BIO_dgram support for BIO_sendmmsg/BIO_recvmmsg

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18270)

CHANGES.md

@@ -173,6 +173,12 @@ OpenSSL 3.1
 
    *David von Oheimb*
 
+ * Add new BIO_sendmmsg() and BIO_recvmmsg() BIO methods which allow
+   sending and receiving multiple messages in a single call. An implementation
+   is provided for BIO_dgram. For further details, see BIO_sendmmsg(3).
+
+   *Hugo Landau*
+
 OpenSSL 3.0
 -----------
 

crypto/bio/bio_err.c

@@ -46,6 +46,7 @@ static const ERR_STRING_DATA BIO_str_reasons[] = {
     "no hostname or service specified"},
     {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NO_PORT_DEFINED), "no port defined"},
     {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NO_SUCH_FILE), "no such file"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_PORT_MISMATCH), "port mismatch"},
     {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_TFO_DISABLED), "tfo disabled"},
     {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_TFO_NO_KERNEL_SUPPORT),
     "tfo no kernel support"},
@@ -79,6 +80,8 @@ static const ERR_STRING_DATA BIO_str_reasons[] = {
      "local address not available"},
     {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NON_FATAL),
      "non-fatal or transient error"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_PORT_MISMATCH),
+     "port mismatch"},
     {0, NULL}
 };
 

crypto/bio/bio_local.h

@@ -142,6 +142,12 @@ struct sockaddr *BIO_ADDR_sockaddr_noconst(BIO_ADDR *ap);
 socklen_t BIO_ADDR_sockaddr_size(const BIO_ADDR *ap);
 socklen_t BIO_ADDRINFO_sockaddr_size(const BIO_ADDRINFO *bai);
 const struct sockaddr *BIO_ADDRINFO_sockaddr(const BIO_ADDRINFO *bai);
+
+# if defined(OPENSSL_SYS_WINDOWS) && defined(WSAID_WSARECVMSG)
+#  define BIO_HAVE_WSAMSG
+extern LPFN_WSARECVMSG bio_WSARecvMsg;
+extern LPFN_WSASENDMSG bio_WSASendMsg;
+# endif
 #endif
 
 extern CRYPTO_RWLOCK *bio_type_lock;

crypto/bio/bio_sock.c

@@ -130,6 +130,11 @@ struct hostent *BIO_gethostbyname(const char *name)
 }
 # endif
 
+# ifdef BIO_HAVE_WSAMSG
+LPFN_WSARECVMSG bio_WSARecvMsg;
+LPFN_WSASENDMSG bio_WSASendMsg;
+# endif
+
 int BIO_sock_init(void)
 {
 # ifdef OPENSSL_SYS_WINDOWS
@@ -150,6 +155,39 @@ int BIO_sock_init(void)
             ERR_raise(ERR_LIB_BIO, BIO_R_WSASTARTUP);
             return -1;
         }
+
+        /*
+         * On Windows, some socket functions are not exposed as a prototype.
+         * Instead, their function pointers must be loaded via this elaborate
+         * process...
+         */
+#  ifdef BIO_HAVE_WSAMSG
+        {
+            GUID id_WSARecvMsg = WSAID_WSARECVMSG;
+            GUID id_WSASendMsg = WSAID_WSASENDMSG;
+            DWORD len_out = 0;
+            SOCKET s;
+
+            s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
+            if (s != INVALID_SOCKET) {
+                if (WSAIoctl(s, SIO_GET_EXTENSION_FUNCTION_POINTER,
+                             &id_WSARecvMsg, sizeof(id_WSARecvMsg),
+                             &bio_WSARecvMsg, sizeof(bio_WSARecvMsg),
+                             &len_out, NULL, NULL) != 0
+                    || len_out != sizeof(bio_WSARecvMsg))
+                    bio_WSARecvMsg = NULL;
+
+                if (WSAIoctl(s, SIO_GET_EXTENSION_FUNCTION_POINTER,
+                             &id_WSASendMsg, sizeof(id_WSASendMsg),
+                             &bio_WSASendMsg, sizeof(bio_WSASendMsg),
+                             &len_out, NULL, NULL) != 0
+                    || len_out != sizeof(bio_WSASendMsg))
+                    bio_WSASendMsg = NULL;
+
+                closesocket(s);
+            }
+        }
+#  endif
     }
 # endif                         /* OPENSSL_SYS_WINDOWS */
 # ifdef WATT32

crypto/bio/bss_dgram.c

@@ -42,6 +42,82 @@
          ((a)->s6_addr32[2] == htonl(0x0000ffff)))
 # endif
 
+/* Determine what method to use for BIO_sendmmsg and BIO_recvmmsg. */
+# define M_METHOD_NONE       0
+# define M_METHOD_RECVMMSG   1
+# define M_METHOD_RECVMSG    2
+# define M_METHOD_RECVFROM   3
+# define M_METHOD_WSARECVMSG 4
+
+# if !defined(M_METHOD)
+#  if defined(OPENSSL_SYS_WINDOWS) && defined(BIO_HAVE_WSAMSG) && !defined(NO_WSARECVMSG)
+#   define M_METHOD  M_METHOD_WSARECVMSG
+#  elif !defined(OPENSSL_SYS_WINDOWS) && defined(MSG_WAITFORONE) && !defined(NO_RECVMMSG)
+#   define M_METHOD  M_METHOD_RECVMMSG
+#  elif !defined(OPENSSL_SYS_WINDOWS) && defined(CMSG_LEN) && !defined(NO_RECVMSG)
+#   define M_METHOD  M_METHOD_RECVMSG
+#  elif !defined(NO_RECVFROM)
+#   define M_METHOD  M_METHOD_RECVFROM
+#  else
+#   define M_METHOD  M_METHOD_NONE
+#  endif
+# endif
+
+# if defined(OPENSSL_SYS_WINDOWS)
+#  define BIO_CMSG_SPACE(x) WSA_CMSG_SPACE(x)
+#  define BIO_CMSG_FIRSTHDR(x) WSA_CMSG_FIRSTHDR(x)
+#  define BIO_CMSG_NXTHDR(x, y) WSA_CMSG_NXTHDR(x, y)
+#  define BIO_CMSG_DATA(x) WSA_CMSG_DATA(x)
+#  define BIO_CMSG_LEN(x) WSA_CMSG_LEN(x)
+#  define MSGHDR_TYPE WSAMSG
+#  define CMSGHDR_TYPE WSACMSGHDR
+# else
+#  define MSGHDR_TYPE struct msghdr
+#  define CMSGHDR_TYPE struct cmsghdr
+#  define BIO_CMSG_SPACE(x) CMSG_SPACE(x)
+#  define BIO_CMSG_FIRSTHDR(x) CMSG_FIRSTHDR(x)
+#  define BIO_CMSG_NXTHDR(x, y) CMSG_NXTHDR(x, y)
+#  define BIO_CMSG_DATA(x) CMSG_DATA(x)
+#  define BIO_CMSG_LEN(x) CMSG_LEN(x)
+# endif
+
+# if   M_METHOD == M_METHOD_RECVMMSG   \
+    || M_METHOD == M_METHOD_RECVMSG    \
+    || M_METHOD == M_METHOD_WSARECVMSG
+#  if defined(__APPLE__)
+    /*
+     * CMSG_SPACE is not a constant expresson on OSX even though POSIX
+     * says it's supposed to be. This should be adequate.
+     */
+#   define BIO_CMSG_ALLOC_LEN   64
+#  else
+#   if defined(IPV6_PKTINFO)
+#     define BIO_CMSG_ALLOC_LEN_1   BIO_CMSG_SPACE(sizeof(struct in6_pktinfo))
+#   else
+#     define BIO_CMSG_ALLOC_LEN_1   0
+#   endif
+#   if defined(IP_PKTINFO)
+#     define BIO_CMSG_ALLOC_LEN_2   BIO_CMSG_SPACE(sizeof(struct in_pktinfo))
+#   else
+#     define BIO_CMSG_ALLOC_LEN_2   0
+#   endif
+#   if defined(IP_RECVDSTADDR)
+#     define BIO_CMSG_ALLOC_LEN_3   BIO_CMSG_SPACE(sizeof(struct in_addr))
+#   else
+#     define BIO_CMSG_ALLOC_LEN_3   0
+#   endif
+#   define BIO_MAX(X,Y) ((X) > (Y) ? (X) : (Y))
+#   define BIO_CMSG_ALLOC_LEN                                        \
+        BIO_MAX(BIO_CMSG_ALLOC_LEN_1,                                \
+                BIO_MAX(BIO_CMSG_ALLOC_LEN_2, BIO_CMSG_ALLOC_LEN_3))
+#  endif
+#  if (defined(IP_PKTINFO) || defined(IP_RECVDSTADDR)) && defined(IPV6_RECVPKTINFO)
+#   define SUPPORT_LOCAL_ADDR
+#  endif
+# endif
+
+# define BIO_MSG_N(array, stride, n) (*(BIO_MSG *)((char *)(array) + (n)*(stride)))
+
 static int dgram_write(BIO *h, const char *buf, int num);
 static int dgram_read(BIO *h, char *buf, int size);
 static int dgram_puts(BIO *h, const char *str);
@@ -49,6 +125,12 @@ static long dgram_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int dgram_new(BIO *h);
 static int dgram_free(BIO *data);
 static int dgram_clear(BIO *bio);
+static int dgram_sendmmsg(BIO *b, BIO_MSG *msg,
+                          size_t stride, size_t num_msg,
+                          uint64_t flags, size_t *num_processed);
+static int dgram_recvmmsg(BIO *b, BIO_MSG *msg,
+                          size_t stride, size_t num_msg,
+                          uint64_t flags, size_t *num_processed);
 
