2 * Copyright 2005-2023 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
17 #include "internal/time.h"
18 #include "bio_local.h"
19 #ifndef OPENSSL_NO_DGRAM
21 # ifndef OPENSSL_NO_SCTP
22 # include <netinet/sctp.h>
24 # define OPENSSL_SCTP_DATA_CHUNK_TYPE 0x00
25 # define OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE 0xc0
28 # if defined(OPENSSL_SYS_LINUX) && !defined(IP_MTU)
29 # define IP_MTU 14 /* linux is lame */
32 # if OPENSSL_USE_IPV6 && !defined(IPPROTO_IPV6)
33 # define IPPROTO_IPV6 41 /* windows is lame */
36 # if defined(__FreeBSD__) && defined(IN6_IS_ADDR_V4MAPPED)
37 /* Standard definition causes type-punning problems. */
38 # undef IN6_IS_ADDR_V4MAPPED
39 # define s6_addr32 __u6_addr.__u6_addr32
40 # define IN6_IS_ADDR_V4MAPPED(a) \
41 (((a)->s6_addr32[0] == 0) && \
42 ((a)->s6_addr32[1] == 0) && \
43 ((a)->s6_addr32[2] == htonl(0x0000ffff)))
46 /* Determine what method to use for BIO_sendmmsg and BIO_recvmmsg. */
47 # define M_METHOD_NONE 0
48 # define M_METHOD_RECVMMSG 1
49 # define M_METHOD_RECVMSG 2
50 # define M_METHOD_RECVFROM 3
51 # define M_METHOD_WSARECVMSG 4
53 # if defined(__GLIBC__) && defined(__GLIBC_PREREQ)
54 # if !(__GLIBC_PREREQ(2, 14))
57 * Some old glibc versions may have recvmmsg and MSG_WAITFORONE flag, but
58 * not sendmmsg. We need both so force this to be disabled on these old
64 # if !defined(M_METHOD)
65 # if defined(OPENSSL_SYS_WINDOWS) && defined(BIO_HAVE_WSAMSG) && !defined(NO_WSARECVMSG)
66 # define M_METHOD M_METHOD_WSARECVMSG
67 # elif !defined(OPENSSL_SYS_WINDOWS) && defined(MSG_WAITFORONE) && !defined(NO_RECVMMSG)
68 # define M_METHOD M_METHOD_RECVMMSG
69 # elif !defined(OPENSSL_SYS_WINDOWS) && defined(CMSG_LEN) && !defined(NO_RECVMSG)
70 # define M_METHOD M_METHOD_RECVMSG
71 # elif !defined(NO_RECVFROM)
72 # define M_METHOD M_METHOD_RECVFROM
74 # define M_METHOD M_METHOD_NONE
78 # if defined(OPENSSL_SYS_WINDOWS)
79 # define BIO_CMSG_SPACE(x) WSA_CMSG_SPACE(x)
80 # define BIO_CMSG_FIRSTHDR(x) WSA_CMSG_FIRSTHDR(x)
81 # define BIO_CMSG_NXTHDR(x, y) WSA_CMSG_NXTHDR(x, y)
82 # define BIO_CMSG_DATA(x) WSA_CMSG_DATA(x)
83 # define BIO_CMSG_LEN(x) WSA_CMSG_LEN(x)
84 # define MSGHDR_TYPE WSAMSG
85 # define CMSGHDR_TYPE WSACMSGHDR
87 # define MSGHDR_TYPE struct msghdr
88 # define CMSGHDR_TYPE struct cmsghdr
89 # define BIO_CMSG_SPACE(x) CMSG_SPACE(x)
90 # define BIO_CMSG_FIRSTHDR(x) CMSG_FIRSTHDR(x)
91 # define BIO_CMSG_NXTHDR(x, y) CMSG_NXTHDR(x, y)
92 # define BIO_CMSG_DATA(x) CMSG_DATA(x)
93 # define BIO_CMSG_LEN(x) CMSG_LEN(x)
96 # if M_METHOD == M_METHOD_RECVMMSG \
97 || M_METHOD == M_METHOD_RECVMSG \
98 || M_METHOD == M_METHOD_WSARECVMSG
99 # if defined(__APPLE__)
101 * CMSG_SPACE is not a constant expression on OSX even though POSIX
102 * says it's supposed to be. This should be adequate.
104 # define BIO_CMSG_ALLOC_LEN 64
106 # if defined(IPV6_PKTINFO)
107 # define BIO_CMSG_ALLOC_LEN_1 BIO_CMSG_SPACE(sizeof(struct in6_pktinfo))
109 # define BIO_CMSG_ALLOC_LEN_1 0
111 # if defined(IP_PKTINFO)
112 # define BIO_CMSG_ALLOC_LEN_2 BIO_CMSG_SPACE(sizeof(struct in_pktinfo))
114 # define BIO_CMSG_ALLOC_LEN_2 0
116 # if defined(IP_RECVDSTADDR)
117 # define BIO_CMSG_ALLOC_LEN_3 BIO_CMSG_SPACE(sizeof(struct in_addr))
119 # define BIO_CMSG_ALLOC_LEN_3 0
121 # define BIO_MAX(X,Y) ((X) > (Y) ? (X) : (Y))
122 # define BIO_CMSG_ALLOC_LEN \
123 BIO_MAX(BIO_CMSG_ALLOC_LEN_1, \
124 BIO_MAX(BIO_CMSG_ALLOC_LEN_2, BIO_CMSG_ALLOC_LEN_3))
126 # if (defined(IP_PKTINFO) || defined(IP_RECVDSTADDR)) && defined(IPV6_RECVPKTINFO)
127 # define SUPPORT_LOCAL_ADDR
131 # define BIO_MSG_N(array, stride, n) (*(BIO_MSG *)((char *)(array) + (n)*(stride)))
133 static int dgram_write(BIO *h, const char *buf, int num);
134 static int dgram_read(BIO *h, char *buf, int size);
135 static int dgram_puts(BIO *h, const char *str);
136 static long dgram_ctrl(BIO *h, int cmd, long arg1, void *arg2);
137 static int dgram_new(BIO *h);
138 static int dgram_free(BIO *data);
139 static int dgram_clear(BIO *bio);
140 static int dgram_sendmmsg(BIO *b, BIO_MSG *msg,
141 size_t stride, size_t num_msg,
142 uint64_t flags, size_t *num_processed);
143 static int dgram_recvmmsg(BIO *b, BIO_MSG *msg,
144 size_t stride, size_t num_msg,
145 uint64_t flags, size_t *num_processed);
147 # ifndef OPENSSL_NO_SCTP
148 static int dgram_sctp_write(BIO *h, const char *buf, int num);
149 static int dgram_sctp_read(BIO *h, char *buf, int size);
150 static int dgram_sctp_puts(BIO *h, const char *str);
151 static long dgram_sctp_ctrl(BIO *h, int cmd, long arg1, void *arg2);
152 static int dgram_sctp_new(BIO *h);
153 static int dgram_sctp_free(BIO *data);
154 static int dgram_sctp_wait_for_dry(BIO *b);
155 static int dgram_sctp_msg_waiting(BIO *b);
156 # ifdef SCTP_AUTHENTICATION_EVENT
157 static void dgram_sctp_handle_auth_free_key_event(BIO *b, union sctp_notification
162 static int BIO_dgram_should_retry(int s);
164 static const BIO_METHOD methods_dgramp = {
172 NULL, /* dgram_gets, */
176 NULL, /* dgram_callback_ctrl */
181 # ifndef OPENSSL_NO_SCTP
182 static const BIO_METHOD methods_dgramp_sctp = {
184 "datagram sctp socket",
190 NULL, /* dgram_gets, */
194 NULL, /* dgram_callback_ctrl */
200 typedef struct bio_dgram_data_st {
203 unsigned int connected;
206 OSSL_TIME next_timeout;
207 OSSL_TIME socket_timeout;
208 unsigned int peekmode;
209 char local_addr_enabled;
212 # ifndef OPENSSL_NO_SCTP
213 typedef struct bio_dgram_sctp_save_message_st {
217 } bio_dgram_sctp_save_message;
220 * Note: bio_dgram_data must be first here
221 * as we use dgram_ctrl for underlying dgram operations
222 * which will cast this struct to a bio_dgram_data
224 typedef struct bio_dgram_sctp_data_st {
225 bio_dgram_data dgram;
226 struct bio_dgram_sctp_sndinfo sndinfo;
227 struct bio_dgram_sctp_rcvinfo rcvinfo;
228 struct bio_dgram_sctp_prinfo prinfo;
229 BIO_dgram_sctp_notification_handler_fn handle_notifications;
230 void *notification_context;
235 int peer_auth_tested;
236 } bio_dgram_sctp_data;
239 const BIO_METHOD *BIO_s_datagram(void)
241 return &methods_dgramp;
244 BIO *BIO_new_dgram(int fd, int close_flag)
248 ret = BIO_new(BIO_s_datagram());
251 BIO_set_fd(ret, fd, close_flag);
255 static int dgram_new(BIO *bi)
257 bio_dgram_data *data = OPENSSL_zalloc(sizeof(*data));
265 static int dgram_free(BIO *a)
267 bio_dgram_data *data;
274 data = (bio_dgram_data *)a->ptr;
280 static int dgram_clear(BIO *a)
286 BIO_closesocket(a->num);
294 static void dgram_adjust_rcv_timeout(BIO *b)
296 # if defined(SO_RCVTIMEO)
297 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
300 /* Is a timer active? */
301 if (!ossl_time_is_zero(data->next_timeout)) {
302 /* Read current socket timeout */
303 # ifdef OPENSSL_SYS_WINDOWS
305 int sz = sizeof(timeout);
307 if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
308 (void *)&timeout, &sz) < 0)
309 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
310 "calling getsockopt()");
312 data->socket_timeout = ossl_ms2time(timeout);
315 socklen_t sz = sizeof(tv);
317 if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &tv, &sz) < 0)
318 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
319 "calling getsockopt()");
321 data->socket_timeout = ossl_time_from_timeval(tv);
324 /* Calculate time left until timer expires */
325 timeleft = ossl_time_subtract(data->next_timeout, ossl_time_now());
326 if (ossl_time_compare(timeleft, ossl_ticks2time(OSSL_TIME_US)) < 0)
327 timeleft = ossl_ticks2time(OSSL_TIME_US);
