226 * should mask out any system flags returned by this function you cannot support
1227 * in a particular circumstance. Currently no flags are defined.
1229 # if M_METHOD != M_METHOD_NONE
1230 static int translate_flags(uint64_t flags) {
1235 static int dgram_sendmmsg(BIO *b, BIO_MSG *msg, size_t stride,
1236 size_t num_msg, uint64_t flags, size_t *num_processed)
1238 # if M_METHOD != M_METHOD_NONE && M_METHOD != M_METHOD_RECVMSG
1241 # if M_METHOD == M_METHOD_RECVMMSG
1242 # define BIO_MAX_MSGS_PER_CALL 64
1244 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
1246 struct mmsghdr mh[BIO_MAX_MSGS_PER_CALL];
1247 struct iovec iov[BIO_MAX_MSGS_PER_CALL];
1248 unsigned char control[BIO_MAX_MSGS_PER_CALL][BIO_CMSG_ALLOC_LEN];
1249 int have_local_enabled = data->local_addr_enabled;
1250 # elif M_METHOD == M_METHOD_RECVMSG
1252 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
1256 unsigned char control[BIO_CMSG_ALLOC_LEN];
1257 int have_local_enabled = data->local_addr_enabled;
1258 # elif M_METHOD == M_METHOD_WSARECVMSG
1259 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
1260 int have_local_enabled = data->local_addr_enabled;
1263 DWORD num_bytes_sent = 0;
1264 unsigned char control[BIO_CMSG_ALLOC_LEN];
1266 # if M_METHOD == M_METHOD_RECVFROM || M_METHOD == M_METHOD_WSARECVMSG
1275 if (num_msg > OSSL_SSIZE_MAX)
1276 num_msg = OSSL_SSIZE_MAX;
1278 # if M_METHOD != M_METHOD_NONE
1279 sysflags = translate_flags(flags);
1282 # if M_METHOD == M_METHOD_RECVMMSG
1284 * In the sendmmsg/recvmmsg case, we need to allocate our translated struct
1285 * msghdr and struct iovec on the stack to support multithreaded use. Thus
1286 * we place a fixed limit on the number of messages per call, in the
1287 * expectation that we will be called again if there were more messages to
1290 if (num_msg > BIO_MAX_MSGS_PER_CALL)
1291 num_msg = BIO_MAX_MSGS_PER_CALL;
1293 for (i = 0; i < num_msg; ++i) {
1294 translate_msg(b, &mh[i].msg_hdr, &iov[i],
1295 control[i], &BIO_MSG_N(msg, stride, i));
1297 /* If local address was requested, it must have been enabled */
1298 if (BIO_MSG_N(msg, stride, i).local != NULL) {
1299 if (!have_local_enabled) {
1300 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1305 if (pack_local(b, &mh[i].msg_hdr,
1306 BIO_MSG_N(msg, stride, i).local) < 1) {
1307 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1315 ret = sendmmsg(b->num, mh, num_msg, sysflags);
1317 ERR_raise(ERR_LIB_SYS, get_last_socket_error());
1322 for (i = 0; i < (size_t)ret; ++i) {
1323 BIO_MSG_N(msg, stride, i).data_len = mh[i].msg_len;
1324 BIO_MSG_N(msg, stride, i).flags = 0;
1327 *num_processed = (size_t)ret;
1330 # elif M_METHOD == M_METHOD_RECVMSG
1332 * If sendmsg is available, use it.
1334 translate_msg(b, &mh, &iov, control, msg);
1336 if (msg->local != NULL) {
1337 if (!have_local_enabled) {
1338 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1343 if (pack_local(b, &mh, msg->local) < 1) {
1344 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1350 l = sendmsg(b->num, &mh, sysflags);
1352 ERR_raise(ERR_LIB_SYS, get_last_socket_error());
1357 msg->data_len = (size_t)l;
1362 # elif M_METHOD == M_METHOD_WSARECVMSG || M_METHOD == M_METHOD_RECVFROM
1363 # if M_METHOD == M_METHOD_WSARECVMSG
1364 if (bio_WSASendMsg != NULL) {
1365 /* WSASendMsg-based implementation for Windows. */
1366 translate_msg_win(b, &wmsg, &wbuf, control, msg);
1368 if (msg[0].local != NULL) {
1369 if (!have_local_enabled) {
1370 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1375 if (pack_local(b, &wmsg, msg[0].local) < 1) {
1376 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1382 ret = WSASendMsg((SOCKET)b->num, &wmsg, 0, &num_bytes_sent, NULL, NULL);
1384 ERR_raise(ERR_LIB_SYS, get_last_socket_error());
1389 msg[0].data_len = num_bytes_sent;
1397 * Fallback to sendto and send a single message.