 # ifndef OPENSSL_NO_SCTP
 static int dgram_sctp_write(BIO *h, const char *buf, int num);
@@ -82,6 +164,8 @@ static const BIO_METHOD methods_dgramp = {
     dgram_new,
     dgram_free,
     NULL,                       /* dgram_callback_ctrl */
+    dgram_sendmmsg,
+    dgram_recvmmsg,
 };
 
 # ifndef OPENSSL_NO_SCTP
@@ -98,17 +182,21 @@ static const BIO_METHOD methods_dgramp_sctp = {
     dgram_sctp_new,
     dgram_sctp_free,
     NULL,                       /* dgram_callback_ctrl */
+    NULL,                       /* sendmmsg */
+    NULL,                       /* recvmmsg */
 };
 # endif
 
 typedef struct bio_dgram_data_st {
     BIO_ADDR peer;
+    BIO_ADDR local_addr;
     unsigned int connected;
     unsigned int _errno;
     unsigned int mtu;
     struct timeval next_timeout;
     struct timeval socket_timeout;
     unsigned int peekmode;
+    char local_addr_enabled;
 } bio_dgram_data;
 
 # ifndef OPENSSL_NO_SCTP
@@ -265,6 +353,27 @@ static void dgram_adjust_rcv_timeout(BIO *b)
 # endif
 }
 
+static void dgram_update_local_addr(BIO *b)
+{
+    bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+    socklen_t addr_len = sizeof(data->local_addr);
+
+    if (getsockname(b->num, &data->local_addr.sa, &addr_len) < 0)
+        /*
+         * This should not be possible, but zero-initialize and return
+         * anyway.
+         */
+        BIO_ADDR_clear(&data->local_addr);
+}
+
+# if M_METHOD == M_METHOD_RECVMMSG || M_METHOD == M_METHOD_RECVMSG || M_METHOD == M_METHOD_WSARECVMSG
+static int dgram_get_sock_family(BIO *b)
+{
+    bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+    return data->local_addr.sa.sa_family;
+}
+# endif
+
 static void dgram_reset_rcv_timeout(BIO *b)
 {
 # if defined(SO_RCVTIMEO)
@@ -301,7 +410,7 @@ static int dgram_read(BIO *b, char *out, int outl)
 
     if (out != NULL) {
         clear_socket_error();
-        memset(&peer, 0, sizeof(peer));
+        BIO_ADDR_clear(&peer);
         dgram_adjust_rcv_timeout(b);
         if (data->peekmode)
             flags = MSG_PEEK;
@@ -388,6 +497,47 @@ static long dgram_get_mtu_overhead(bio_dgram_data *data)
     return ret;
 }
 
+/* Enables appropriate destination address reception option on the socket. */
+# if defined(SUPPORT_LOCAL_ADDR)
+static int enable_local_addr(BIO *b, int enable) {
+    int af = dgram_get_sock_family(b);
+
+    if (af == AF_INET) {
+#  if defined(IP_PKTINFO)
+        /* IP_PKTINFO is preferred */
+        if (setsockopt(b->num, IPPROTO_IP, IP_PKTINFO,
+                       (void *)&enable, sizeof(enable)) < 0)
+            return 0;
+
+        return 1;
+
+#  elif defined(IP_RECVDSTADDR)
+        /* Fall back to IP_RECVDSTADDR */
+
+        if (setsockopt(b->num, IPPROTO_IP, IP_RECVDSTADDR,
+                       &enable, sizeof(enable)) < 0)
+            return 0;
+
+        return 1;
+#  endif
+    }
+
+#  if OPENSSL_USE_IPV6
+    if (af == AF_INET6) {
+#   if defined(IPV6_RECVPKTINFO)
+        if (setsockopt(b->num, IPPROTO_IPV6, IPV6_RECVPKTINFO,
+                       &enable, sizeof(enable)) < 0)
+            return 0;
+
+        return 1;
+#   endif
+    }
+#  endif
+
+    return 0;
+}
+# endif
+
 static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
 {
     long ret = 1;
@@ -417,6 +567,13 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
         b->num = *((int *)ptr);
         b->shutdown = (int)num;
         b->init = 1;
+        dgram_update_local_addr(b);
+# if defined(SUPPORT_LOCAL_ADDR)
+        if (data->local_addr_enabled) {
+            if (enable_local_addr(b, 1) < 1)
+                data->local_addr_enabled = 0;
+        }
+# endif
         break;
     case BIO_C_GET_FD:
         if (b->init) {
@@ -448,7 +605,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
     case BIO_CTRL_DGRAM_MTU_DISCOVER:
 # if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO)
         addr_len = (socklen_t) sizeof(addr);
-        memset(&addr, 0, sizeof(addr));
+        BIO_ADDR_clear(&addr);
         if (getsockname(b->num, &addr.sa, &addr_len) < 0) {
             ret = 0;
             break;
@@ -479,7 +636,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
     case BIO_CTRL_DGRAM_QUERY_MTU:
 # if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU)
         addr_len = (socklen_t) sizeof(addr);
-        memset(&addr, 0, sizeof(addr));
+        BIO_ADDR_clear(&addr);
         if (getsockname(b->num, &addr.sa, &addr_len) < 0) {
             ret = 0;
             break;
@@ -562,7 +719,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
             BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr));
         } else {
             data->connected = 0;
-            memset(&data->peer, 0, sizeof(data->peer));
+            BIO_ADDR_clear(&data->peer);
         }
         break;
     case BIO_CTRL_DGRAM_GET_PEER:
@@ -774,6 +931,35 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
     case BIO_CTRL_DGRAM_SET_PEEK_MODE:
         data->peekmode = (unsigned int)num;
         break;
+
+    case BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP:
+# if defined(SUPPORT_LOCAL_ADDR)
+        ret = 1;
+# else
+        ret = 0;
+# endif
+        break;
+
+    case BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE:
+# if defined(SUPPORT_LOCAL_ADDR)
+        num = num > 0;
+        if (num != data->local_addr_enabled) {
+            if (enable_local_addr(b, num) < 1) {
+                ret = 0;
+                break;
+            }
+
+            data->local_addr_enabled = (char)num;
+        }
+# else
+        ret = 0;
+# endif
+        break;
+
+    case BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE:
+        *(int *)ptr = data->local_addr_enabled;
+        break;
+
     default:
         ret = 0;
         break;
@@ -790,6 +976,714 @@ static int dgram_puts(BIO *bp, const char *str)
     return ret;
 }
 