330 * Adjust socket timeout if next handshake message timer will expire
333 if (ossl_time_is_zero(data->socket_timeout)
334 || ossl_time_compare(data->socket_timeout, timeleft) >= 0) {
335 # ifdef OPENSSL_SYS_WINDOWS
336 timeout = (int)ossl_time2ms(timeleft);
337 if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
338 (void *)&timeout, sizeof(timeout)) < 0)
339 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
340 "calling setsockopt()");
342 tv = ossl_time_to_timeval(timeleft);
343 if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &tv,
345 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
346 "calling setsockopt()");
353 static void dgram_update_local_addr(BIO *b)
355 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
356 socklen_t addr_len = sizeof(data->local_addr);
358 if (getsockname(b->num, &data->local_addr.sa, &addr_len) < 0)
360 * This should not be possible, but zero-initialize and return
363 BIO_ADDR_clear(&data->local_addr);
366 # if M_METHOD == M_METHOD_RECVMMSG || M_METHOD == M_METHOD_RECVMSG || M_METHOD == M_METHOD_WSARECVMSG
367 static int dgram_get_sock_family(BIO *b)
369 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
370 return data->local_addr.sa.sa_family;
374 static void dgram_reset_rcv_timeout(BIO *b)
376 # if defined(SO_RCVTIMEO)
377 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
379 /* Is a timer active? */
380 if (!ossl_time_is_zero(data->next_timeout)) {
381 # ifdef OPENSSL_SYS_WINDOWS
382 int timeout = (int)ossl_time2ms(data->socket_timeout);
384 if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
385 (void *)&timeout, sizeof(timeout)) < 0)
386 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
387 "calling setsockopt()");
389 struct timeval tv = ossl_time_to_timeval(data->socket_timeout);
391 if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv)) < 0)
392 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
393 "calling setsockopt()");
399 static int dgram_read(BIO *b, char *out, int outl)
402 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
406 socklen_t len = sizeof(peer);
409 clear_socket_error();
410 BIO_ADDR_clear(&peer);
411 dgram_adjust_rcv_timeout(b);
414 ret = recvfrom(b->num, out, outl, flags,
415 BIO_ADDR_sockaddr_noconst(&peer), &len);
417 if (!data->connected && ret >= 0)
418 BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &peer);
420 BIO_clear_retry_flags(b);
422 if (BIO_dgram_should_retry(ret)) {
423 BIO_set_retry_read(b);
424 data->_errno = get_last_socket_error();
428 dgram_reset_rcv_timeout(b);
433 static int dgram_write(BIO *b, const char *in, int inl)
436 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
437 clear_socket_error();
440 ret = writesocket(b->num, in, inl);
442 int peerlen = BIO_ADDR_sockaddr_size(&data->peer);
444 ret = sendto(b->num, in, inl, 0,
445 BIO_ADDR_sockaddr(&data->peer), peerlen);
448 BIO_clear_retry_flags(b);
450 if (BIO_dgram_should_retry(ret)) {
451 BIO_set_retry_write(b);
452 data->_errno = get_last_socket_error();
458 static long dgram_get_mtu_overhead(bio_dgram_data *data)
462 switch (BIO_ADDR_family(&data->peer)) {
465 * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP
469 # if OPENSSL_USE_IPV6
472 # ifdef IN6_IS_ADDR_V4MAPPED
473 struct in6_addr tmp_addr;
474 if (BIO_ADDR_rawaddress(&data->peer, &tmp_addr, NULL)
475 && IN6_IS_ADDR_V4MAPPED(&tmp_addr))
477 * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP
483 * Assume this is UDP - 40 bytes for IP, 8 bytes for UDP
490 /* We don't know. Go with the historical default */
497 /* Enables appropriate destination address reception option on the socket. */
498 # if defined(SUPPORT_LOCAL_ADDR)
499 static int enable_local_addr(BIO *b, int enable) {
500 int af = dgram_get_sock_family(b);
503 # if defined(IP_PKTINFO)
504 /* IP_PKTINFO is preferred */
505 if (setsockopt(b->num, IPPROTO_IP, IP_PKTINFO,
506 (void *)&enable, sizeof(enable)) < 0)
511 # elif defined(IP_RECVDSTADDR)
512 /* Fall back to IP_RECVDSTADDR */
514 if (setsockopt(b->num, IPPROTO_IP, IP_RECVDSTADDR,
515 &enable, sizeof(enable)) < 0)
522 # if OPENSSL_USE_IPV6
523 if (af == AF_INET6) {
524 # if defined(IPV6_RECVPKTINFO)
525 if (setsockopt(b->num, IPPROTO_IPV6, IPV6_RECVPKTINFO,
526 &enable, sizeof(enable)) < 0)
538 static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
542 bio_dgram_data *data = NULL;
544 /* There are currently no cases where this is used on djgpp/watt32. */
548 # if defined(OPENSSL_SYS_LINUX) && (defined(IP_MTU_DISCOVER) || defined(IP_MTU))
549 socklen_t sockopt_len; /* assume that system supporting IP_MTU is
550 * modern enough to define socklen_t */
555 data = (bio_dgram_data *)b->ptr;
567 b->num = *((int *)ptr);
568 b->shutdown = (int)num;
570 dgram_update_local_addr(b);
571 # if defined(SUPPORT_LOCAL_ADDR)
572 if (data->local_addr_enabled) {
573 if (enable_local_addr(b, 1) < 1)
574 data->local_addr_enabled = 0;
587 case BIO_CTRL_GET_CLOSE:
590 case BIO_CTRL_SET_CLOSE:
591 b->shutdown = (int)num;
593 case BIO_CTRL_PENDING:
594 case BIO_CTRL_WPENDING:
601 case BIO_CTRL_DGRAM_CONNECT:
602 BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr));
604 /* (Linux)kernel sets DF bit on outgoing IP packets */
605 case BIO_CTRL_DGRAM_MTU_DISCOVER:
606 # if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO)
607 addr_len = (socklen_t) sizeof(addr);
608 BIO_ADDR_clear(&addr);
609 if (getsockname(b->num, &addr.sa, &addr_len) < 0) {
613 switch (addr.sa.sa_family) {
615 sockopt_val = IP_PMTUDISC_DO;
616 if ((ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER,
617 &sockopt_val, sizeof(sockopt_val))) < 0)
618 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
619 "calling setsockopt()");
621 # if OPENSSL_USE_IPV6 && defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_DO)
623 sockopt_val = IPV6_PMTUDISC_DO;
624 if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
625 &sockopt_val, sizeof(sockopt_val))) < 0)
626 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
627 "calling setsockopt()");
638 case BIO_CTRL_DGRAM_QUERY_MTU:
639 # if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU)
640 addr_len = (socklen_t) sizeof(addr);
641 BIO_ADDR_clear(&addr);
642 if (getsockname(b->num, &addr.sa, &addr_len) < 0) {
646 sockopt_len = sizeof(sockopt_val);
647 switch (addr.sa.sa_family) {
650 getsockopt(b->num, IPPROTO_IP, IP_MTU, (void *)&sockopt_val,
651 &sockopt_len)) < 0 || sockopt_val < 0) {
655 * we assume that the transport protocol is UDP and no IP
658 data->mtu = sockopt_val - 8 - 20;
662 # if OPENSSL_USE_IPV6 && defined(IPV6_MTU)
665 getsockopt(b->num, IPPROTO_IPV6, IPV6_MTU,
666 (void *)&sockopt_val, &sockopt_len)) < 0
667 || sockopt_val < 0) {
671 * we assume that the transport protocol is UDP and no IPV6
674 data->mtu = sockopt_val - 8 - 40;
687 case BIO_CTRL_DGRAM_GET_FALLBACK_MTU:
688 ret = -dgram_get_mtu_overhead(data);
689 switch (BIO_ADDR_family(&data->peer)) {
693 # if OPENSSL_USE_IPV6
696 # ifdef IN6_IS_ADDR_V4MAPPED
697 struct in6_addr tmp_addr;
698 if (BIO_ADDR_rawaddress(&data->peer, &tmp_addr, NULL)
699 && IN6_IS_ADDR_V4MAPPED(&tmp_addr))
712 case BIO_CTRL_DGRAM_GET_MTU:
714 case BIO_CTRL_DGRAM_SET_MTU:
718 case BIO_CTRL_DGRAM_SET_CONNECTED:
721 BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr));
724 BIO_ADDR_clear(&data->peer);
727 case BIO_CTRL_DGRAM_GET_PEER:
728 ret = BIO_ADDR_sockaddr_size(&data->peer);
729 /* FIXME: if num < ret, we will only return part of an address.