1399 if (msg[0].local != NULL) {
1401 * We cannot set the local address if using sendto
1402 * so fail in this case
1404 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1409 ret = sendto(b->num, msg[0].data,
1410 # if defined(OPENSSL_SYS_WINDOWS)
1411 (int)msg[0].data_len,
1416 msg[0].peer != NULL ? &msg[0].peer->sa : NULL,
1417 msg[0].peer != NULL ? sizeof(*msg[0].peer) : 0);
1419 ERR_raise(ERR_LIB_SYS, get_last_socket_error());
1424 msg[0].data_len = ret;
1430 ERR_raise(ERR_LIB_BIO, BIO_R_UNSUPPORTED_METHOD);
1436 static int dgram_recvmmsg(BIO *b, BIO_MSG *msg,
1437 size_t stride, size_t num_msg,
1438 uint64_t flags, size_t *num_processed)
1440 # if M_METHOD != M_METHOD_NONE && M_METHOD != M_METHOD_RECVMSG
1443 # if M_METHOD == M_METHOD_RECVMMSG
1445 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
1447 struct mmsghdr mh[BIO_MAX_MSGS_PER_CALL];
1448 struct iovec iov[BIO_MAX_MSGS_PER_CALL];
1449 unsigned char control[BIO_MAX_MSGS_PER_CALL][BIO_CMSG_ALLOC_LEN];
1450 int have_local_enabled = data->local_addr_enabled;
1451 # elif M_METHOD == M_METHOD_RECVMSG
1453 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
1457 unsigned char control[BIO_CMSG_ALLOC_LEN];
1458 int have_local_enabled = data->local_addr_enabled;
1459 # elif M_METHOD == M_METHOD_WSARECVMSG
1460 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
1461 int have_local_enabled = data->local_addr_enabled;
1464 DWORD num_bytes_received = 0;
1465 unsigned char control[BIO_CMSG_ALLOC_LEN];
1467 # if M_METHOD == M_METHOD_RECVFROM || M_METHOD == M_METHOD_WSARECVMSG
1477 if (num_msg > OSSL_SSIZE_MAX)
1478 num_msg = OSSL_SSIZE_MAX;
1480 # if M_METHOD != M_METHOD_NONE
1481 sysflags = translate_flags(flags);
1484 # if M_METHOD == M_METHOD_RECVMMSG
1486 * In the sendmmsg/recvmmsg case, we need to allocate our translated struct
1487 * msghdr and struct iovec on the stack to support multithreaded use. Thus
1488 * we place a fixed limit on the number of messages per call, in the
1489 * expectation that we will be called again if there were more messages to
1492 if (num_msg > BIO_MAX_MSGS_PER_CALL)
1493 num_msg = BIO_MAX_MSGS_PER_CALL;
1495 for (i = 0; i < num_msg; ++i) {
1496 translate_msg(b, &mh[i].msg_hdr, &iov[i],
1497 control[i], &BIO_MSG_N(msg, stride, i));
1499 /* If local address was requested, it must have been enabled */
1500 if (BIO_MSG_N(msg, stride, i).local != NULL && !have_local_enabled) {
1501 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1508 ret = recvmmsg(b->num, mh, num_msg, sysflags, NULL);
1510 ERR_raise(ERR_LIB_SYS, get_last_socket_error());
1515 for (i = 0; i < (size_t)ret; ++i) {
1516 BIO_MSG_N(msg, stride, i).data_len = mh[i].msg_len;
1517 BIO_MSG_N(msg, stride, i).flags = 0;
1519 * *(msg->peer) will have been filled in by recvmmsg;
1520 * for msg->local we parse the control data returned
1522 if (BIO_MSG_N(msg, stride, i).local != NULL)
1523 if (extract_local(b, &mh[i].msg_hdr,
1524 BIO_MSG_N(msg, stride, i).local) < 1)
1526 * It appears BSDs do not support local addresses for
1527 * loopback sockets. In this case, just clear the local
1528 * address, as for OS X and Windows in some circumstances
1531 BIO_ADDR_clear(msg->local);
1534 *num_processed = (size_t)ret;
1537 # elif M_METHOD == M_METHOD_RECVMSG
1539 * If recvmsg is available, use it.
1541 translate_msg(b, &mh, &iov, control, msg);
1543 /* If local address was requested, it must have been enabled */
1544 if (msg->local != NULL && !have_local_enabled) {
1546 * If we have done at least one message, we must return the
1547 * count; if we haven't done any, we can give an error code
1549 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1554 l = recvmsg(b->num, &mh, sysflags);
1556 ERR_raise(ERR_LIB_SYS, get_last_socket_error());
1561 msg->data_len = (size_t)l;
1564 if (msg->local != NULL)
1565 if (extract_local(b, &mh, msg->local) < 1)
1567 * OS X exhibits odd behaviour where it appears that if a packet is
1568 * sent before the receiving interface enables IP_PKTINFO, it will
1569 * sometimes not have any control data returned even if the
1570 * receiving interface enables IP_PKTINFO before calling recvmsg().
1571 * This appears to occur non-deterministically. Presumably, OS X
1572 * handles IP_PKTINFO at the time the packet is enqueued into a
1573 * socket's receive queue, rather than at the time recvmsg() is
1574 * called, unlike most other operating systems. Thus (if this
1575 * hypothesis is correct) there is a race between where IP_PKTINFO
1576 * is enabled by the process and when the kernel's network stack
1577 * queues the incoming message.
1579 * We cannot return the local address if we do not have it, but this
1580 * is not a caller error either, so just return a zero address
1581 * structure. This is similar to how we handle Windows loopback
1582 * interfaces (see below). We enable this workaround for all
1583 * platforms, not just Apple, as this kind of quirk in OS networking
1584 * stacks seems to be common enough that failing hard if a local
1585 * address is not provided appears to be too brittle.