+# if M_METHOD == M_METHOD_WSARECVMSG
+static void translate_msg_win(BIO *b, WSAMSG *mh, WSABUF *iov,
+                              unsigned char *control, BIO_MSG *msg)
+{
+    iov->len = msg->data_len;
+    iov->buf = msg->data;
+
+    /* Windows requires namelen to be set exactly */
+    mh->name = msg->peer != NULL ? &msg->peer->sa : NULL;
+    if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET)
+        mh->namelen = sizeof(struct sockaddr_in);
+#  if OPENSSL_USE_IPV6
+    else if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET6)
+        mh->namelen = sizeof(struct sockaddr_in6);
+#  endif
+    else
+        mh->namelen = 0;
+
+    /*
+     * When local address reception (IP_PKTINFO, etc.) is enabled, on Windows
+     * this causes WSARecvMsg to fail if the control buffer is too small to hold
+     * the structure, or if no control buffer is passed. So we need to give it
+     * the control buffer even if we aren't actually going to examine the
+     * result.
+     */
+    mh->lpBuffers       = iov;
+    mh->dwBufferCount   = 1;
+    mh->Control.len     = BIO_CMSG_ALLOC_LEN;
+    mh->Control.buf     = control;
+    mh->dwFlags         = 0;
+}
+# endif
+
+# if M_METHOD == M_METHOD_RECVMMSG || M_METHOD == M_METHOD_RECVMSG
+/* Translates a BIO_MSG to a msghdr and iovec. */
+static void translate_msg(BIO *b, struct msghdr *mh, struct iovec *iov,
+                          unsigned char *control, BIO_MSG *msg)
+{
+    iov->iov_base = msg->data;
+    iov->iov_len  = msg->data_len;
+
+    /* macOS requires msg_namelen be 0 if msg_name is NULL */
+    mh->msg_name = msg->peer != NULL ? &msg->peer->sa : NULL;
+    if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET)
+        mh->msg_namelen = sizeof(struct sockaddr_in);
+#  if OPENSSL_USE_IPV6
+    else if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET6)
+        mh->msg_namelen = sizeof(struct sockaddr_in6);
+#  endif
+    else
+        mh->msg_namelen = 0;
+
+    mh->msg_iov         = iov;
+    mh->msg_iovlen      = 1;
+    mh->msg_control     = msg->local != NULL ? control : NULL;
+    mh->msg_controllen  = msg->local != NULL ? BIO_CMSG_ALLOC_LEN : 0;
+    mh->msg_flags       = 0;
+}
+# endif
+
+# if M_METHOD == M_METHOD_RECVMMSG || M_METHOD == M_METHOD_RECVMSG || M_METHOD == M_METHOD_WSARECVMSG
+/* Extracts destination address from the control buffer. */
+static int extract_local(BIO *b, MSGHDR_TYPE *mh, BIO_ADDR *local) {
+#  if defined(IP_PKTINFO) || defined(IP_RECVDSTADDR) || defined(IPV6_PKTINFO)
+    CMSGHDR_TYPE *cmsg;
+    int af = dgram_get_sock_family(b);
+
+    for (cmsg = BIO_CMSG_FIRSTHDR(mh); cmsg != NULL;
+         cmsg = BIO_CMSG_NXTHDR(mh, cmsg)) {
+        if (af == AF_INET) {
+            if (cmsg->cmsg_level != IPPROTO_IP)
+                continue;
+
+#   if defined(IP_PKTINFO)
+            if (cmsg->cmsg_type != IP_PKTINFO)
+                continue;
+
+            local->s_in.sin_addr =
+                ((struct in_pktinfo *)BIO_CMSG_DATA(cmsg))->ipi_addr;
+
+#   elif defined(IP_RECVDSTADDR)
+            if (cmsg->cmsg_type != IP_RECVDSTADDR)
+                continue;
+
+            local->s_in.sin_addr = *(struct in_addr *)BIO_CMSG_DATA(cmsg);
+#   endif
+
+#   if defined(IP_PKTINFO) || defined(IP_RECVDSTADDR)
+            {
+                bio_dgram_data *data = b->ptr;
+
+                local->s_in.sin_family = AF_INET;
+                local->s_in.sin_port   = data->local_addr.s_in.sin_port;
+            }
+            return 1;
+#   endif
+        }
+#   if OPENSSL_USE_IPV6
+        else if (af == AF_INET6) {
+            if (cmsg->cmsg_level != IPPROTO_IPV6)
+                continue;
+
+#    if defined(IPV6_RECVPKTINFO)
+            if (cmsg->cmsg_type != IPV6_PKTINFO)
+                continue;
+
+            {
+                bio_dgram_data *data = b->ptr;
+
+                local->s_in6.sin6_addr     =
+                    ((struct in6_pktinfo *)BIO_CMSG_DATA(cmsg))->ipi6_addr;
+                local->s_in6.sin6_family   = AF_INET6;
+                local->s_in6.sin6_port     = data->local_addr.s_in6.sin6_port;
+                local->s_in6.sin6_scope_id =
+                    data->local_addr.s_in6.sin6_scope_id;
+                local->s_in6.sin6_flowinfo = 0;
+            }
+            return 1;
+#    endif
+        }
+#   endif
+    }
+#  endif
+
+    return 0;
+}
+
+static int pack_local(BIO *b, MSGHDR_TYPE *mh, const BIO_ADDR *local) {
+    int af = dgram_get_sock_family(b);
+
+    if (af == AF_INET) {
+#  if defined(IP_PKTINFO)
+        CMSGHDR_TYPE *cmsg;
+        struct in_pktinfo *info;
+        bio_dgram_data *data = b->ptr;
+
+#   if defined(OPENSSL_SYS_WINDOWS)
+        cmsg = (CMSGHDR_TYPE *)mh->Control.buf;
+#   else
+        cmsg = (CMSGHDR_TYPE *)mh->msg_control;
+#   endif
+
+        cmsg->cmsg_len   = BIO_CMSG_LEN(sizeof(struct in_pktinfo));
+        cmsg->cmsg_level = IPPROTO_IP;
+        cmsg->cmsg_type  = IP_PKTINFO;
+
+        info = (struct in_pktinfo *)BIO_CMSG_DATA(cmsg);
+        info->ipi_spec_dst      = local->s_in.sin_addr;
+        info->ipi_addr.s_addr   = 0;
+        info->ipi_ifindex       = 0;
+
+        /*
+         * We cannot override source port using this API, therefore
+         * ensure the application specified a source port of 0
+         * or the one we are bound to. (Better to error than silently
+         * ignore this.)
+         */
+        if (local->s_in.sin_port != 0
+            && data->local_addr.s_in.sin_port != local->s_in.sin_port) {
+            ERR_raise(ERR_LIB_BIO, BIO_R_PORT_MISMATCH);
+            return 0;
+        }
+
+#   if defined(OPENSSL_SYS_WINDOWS)
+        mh->Control.len = BIO_CMSG_SPACE(sizeof(struct in_pktinfo));
+#   else
+        mh->msg_controllen = BIO_CMSG_SPACE(sizeof(struct in_pktinfo));
+#   endif
+        return 1;
+
+#  elif defined(IP_SENDSRCADDR)
+        {
+            struct cmsghdr *cmsg;
+            struct in_addr *info;
+
+            cmsg = (struct cmsghdr *)mh->msg_control;
+            cmsg->cmsg_len   = BIO_CMSG_LEN(sizeof(struct in_addr));
+            cmsg->cmsg_level = IPPROTO_IP;
+            cmsg->cmsg_type  = IP_SENDSRCADDR;
+
+            info = (struct in_addr *)BIO_CMSG_DATA(cmsg);
+            *info = local->s_in.sin_addr;
+        }
+
+        /* See comment above. */
+        if (local->s_in.sin_port != 0
+            && data->local_addr.s_in.sin_port != local->s_in.sin_port) {
+            ERR_raise(ERR_LIB_BIO, BIO_R_PORT_MISMATCH);
+            return 0;
+        }
+
+        mh->msg_controllen = BIO_CMSG_SPACE(sizeof(struct in_addr));
+        return 1;
+#  endif
+    }
+#  if OPENSSL_USE_IPV6
+    else if (af == AF_INET6) {
+#   if defined(IPV6_PKTINFO)
+        CMSGHDR_TYPE *cmsg;
+        struct in6_pktinfo *info;
+        bio_dgram_data *data = b->ptr;
+
+#    if defined(OPENSSL_SYS_WINDOWS)
+        cmsg = (CMSGHDR_TYPE *)mh->Control.buf;
+#    else
+        cmsg = (CMSGHDR_TYPE *)mh->msg_control;
+#    endif
+        cmsg->cmsg_len   = BIO_CMSG_LEN(sizeof(struct in6_pktinfo));
+        cmsg->cmsg_level = IPPROTO_IPV6;
+        cmsg->cmsg_type  = IPV6_PKTINFO;
+
+        info = (struct in6_pktinfo *)BIO_CMSG_DATA(cmsg);
+        info->ipi6_addr     = local->s_in6.sin6_addr;
+        info->ipi6_ifindex  = 0;
+
+        /*
+         * See comment above, but also applies to the other fields
+         * in sockaddr_in6.
+         */
+        if (local->s_in6.sin6_port != 0
+            && data->local_addr.s_in6.sin6_port != local->s_in6.sin6_port) {
+            ERR_raise(ERR_LIB_BIO, BIO_R_PORT_MISMATCH);
+            return 0;
+        }
+
+        if (local->s_in6.sin6_scope_id != 0
+            && data->local_addr.s_in6.sin6_scope_id != local->s_in6.sin6_scope_id) {
+            ERR_raise(ERR_LIB_BIO, BIO_R_PORT_MISMATCH);
+            return 0;
+        }
+