730 That should bee an error, no? */
731 if (num == 0 || num > ret)
733 memcpy(ptr, &data->peer, (ret = num));
735 case BIO_CTRL_DGRAM_SET_PEER:
736 BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr));
738 case BIO_CTRL_DGRAM_DETECT_PEER_ADDR:
740 BIO_ADDR xaddr, *p = &data->peer;
741 socklen_t xaddr_len = sizeof(xaddr.sa);
743 if (BIO_ADDR_family(p) == AF_UNSPEC) {
744 if (getpeername(b->num, (void *)&xaddr.sa, &xaddr_len) == 0
745 && BIO_ADDR_family(&xaddr) != AF_UNSPEC) {
753 ret = BIO_ADDR_sockaddr_size(p);
754 if (num == 0 || num > ret)
757 memcpy(ptr, p, (ret = num));
761 if (!BIO_socket_nbio(b->num, num != 0))
764 case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT:
765 data->next_timeout = ossl_time_from_timeval(*(struct timeval *)ptr);
767 # if defined(SO_RCVTIMEO)
768 case BIO_CTRL_DGRAM_SET_RECV_TIMEOUT:
769 # ifdef OPENSSL_SYS_WINDOWS
771 struct timeval *tv = (struct timeval *)ptr;
772 int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000;
774 if ((ret = setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
775 (void *)&timeout, sizeof(timeout))) < 0)
776 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
777 "calling setsockopt()");
780 if ((ret = setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, ptr,
781 sizeof(struct timeval))) < 0)
782 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
783 "calling setsockopt()");
786 case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT:
788 # ifdef OPENSSL_SYS_WINDOWS
791 struct timeval *tv = (struct timeval *)ptr;
793 sz = sizeof(timeout);
794 if ((ret = getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
795 (void *)&timeout, &sz)) < 0) {
796 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
797 "calling getsockopt()");
799 tv->tv_sec = timeout / 1000;
800 tv->tv_usec = (timeout % 1000) * 1000;
804 socklen_t sz = sizeof(struct timeval);
805 if ((ret = getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
807 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
808 "calling getsockopt()");
810 OPENSSL_assert((size_t)sz <= sizeof(struct timeval));
817 # if defined(SO_SNDTIMEO)
818 case BIO_CTRL_DGRAM_SET_SEND_TIMEOUT:
819 # ifdef OPENSSL_SYS_WINDOWS
821 struct timeval *tv = (struct timeval *)ptr;
822 int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000;
824 if ((ret = setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
825 (void *)&timeout, sizeof(timeout))) < 0)
826 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
827 "calling setsockopt()");
830 if ((ret = setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, ptr,
831 sizeof(struct timeval))) < 0)
832 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
833 "calling setsockopt()");
836 case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT:
838 # ifdef OPENSSL_SYS_WINDOWS
841 struct timeval *tv = (struct timeval *)ptr;
843 sz = sizeof(timeout);
844 if ((ret = getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
845 (void *)&timeout, &sz)) < 0) {
846 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
847 "calling getsockopt()");
849 tv->tv_sec = timeout / 1000;
850 tv->tv_usec = (timeout % 1000) * 1000;
854 socklen_t sz = sizeof(struct timeval);
856 if ((ret = getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
858 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
859 "calling getsockopt()");
861 OPENSSL_assert((size_t)sz <= sizeof(struct timeval));
868 case BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP:
870 case BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP:
871 # ifdef OPENSSL_SYS_WINDOWS
872 d_errno = (data->_errno == WSAETIMEDOUT);
874 d_errno = (data->_errno == EAGAIN);
883 case BIO_CTRL_DGRAM_MTU_EXCEEDED:
884 if (data->_errno == EMSGSIZE) {
891 case BIO_CTRL_DGRAM_SET_DONT_FRAG:
892 switch (data->peer.sa.sa_family) {
894 # if defined(IP_DONTFRAG)
895 sockopt_val = num ? 1 : 0;
896 if ((ret = setsockopt(b->num, IPPROTO_IP, IP_DONTFRAG,
897 &sockopt_val, sizeof(sockopt_val))) < 0)
898 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
899 "calling setsockopt()");
900 # elif defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined (IP_PMTUDISC_PROBE)
901 sockopt_val = num ? IP_PMTUDISC_PROBE : IP_PMTUDISC_DONT;
902 if ((ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER,
903 &sockopt_val, sizeof(sockopt_val))) < 0)
904 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
905 "calling setsockopt()");
906 # elif defined(OPENSSL_SYS_WINDOWS) && defined(IP_DONTFRAGMENT)
907 sockopt_val = num ? 1 : 0;
908 if ((ret = setsockopt(b->num, IPPROTO_IP, IP_DONTFRAGMENT,
909 (const char *)&sockopt_val,
910 sizeof(sockopt_val))) < 0)
911 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
912 "calling setsockopt()");
917 # if OPENSSL_USE_IPV6
919 # if defined(IPV6_DONTFRAG)
920 sockopt_val = num ? 1 : 0;
921 if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_DONTFRAG,
922 (const void *)&sockopt_val,
923 sizeof(sockopt_val))) < 0)
924 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
925 "calling setsockopt()");
927 # elif defined(OPENSSL_SYS_LINUX) && defined(IPV6_MTUDISCOVER)
928 sockopt_val = num ? IP_PMTUDISC_PROBE : IP_PMTUDISC_DONT;
929 if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
930 &sockopt_val, sizeof(sockopt_val))) < 0)
931 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
932 "calling setsockopt()");
943 case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD:
944 ret = dgram_get_mtu_overhead(data);
948 * BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE is used here for compatibility
949 * reasons. When BIO_CTRL_DGRAM_SET_PEEK_MODE was first defined its value
950 * was incorrectly clashing with BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE. The
951 * value has been updated to a non-clashing value. However to preserve
952 * binary compatibility we now respond to both the old value and the new one
954 case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE:
955 case BIO_CTRL_DGRAM_SET_PEEK_MODE:
956 data->peekmode = (unsigned int)num;
959 case BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP:
960 # if defined(SUPPORT_LOCAL_ADDR)
967 case BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE:
968 # if defined(SUPPORT_LOCAL_ADDR)
970 if (num != data->local_addr_enabled) {
971 if (enable_local_addr(b, num) < 1) {
976 data->local_addr_enabled = (char)num;
983 case BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE:
984 *(int *)ptr = data->local_addr_enabled;
987 case BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS:
988 ret = (long)(BIO_DGRAM_CAP_HANDLES_DST_ADDR
989 | BIO_DGRAM_CAP_HANDLES_SRC_ADDR
990 | BIO_DGRAM_CAP_PROVIDES_DST_ADDR
991 | BIO_DGRAM_CAP_PROVIDES_SRC_ADDR);
994 case BIO_CTRL_GET_RPOLL_DESCRIPTOR:
995 case BIO_CTRL_GET_WPOLL_DESCRIPTOR:
997 BIO_POLL_DESCRIPTOR *pd = ptr;
999 pd->type = BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD;
1000 pd->value.fd = b->num;
1008 /* Normalize if error */
1014 static int dgram_puts(BIO *bp, const char *str)
1019 ret = dgram_write(bp, str, n);
1023 # if M_METHOD == M_METHOD_WSARECVMSG
1024 static void translate_msg_win(BIO *b, WSAMSG *mh, WSABUF *iov,
1025 unsigned char *control, BIO_MSG *msg)
1027 iov->len = msg->data_len;
1028 iov->buf = msg->data;
1030 /* Windows requires namelen to be set exactly */
1031 mh->name = msg->peer != NULL ? &msg->peer->sa : NULL;
1032 if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET)
1033 mh->namelen = sizeof(struct sockaddr_in);
1034 # if OPENSSL_USE_IPV6
1035 else if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET6)
1036 mh->namelen = sizeof(struct sockaddr_in6);
1042 * When local address reception (IP_PKTINFO, etc.) is enabled, on Windows
1043 * this causes WSARecvMsg to fail if the control buffer is too small to hold
1044 * the structure, or if no control buffer is passed. So we need to give it
1045 * the control buffer even if we aren't actually going to examine the
1048 mh->lpBuffers = iov;
1049 mh->dwBufferCount = 1;
1050 mh->Control.len = BIO_CMSG_ALLOC_LEN;
1051 mh->Control.buf = control;
1056 # if M_METHOD == M_METHOD_RECVMMSG || M_METHOD == M_METHOD_RECVMSG
1057 /* Translates a BIO_MSG to a msghdr and iovec. */
1058 static void translate_msg(BIO *b, struct msghdr *mh, struct iovec *iov,
1059 unsigned char *control, BIO_MSG *msg)
1061 iov->iov_base = msg->data;
1062 iov->iov_len = msg->data_len;