1587 BIO_ADDR_clear(msg->local);
1592 # elif M_METHOD == M_METHOD_RECVFROM || M_METHOD == M_METHOD_WSARECVMSG
1593 # if M_METHOD == M_METHOD_WSARECVMSG
1594 if (bio_WSARecvMsg != NULL) {
1595 /* WSARecvMsg-based implementation for Windows. */
1596 translate_msg_win(b, &wmsg, &wbuf, control, msg);
1598 /* If local address was requested, it must have been enabled */
1599 if (msg[0].local != NULL && !have_local_enabled) {
1600 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1605 ret = WSARecvMsg((SOCKET)b->num, &wmsg, &num_bytes_received, NULL, NULL);
1607 ERR_raise(ERR_LIB_SYS, get_last_socket_error());
1612 msg[0].data_len = num_bytes_received;
1614 if (msg[0].local != NULL)
1615 if (extract_local(b, &wmsg, msg[0].local) < 1)
1617 * On Windows, loopback is not a "proper" interface and it works
1618 * differently; packets are essentially short-circuited and
1619 * don't go through all of the normal processing. A consequence
1620 * of this is that packets sent from the local machine to the
1621 * local machine _will not have IP_PKTINFO_ even if the
1622 * IP_PKTINFO socket option is enabled. WSARecvMsg just sets
1623 * Control.len to 0 on returning.
1625 * This applies regardless of whether the loopback address,
1626 * 127.0.0.1 is used, or a local interface address (e.g.
1627 * 192.168.1.1); in both cases IP_PKTINFO will not be present.
1629 * We report this condition by setting the local BIO_ADDR's
1632 BIO_ADDR_clear(msg[0].local);
1640 * Fallback to recvfrom and receive a single message.
1642 if (msg[0].local != NULL) {
1644 * We cannot determine the local address if using recvfrom
1645 * so fail in this case
1647 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1652 slen = sizeof(*msg[0].peer);
1653 ret = recvfrom(b->num, msg[0].data,
1654 # if defined(OPENSSL_SYS_WINDOWS)
1655 (int)msg[0].data_len,
1660 msg[0].peer != NULL ? &msg[0].peer->sa : NULL,
1661 msg[0].peer != NULL ? &slen : NULL);
1663 ERR_raise(ERR_LIB_SYS, get_last_socket_error());
1667 msg[0].data_len = ret;
1673 ERR_raise(ERR_LIB_BIO, BIO_R_UNSUPPORTED_METHOD);
1679 # ifndef OPENSSL_NO_SCTP
1680 const BIO_METHOD *BIO_s_datagram_sctp(void)
1682 return &methods_dgramp_sctp;
1685 BIO *BIO_new_dgram_sctp(int fd, int close_flag)
1688 int ret, optval = 20000;
1689 int auth_data = 0, auth_forward = 0;
1691 struct sctp_authchunk auth;
1692 struct sctp_authchunks *authchunks;
1693 socklen_t sockopt_len;
1694 # ifdef SCTP_AUTHENTICATION_EVENT
1696 struct sctp_event event;
1698 struct sctp_event_subscribe event;
1702 bio = BIO_new(BIO_s_datagram_sctp());
1705 BIO_set_fd(bio, fd, close_flag);
1707 /* Activate SCTP-AUTH for DATA and FORWARD-TSN chunks */
1708 auth.sauth_chunk = OPENSSL_SCTP_DATA_CHUNK_TYPE;
1710 setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth,
1711 sizeof(struct sctp_authchunk));
1714 ERR_raise_data(ERR_LIB_BIO, ERR_R_SYS_LIB,
1715 "Ensure SCTP AUTH chunks are enabled in kernel");
1718 auth.sauth_chunk = OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE;
1720 setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth,
1721 sizeof(struct sctp_authchunk));
1724 ERR_raise_data(ERR_LIB_BIO, ERR_R_SYS_LIB,
1725 "Ensure SCTP AUTH chunks are enabled in kernel");
1730 * Test if activation was successful. When using accept(), SCTP-AUTH has
1731 * to be activated for the listening socket already, otherwise the
1732 * connected socket won't use it. Similarly with connect(): the socket
1733 * prior to connection must be activated for SCTP-AUTH
1735 sockopt_len = (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
1736 authchunks = OPENSSL_zalloc(sockopt_len);
1737 if (authchunks == NULL) {
1741 ret = getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks,
1744 OPENSSL_free(authchunks);
1749 for (p = (unsigned char *)authchunks->gauth_chunks;
1750 p < (unsigned char *)authchunks + sockopt_len;
1751 p += sizeof(uint8_t)) {
1752 if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE)
1754 if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE)
1758 OPENSSL_free(authchunks);
1760 if (!auth_data || !auth_forward) {
1762 ERR_raise_data(ERR_LIB_BIO, ERR_R_SYS_LIB,
1763 "Ensure SCTP AUTH chunks are enabled on the "
1764 "underlying socket");
1768 # ifdef SCTP_AUTHENTICATION_EVENT
1770 memset(&event, 0, sizeof(event));
1771 event.se_assoc_id = 0;
1772 event.se_type = SCTP_AUTHENTICATION_EVENT;
1775 setsockopt(fd, IPPROTO_SCTP, SCTP_EVENT, &event,
1776 sizeof(struct sctp_event));