+#    if defined(OPENSSL_SYS_WINDOWS)
+        mh->Control.len = BIO_CMSG_SPACE(sizeof(struct in6_pktinfo));
+#    else
+        mh->msg_controllen = BIO_CMSG_SPACE(sizeof(struct in6_pktinfo));
+#    endif
+        return 1;
+#   endif
+    }
+#  endif
+
+    return 0;
+}
+# endif
+
+/*
+ * Converts flags passed to BIO_sendmmsg or BIO_recvmmsg to syscall flags. You
+ * should mask out any system flags returned by this function you cannot support
+ * in a particular circumstance. Currently no flags are defined.
+ */
+# if M_METHOD != M_METHOD_NONE
+static int translate_flags(uint64_t flags) {
+    return 0;
+}
+# endif
+
+static int dgram_sendmmsg(BIO *b, BIO_MSG *msg, size_t stride,
+                          size_t num_msg, uint64_t flags, size_t *num_processed)
+{
+# if M_METHOD != M_METHOD_NONE && M_METHOD != M_METHOD_RECVMSG
+    int ret;
+# endif
+# if M_METHOD == M_METHOD_RECVMMSG
+#  define BIO_MAX_MSGS_PER_CALL   64
+    int sysflags;
+    bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+    size_t i;
+    struct mmsghdr mh[BIO_MAX_MSGS_PER_CALL];
+    struct iovec iov[BIO_MAX_MSGS_PER_CALL];
+    unsigned char control[BIO_MAX_MSGS_PER_CALL][BIO_CMSG_ALLOC_LEN];
+    int have_local_enabled = data->local_addr_enabled;
+# elif M_METHOD == M_METHOD_RECVMSG
+    int sysflags;
+    bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+    ossl_ssize_t l;
+    struct msghdr mh;
+    struct iovec iov;
+    unsigned char control[BIO_CMSG_ALLOC_LEN];
+    int have_local_enabled = data->local_addr_enabled;
+# elif M_METHOD == M_METHOD_WSARECVMSG
+    bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+    int have_local_enabled = data->local_addr_enabled;
+    WSAMSG wmsg;
+    WSABUF wbuf;
+    DWORD num_bytes_sent = 0;
+    unsigned char control[BIO_CMSG_ALLOC_LEN];
+# endif
+# if M_METHOD == M_METHOD_RECVFROM || M_METHOD == M_METHOD_WSARECVMSG
+    int sysflags;
+# endif
+
+    if (num_msg == 0) {
+        *num_processed = 0;
+        return 1;
+    }
+
+    if (num_msg > OSSL_SSIZE_MAX)
+        num_msg = OSSL_SSIZE_MAX;
+
+# if M_METHOD != M_METHOD_NONE
+    sysflags = translate_flags(flags);
+# endif
+
+# if M_METHOD == M_METHOD_RECVMMSG
+    /*
+     * In the sendmmsg/recvmmsg case, we need to allocate our translated struct
+     * msghdr and struct iovec on the stack to support multithreaded use. Thus
+     * we place a fixed limit on the number of messages per call, in the
+     * expectation that we will be called again if there were more messages to
+     * be sent.
+     */
+    if (num_msg > BIO_MAX_MSGS_PER_CALL)
+        num_msg = BIO_MAX_MSGS_PER_CALL;
+
+    for (i = 0; i < num_msg; ++i) {
+        translate_msg(b, &mh[i].msg_hdr, &iov[i],
+                      control[i], &BIO_MSG_N(msg, stride, i));
+
+        /* If local address was requested, it must have been enabled */
+        if (BIO_MSG_N(msg, stride, i).local != NULL) {
+            if (!have_local_enabled) {
+                ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
+                *num_processed = 0;
+                return 0;
+            }
+
+            if (pack_local(b, &mh[i].msg_hdr,
+                           BIO_MSG_N(msg, stride, i).local) < 1) {
+                ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
+                *num_processed = 0;
+                return 0;
+            }
+        }
+    }
+
+    /* Do the batch */
+    ret = sendmmsg(b->num, mh, num_msg, sysflags);
+    if (ret < 0) {
+        ERR_raise(ERR_LIB_SYS, get_last_socket_error());
+        *num_processed = 0;
+        return 0;
+    }
+
+    for (i = 0; i < (size_t)ret; ++i) {
+        BIO_MSG_N(msg, stride, i).data_len = mh[i].msg_len;
+        BIO_MSG_N(msg, stride, i).flags    = 0;
+    }
+
+    *num_processed = (size_t)ret;
+    return 1;
+
+# elif M_METHOD == M_METHOD_RECVMSG
+    /*
+     * If sendmsg is available, use it.
+     */
+    translate_msg(b, &mh, &iov, control, msg);
+
+    if (msg->local != NULL) {
+        if (!have_local_enabled) {
+            ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
+            *num_processed = 0;
+            return 0;
+        }
+
+        if (pack_local(b, &mh, msg->local) < 1) {
+            ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
+            *num_processed = 0;
+            return 0;
+        }
+    }
+
+    l = sendmsg(b->num, &mh, sysflags);
+    if (l < 0) {
+        ERR_raise(ERR_LIB_SYS, get_last_socket_error());
+        *num_processed = 0;
+        return 0;
+    }
+
+    msg->data_len   = (size_t)l;
+    msg->flags      = 0;
+    *num_processed  = 1;
+    return 1;
+
+# elif M_METHOD == M_METHOD_WSARECVMSG || M_METHOD == M_METHOD_RECVFROM
+#  if M_METHOD == M_METHOD_WSARECVMSG
+    if (bio_WSASendMsg != NULL) {
+        /* WSASendMsg-based implementation for Windows. */
+        translate_msg_win(b, &wmsg, &wbuf, control, msg);
+
+        if (msg[0].local != NULL) {
+            if (!have_local_enabled) {
+                ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
+                *num_processed = 0;
+                return 0;
+            }
+
+            if (pack_local(b, &wmsg, msg[0].local) < 1) {
+                ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
+                *num_processed = 0;
+                return 0;
+            }
+        }
+
+        ret = WSASendMsg((SOCKET)b->num, &wmsg, 0, &num_bytes_sent, NULL, NULL);
+        if (ret < 0) {
+            ERR_raise(ERR_LIB_SYS, get_last_socket_error());
+            *num_processed = 0;
+            return 0;
+        }
+
+        msg[0].data_len = num_bytes_sent;
+        msg[0].flags    = 0;
+        *num_processed  = 1;
+        return 1;
+    }
+#  endif
+
+    /*
+     * Fallback to sendto and send a single message.
+     */
+    if (msg[0].local != NULL) {
+        /*
+         * We cannot set the local address if using sendto
+         * so fail in this case
+         */
+        ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
+        *num_processed = 0;
+        return 0;
+    }
+
+    ret = sendto(b->num, msg[0].data,
+#  if defined(OPENSSL_SYS_WINDOWS)
+                 (int)msg[0].data_len,
+#  else
+                 msg[0].data_len,
+#  endif
+                 sysflags,
+                 msg[0].peer != NULL ? &msg[0].peer->sa : NULL,
+                 msg[0].peer != NULL ? sizeof(*msg[0].peer) : 0);
+    if (ret <= 0) {
+        ERR_raise(ERR_LIB_SYS, get_last_socket_error());
+        *num_processed = 0;
+        return 0;
+    }
+
+    msg[0].data_len = ret;
+    msg[0].flags    = 0;
+    *num_processed  = 1;
+    return 1;
+
+# else
+    ERR_raise(ERR_LIB_BIO, BIO_R_UNSUPPORTED_METHOD);
+    *num_processed = 0;
+    return 0;
+# endif
+}
+
+static int dgram_recvmmsg(BIO *b, BIO_MSG *msg,
+                          size_t stride, size_t num_msg,
+                          uint64_t flags, size_t *num_processed)
+{
+# if M_METHOD != M_METHOD_NONE && M_METHOD != M_METHOD_RECVMSG
+    int ret;
+# endif
+# if M_METHOD == M_METHOD_RECVMMSG
+    int sysflags;
+    bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+    size_t i;
+    struct mmsghdr mh[BIO_MAX_MSGS_PER_CALL];
+    struct iovec iov[BIO_MAX_MSGS_PER_CALL];
+    unsigned char control[BIO_MAX_MSGS_PER_CALL][BIO_CMSG_ALLOC_LEN];
+    int have_local_enabled = data->local_addr_enabled;
+# elif M_METHOD == M_METHOD_RECVMSG
+    int sysflags;
+    bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+    ossl_ssize_t l;
+    struct msghdr mh;
+    struct iovec iov;
+    unsigned char control[BIO_CMSG_ALLOC_LEN];
+    int have_local_enabled = data->local_addr_enabled;
+# elif M_METHOD == M_METHOD_WSARECVMSG
+    bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+    int have_local_enabled = data->local_addr_enabled;
+    WSAMSG wmsg;
+    WSABUF wbuf;
+    DWORD num_bytes_received = 0;