1064 /* macOS requires msg_namelen be 0 if msg_name is NULL */
1065 mh->msg_name = msg->peer != NULL ? &msg->peer->sa : NULL;
1066 if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET)
1067 mh->msg_namelen = sizeof(struct sockaddr_in);
1068 # if OPENSSL_USE_IPV6
1069 else if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET6)
1070 mh->msg_namelen = sizeof(struct sockaddr_in6);
1073 mh->msg_namelen = 0;
1077 mh->msg_control = msg->local != NULL ? control : NULL;
1078 mh->msg_controllen = msg->local != NULL ? BIO_CMSG_ALLOC_LEN : 0;
1083 # if M_METHOD == M_METHOD_RECVMMSG || M_METHOD == M_METHOD_RECVMSG || M_METHOD == M_METHOD_WSARECVMSG
1084 /* Extracts destination address from the control buffer. */
1085 static int extract_local(BIO *b, MSGHDR_TYPE *mh, BIO_ADDR *local) {
1086 # if defined(IP_PKTINFO) || defined(IP_RECVDSTADDR) || defined(IPV6_PKTINFO)
1088 int af = dgram_get_sock_family(b);
1090 for (cmsg = BIO_CMSG_FIRSTHDR(mh); cmsg != NULL;
1091 cmsg = BIO_CMSG_NXTHDR(mh, cmsg)) {
1092 if (af == AF_INET) {
1093 if (cmsg->cmsg_level != IPPROTO_IP)
1096 # if defined(IP_PKTINFO)
1097 if (cmsg->cmsg_type != IP_PKTINFO)
1100 local->s_in.sin_addr =
1101 ((struct in_pktinfo *)BIO_CMSG_DATA(cmsg))->ipi_addr;
1103 # elif defined(IP_RECVDSTADDR)
1104 if (cmsg->cmsg_type != IP_RECVDSTADDR)
1107 local->s_in.sin_addr = *(struct in_addr *)BIO_CMSG_DATA(cmsg);
1110 # if defined(IP_PKTINFO) || defined(IP_RECVDSTADDR)
1112 bio_dgram_data *data = b->ptr;
1114 local->s_in.sin_family = AF_INET;
1115 local->s_in.sin_port = data->local_addr.s_in.sin_port;
1120 # if OPENSSL_USE_IPV6
1121 else if (af == AF_INET6) {
1122 if (cmsg->cmsg_level != IPPROTO_IPV6)
1125 # if defined(IPV6_RECVPKTINFO)
1126 if (cmsg->cmsg_type != IPV6_PKTINFO)
1130 bio_dgram_data *data = b->ptr;
1132 local->s_in6.sin6_addr =
1133 ((struct in6_pktinfo *)BIO_CMSG_DATA(cmsg))->ipi6_addr;
1134 local->s_in6.sin6_family = AF_INET6;
1135 local->s_in6.sin6_port = data->local_addr.s_in6.sin6_port;
1136 local->s_in6.sin6_scope_id =
1137 data->local_addr.s_in6.sin6_scope_id;
1138 local->s_in6.sin6_flowinfo = 0;
1150 static int pack_local(BIO *b, MSGHDR_TYPE *mh, const BIO_ADDR *local) {
1151 int af = dgram_get_sock_family(b);
1152 # if defined(IP_PKTINFO) || defined(IP_RECVDSTADDR) || defined(IPV6_PKTINFO)
1154 bio_dgram_data *data = b->ptr;
1157 if (af == AF_INET) {
1158 # if defined(IP_PKTINFO)
1159 struct in_pktinfo *info;
1161 # if defined(OPENSSL_SYS_WINDOWS)
1162 cmsg = (CMSGHDR_TYPE *)mh->Control.buf;
1164 cmsg = (CMSGHDR_TYPE *)mh->msg_control;
1167 cmsg->cmsg_len = BIO_CMSG_LEN(sizeof(struct in_pktinfo));
1168 cmsg->cmsg_level = IPPROTO_IP;
1169 cmsg->cmsg_type = IP_PKTINFO;
1171 info = (struct in_pktinfo *)BIO_CMSG_DATA(cmsg);
1172 # if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_CYGWIN)
1173 info->ipi_spec_dst = local->s_in.sin_addr;
1175 info->ipi_addr.s_addr = 0;
1176 info->ipi_ifindex = 0;
1179 * We cannot override source port using this API, therefore
1180 * ensure the application specified a source port of 0
1181 * or the one we are bound to. (Better to error than silently
1184 if (local->s_in.sin_port != 0
1185 && data->local_addr.s_in.sin_port != local->s_in.sin_port) {
1186 ERR_raise(ERR_LIB_BIO, BIO_R_PORT_MISMATCH);
1190 # if defined(OPENSSL_SYS_WINDOWS)
1191 mh->Control.len = BIO_CMSG_SPACE(sizeof(struct in_pktinfo));
1193 mh->msg_controllen = BIO_CMSG_SPACE(sizeof(struct in_pktinfo));
1197 # elif defined(IP_SENDSRCADDR)
1198 struct in_addr *info;
1201 * At least FreeBSD is very pedantic about using IP_SENDSRCADDR when we
1202 * are not bound to 0.0.0.0 or ::, even if the address matches what we
1203 * bound to. Support this by not packing the structure if the address
1204 * matches our understanding of our local address. IP_SENDSRCADDR is a
1205 * BSD thing, so we don't need an explicit test for BSD here.
1207 if (local->s_in.sin_addr.s_addr == data->local_addr.s_in.sin_addr.s_addr) {
1208 mh->msg_control = NULL;
1209 mh->msg_controllen = 0;
1213 cmsg = (struct cmsghdr *)mh->msg_control;
1214 cmsg->cmsg_len = BIO_CMSG_LEN(sizeof(struct in_addr));
1215 cmsg->cmsg_level = IPPROTO_IP;
1216 cmsg->cmsg_type = IP_SENDSRCADDR;
1218 info = (struct in_addr *)BIO_CMSG_DATA(cmsg);
1219 *info = local->s_in.sin_addr;
1221 /* See comment above. */
1222 if (local->s_in.sin_port != 0
1223 && data->local_addr.s_in.sin_port != local->s_in.sin_port) {
1224 ERR_raise(ERR_LIB_BIO, BIO_R_PORT_MISMATCH);
1228 mh->msg_controllen = BIO_CMSG_SPACE(sizeof(struct in_addr));
1232 # if OPENSSL_USE_IPV6
1233 else if (af == AF_INET6) {
1234 # if defined(IPV6_PKTINFO)
1235 struct in6_pktinfo *info;
1237 # if defined(OPENSSL_SYS_WINDOWS)
1238 cmsg = (CMSGHDR_TYPE *)mh->Control.buf;
1240 cmsg = (CMSGHDR_TYPE *)mh->msg_control;
1242 cmsg->cmsg_len = BIO_CMSG_LEN(sizeof(struct in6_pktinfo));
1243 cmsg->cmsg_level = IPPROTO_IPV6;
1244 cmsg->cmsg_type = IPV6_PKTINFO;
1246 info = (struct in6_pktinfo *)BIO_CMSG_DATA(cmsg);
1247 info->ipi6_addr = local->s_in6.sin6_addr;
1248 info->ipi6_ifindex = 0;
1251 * See comment above, but also applies to the other fields
1254 if (local->s_in6.sin6_port != 0
1255 && data->local_addr.s_in6.sin6_port != local->s_in6.sin6_port) {
1256 ERR_raise(ERR_LIB_BIO, BIO_R_PORT_MISMATCH);
1260 if (local->s_in6.sin6_scope_id != 0
1261 && data->local_addr.s_in6.sin6_scope_id != local->s_in6.sin6_scope_id) {
1262 ERR_raise(ERR_LIB_BIO, BIO_R_PORT_MISMATCH);
1266 # if defined(OPENSSL_SYS_WINDOWS)
1267 mh->Control.len = BIO_CMSG_SPACE(sizeof(struct in6_pktinfo));
1269 mh->msg_controllen = BIO_CMSG_SPACE(sizeof(struct in6_pktinfo));
1281 * Converts flags passed to BIO_sendmmsg or BIO_recvmmsg to syscall flags. You
1282 * should mask out any system flags returned by this function you cannot support
1283 * in a particular circumstance. Currently no flags are defined.
1285 # if M_METHOD != M_METHOD_NONE
1286 static int translate_flags(uint64_t flags) {
1291 static int dgram_sendmmsg(BIO *b, BIO_MSG *msg, size_t stride,
1292 size_t num_msg, uint64_t flags, size_t *num_processed)
1294 # if M_METHOD != M_METHOD_NONE && M_METHOD != M_METHOD_RECVMSG
1297 # if M_METHOD == M_METHOD_RECVMMSG
1298 # define BIO_MAX_MSGS_PER_CALL 64
1300 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
1302 struct mmsghdr mh[BIO_MAX_MSGS_PER_CALL];
1303 struct iovec iov[BIO_MAX_MSGS_PER_CALL];
1304 unsigned char control[BIO_MAX_MSGS_PER_CALL][BIO_CMSG_ALLOC_LEN];
1305 int have_local_enabled = data->local_addr_enabled;
1306 # elif M_METHOD == M_METHOD_RECVMSG
1308 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
1312 unsigned char control[BIO_CMSG_ALLOC_LEN];
1313 int have_local_enabled = data->local_addr_enabled;
1314 # elif M_METHOD == M_METHOD_WSARECVMSG
1315 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
1316 int have_local_enabled = data->local_addr_enabled;
1319 DWORD num_bytes_sent = 0;
1320 unsigned char control[BIO_CMSG_ALLOC_LEN];
1322 # if M_METHOD == M_METHOD_RECVFROM || M_METHOD == M_METHOD_WSARECVMSG
1331 if (num_msg > OSSL_SSIZE_MAX)
1332 num_msg = OSSL_SSIZE_MAX;
1334 # if M_METHOD != M_METHOD_NONE
1335 sysflags = translate_flags(flags);
1338 # if M_METHOD == M_METHOD_RECVMMSG
1340 * In the sendmmsg/recvmmsg case, we need to allocate our translated struct
1341 * msghdr and struct iovec on the stack to support multithreaded use. Thus
1342 * we place a fixed limit on the number of messages per call, in the
1343 * expectation that we will be called again if there were more messages to
1346 if (num_msg > BIO_MAX_MSGS_PER_CALL)
1347 num_msg = BIO_MAX_MSGS_PER_CALL;
1349 for (i = 0; i < num_msg; ++i) {
1350 translate_msg(b, &mh[i].msg_hdr, &iov[i],
1351 control[i], &BIO_MSG_N(msg, stride, i));
1353 /* If local address was requested, it must have been enabled */
1354 if (BIO_MSG_N(msg, stride, i).local != NULL) {
1355 if (!have_local_enabled) {
1356 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1361 if (pack_local(b, &mh[i].msg_hdr,
1362 BIO_MSG_N(msg, stride, i).local) < 1) {
1363 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1371 ret = sendmmsg(b->num, mh, num_msg, sysflags);
1373 ERR_raise(ERR_LIB_SYS, get_last_socket_error());
1378 for (i = 0; i < (size_t)ret; ++i) {
1379 BIO_MSG_N(msg, stride, i).data_len = mh[i].msg_len;
1380 BIO_MSG_N(msg, stride, i).flags = 0;
1383 *num_processed = (size_t)ret;
1386 # elif M_METHOD == M_METHOD_RECVMSG
1388 * If sendmsg is available, use it.