1782 sockopt_len = (socklen_t) sizeof(struct sctp_event_subscribe);
1783 ret = getsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event, &sockopt_len);
1789 event.sctp_authentication_event = 1;
1792 setsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event,
1793 sizeof(struct sctp_event_subscribe));
1802 * Disable partial delivery by setting the min size larger than the max
1803 * record size of 2^14 + 2048 + 13
1806 setsockopt(fd, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT, &optval,
1816 int BIO_dgram_is_sctp(BIO *bio)
1818 return (BIO_method_type(bio) == BIO_TYPE_DGRAM_SCTP);
1821 static int dgram_sctp_new(BIO *bi)
1823 bio_dgram_sctp_data *data = NULL;
1827 if ((data = OPENSSL_zalloc(sizeof(*data))) == NULL)
1829 # ifdef SCTP_PR_SCTP_NONE
1830 data->prinfo.pr_policy = SCTP_PR_SCTP_NONE;
1838 static int dgram_sctp_free(BIO *a)
1840 bio_dgram_sctp_data *data;
1844 if (!dgram_clear(a))
1847 data = (bio_dgram_sctp_data *) a->ptr;
1854 # ifdef SCTP_AUTHENTICATION_EVENT
1855 void dgram_sctp_handle_auth_free_key_event(BIO *b,
1856 union sctp_notification *snp)
1859 struct sctp_authkey_event *authkeyevent = &snp->sn_auth_event;
1861 if (authkeyevent->auth_indication == SCTP_AUTH_FREE_KEY) {
1862 struct sctp_authkeyid authkeyid;
1865 authkeyid.scact_keynumber = authkeyevent->auth_keynumber;
1866 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DELETE_KEY,
1867 &authkeyid, sizeof(struct sctp_authkeyid));
1872 static int dgram_sctp_read(BIO *b, char *out, int outl)
1874 int ret = 0, n = 0, i, optval;
1876 bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
1879 struct cmsghdr *cmsg;
1883 clear_socket_error();
1886 memset(&data->rcvinfo, 0, sizeof(data->rcvinfo));
1889 msg.msg_name = NULL;
1890 msg.msg_namelen = 0;
1893 msg.msg_control = cmsgbuf;
1894 msg.msg_controllen = 512;
1896 n = recvmsg(b->num, &msg, 0);
1904 if (msg.msg_controllen > 0) {
1905 for (cmsg = CMSG_FIRSTHDR(&msg); cmsg;
1906 cmsg = CMSG_NXTHDR(&msg, cmsg)) {
1907 if (cmsg->cmsg_level != IPPROTO_SCTP)
1909 # ifdef SCTP_RCVINFO
1910 if (cmsg->cmsg_type == SCTP_RCVINFO) {
1911 struct sctp_rcvinfo *rcvinfo;
1913 rcvinfo = (struct sctp_rcvinfo *)CMSG_DATA(cmsg);
1914 data->rcvinfo.rcv_sid = rcvinfo->rcv_sid;
1915 data->rcvinfo.rcv_ssn = rcvinfo->rcv_ssn;
1916 data->rcvinfo.rcv_flags = rcvinfo->rcv_flags;
1917 data->rcvinfo.rcv_ppid = rcvinfo->rcv_ppid;
1918 data->rcvinfo.rcv_tsn = rcvinfo->rcv_tsn;
1919 data->rcvinfo.rcv_cumtsn = rcvinfo->rcv_cumtsn;
1920 data->rcvinfo.rcv_context = rcvinfo->rcv_context;
1924 if (cmsg->cmsg_type == SCTP_SNDRCV) {
1925 struct sctp_sndrcvinfo *sndrcvinfo;
1928 (struct sctp_sndrcvinfo *)CMSG_DATA(cmsg);
1929 data->rcvinfo.rcv_sid = sndrcvinfo->sinfo_stream;
1930 data->rcvinfo.rcv_ssn = sndrcvinfo->sinfo_ssn;
1931 data->rcvinfo.rcv_flags = sndrcvinfo->sinfo_flags;
1932 data->rcvinfo.rcv_ppid = sndrcvinfo->sinfo_ppid;
1933 data->rcvinfo.rcv_tsn = sndrcvinfo->sinfo_tsn;
1934 data->rcvinfo.rcv_cumtsn = sndrcvinfo->sinfo_cumtsn;
1935 data->rcvinfo.rcv_context = sndrcvinfo->sinfo_context;
1941 if (msg.msg_flags & MSG_NOTIFICATION) {
1942 union sctp_notification snp;
1944 memcpy(&snp, out, sizeof(snp));
1945 if (snp.sn_header.sn_type == SCTP_SENDER_DRY_EVENT) {
1947 struct sctp_event event;
1949 struct sctp_event_subscribe event;
1950 socklen_t eventsize;
1953 /* disable sender dry event */
1955 memset(&event, 0, sizeof(event));
1956 event.se_assoc_id = 0;
1957 event.se_type = SCTP_SENDER_DRY_EVENT;
1959 i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event,
1960 sizeof(struct sctp_event));
1966 eventsize = sizeof(struct sctp_event_subscribe);
1967 i = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
1974 event.sctp_sender_dry_event = 0;
1976 i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
1977 sizeof(struct sctp_event_subscribe));
1984 # ifdef SCTP_AUTHENTICATION_EVENT
1985 if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT)
1986 dgram_sctp_handle_auth_free_key_event(b, &snp);
1989 if (data->handle_notifications != NULL)
1990 data->handle_notifications(b, data->notification_context,
1993 memset(&snp, 0, sizeof(snp));
1994 memset(out, 0, outl);
1999 while ((msg.msg_flags & MSG_NOTIFICATION) && (msg.msg_flags & MSG_EOR)
2002 if (ret > 0 && !(msg.msg_flags & MSG_EOR)) {
2003 /* Partial message read, this should never happen! */
2006 * The buffer was too small, this means the peer sent a message
2007 * that was larger than allowed.