+    unsigned char control[BIO_CMSG_ALLOC_LEN];
+# endif
+# if M_METHOD == M_METHOD_RECVFROM || M_METHOD == M_METHOD_WSARECVMSG
+    int sysflags;
+    socklen_t slen;
+# endif
+
+    if (num_msg == 0) {
+        *num_processed = 0;
+        return 1;
+    }
+
+    if (num_msg > OSSL_SSIZE_MAX)
+        num_msg = OSSL_SSIZE_MAX;
+
+# if M_METHOD != M_METHOD_NONE
+    sysflags = translate_flags(flags);
+# endif
+
+# if M_METHOD == M_METHOD_RECVMMSG
+    /*
+     * In the sendmmsg/recvmmsg case, we need to allocate our translated struct
+     * msghdr and struct iovec on the stack to support multithreaded use. Thus
+     * we place a fixed limit on the number of messages per call, in the
+     * expectation that we will be called again if there were more messages to
+     * be sent.
+     */
+    if (num_msg > BIO_MAX_MSGS_PER_CALL)
+        num_msg = BIO_MAX_MSGS_PER_CALL;
+
+    for (i = 0; i < num_msg; ++i) {
+        translate_msg(b, &mh[i].msg_hdr, &iov[i], 
+                      control[i], &BIO_MSG_N(msg, stride, i));
+
+        /* If local address was requested, it must have been enabled */
+        if (BIO_MSG_N(msg, stride, i).local != NULL && !have_local_enabled) {
+            ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
+            *num_processed = 0;
+            return 0;
+        }
+    }
+
+    /* Do the batch */
+    ret = recvmmsg(b->num, mh, num_msg, sysflags, NULL);
+    if (ret < 0) {
+        ERR_raise(ERR_LIB_SYS, get_last_socket_error());
+        *num_processed = 0;
+        return 0;
+    }
+
+    for (i = 0; i < (size_t)ret; ++i) {
+        BIO_MSG_N(msg, stride, i).data_len = mh[i].msg_len;
+        BIO_MSG_N(msg, stride, i).flags    = 0;
+        /*
+         * *(msg->peer) will have been filled in by recvmmsg;
+         * for msg->local we parse the control data returned
+         */
+        if (BIO_MSG_N(msg, stride, i).local != NULL)
+            if (extract_local(b, &mh[i].msg_hdr,
+                              BIO_MSG_N(msg, stride, i).local) < 1) {
+                if (i > 0) {
+                    *num_processed = i;
+                    return 1;
+                } else {
+                    *num_processed = 0;
+                    ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
+                    return 0;
+                }
+            }
+    }
+
+    *num_processed = (size_t)ret;
+    return 1;
+
+# elif M_METHOD == M_METHOD_RECVMSG
+    /*
+     * If recvmsg is available, use it.
+     */
+    translate_msg(b, &mh, &iov, control, msg);
+
+    /* If local address was requested, it must have been enabled */
+    if (msg->local != NULL && !have_local_enabled) {
+        /*
+         * If we have done at least one message, we must return the
+         * count; if we haven't done any, we can give an error code
+         */
+        ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
+        *num_processed = 0;
+        return 0;
+    }
+
+    l = recvmsg(b->num, &mh, sysflags);
+    if (l < 0) {
+        ERR_raise(ERR_LIB_SYS, get_last_socket_error());
+        *num_processed = 0;
+        return 0;
+    }
+
+    msg->data_len   = (size_t)l;
+    msg->flags      = 0;
+
+    if (msg->local != NULL)
+        if (extract_local(b, &mh, msg->local) < 1) {
+            /*
+             * OS X exhibits odd behaviour where it appears that if a packet is
+             * sent before the receiving interface enables IP_PKTINFO, it will
+             * sometimes not have any control data returned even if the
+             * receiving interface enables IP_PKTINFO before calling recvmsg().
+             * This appears to occur non-deterministically. Presumably, OS X
+             * handles IP_PKTINFO at the time the packet is enqueued into a
+             * socket's receive queue, rather than at the time recvmsg() is
+             * called, unlike most other operating systems. Thus (if this
+             * hypothesis is correct) there is a race between where IP_PKTINFO
+             * is enabled by the process and when the kernel's network stack
+             * queues the incoming message.
+             *
+             * We cannot return the local address if we do not have it, but this
+             * is not a caller error either, so just return a zero address
+             * structure.
+             *
+             * We enable this workaround for Apple only as it should not
+             * be necessary otherwise.
+             */
+#  if defined(__APPLE__)
+            BIO_ADDR_clear(msg->local);
+#  else
+            ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
+            *num_processed = 0;
+            return 0;
+#  endif
+        }
+
+    *num_processed = 1;
+    return 1;
+
+# elif M_METHOD == M_METHOD_RECVFROM || M_METHOD == M_METHOD_WSARECVMSG
+#  if M_METHOD == M_METHOD_WSARECVMSG
+    if (bio_WSARecvMsg != NULL) {
+        /* WSARecvMsg-based implementation for Windows. */
+        translate_msg_win(b, &wmsg, &wbuf, control, msg);
+
+        /* If local address was requested, it must have been enabled */
+        if (msg[0].local != NULL && !have_local_enabled) {
+            ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
+            *num_processed = 0;
+            return 0;
+        }
+
+        ret = WSARecvMsg((SOCKET)b->num, &wmsg, &num_bytes_received, NULL, NULL);
+        if (ret < 0) {
+            ERR_raise(ERR_LIB_SYS, get_last_socket_error());
+            *num_processed = 0;
+            return 0;
+        }
+
+        msg[0].data_len = num_bytes_received;
+        msg[0].flags    = 0;
+        if (msg[0].local != NULL)
+            if (extract_local(b, &wmsg, msg[0].local) < 1)
+                /*
+                 * On Windows, loopback is not a "proper" interface and it works
+                 * differently; packets are essentially short-circuited and
+                 * don't go through all of the normal processing. A consequence
+                 * of this is that packets sent from the local machine to the
+                 * local machine _will not have IP_PKTINFO_ even if the
+                 * IP_PKTINFO socket option is enabled. WSARecvMsg just sets
+                 * Control.len to 0 on returning.
+                 *
+                 * This applies regardless of whether the loopback address,
+                 * 127.0.0.1 is used, or a local interface address (e.g.
+                 * 192.168.1.1); in both cases IP_PKTINFO will not be present.
+                 *
+                 * We report this condition by setting the local BIO_ADDR's
+                 * family to 0.
+                 */
+                BIO_ADDR_clear(msg[0].local);
+
+        *num_processed = 1;
+        return 1;
+    }
+#  endif
+
+    /*
+     * Fallback to recvfrom and receive a single message.
+     */
+    if (msg[0].local != NULL) {
+        /*
+         * We cannot determine the local address if using recvfrom
+         * so fail in this case
+         */
+        ERR_raise(ERR_LIB_BIO, BIO_R_LOCAL_ADDR_NOT_AVAILABLE);
+        *num_processed = 0;
+        return 0;
+    }
+
+    slen = sizeof(*msg[0].peer);
+    ret = recvfrom(b->num, msg[0].data,
+#  if defined(OPENSSL_SYS_WINDOWS)
+                   (int)msg[0].data_len,
+#  else
+                   msg[0].data_len,
+#  endif
+                   sysflags,
+                   msg[0].peer != NULL ? &msg[0].peer->sa : NULL,
+                   msg[0].peer != NULL ? &slen : NULL);
+    if (ret <= 0) {
+        ERR_raise(ERR_LIB_SYS, get_last_socket_error());
+        return 0;
+    }
+
+    msg[0].data_len = ret;
+    msg[0].flags    = 0;
+    *num_processed = 1;
+    return 1;
+
+# else
+    ERR_raise(ERR_LIB_BIO, BIO_R_UNSUPPORTED_METHOD);
+    *num_processed = 0;
+    return 0;
+# endif
+}
+
 # ifndef OPENSSL_NO_SCTP
 const BIO_METHOD *BIO_s_datagram_sctp(void)
 {