1390 translate_msg(b, &mh, &iov, control, msg);
1392 if (msg->local != NULL) {
1393 if (!have_local_enabled) {
1394 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1399 if (pack_local(b, &mh, msg->local) < 1) {
1400 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1406 l = sendmsg(b->num, &mh, sysflags);
1408 ERR_raise(ERR_LIB_SYS, get_last_socket_error());
1413 msg->data_len = (size_t)l;
1418 # elif M_METHOD == M_METHOD_WSARECVMSG || M_METHOD == M_METHOD_RECVFROM
1419 # if M_METHOD == M_METHOD_WSARECVMSG
1420 if (bio_WSASendMsg != NULL) {
1421 /* WSASendMsg-based implementation for Windows. */
1422 translate_msg_win(b, &wmsg, &wbuf, control, msg);
1424 if (msg[0].local != NULL) {
1425 if (!have_local_enabled) {
1426 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1431 if (pack_local(b, &wmsg, msg[0].local) < 1) {
1432 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1438 ret = WSASendMsg((SOCKET)b->num, &wmsg, 0, &num_bytes_sent, NULL, NULL);
1440 ERR_raise(ERR_LIB_SYS, get_last_socket_error());
1445 msg[0].data_len = num_bytes_sent;
1453 * Fallback to sendto and send a single message.
1455 if (msg[0].local != NULL) {
1457 * We cannot set the local address if using sendto
1458 * so fail in this case
1460 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1465 ret = sendto(b->num, msg[0].data,
1466 # if defined(OPENSSL_SYS_WINDOWS)
1467 (int)msg[0].data_len,
1472 msg[0].peer != NULL ? BIO_ADDR_sockaddr(msg[0].peer) : NULL,
1473 msg[0].peer != NULL ? BIO_ADDR_sockaddr_size(msg[0].peer) : 0);
1475 ERR_raise(ERR_LIB_SYS, get_last_socket_error());
1480 msg[0].data_len = ret;
1486 ERR_raise(ERR_LIB_BIO, BIO_R_UNSUPPORTED_METHOD);
1492 static int dgram_recvmmsg(BIO *b, BIO_MSG *msg,
1493 size_t stride, size_t num_msg,
1494 uint64_t flags, size_t *num_processed)
1496 # if M_METHOD != M_METHOD_NONE && M_METHOD != M_METHOD_RECVMSG
1499 # if M_METHOD == M_METHOD_RECVMMSG
1501 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
1503 struct mmsghdr mh[BIO_MAX_MSGS_PER_CALL];
1504 struct iovec iov[BIO_MAX_MSGS_PER_CALL];
1505 unsigned char control[BIO_MAX_MSGS_PER_CALL][BIO_CMSG_ALLOC_LEN];
1506 int have_local_enabled = data->local_addr_enabled;
1507 # elif M_METHOD == M_METHOD_RECVMSG
1509 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
1513 unsigned char control[BIO_CMSG_ALLOC_LEN];
1514 int have_local_enabled = data->local_addr_enabled;
1515 # elif M_METHOD == M_METHOD_WSARECVMSG
1516 bio_dgram_data *data = (bio_dgram_data *)b->ptr;
1517 int have_local_enabled = data->local_addr_enabled;
1520 DWORD num_bytes_received = 0;
1521 unsigned char control[BIO_CMSG_ALLOC_LEN];
1523 # if M_METHOD == M_METHOD_RECVFROM || M_METHOD == M_METHOD_WSARECVMSG
1533 if (num_msg > OSSL_SSIZE_MAX)
1534 num_msg = OSSL_SSIZE_MAX;
1536 # if M_METHOD != M_METHOD_NONE
1537 sysflags = translate_flags(flags);
1540 # if M_METHOD == M_METHOD_RECVMMSG
1542 * In the sendmmsg/recvmmsg case, we need to allocate our translated struct
1543 * msghdr and struct iovec on the stack to support multithreaded use. Thus
1544 * we place a fixed limit on the number of messages per call, in the
1545 * expectation that we will be called again if there were more messages to
1548 if (num_msg > BIO_MAX_MSGS_PER_CALL)
1549 num_msg = BIO_MAX_MSGS_PER_CALL;
1551 for (i = 0; i < num_msg; ++i) {
1552 translate_msg(b, &mh[i].msg_hdr, &iov[i],
1553 control[i], &BIO_MSG_N(msg, stride, i));
1555 /* If local address was requested, it must have been enabled */
1556 if (BIO_MSG_N(msg, stride, i).local != NULL && !have_local_enabled) {
1557 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1564 ret = recvmmsg(b->num, mh, num_msg, sysflags, NULL);
1566 ERR_raise(ERR_LIB_SYS, get_last_socket_error());
1571 for (i = 0; i < (size_t)ret; ++i) {
1572 BIO_MSG_N(msg, stride, i).data_len = mh[i].msg_len;
1573 BIO_MSG_N(msg, stride, i).flags = 0;
1575 * *(msg->peer) will have been filled in by recvmmsg;
1576 * for msg->local we parse the control data returned
1578 if (BIO_MSG_N(msg, stride, i).local != NULL)
1579 if (extract_local(b, &mh[i].msg_hdr,
1580 BIO_MSG_N(msg, stride, i).local) < 1)
1582 * It appears BSDs do not support local addresses for
1583 * loopback sockets. In this case, just clear the local
1584 * address, as for OS X and Windows in some circumstances
1587 BIO_ADDR_clear(msg->local);
1590 *num_processed = (size_t)ret;
1593 # elif M_METHOD == M_METHOD_RECVMSG
1595 * If recvmsg is available, use it.
1597 translate_msg(b, &mh, &iov, control, msg);
1599 /* If local address was requested, it must have been enabled */
1600 if (msg->local != NULL && !have_local_enabled) {
1602 * If we have done at least one message, we must return the
1603 * count; if we haven't done any, we can give an error code
1605 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1610 l = recvmsg(b->num, &mh, sysflags);
1612 ERR_raise(ERR_LIB_SYS, get_last_socket_error());
1617 msg->data_len = (size_t)l;
1620 if (msg->local != NULL)
1621 if (extract_local(b, &mh, msg->local) < 1)
1623 * OS X exhibits odd behaviour where it appears that if a packet is
1624 * sent before the receiving interface enables IP_PKTINFO, it will
1625 * sometimes not have any control data returned even if the
1626 * receiving interface enables IP_PKTINFO before calling recvmsg().
1627 * This appears to occur non-deterministically. Presumably, OS X
1628 * handles IP_PKTINFO at the time the packet is enqueued into a
1629 * socket's receive queue, rather than at the time recvmsg() is
1630 * called, unlike most other operating systems. Thus (if this
1631 * hypothesis is correct) there is a race between where IP_PKTINFO
1632 * is enabled by the process and when the kernel's network stack
1633 * queues the incoming message.
1635 * We cannot return the local address if we do not have it, but this
1636 * is not a caller error either, so just return a zero address
1637 * structure. This is similar to how we handle Windows loopback
1638 * interfaces (see below). We enable this workaround for all
1639 * platforms, not just Apple, as this kind of quirk in OS networking
1640 * stacks seems to be common enough that failing hard if a local
1641 * address is not provided appears to be too brittle.
1643 BIO_ADDR_clear(msg->local);
1648 # elif M_METHOD == M_METHOD_RECVFROM || M_METHOD == M_METHOD_WSARECVMSG
1649 # if M_METHOD == M_METHOD_WSARECVMSG
1650 if (bio_WSARecvMsg != NULL) {
1651 /* WSARecvMsg-based implementation for Windows. */
1652 translate_msg_win(b, &wmsg, &wbuf, control, msg);
1654 /* If local address was requested, it must have been enabled */
1655 if (msg[0].local != NULL && !have_local_enabled) {
1656 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1661 ret = WSARecvMsg((SOCKET)b->num, &wmsg, &num_bytes_received, NULL, NULL);
1663 ERR_raise(ERR_LIB_SYS, get_last_socket_error());
1668 msg[0].data_len = num_bytes_received;
1670 if (msg[0].local != NULL)
1671 if (extract_local(b, &wmsg, msg[0].local) < 1)
1673 * On Windows, loopback is not a "proper" interface and it works
1674 * differently; packets are essentially short-circuited and
1675 * don't go through all of the normal processing. A consequence
1676 * of this is that packets sent from the local machine to the
1677 * local machine _will not have IP_PKTINFO_ even if the
1678 * IP_PKTINFO socket option is enabled. WSARecvMsg just sets
1679 * Control.len to 0 on returning.
1681 * This applies regardless of whether the loopback address,
1682 * 127.0.0.1 is used, or a local interface address (e.g.
1683 * 192.168.1.1); in both cases IP_PKTINFO will not be present.
1685 * We report this condition by setting the local BIO_ADDR's
1688 BIO_ADDR_clear(msg[0].local);
1696 * Fallback to recvfrom and receive a single message.