2013 * Test if socket buffer can handle max record size (2^14 + 2048
2016 optlen = (socklen_t) sizeof(int);
2017 ret = getsockopt(b->num, SOL_SOCKET, SO_RCVBUF, &optval, &optlen);
2019 OPENSSL_assert(optval >= 18445);
2022 * Test if SCTP doesn't partially deliver below max record size
2023 * (2^14 + 2048 + 13)
2025 optlen = (socklen_t) sizeof(int);
2027 getsockopt(b->num, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT,
2030 OPENSSL_assert(optval >= 18445);
2033 * Partially delivered notification??? Probably a bug....
2035 OPENSSL_assert(!(msg.msg_flags & MSG_NOTIFICATION));
2038 * Everything seems ok till now, so it's most likely a message
2039 * dropped by PR-SCTP.
2041 memset(out, 0, outl);
2042 BIO_set_retry_read(b);
2046 BIO_clear_retry_flags(b);
2048 if (BIO_dgram_should_retry(ret)) {
2049 BIO_set_retry_read(b);
2050 data->_errno = get_last_socket_error();
2054 /* Test if peer uses SCTP-AUTH before continuing */
2055 if (!data->peer_auth_tested) {
2056 int ii, auth_data = 0, auth_forward = 0;
2058 struct sctp_authchunks *authchunks;
2061 (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
2062 authchunks = OPENSSL_malloc(optlen);
2063 if (authchunks == NULL)
2065 memset(authchunks, 0, optlen);
2066 ii = getsockopt(b->num, IPPROTO_SCTP, SCTP_PEER_AUTH_CHUNKS,
2067 authchunks, &optlen);
2070 for (p = (unsigned char *)authchunks->gauth_chunks;
2071 p < (unsigned char *)authchunks + optlen;
2072 p += sizeof(uint8_t)) {
2073 if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE)
2075 if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE)
2079 OPENSSL_free(authchunks);
2081 if (!auth_data || !auth_forward) {
2082 ERR_raise(ERR_LIB_BIO, BIO_R_CONNECT_ERROR);
2086 data->peer_auth_tested = 1;
2093 * dgram_sctp_write - send message on SCTP socket
2094 * @b: BIO to write to
2096 * @inl: amount of bytes in @in to send
2098 * Returns -1 on error or the sent amount of bytes on success
2100 static int dgram_sctp_write(BIO *b, const char *in, int inl)
2103 bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
2104 struct bio_dgram_sctp_sndinfo *sinfo = &(data->sndinfo);
2105 struct bio_dgram_sctp_prinfo *pinfo = &(data->prinfo);
2106 struct bio_dgram_sctp_sndinfo handshake_sinfo;
2107 struct iovec iov[1];
2109 struct cmsghdr *cmsg;
2110 # if defined(SCTP_SNDINFO) && defined(SCTP_PRINFO)
2111 char cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndinfo)) +
2112 CMSG_SPACE(sizeof(struct sctp_prinfo))];
2113 struct sctp_sndinfo *sndinfo;
2114 struct sctp_prinfo *prinfo;
2116 char cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndrcvinfo))];
2117 struct sctp_sndrcvinfo *sndrcvinfo;
2120 clear_socket_error();
2123 * If we're send anything else than application data, disable all user
2124 * parameters and flags.
2127 memset(&handshake_sinfo, 0, sizeof(handshake_sinfo));
2128 # ifdef SCTP_SACK_IMMEDIATELY
2129 handshake_sinfo.snd_flags = SCTP_SACK_IMMEDIATELY;
2131 sinfo = &handshake_sinfo;
2134 /* We can only send a shutdown alert if the socket is dry */
2135 if (data->save_shutdown) {
2136 ret = BIO_dgram_sctp_wait_for_dry(b);
2140 BIO_clear_retry_flags(b);
2141 BIO_set_retry_write(b);
2146 iov[0].iov_base = (char *)in;
2147 iov[0].iov_len = inl;
2148 msg.msg_name = NULL;
2149 msg.msg_namelen = 0;
2152 msg.msg_control = (caddr_t) cmsgbuf;
2153 msg.msg_controllen = 0;
2155 # if defined(SCTP_SNDINFO) && defined(SCTP_PRINFO)
2156 cmsg = (struct cmsghdr *)cmsgbuf;
2157 cmsg->cmsg_level = IPPROTO_SCTP;
2158 cmsg->cmsg_type = SCTP_SNDINFO;
2159 cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndinfo));
2160 sndinfo = (struct sctp_sndinfo *)CMSG_DATA(cmsg);
2161 memset(sndinfo, 0, sizeof(*sndinfo));
2162 sndinfo->snd_sid = sinfo->snd_sid;
2163 sndinfo->snd_flags = sinfo->snd_flags;
2164 sndinfo->snd_ppid = sinfo->snd_ppid;
2165 sndinfo->snd_context = sinfo->snd_context;
2166 msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_sndinfo));
2169 (struct cmsghdr *)&cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndinfo))];
2170 cmsg->cmsg_level = IPPROTO_SCTP;
2171 cmsg->cmsg_type = SCTP_PRINFO;
2172 cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_prinfo));
2173 prinfo = (struct sctp_prinfo *)CMSG_DATA(cmsg);
2174 memset(prinfo, 0, sizeof(*prinfo));
2175 prinfo->pr_policy = pinfo->pr_policy;