crypto/err/openssl.txt

@@ -142,6 +142,7 @@ BIO_R_INVALID_SOCKET:135:invalid socket
 BIO_R_IN_USE:123:in use
 BIO_R_LENGTH_TOO_LONG:102:length too long
 BIO_R_LISTEN_V6_ONLY:136:listen v6 only
+BIO_R_LOCAL_ADDR_NOT_AVAILABLE:111:local addr not available
 BIO_R_LOOKUP_RETURNED_NOTHING:142:lookup returned nothing
 BIO_R_MALFORMED_HOST_OR_SERVICE:130:malformed host or service
 BIO_R_NBIO_CONNECT_ERROR:110:nbio connect error
@@ -150,6 +151,7 @@ BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED:143:\
 BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED:144:no hostname or service specified
 BIO_R_NO_PORT_DEFINED:113:no port defined
 BIO_R_NO_SUCH_FILE:128:no such file
+BIO_R_PORT_MISMATCH:150:port mismatch
 BIO_R_TFO_DISABLED:106:tfo disabled
 BIO_R_TFO_NO_KERNEL_SUPPORT:108:tfo no kernel support
 BIO_R_TRANSFER_ERROR:104:transfer error

include/crypto/bioerr.h

@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy

include/internal/sockets.h

@@ -60,6 +60,13 @@ struct servent *PASCAL getservbyname(const char *, const char *);
 #  endif
 
 # else
+#  if defined(__APPLE__)
+    /*
+     * This must be defined before including <netinet/in6.h> to get
+     * IPV6_RECVPKTINFO
+     */
+#   define __APPLE_USE_RFC_3542
+#  endif
 
 #  ifndef NO_SYS_PARAM_H
 #   include <sys/param.h>

include/openssl/bioerr.h

@@ -37,6 +37,7 @@
 # define BIO_R_IN_USE                                     123
 # define BIO_R_LENGTH_TOO_LONG                            102
 # define BIO_R_LISTEN_V6_ONLY                             136
+# define BIO_R_LOCAL_ADDR_NOT_AVAILABLE                   111
 # define BIO_R_LOOKUP_RETURNED_NOTHING                    142
 # define BIO_R_MALFORMED_HOST_OR_SERVICE                  130
 # define BIO_R_NBIO_CONNECT_ERROR                         110
@@ -44,7 +45,6 @@
 # define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED           144
 # define BIO_R_NO_PORT_DEFINED                            113
 # define BIO_R_NO_SUCH_FILE                               128
-# define BIO_R_NULL_PARAMETER                             115 /* unused */
 # define BIO_R_TFO_DISABLED                               106
 # define BIO_R_TFO_NO_KERNEL_SUPPORT                      108
 # define BIO_R_TRANSFER_ERROR                             104
@@ -64,7 +64,7 @@
 # define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY                131
 # define BIO_R_WRITE_TO_READ_ONLY_BIO                     126
 # define BIO_R_WSASTARTUP                                 122
-# define BIO_R_LOCAL_ADDR_NOT_AVAILABLE                   148
 # define BIO_R_NON_FATAL                                  149
+# define BIO_R_PORT_MISMATCH                              150
 