1698 if (msg[0].local != NULL) {
1700 * We cannot determine the local address if using recvfrom
1701 * so fail in this case
1703 ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
1708 slen = sizeof(*msg[0].peer);
1709 ret = recvfrom(b->num, msg[0].data,
1710 # if defined(OPENSSL_SYS_WINDOWS)
1711 (int)msg[0].data_len,
1716 msg[0].peer != NULL ? &msg[0].peer->sa : NULL,
1717 msg[0].peer != NULL ? &slen : NULL);
1719 ERR_raise(ERR_LIB_SYS, get_last_socket_error());
1723 msg[0].data_len = ret;
1729 ERR_raise(ERR_LIB_BIO, BIO_R_UNSUPPORTED_METHOD);
1735 # ifndef OPENSSL_NO_SCTP
1736 const BIO_METHOD *BIO_s_datagram_sctp(void)
1738 return &methods_dgramp_sctp;
1741 BIO *BIO_new_dgram_sctp(int fd, int close_flag)
1744 int ret, optval = 20000;
1745 int auth_data = 0, auth_forward = 0;
1747 struct sctp_authchunk auth;
1748 struct sctp_authchunks *authchunks;
1749 socklen_t sockopt_len;
1750 # ifdef SCTP_AUTHENTICATION_EVENT
1752 struct sctp_event event;
1754 struct sctp_event_subscribe event;
1758 bio = BIO_new(BIO_s_datagram_sctp());
1761 BIO_set_fd(bio, fd, close_flag);
1763 /* Activate SCTP-AUTH for DATA and FORWARD-TSN chunks */
1764 auth.sauth_chunk = OPENSSL_SCTP_DATA_CHUNK_TYPE;
1766 setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth,
1767 sizeof(struct sctp_authchunk));
1770 ERR_raise_data(ERR_LIB_BIO, ERR_R_SYS_LIB,
1771 "Ensure SCTP AUTH chunks are enabled in kernel");
1774 auth.sauth_chunk = OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE;
1776 setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth,
1777 sizeof(struct sctp_authchunk));
1780 ERR_raise_data(ERR_LIB_BIO, ERR_R_SYS_LIB,
1781 "Ensure SCTP AUTH chunks are enabled in kernel");
1786 * Test if activation was successful. When using accept(), SCTP-AUTH has
1787 * to be activated for the listening socket already, otherwise the
1788 * connected socket won't use it. Similarly with connect(): the socket
1789 * prior to connection must be activated for SCTP-AUTH
1791 sockopt_len = (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
1792 authchunks = OPENSSL_zalloc(sockopt_len);
1793 if (authchunks == NULL) {
1797 ret = getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks,
1800 OPENSSL_free(authchunks);
1805 for (p = (unsigned char *)authchunks->gauth_chunks;
1806 p < (unsigned char *)authchunks + sockopt_len;
1807 p += sizeof(uint8_t)) {
1808 if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE)
1810 if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE)
1814 OPENSSL_free(authchunks);
1816 if (!auth_data || !auth_forward) {
1818 ERR_raise_data(ERR_LIB_BIO, ERR_R_SYS_LIB,
1819 "Ensure SCTP AUTH chunks are enabled on the "
1820 "underlying socket");
1824 # ifdef SCTP_AUTHENTICATION_EVENT
1826 memset(&event, 0, sizeof(event));
1827 event.se_assoc_id = 0;
1828 event.se_type = SCTP_AUTHENTICATION_EVENT;
1831 setsockopt(fd, IPPROTO_SCTP, SCTP_EVENT, &event,
1832 sizeof(struct sctp_event));
1838 sockopt_len = (socklen_t) sizeof(struct sctp_event_subscribe);
1839 ret = getsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event, &sockopt_len);
1845 event.sctp_authentication_event = 1;
1848 setsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event,
1849 sizeof(struct sctp_event_subscribe));
1858 * Disable partial delivery by setting the min size larger than the max
1859 * record size of 2^14 + 2048 + 13
1862 setsockopt(fd, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT, &optval,
1872 int BIO_dgram_is_sctp(BIO *bio)
1874 return (BIO_method_type(bio) == BIO_TYPE_DGRAM_SCTP);
1877 static int dgram_sctp_new(BIO *bi)
1879 bio_dgram_sctp_data *data = NULL;
1883 if ((data = OPENSSL_zalloc(sizeof(*data))) == NULL)
1885 # ifdef SCTP_PR_SCTP_NONE
1886 data->prinfo.pr_policy = SCTP_PR_SCTP_NONE;
1894 static int dgram_sctp_free(BIO *a)
1896 bio_dgram_sctp_data *data;
1900 if (!dgram_clear(a))
1903 data = (bio_dgram_sctp_data *) a->ptr;
1910 # ifdef SCTP_AUTHENTICATION_EVENT
1911 void dgram_sctp_handle_auth_free_key_event(BIO *b,
1912 union sctp_notification *snp)
1915 struct sctp_authkey_event *authkeyevent = &snp->sn_auth_event;
1917 if (authkeyevent->auth_indication == SCTP_AUTH_FREE_KEY) {
1918 struct sctp_authkeyid authkeyid;
1921 authkeyid.scact_keynumber = authkeyevent->auth_keynumber;
1922 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DELETE_KEY,
1923 &authkeyid, sizeof(struct sctp_authkeyid));
1928 static int dgram_sctp_read(BIO *b, char *out, int outl)
1930 int ret = 0, n = 0, i, optval;
1932 bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
1935 struct cmsghdr *cmsg;
1939 clear_socket_error();
1942 memset(&data->rcvinfo, 0, sizeof(data->rcvinfo));
1945 msg.msg_name = NULL;
1946 msg.msg_namelen = 0;
1949 msg.msg_control = cmsgbuf;
1950 msg.msg_controllen = 512;
1952 n = recvmsg(b->num, &msg, 0);
1960 if (msg.msg_controllen > 0) {
1961 for (cmsg = CMSG_FIRSTHDR(&msg); cmsg;
1962 cmsg = CMSG_NXTHDR(&msg, cmsg)) {
1963 if (cmsg->cmsg_level != IPPROTO_SCTP)
1965 # ifdef SCTP_RCVINFO
1966 if (cmsg->cmsg_type == SCTP_RCVINFO) {
1967 struct sctp_rcvinfo *rcvinfo;
1969 rcvinfo = (struct sctp_rcvinfo *)CMSG_DATA(cmsg);
1970 data->rcvinfo.rcv_sid = rcvinfo->rcv_sid;
1971 data->rcvinfo.rcv_ssn = rcvinfo->rcv_ssn;
1972 data->rcvinfo.rcv_flags = rcvinfo->rcv_flags;
1973 data->rcvinfo.rcv_ppid = rcvinfo->rcv_ppid;
1974 data->rcvinfo.rcv_tsn = rcvinfo->rcv_tsn;
1975 data->rcvinfo.rcv_cumtsn = rcvinfo->rcv_cumtsn;
1976 data->rcvinfo.rcv_context = rcvinfo->rcv_context;
1980 if (cmsg->cmsg_type == SCTP_SNDRCV) {
1981 struct sctp_sndrcvinfo *sndrcvinfo;
1984 (struct sctp_sndrcvinfo *)CMSG_DATA(cmsg);
1985 data->rcvinfo.rcv_sid = sndrcvinfo->sinfo_stream;
1986 data->rcvinfo.rcv_ssn = sndrcvinfo->sinfo_ssn;
1987 data->rcvinfo.rcv_flags = sndrcvinfo->sinfo_flags;
1988 data->rcvinfo.rcv_ppid = sndrcvinfo->sinfo_ppid;
1989 data->rcvinfo.rcv_tsn = sndrcvinfo->sinfo_tsn;
1990 data->rcvinfo.rcv_cumtsn = sndrcvinfo->sinfo_cumtsn;
1991 data->rcvinfo.rcv_context = sndrcvinfo->sinfo_context;
1997 if (msg.msg_flags & MSG_NOTIFICATION) {
1998 union sctp_notification snp;
2000 memcpy(&snp, out, sizeof(snp));
2001 if (snp.sn_header.sn_type == SCTP_SENDER_DRY_EVENT) {
2003 struct sctp_event event;
2005 struct sctp_event_subscribe event;
2006 socklen_t eventsize;
2009 /* disable sender dry event */
2011 memset(&event, 0, sizeof(event));
2012 event.se_assoc_id = 0;
2013 event.se_type = SCTP_SENDER_DRY_EVENT;
2015 i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event,
2016 sizeof(struct sctp_event));
2022 eventsize = sizeof(struct sctp_event_subscribe);
2023 i = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
2030 event.sctp_sender_dry_event = 0;
2032 i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
2033 sizeof(struct sctp_event_subscribe));
2040 # ifdef SCTP_AUTHENTICATION_EVENT
2041 if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT)
2042 dgram_sctp_handle_auth_free_key_event(b, &snp);
2045 if (data->handle_notifications != NULL)
2046 data->handle_notifications(b, data->notification_context,
2049 memset(&snp, 0, sizeof(snp));
2050 memset(out, 0, outl);
2055 while ((msg.msg_flags & MSG_NOTIFICATION) && (msg.msg_flags & MSG_EOR)
2058 if (ret > 0 && !(msg.msg_flags & MSG_EOR)) {
2059 /* Partial message read, this should never happen! */
2062 * The buffer was too small, this means the peer sent a message
2063 * that was larger than allowed.
2069 * Test if socket buffer can handle max record size (2^14 + 2048
2072 optlen = (socklen_t) sizeof(int);
2073 ret = getsockopt(b->num, SOL_SOCKET, SO_RCVBUF, &optval, &optlen);
2075 OPENSSL_assert(optval >= 18445);
2078 * Test if SCTP doesn't partially deliver below max record size
2079 * (2^14 + 2048 + 13)
2081 optlen = (socklen_t) sizeof(int);
2083 getsockopt(b->num, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT,
2086 OPENSSL_assert(optval >= 18445);
2089 * Partially delivered notification??? Probably a bug....
2091 OPENSSL_assert(!(msg.msg_flags & MSG_NOTIFICATION));
2094 * Everything seems ok till now, so it's most likely a message
2095 * dropped by PR-SCTP.