2176 prinfo->pr_value = pinfo->pr_value;
2177 msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_prinfo));
2179 cmsg = (struct cmsghdr *)cmsgbuf;
2180 cmsg->cmsg_level = IPPROTO_SCTP;
2181 cmsg->cmsg_type = SCTP_SNDRCV;
2182 cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndrcvinfo));
2183 sndrcvinfo = (struct sctp_sndrcvinfo *)CMSG_DATA(cmsg);
2184 memset(sndrcvinfo, 0, sizeof(*sndrcvinfo));
2185 sndrcvinfo->sinfo_stream = sinfo->snd_sid;
2186 sndrcvinfo->sinfo_flags = sinfo->snd_flags;
2188 sndrcvinfo->sinfo_flags |= pinfo->pr_policy;
2190 sndrcvinfo->sinfo_ppid = sinfo->snd_ppid;
2191 sndrcvinfo->sinfo_context = sinfo->snd_context;
2192 sndrcvinfo->sinfo_timetolive = pinfo->pr_value;
2193 msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_sndrcvinfo));
2196 ret = sendmsg(b->num, &msg, 0);
2198 BIO_clear_retry_flags(b);
2200 if (BIO_dgram_should_retry(ret)) {
2201 BIO_set_retry_write(b);
2202 data->_errno = get_last_socket_error();
2208 static long dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr)
2211 bio_dgram_sctp_data *data = NULL;
2212 socklen_t sockopt_len = 0;
2213 struct sctp_authkeyid authkeyid;
2214 struct sctp_authkey *authkey = NULL;
2216 data = (bio_dgram_sctp_data *) b->ptr;
2219 case BIO_CTRL_DGRAM_QUERY_MTU:
2221 * Set to maximum (2^14) and ignore user input to enable transport
2222 * protocol fragmentation. Returns always 2^14.
2227 case BIO_CTRL_DGRAM_SET_MTU:
2229 * Set to maximum (2^14) and ignore input to enable transport
2230 * protocol fragmentation. Returns always 2^14.
2235 case BIO_CTRL_DGRAM_SET_CONNECTED:
2236 case BIO_CTRL_DGRAM_CONNECT:
2237 /* Returns always -1. */
2240 case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT:
2242 * SCTP doesn't need the DTLS timer Returns always 1.
2245 case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD:
2247 * We allow transport protocol fragmentation so this is irrelevant
2251 case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE:
2253 data->in_handshake = 1;
2255 data->in_handshake = 0;
2258 setsockopt(b->num, IPPROTO_SCTP, SCTP_NODELAY,
2259 &data->in_handshake, sizeof(int));
2261 case BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY:
2263 * New shared key for SCTP AUTH. Returns 0 on success, -1 otherwise.
2266 /* Get active key */
2267 sockopt_len = sizeof(struct sctp_authkeyid);
2269 getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid,
2275 sockopt_len = sizeof(struct sctp_authkey) + 64 * sizeof(uint8_t);
2276 authkey = OPENSSL_malloc(sockopt_len);
2277 if (authkey == NULL) {
2281 memset(authkey, 0, sockopt_len);
2282 authkey->sca_keynumber = authkeyid.scact_keynumber + 1;
2283 # ifndef __FreeBSD__
2285 * This field is missing in FreeBSD 8.2 and earlier, and FreeBSD 8.3
2286 * and higher work without it.
2288 authkey->sca_keylength = 64;
2290 memcpy(&authkey->sca_key[0], ptr, 64 * sizeof(uint8_t));
2293 setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_KEY, authkey,
2295 OPENSSL_free(authkey);
2300 /* Reset active key */
2301 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY,
2302 &authkeyid, sizeof(struct sctp_authkeyid));
2307 case BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY:
2308 /* Returns 0 on success, -1 otherwise. */
2310 /* Get active key */
2311 sockopt_len = sizeof(struct sctp_authkeyid);
2313 getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid,
2318 /* Set active key */
2319 authkeyid.scact_keynumber = authkeyid.scact_keynumber + 1;
2320 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY,
2321 &authkeyid, sizeof(struct sctp_authkeyid));
2326 * CCS has been sent, so remember that and fall through to check if
2327 * we need to deactivate an old key
2332 case BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD:
2333 /* Returns 0 on success, -1 otherwise. */
2336 * Has this command really been called or is this just a
2339 if (cmd == BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD)
2343 * CSS has been both, received and sent, so deactivate an old key
2345 if (data->ccs_rcvd == 1 && data->ccs_sent == 1) {
2346 /* Get active key */
2347 sockopt_len = sizeof(struct sctp_authkeyid);
2349 getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY,
2350 &authkeyid, &sockopt_len);
2355 * Deactivate key or delete second last key if
2356 * SCTP_AUTHENTICATION_EVENT is not available.