 #endif

test/bio_dgram_test.c

@@ -0,0 +1,463 @@
+/*
+ * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include <openssl/bio.h>
+#include "testutil.h"
+#include "internal/sockets.h"
+
+#if !defined(OPENSSL_NO_DGRAM) && !defined(OPENSSL_NO_SOCK)
+
+static int compare_addr(const BIO_ADDR *a, const BIO_ADDR *b)
+{
+    struct in_addr xa, xb;
+#if defined(OPENSSL_USE_IPV6)
+    struct in6_addr xa6, xb6;
+#endif
+    void *pa, *pb;
+    size_t slen, tmplen;
+
+    if (BIO_ADDR_family(a) != BIO_ADDR_family(b))
+        return 0;
+
+    if (BIO_ADDR_family(a) == AF_INET) {
+        pa = &xa;
+        pb = &xb;
+        slen = sizeof(xa);
+    }
+#if defined(OPENSSL_USE_IPV6)
+    else if (BIO_ADDR_family(a) == AF_INET6) {
+        pa = &xa6;
+        pb = &xb6;
+        slen = sizeof(xa6);
+    }
+#endif
+    else {
+        return 0;
+    }
+
+    tmplen = slen;
+    if (!TEST_int_eq(BIO_ADDR_rawaddress(a, pa, &tmplen), 1))
+        return 0;
+
+    tmplen = slen;
+    if (!TEST_int_eq(BIO_ADDR_rawaddress(b, pb, &tmplen), 1))
+        return 0;
+
+    if (!TEST_mem_eq(pa, slen, pb, slen))
+        return 0;
+
+    if (!TEST_int_eq(BIO_ADDR_rawport(a), BIO_ADDR_rawport(b)))
+        return 0;
+
+    return 1;
+}
+
+static int do_sendmmsg(BIO *b, BIO_MSG *msg,
+                       size_t num_msg, uint64_t flags,
+                       size_t *num_processed)
+{
+    size_t done;
+
+    for (done = 0; done < num_msg; ) {
+        if (!BIO_sendmmsg(b, msg + done, sizeof(BIO_MSG),
+                          num_msg - done, flags, num_processed))
+            return 0;
+
+        done += *num_processed;
+    }
+
+    *num_processed = done;
+    return 1;
+}
+
+static int do_recvmmsg(BIO *b, BIO_MSG *msg,
+                       size_t num_msg, uint64_t flags,
+                       size_t *num_processed)
+{
+    size_t done;
+
+    for (done = 0; done < num_msg; ) {
+        if (!BIO_recvmmsg(b, msg + done, sizeof(BIO_MSG),
+                          num_msg - done, flags, num_processed))
+            return 0;
+
+        done += *num_processed;
+    }
+
+    *num_processed = done;
+    return 1;
+}
+
+static int test_bio_dgram_impl(int af, int use_local)
+{
+    int testresult = 0;
+    BIO *b1 = NULL, *b2 = NULL;
+    int fd1 = -1, fd2 = -1;
+    BIO_ADDR *addr1 = NULL, *addr2 = NULL, *addr3 = NULL, *addr4 = NULL,
+             *addr5 = NULL, *addr6 = NULL;
+    struct in_addr ina = {0};
+#if defined(OPENSSL_USE_IPV6)
+    struct in6_addr ina6 = {0};
+#endif
+    void *pina;
+    size_t inal, i;
+    union BIO_sock_info_u info1 = {0}, info2 = {0};
+    char rx_buf[128], rx_buf2[128];
+    BIO_MSG tx_msg[128], rx_msg[128];
+    char tx_buf[128];
+    size_t num_processed = 0;
+
+    ina.s_addr = htonl(0x7f000001UL);
+    ina6.s6_addr[15] = 1;
+
+    if (af == AF_INET) {
+        TEST_info("# Testing with AF_INET, local=%d\n", use_local);
+        pina = &ina;
+        inal = sizeof(ina);
+    }
+#if defined(OPENSSL_USE_IPV6)
+    else if (af == AF_INET6) {
+        TEST_info("# Testing with AF_INET6, local=%d\n", use_local);
+        pina = &ina6;
+        inal = sizeof(ina6);
+    }
+#endif
+    else {
+        goto err;
+    }
+
+    addr1 = BIO_ADDR_new();
+    if (!TEST_ptr(addr1))
+        goto err;
+
+    addr2 = BIO_ADDR_new();
+    if (!TEST_ptr(addr2))
+        goto err;
+
+    addr3 = BIO_ADDR_new();
+    if (!TEST_ptr(addr3))
+        goto err;
+
+    addr4 = BIO_ADDR_new();
+    if (!TEST_ptr(addr4))
+        goto err;
+
+    addr5 = BIO_ADDR_new();
+    if (!TEST_ptr(addr5))
+        goto err;
+
+    addr6 = BIO_ADDR_new();
+    if (!TEST_ptr(addr6))
+        goto err;
+
+    if (!TEST_int_eq(BIO_ADDR_rawmake(addr1, af, pina, inal, 0), 1))
+        goto err;
+
+    if (!TEST_int_eq(BIO_ADDR_rawmake(addr2, af, pina, inal, 0), 1))
+        goto err;
+
+    fd1 = BIO_socket(af, SOCK_DGRAM, IPPROTO_UDP, 0);
+    if (!TEST_int_ge(fd1, 0))
+        goto err;
+
+    fd2 = BIO_socket(af, SOCK_DGRAM, IPPROTO_UDP, 0);
+    if (!TEST_int_ge(fd2, 0))
+        goto err;
+
+    if (!TEST_int_gt(BIO_bind(fd1, addr1, 0), 0))
+        goto err;
+
+    if (!TEST_int_gt(BIO_bind(fd2, addr2, 0), 0))
+        goto err;
+
+    info1.addr = addr1;
+    if (!TEST_int_gt(BIO_sock_info(fd1, BIO_SOCK_INFO_ADDRESS, &info1), 0))
+        goto err;
+
+    info2.addr = addr2;
+    if (!TEST_int_gt(BIO_sock_info(fd2, BIO_SOCK_INFO_ADDRESS, &info2), 0))
+        goto err;
+
+    if (!TEST_int_gt(BIO_ADDR_rawport(addr1), 0))
+        goto err;
+
+    if (!TEST_int_gt(BIO_ADDR_rawport(addr2), 0))
+        goto err;
+
+    b1 = BIO_new_dgram(fd1, 0);
+    if (!TEST_ptr(b1))
+        goto err;
+
+    b2 = BIO_new_dgram(fd2, 0);
+    if (!TEST_ptr(b2))
+        goto err;
+
+    if (!TEST_int_gt(BIO_dgram_set_peer(b1, addr2), 0))
+        goto err;
+
+    if (!TEST_int_gt(BIO_write(b1, "hello", 5), 0))
+        goto err;
+
+    /* Receiving automatically sets peer as source addr */
+    if (!TEST_int_eq(BIO_read(b2, rx_buf, sizeof(rx_buf)), 5))
+        goto err;
+
+    if (!TEST_mem_eq(rx_buf, 5, "hello", 5))
+        goto err;
+
+    if (!TEST_int_gt(BIO_dgram_get_peer(b2, addr3), 0))
+        goto err;
+
+    if (!TEST_int_eq(compare_addr(addr3, addr1), 1))
+        goto err;
+
+    /* Clear peer */
+    if (!TEST_int_gt(BIO_ADDR_rawmake(addr3, af, pina, inal, 0), 0))
+        goto err;
+
+    if (!TEST_int_gt(BIO_dgram_set_peer(b1, addr3), 0))
+        goto err;
+
+    if (!TEST_int_gt(BIO_dgram_set_peer(b2, addr3), 0))
+        goto err;
+
+    /* Now test using sendmmsg/recvmmsg with no peer set */
+    tx_msg[0].data      = "apple";
+    tx_msg[0].data_len  = 5;
+    tx_msg[0].peer      = NULL;
+    tx_msg[0].local     = NULL;
+    tx_msg[0].flags     = 0;
+
+    tx_msg[1].data      = "orange";
+    tx_msg[1].data_len  = 6;
+    tx_msg[1].peer      = NULL;
+    tx_msg[1].local     = NULL;
+    tx_msg[1].flags     = 0;
+
+    /* First effort should fail due to missing destination address */
+    if (!TEST_false(do_sendmmsg(b1, tx_msg, 2, 0, &num_processed))
+        || !TEST_size_t_eq(num_processed, 0))
+        goto err;
+
+    /*
+     * Second effort should fail due to local being requested
+     * when not enabled
+     */
+    tx_msg[0].peer  = addr2;
+    tx_msg[0].local = addr1;
+    tx_msg[1].peer  = addr2;
+    tx_msg[1].local = addr1;
+    if (!TEST_false(do_sendmmsg(b1, tx_msg, 2, 0, &num_processed)
+        || !TEST_size_t_eq(num_processed, 0)))
+        goto err;
+
+    /* Enable local if we are using it */
+    if (BIO_dgram_get_local_addr_cap(b1) > 0 && use_local) {
+        if (!TEST_int_eq(BIO_dgram_set_local_addr_enable(b1, 1), 1))
+            goto err;
+    } else {
+        tx_msg[0].local = NULL;
+        tx_msg[1].local = NULL;
+        use_local = 0;
+    }
+
+    /* Third effort should succeed */
+    if (!TEST_true(do_sendmmsg(b1, tx_msg, 2, 0, &num_processed))
+        || !TEST_size_t_eq(num_processed, 2))
+        goto err;
+
+    /* Now try receiving */
+    rx_msg[0].data      = rx_buf;
+    rx_msg[0].data_len  = sizeof(rx_buf);
+    rx_msg[0].peer      = addr3;
+    rx_msg[0].local     = addr4;
+    rx_msg[0].flags     = (1UL<<31); /* undefined flag, should be erased */
+    memset(rx_buf, 0, sizeof(rx_buf));
+
+    rx_msg[1].data      = rx_buf2;
+    rx_msg[1].data_len  = sizeof(rx_buf2);
+    rx_msg[1].peer      = addr5;
+    rx_msg[1].local     = addr6;
+    rx_msg[1].flags     = (1UL<<31); /* undefined flag, should be erased */
+    memset(rx_buf2, 0, sizeof(rx_buf2));
+
+    /*
+     * Should fail at first due to local being requested when not
+     * enabled
+     */
+    if (!TEST_false(do_recvmmsg(b2, rx_msg, 2, 0, &num_processed))
+        || !TEST_size_t_eq(num_processed, 0))
+        goto err;
+
+    /* Fields have not been modified */
+    if (!TEST_int_eq((int)rx_msg[0].data_len, sizeof(rx_buf)))
+        goto err;
+
+    if (!TEST_int_eq((int)rx_msg[1].data_len, sizeof(rx_buf2)))
+        goto err;
+
+    if (!TEST_ulong_eq((unsigned long)rx_msg[0].flags, 1UL<<31))
+        goto err;
+
+    if (!TEST_ulong_eq((unsigned long)rx_msg[1].flags, 1UL<<31))
+        goto err;
+
+    /* Enable local if we are using it */
+    if (BIO_dgram_get_local_addr_cap(b2) > 0 && use_local) {
+        if (!TEST_int_eq(BIO_dgram_set_local_addr_enable(b2, 1), 1))
+            goto err;
+    } else {
+        rx_msg[0].local = NULL;
+        rx_msg[1].local = NULL;
+        use_local = 0;
+    }
+
+    /* Do the receive. */
+    if (!TEST_true(do_recvmmsg(b2, rx_msg, 2, 0, &num_processed))
+        || !TEST_size_t_eq(num_processed, 2))
+        goto err;
+
+    /* data_len should have been updated correctly */
+    if (!TEST_int_eq((int)rx_msg[0].data_len, 5))
+        goto err;
+
+    if (!TEST_int_eq((int)rx_msg[1].data_len, 6))
+        goto err;
+
+    /* flags should have been zeroed */
+    if (!TEST_int_eq((int)rx_msg[0].flags, 0))
+        goto err;
+
+    if (!TEST_int_eq((int)rx_msg[1].flags, 0))
+        goto err;
+
+    /* peer address should match expected */
+    if (!TEST_int_eq(compare_addr(addr3, addr1), 1))
+        goto err;
+
+    if (!TEST_int_eq(compare_addr(addr5, addr1), 1))
+        goto err;
+
+    /*
+     * Do not test local address yet as some platforms do not reliably return
+     * local addresses for messages queued for RX before local address support
+     * was enabled. Instead, send some new messages and test they're received
+     * with the correct local addresses.
+     */
+    if (!TEST_true(do_sendmmsg(b1, tx_msg, 2, 0, &num_processed))
+        || !TEST_size_t_eq(num_processed, 2))
+        goto err;
+
+    /* Receive the messages. */
+    rx_msg[0].data_len = sizeof(rx_buf);
+    rx_msg[1].data_len = sizeof(rx_buf2);
+
+    if (!TEST_true(do_recvmmsg(b2, rx_msg, 2, 0, &num_processed))
+        || !TEST_size_t_eq(num_processed, 2))
+        goto err;
+
+    if (rx_msg[0].local != NULL) {
+        /* If we are using local, it should match expected */
+        if (!TEST_int_eq(compare_addr(addr4, addr2), 1))
+            goto err;
+
+        if (!TEST_int_eq(compare_addr(addr6, addr2), 1))
+            goto err;
+    }
+
+    /*
+     * Try sending more than can be handled in one sendmmsg call (when using the
+     * sendmmsg implementation)
+     */
+    for (i = 0; i < OSSL_NELEM(tx_msg); ++i) {
+        tx_buf[i] = (char)i;
+        tx_msg[i].data      = tx_buf + i;
+        tx_msg[i].data_len  = 1;
+        tx_msg[i].peer      = addr2;
+        tx_msg[i].local     = use_local ? addr1 : NULL;
+        tx_msg[i].flags     = 0;
+    }
+    if (!TEST_true(do_sendmmsg(b1, tx_msg, OSSL_NELEM(tx_msg), 0, &num_processed))
+        || !TEST_size_t_eq(num_processed, OSSL_NELEM(tx_msg)))
+        goto err;
+
+    /*
+     * Try receiving more than can be handled in one recvmmsg call (when using
+     * the recvmmsg implementation)
+     */
+    for (i = 0; i < OSSL_NELEM(rx_msg); ++i) {
+        rx_buf[i] = '\0';
+        rx_msg[i].data      = rx_buf + i;
+        rx_msg[i].data_len  = 1;
+        rx_msg[i].peer      = NULL;
+        rx_msg[i].local     = NULL;
+        rx_msg[i].flags     = 0;
+    }
+    if (!TEST_true(do_recvmmsg(b2, rx_msg, OSSL_NELEM(rx_msg), 0, &num_processed))
+        || !TEST_size_t_eq(num_processed, OSSL_NELEM(rx_msg)))
+        goto err;
+
+    if (!TEST_mem_eq(tx_buf, OSSL_NELEM(tx_msg), rx_buf, OSSL_NELEM(tx_msg)))
+        goto err;
+
+    testresult = 1;
+err:
+    BIO_free(b1);
+    BIO_free(b2);
+    if (fd1 >= 0)
+        BIO_closesocket(fd1);
+    if (fd2 >= 0)
+        BIO_closesocket(fd2);
+    BIO_ADDR_free(addr1);
+    BIO_ADDR_free(addr2);
+    BIO_ADDR_free(addr3);
+    BIO_ADDR_free(addr4);
+    BIO_ADDR_free(addr5);
+    BIO_ADDR_free(addr6);
+    return testresult;
+}
+
+struct bio_dgram_case {
+    int af, local;
+};
+
+static const struct bio_dgram_case bio_dgram_cases[] = {
+    /* Test without local */
+    { AF_INET,  0 },
+#if defined(OPENSSL_USE_IPV6)
+    { AF_INET6, 0 },
+#endif
+    /* Test with local */
+    { AF_INET,  1 },
+#if defined(OPENSSL_USE_IPV6)
+    { AF_INET6, 1 }
+#endif
+};
+
+static int test_bio_dgram(int idx)
+{
+    return test_bio_dgram_impl(bio_dgram_cases[idx].af,
+                               bio_dgram_cases[idx].local);
+}
+
+#endif /* !defined(OPENSSL_NO_DGRAM) && !defined(OPENSSL_NO_SOCK) */
+
+int setup_tests(void)
+{
+    if (!test_skip_common_options()) {
+        TEST_error("Error parsing test options\n");
+        return 0;
+    }
+
+#if !defined(OPENSSL_NO_DGRAM) && !defined(OPENSSL_NO_SOCK)
+    ADD_ALL_TESTS(test_bio_dgram, OSSL_NELEM(bio_dgram_cases));
+#endif
+    return 1;
+}