2097 memset(out, 0, outl);
2098 BIO_set_retry_read(b);
2102 BIO_clear_retry_flags(b);
2104 if (BIO_dgram_should_retry(ret)) {
2105 BIO_set_retry_read(b);
2106 data->dgram._errno = get_last_socket_error();
2110 /* Test if peer uses SCTP-AUTH before continuing */
2111 if (!data->peer_auth_tested) {
2112 int ii, auth_data = 0, auth_forward = 0;
2114 struct sctp_authchunks *authchunks;
2117 (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
2118 authchunks = OPENSSL_malloc(optlen);
2119 if (authchunks == NULL)
2121 memset(authchunks, 0, optlen);
2122 ii = getsockopt(b->num, IPPROTO_SCTP, SCTP_PEER_AUTH_CHUNKS,
2123 authchunks, &optlen);
2126 for (p = (unsigned char *)authchunks->gauth_chunks;
2127 p < (unsigned char *)authchunks + optlen;
2128 p += sizeof(uint8_t)) {
2129 if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE)
2131 if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE)
2135 OPENSSL_free(authchunks);
2137 if (!auth_data || !auth_forward) {
2138 ERR_raise(ERR_LIB_BIO, BIO_R_CONNECT_ERROR);
2142 data->peer_auth_tested = 1;
2149 * dgram_sctp_write - send message on SCTP socket
2150 * @b: BIO to write to
2152 * @inl: amount of bytes in @in to send
2154 * Returns -1 on error or the sent amount of bytes on success
2156 static int dgram_sctp_write(BIO *b, const char *in, int inl)
2159 bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
2160 struct bio_dgram_sctp_sndinfo *sinfo = &(data->sndinfo);
2161 struct bio_dgram_sctp_prinfo *pinfo = &(data->prinfo);
2162 struct bio_dgram_sctp_sndinfo handshake_sinfo;
2163 struct iovec iov[1];
2165 struct cmsghdr *cmsg;
2166 # if defined(SCTP_SNDINFO) && defined(SCTP_PRINFO)
2167 char cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndinfo)) +
2168 CMSG_SPACE(sizeof(struct sctp_prinfo))];
2169 struct sctp_sndinfo *sndinfo;
2170 struct sctp_prinfo *prinfo;
2172 char cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndrcvinfo))];
2173 struct sctp_sndrcvinfo *sndrcvinfo;
2176 clear_socket_error();
2179 * If we're send anything else than application data, disable all user
2180 * parameters and flags.
2183 memset(&handshake_sinfo, 0, sizeof(handshake_sinfo));
2184 # ifdef SCTP_SACK_IMMEDIATELY
2185 handshake_sinfo.snd_flags = SCTP_SACK_IMMEDIATELY;
2187 sinfo = &handshake_sinfo;
2190 /* We can only send a shutdown alert if the socket is dry */
2191 if (data->save_shutdown) {
2192 ret = BIO_dgram_sctp_wait_for_dry(b);
2196 BIO_clear_retry_flags(b);
2197 BIO_set_retry_write(b);
2202 iov[0].iov_base = (char *)in;
2203 iov[0].iov_len = inl;
2204 msg.msg_name = NULL;
2205 msg.msg_namelen = 0;
2208 msg.msg_control = (caddr_t) cmsgbuf;
2209 msg.msg_controllen = 0;
2211 # if defined(SCTP_SNDINFO) && defined(SCTP_PRINFO)
2212 cmsg = (struct cmsghdr *)cmsgbuf;
2213 cmsg->cmsg_level = IPPROTO_SCTP;
2214 cmsg->cmsg_type = SCTP_SNDINFO;
2215 cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndinfo));
2216 sndinfo = (struct sctp_sndinfo *)CMSG_DATA(cmsg);
2217 memset(sndinfo, 0, sizeof(*sndinfo));
2218 sndinfo->snd_sid = sinfo->snd_sid;
2219 sndinfo->snd_flags = sinfo->snd_flags;
2220 sndinfo->snd_ppid = sinfo->snd_ppid;
2221 sndinfo->snd_context = sinfo->snd_context;
2222 msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_sndinfo));
2225 (struct cmsghdr *)&cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndinfo))];
2226 cmsg->cmsg_level = IPPROTO_SCTP;
2227 cmsg->cmsg_type = SCTP_PRINFO;
2228 cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_prinfo));
2229 prinfo = (struct sctp_prinfo *)CMSG_DATA(cmsg);
2230 memset(prinfo, 0, sizeof(*prinfo));
2231 prinfo->pr_policy = pinfo->pr_policy;
2232 prinfo->pr_value = pinfo->pr_value;
2233 msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_prinfo));
2235 cmsg = (struct cmsghdr *)cmsgbuf;
2236 cmsg->cmsg_level = IPPROTO_SCTP;
2237 cmsg->cmsg_type = SCTP_SNDRCV;
2238 cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndrcvinfo));
2239 sndrcvinfo = (struct sctp_sndrcvinfo *)CMSG_DATA(cmsg);
2240 memset(sndrcvinfo, 0, sizeof(*sndrcvinfo));
2241 sndrcvinfo->sinfo_stream = sinfo->snd_sid;
2242 sndrcvinfo->sinfo_flags = sinfo->snd_flags;
2244 sndrcvinfo->sinfo_flags |= pinfo->pr_policy;
2246 sndrcvinfo->sinfo_ppid = sinfo->snd_ppid;
2247 sndrcvinfo->sinfo_context = sinfo->snd_context;
2248 sndrcvinfo->sinfo_timetolive = pinfo->pr_value;
2249 msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_sndrcvinfo));
2252 ret = sendmsg(b->num, &msg, 0);
2254 BIO_clear_retry_flags(b);
2256 if (BIO_dgram_should_retry(ret)) {
2257 BIO_set_retry_write(b);
2258 data->dgram._errno = get_last_socket_error();
2264 static long dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr)
2267 bio_dgram_sctp_data *data = NULL;
2268 socklen_t sockopt_len = 0;
2269 struct sctp_authkeyid authkeyid;
2270 struct sctp_authkey *authkey = NULL;
2272 data = (bio_dgram_sctp_data *) b->ptr;
2275 case BIO_CTRL_DGRAM_QUERY_MTU:
2277 * Set to maximum (2^14) and ignore user input to enable transport
2278 * protocol fragmentation. Returns always 2^14.
2280 data->dgram.mtu = 16384;
2281 ret = data->dgram.mtu;
2283 case BIO_CTRL_DGRAM_SET_MTU:
2285 * Set to maximum (2^14) and ignore input to enable transport
2286 * protocol fragmentation. Returns always 2^14.
2288 data->dgram.mtu = 16384;
2289 ret = data->dgram.mtu;
2291 case BIO_CTRL_DGRAM_SET_CONNECTED:
2292 case BIO_CTRL_DGRAM_CONNECT:
2293 /* Returns always -1. */
2296 case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT:
2298 * SCTP doesn't need the DTLS timer Returns always 1.
2301 case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD:
2303 * We allow transport protocol fragmentation so this is irrelevant
2307 case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE:
2309 data->in_handshake = 1;
2311 data->in_handshake = 0;
2314 setsockopt(b->num, IPPROTO_SCTP, SCTP_NODELAY,
2315 &data->in_handshake, sizeof(int));
2317 case BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY:
2319 * New shared key for SCTP AUTH. Returns 0 on success, -1 otherwise.
2322 /* Get active key */
2323 sockopt_len = sizeof(struct sctp_authkeyid);
2325 getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid,
2331 sockopt_len = sizeof(struct sctp_authkey) + 64 * sizeof(uint8_t);
2332 authkey = OPENSSL_malloc(sockopt_len);
2333 if (authkey == NULL) {
2337 memset(authkey, 0, sockopt_len);
2338 authkey->sca_keynumber = authkeyid.scact_keynumber + 1;
2339 # ifndef __FreeBSD__
2341 * This field is missing in FreeBSD 8.2 and earlier, and FreeBSD 8.3
2342 * and higher work without it.
2344 authkey->sca_keylength = 64;
2346 memcpy(&authkey->sca_key[0], ptr, 64 * sizeof(uint8_t));
2349 setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_KEY, authkey,
2351 OPENSSL_free(authkey);
2356 /* Reset active key */
2357 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY,
2358 &authkeyid, sizeof(struct sctp_authkeyid));
2363 case BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY:
2364 /* Returns 0 on success, -1 otherwise. */
2366 /* Get active key */
2367 sockopt_len = sizeof(struct sctp_authkeyid);
2369 getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid,
2374 /* Set active key */
2375 authkeyid.scact_keynumber = authkeyid.scact_keynumber + 1;
2376 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY,
2377 &authkeyid, sizeof(struct sctp_authkeyid));
2382 * CCS has been sent, so remember that and fall through to check if
2383 * we need to deactivate an old key
2388 case BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD:
2389 /* Returns 0 on success, -1 otherwise. */
2392 * Has this command really been called or is this just a
2395 if (cmd == BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD)
2399 * CSS has been both, received and sent, so deactivate an old key
2401 if (data->ccs_rcvd == 1 && data->ccs_sent == 1) {
2402 /* Get active key */
2403 sockopt_len = sizeof(struct sctp_authkeyid);
2405 getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY,
2406 &authkeyid, &sockopt_len);
2411 * Deactivate key or delete second last key if
2412 * SCTP_AUTHENTICATION_EVENT is not available.