2358 authkeyid.scact_keynumber = authkeyid.scact_keynumber - 1;
2359 # ifdef SCTP_AUTH_DEACTIVATE_KEY
2360 sockopt_len = sizeof(struct sctp_authkeyid);
2361 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DEACTIVATE_KEY,
2362 &authkeyid, sockopt_len);
2366 # ifndef SCTP_AUTHENTICATION_EVENT
2367 if (authkeyid.scact_keynumber > 0) {
2368 authkeyid.scact_keynumber = authkeyid.scact_keynumber - 1;
2369 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DELETE_KEY,
2370 &authkeyid, sizeof(struct sctp_authkeyid));
2380 case BIO_CTRL_DGRAM_SCTP_GET_SNDINFO:
2381 /* Returns the size of the copied struct. */
2382 if (num > (long)sizeof(struct bio_dgram_sctp_sndinfo))
2383 num = sizeof(struct bio_dgram_sctp_sndinfo);
2385 memcpy(ptr, &(data->sndinfo), num);
2388 case BIO_CTRL_DGRAM_SCTP_SET_SNDINFO:
2389 /* Returns the size of the copied struct. */
2390 if (num > (long)sizeof(struct bio_dgram_sctp_sndinfo))
2391 num = sizeof(struct bio_dgram_sctp_sndinfo);
2393 memcpy(&(data->sndinfo), ptr, num);
2395 case BIO_CTRL_DGRAM_SCTP_GET_RCVINFO:
2396 /* Returns the size of the copied struct. */
2397 if (num > (long)sizeof(struct bio_dgram_sctp_rcvinfo))
2398 num = sizeof(struct bio_dgram_sctp_rcvinfo);
2400 memcpy(ptr, &data->rcvinfo, num);
2404 case BIO_CTRL_DGRAM_SCTP_SET_RCVINFO:
2405 /* Returns the size of the copied struct. */
2406 if (num > (long)sizeof(struct bio_dgram_sctp_rcvinfo))
2407 num = sizeof(struct bio_dgram_sctp_rcvinfo);
2409 memcpy(&(data->rcvinfo), ptr, num);
2411 case BIO_CTRL_DGRAM_SCTP_GET_PRINFO:
2412 /* Returns the size of the copied struct. */
2413 if (num > (long)sizeof(struct bio_dgram_sctp_prinfo))
2414 num = sizeof(struct bio_dgram_sctp_prinfo);
2416 memcpy(ptr, &(data->prinfo), num);
2419 case BIO_CTRL_DGRAM_SCTP_SET_PRINFO:
2420 /* Returns the size of the copied struct. */
2421 if (num > (long)sizeof(struct bio_dgram_sctp_prinfo))
2422 num = sizeof(struct bio_dgram_sctp_prinfo);
2424 memcpy(&(data->prinfo), ptr, num);
2426 case BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN:
2427 /* Returns always 1. */
2429 data->save_shutdown = 1;
2431 data->save_shutdown = 0;
2433 case BIO_CTRL_DGRAM_SCTP_WAIT_FOR_DRY:
2434 return dgram_sctp_wait_for_dry(b);
2435 case BIO_CTRL_DGRAM_SCTP_MSG_WAITING:
2436 return dgram_sctp_msg_waiting(b);
2440 * Pass to default ctrl function to process SCTP unspecific commands
2442 ret = dgram_ctrl(b, cmd, num, ptr);
2448 int BIO_dgram_sctp_notification_cb(BIO *b,
2449 BIO_dgram_sctp_notification_handler_fn handle_notifications,
2452 bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
2454 if (handle_notifications != NULL) {
2455 data->handle_notifications = handle_notifications;
2456 data->notification_context = context;
2464 * BIO_dgram_sctp_wait_for_dry - Wait for SCTP SENDER_DRY event
2465 * @b: The BIO to check for the dry event
2467 * Wait until the peer confirms all packets have been received, and so that
2468 * our kernel doesn't have anything to send anymore. This is only received by
2469 * the peer's kernel, not the application.