test/build.info

@@ -49,7 +49,7 @@ IF[{- !$disabled{tests} -}]
           packettest asynctest secmemtest srptest memleaktest stack_test \
           dtlsv1listentest ct_test threadstest afalgtest d2i_test \
           ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest \
-          bio_callback_test bio_memleak_test bio_core_test param_build_test \
+          bio_callback_test bio_memleak_test bio_core_test bio_dgram_test param_build_test \
           bioprinttest sslapitest dtlstest sslcorrupttest \
           bio_enc_test pkey_meth_test pkey_meth_kdf_test evp_kdf_test uitest \
           cipherbytes_test threadstest_fips \
@@ -391,6 +391,10 @@ IF[{- !$disabled{tests} -}]
   INCLUDE[bio_core_test]=../include ../apps/include
   DEPEND[bio_core_test]=../libcrypto libtestutil.a
 
+  SOURCE[bio_dgram_test]=bio_dgram_test.c
+  INCLUDE[bio_dgram_test]=../include ../apps/include
+  DEPEND[bio_dgram_test]=../libcrypto libtestutil.a
+
   SOURCE[bio_tfo_test]=bio_tfo_test.c
   INCLUDE[bio_tfo_test]=../include ../apps/include ..
   DEPEND[bio_tfo_test]=../libcrypto libtestutil.a

test/recipes/04-test_bio_dgram.t

@@ -0,0 +1,12 @@
+#! /usr/bin/env perl
+# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test::Simple;
+
+simple_test("test_bio_dgram", "bio_dgram_test");