2414 authkeyid.scact_keynumber = authkeyid.scact_keynumber - 1;
2415 # ifdef SCTP_AUTH_DEACTIVATE_KEY
2416 sockopt_len = sizeof(struct sctp_authkeyid);
2417 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DEACTIVATE_KEY,
2418 &authkeyid, sockopt_len);
2422 # ifndef SCTP_AUTHENTICATION_EVENT
2423 if (authkeyid.scact_keynumber > 0) {
2424 authkeyid.scact_keynumber = authkeyid.scact_keynumber - 1;
2425 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DELETE_KEY,
2426 &authkeyid, sizeof(struct sctp_authkeyid));
2436 case BIO_CTRL_DGRAM_SCTP_GET_SNDINFO:
2437 /* Returns the size of the copied struct. */
2438 if (num > (long)sizeof(struct bio_dgram_sctp_sndinfo))
2439 num = sizeof(struct bio_dgram_sctp_sndinfo);
2441 memcpy(ptr, &(data->sndinfo), num);
2444 case BIO_CTRL_DGRAM_SCTP_SET_SNDINFO:
2445 /* Returns the size of the copied struct. */
2446 if (num > (long)sizeof(struct bio_dgram_sctp_sndinfo))
2447 num = sizeof(struct bio_dgram_sctp_sndinfo);
2449 memcpy(&(data->sndinfo), ptr, num);
2451 case BIO_CTRL_DGRAM_SCTP_GET_RCVINFO:
2452 /* Returns the size of the copied struct. */
2453 if (num > (long)sizeof(struct bio_dgram_sctp_rcvinfo))
2454 num = sizeof(struct bio_dgram_sctp_rcvinfo);
2456 memcpy(ptr, &data->rcvinfo, num);
2460 case BIO_CTRL_DGRAM_SCTP_SET_RCVINFO:
2461 /* Returns the size of the copied struct. */
2462 if (num > (long)sizeof(struct bio_dgram_sctp_rcvinfo))
2463 num = sizeof(struct bio_dgram_sctp_rcvinfo);
2465 memcpy(&(data->rcvinfo), ptr, num);
2467 case BIO_CTRL_DGRAM_SCTP_GET_PRINFO:
2468 /* Returns the size of the copied struct. */
2469 if (num > (long)sizeof(struct bio_dgram_sctp_prinfo))
2470 num = sizeof(struct bio_dgram_sctp_prinfo);
2472 memcpy(ptr, &(data->prinfo), num);
2475 case BIO_CTRL_DGRAM_SCTP_SET_PRINFO:
2476 /* Returns the size of the copied struct. */
2477 if (num > (long)sizeof(struct bio_dgram_sctp_prinfo))
2478 num = sizeof(struct bio_dgram_sctp_prinfo);
2480 memcpy(&(data->prinfo), ptr, num);
2482 case BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN:
2483 /* Returns always 1. */
2485 data->save_shutdown = 1;
2487 data->save_shutdown = 0;
2489 case BIO_CTRL_DGRAM_SCTP_WAIT_FOR_DRY:
2490 return dgram_sctp_wait_for_dry(b);
2491 case BIO_CTRL_DGRAM_SCTP_MSG_WAITING:
2492 return dgram_sctp_msg_waiting(b);
2496 * Pass to default ctrl function to process SCTP unspecific commands
2498 ret = dgram_ctrl(b, cmd, num, ptr);
2504 int BIO_dgram_sctp_notification_cb(BIO *b,
2505 BIO_dgram_sctp_notification_handler_fn handle_notifications,
2508 bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
2510 if (handle_notifications != NULL) {
2511 data->handle_notifications = handle_notifications;
2512 data->notification_context = context;
2520 * BIO_dgram_sctp_wait_for_dry - Wait for SCTP SENDER_DRY event
2521 * @b: The BIO to check for the dry event
2523 * Wait until the peer confirms all packets have been received, and so that
2524 * our kernel doesn't have anything to send anymore. This is only received by
2525 * the peer's kernel, not the application.
2529 * 0 when not dry yet
2532 int BIO_dgram_sctp_wait_for_dry(BIO *b)
2534 return (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SCTP_WAIT_FOR_DRY, 0, NULL);
2537 static int dgram_sctp_wait_for_dry(BIO *b)
2542 union sctp_notification snp;
2546 struct sctp_event event;
2548 struct sctp_event_subscribe event;
2549 socklen_t eventsize;
2551 bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
2553 /* set sender dry event */
2555 memset(&event, 0, sizeof(event));
2556 event.se_assoc_id = 0;
2557 event.se_type = SCTP_SENDER_DRY_EVENT;
2560 setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event,
2561 sizeof(struct sctp_event));
2563 eventsize = sizeof(struct sctp_event_subscribe);
2564 ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, &eventsize);
2568 event.sctp_sender_dry_event = 1;
2571 setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
2572 sizeof(struct sctp_event_subscribe));
2577 /* peek for notification */
2578 memset(&snp, 0, sizeof(snp));
2579 iov.iov_base = (char *)&snp;
2580 iov.iov_len = sizeof(union sctp_notification);
2581 msg.msg_name = NULL;
2582 msg.msg_namelen = 0;
2585 msg.msg_control = NULL;
2586 msg.msg_controllen = 0;
2589 n = recvmsg(b->num, &msg, MSG_PEEK);
2591 if ((n < 0) && (get_last_socket_error() != EAGAIN)
2592 && (get_last_socket_error() != EWOULDBLOCK))
2598 /* if we find a notification, process it and try again if necessary */
2599 while (msg.msg_flags & MSG_NOTIFICATION) {
2600 memset(&snp, 0, sizeof(snp));
2601 iov.iov_base = (char *)&snp;
2602 iov.iov_len = sizeof(union sctp_notification);
2603 msg.msg_name = NULL;
2604 msg.msg_namelen = 0;
2607 msg.msg_control = NULL;
2608 msg.msg_controllen = 0;
2611 n = recvmsg(b->num, &msg, 0);
2613 if ((n < 0) && (get_last_socket_error() != EAGAIN)
2614 && (get_last_socket_error() != EWOULDBLOCK))
2620 if (snp.sn_header.sn_type == SCTP_SENDER_DRY_EVENT) {
2623 /* disable sender dry event */
2625 memset(&event, 0, sizeof(event));
2626 event.se_assoc_id = 0;
2627 event.se_type = SCTP_SENDER_DRY_EVENT;
2630 setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event,
2631 sizeof(struct sctp_event));
2633 eventsize = (socklen_t) sizeof(struct sctp_event_subscribe);
2635 getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
2640 event.sctp_sender_dry_event = 0;
2643 setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
2644 sizeof(struct sctp_event_subscribe));
2649 # ifdef SCTP_AUTHENTICATION_EVENT
2650 if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT)
2651 dgram_sctp_handle_auth_free_key_event(b, &snp);
2654 if (data->handle_notifications != NULL)
2655 data->handle_notifications(b, data->notification_context,
2658 /* found notification, peek again */
2659 memset(&snp, 0, sizeof(snp));
2660 iov.iov_base = (char *)&snp;
2661 iov.iov_len = sizeof(union sctp_notification);
2662 msg.msg_name = NULL;
2663 msg.msg_namelen = 0;
2666 msg.msg_control = NULL;
2667 msg.msg_controllen = 0;
2670 /* if we have seen the dry already, don't wait */
2672 sockflags = fcntl(b->num, F_GETFL, 0);
2673 fcntl(b->num, F_SETFL, O_NONBLOCK);
2676 n = recvmsg(b->num, &msg, MSG_PEEK);
2679 fcntl(b->num, F_SETFL, sockflags);
2683 if ((n < 0) && (get_last_socket_error() != EAGAIN)
2684 && (get_last_socket_error() != EWOULDBLOCK))
2691 /* read anything else */
2695 int BIO_dgram_sctp_msg_waiting(BIO *b)
2697 return (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SCTP_MSG_WAITING, 0, NULL);
2700 static int dgram_sctp_msg_waiting(BIO *b)
2703 union sctp_notification snp;
2706 bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
2708 /* Check if there are any messages waiting to be read */
2710 memset(&snp, 0, sizeof(snp));
2711 iov.iov_base = (char *)&snp;
2712 iov.iov_len = sizeof(union sctp_notification);
2713 msg.msg_name = NULL;
2714 msg.msg_namelen = 0;
2717 msg.msg_control = NULL;
2718 msg.msg_controllen = 0;
2721 sockflags = fcntl(b->num, F_GETFL, 0);
2722 fcntl(b->num, F_SETFL, O_NONBLOCK);
2723 n = recvmsg(b->num, &msg, MSG_PEEK);
2724 fcntl(b->num, F_SETFL, sockflags);
2726 /* if notification, process and try again */
2727 if (n > 0 && (msg.msg_flags & MSG_NOTIFICATION)) {
2728 # ifdef SCTP_AUTHENTICATION_EVENT
2729 if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT)
2730 dgram_sctp_handle_auth_free_key_event(b, &snp);
2733 memset(&snp, 0, sizeof(snp));
2734 iov.iov_base = (char *)&snp;
2735 iov.iov_len = sizeof(union sctp_notification);
2736 msg.msg_name = NULL;
2737 msg.msg_namelen = 0;
2740 msg.msg_control = NULL;
2741 msg.msg_controllen = 0;
2743 n = recvmsg(b->num, &msg, 0);
2745 if (data->handle_notifications != NULL)
2746 data->handle_notifications(b, data->notification_context,
2750 } while (n > 0 && (msg.msg_flags & MSG_NOTIFICATION));
2752 /* Return 1 if there is a message to be read, return 0 otherwise. */
2759 static int dgram_sctp_puts(BIO *bp, const char *str)
2764 ret = dgram_sctp_write(bp, str, n);
2769 static int BIO_dgram_should_retry(int i)
2773 if ((i == 0) || (i == -1)) {
2774 err = get_last_socket_error();
2776 # if defined(OPENSSL_SYS_WINDOWS)
2778 * If the socket return value (i) is -1 and err is unexpectedly 0 at
2779 * this point, the error code was overwritten by another system call
2780 * before this error handling is called.
2784 return BIO_dgram_non_fatal_error(err);
2789 int BIO_dgram_non_fatal_error(int err)
2792 # if defined(OPENSSL_SYS_WINDOWS)
2793 # if defined(WSAEWOULDBLOCK)
2794 case WSAEWOULDBLOCK:
2799 # ifdef WSAEWOULDBLOCK
2800 # if WSAEWOULDBLOCK != EWOULDBLOCK
2813 # if EWOULDBLOCK != EAGAIN