2473 * 0 when not dry yet
2476 int BIO_dgram_sctp_wait_for_dry(BIO *b)
2478 return (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SCTP_WAIT_FOR_DRY, 0, NULL);
2481 static int dgram_sctp_wait_for_dry(BIO *b)
2486 union sctp_notification snp;
2490 struct sctp_event event;
2492 struct sctp_event_subscribe event;
2493 socklen_t eventsize;
2495 bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
2497 /* set sender dry event */
2499 memset(&event, 0, sizeof(event));
2500 event.se_assoc_id = 0;
2501 event.se_type = SCTP_SENDER_DRY_EVENT;
2504 setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event,
2505 sizeof(struct sctp_event));
2507 eventsize = sizeof(struct sctp_event_subscribe);
2508 ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, &eventsize);
2512 event.sctp_sender_dry_event = 1;
2515 setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
2516 sizeof(struct sctp_event_subscribe));
2521 /* peek for notification */
2522 memset(&snp, 0, sizeof(snp));
2523 iov.iov_base = (char *)&snp;
2524 iov.iov_len = sizeof(union sctp_notification);
2525 msg.msg_name = NULL;
2526 msg.msg_namelen = 0;
2529 msg.msg_control = NULL;
2530 msg.msg_controllen = 0;
2533 n = recvmsg(b->num, &msg, MSG_PEEK);
2535 if ((n < 0) && (get_last_socket_error() != EAGAIN)
2536 && (get_last_socket_error() != EWOULDBLOCK))
2542 /* if we find a notification, process it and try again if necessary */
2543 while (msg.msg_flags & MSG_NOTIFICATION) {
2544 memset(&snp, 0, sizeof(snp));
2545 iov.iov_base = (char *)&snp;
2546 iov.iov_len = sizeof(union sctp_notification);
2547 msg.msg_name = NULL;
2548 msg.msg_namelen = 0;
2551 msg.msg_control = NULL;
2552 msg.msg_controllen = 0;
2555 n = recvmsg(b->num, &msg, 0);
2557 if ((n < 0) && (get_last_socket_error() != EAGAIN)
2558 && (get_last_socket_error() != EWOULDBLOCK))
2564 if (snp.sn_header.sn_type == SCTP_SENDER_DRY_EVENT) {
2567 /* disable sender dry event */
2569 memset(&event, 0, sizeof(event));
2570 event.se_assoc_id = 0;
2571 event.se_type = SCTP_SENDER_DRY_EVENT;
2574 setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event,
2575 sizeof(struct sctp_event));
2577 eventsize = (socklen_t) sizeof(struct sctp_event_subscribe);
2579 getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
2584 event.sctp_sender_dry_event = 0;
2587 setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
2588 sizeof(struct sctp_event_subscribe));
2593 # ifdef SCTP_AUTHENTICATION_EVENT
2594 if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT)
2595 dgram_sctp_handle_auth_free_key_event(b, &snp);
2598 if (data->handle_notifications != NULL)
2599 data->handle_notifications(b, data->notification_context,
2602 /* found notification, peek again */
2603 memset(&snp, 0, sizeof(snp));
2604 iov.iov_base = (char *)&snp;
2605 iov.iov_len = sizeof(union sctp_notification);
2606 msg.msg_name = NULL;
2607 msg.msg_namelen = 0;
2610 msg.msg_control = NULL;
2611 msg.msg_controllen = 0;
2614 /* if we have seen the dry already, don't wait */
2616 sockflags = fcntl(b->num, F_GETFL, 0);
2617 fcntl(b->num, F_SETFL, O_NONBLOCK);
2620 n = recvmsg(b->num, &msg, MSG_PEEK);
2623 fcntl(b->num, F_SETFL, sockflags);
2627 if ((n < 0) && (get_last_socket_error() != EAGAIN)
2628 && (get_last_socket_error() != EWOULDBLOCK))
2635 /* read anything else */
2639 int BIO_dgram_sctp_msg_waiting(BIO *b)
2641 return (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SCTP_MSG_WAITING, 0, NULL);
2644 static int dgram_sctp_msg_waiting(BIO *b)
2647 union sctp_notification snp;
2650 bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
2652 /* Check if there are any messages waiting to be read */
2654 memset(&snp, 0, sizeof(snp));
2655 iov.iov_base = (char *)&snp;
2656 iov.iov_len = sizeof(union sctp_notification);
2657 msg.msg_name = NULL;
2658 msg.msg_namelen = 0;
2661 msg.msg_control = NULL;
2662 msg.msg_controllen = 0;
2665 sockflags = fcntl(b->num, F_GETFL, 0);
2666 fcntl(b->num, F_SETFL, O_NONBLOCK);
2667 n = recvmsg(b->num, &msg, MSG_PEEK);
2668 fcntl(b->num, F_SETFL, sockflags);
2670 /* if notification, process and try again */
2671 if (n > 0 && (msg.msg_flags & MSG_NOTIFICATION)) {
2672 # ifdef SCTP_AUTHENTICATION_EVENT
2673 if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT)
2674 dgram_sctp_handle_auth_free_key_event(b, &snp);
2677 memset(&snp, 0, sizeof(snp));
2678 iov.iov_base = (char *)&snp;
2679 iov.iov_len = sizeof(union sctp_notification);
2680 msg.msg_name = NULL;
2681 msg.msg_namelen = 0;
2684 msg.msg_control = NULL;
2685 msg.msg_controllen = 0;
2687 n = recvmsg(b->num, &msg, 0);
2689 if (data->handle_notifications != NULL)
2690 data->handle_notifications(b, data->notification_context,
2694 } while (n > 0 && (msg.msg_flags & MSG_NOTIFICATION));
2696 /* Return 1 if there is a message to be read, return 0 otherwise. */
2703 static int dgram_sctp_puts(BIO *bp, const char *str)
2708 ret = dgram_sctp_write(bp, str, n);
2713 static int BIO_dgram_should_retry(int i)
2717 if ((i == 0) || (i == -1)) {
2718 err = get_last_socket_error();
2720 # if defined(OPENSSL_SYS_WINDOWS)
2722 * If the socket return value (i) is -1 and err is unexpectedly 0 at
2723 * this point, the error code was overwritten by another system call
2724 * before this error handling is called.
2728 return BIO_dgram_non_fatal_error(err);
2733 int BIO_dgram_non_fatal_error(int err)
2736 # if defined(OPENSSL_SYS_WINDOWS)
2737 # if defined(WSAEWOULDBLOCK)
2738 case WSAEWOULDBLOCK:
2743 # ifdef WSAEWOULDBLOCK
2744 # if WSAEWOULDBLOCK != EWOULDBLOCK
2757 # if EWOULDBLOCK != EAGAIN