s_socket.c 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354
  1. /*
  2. * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the OpenSSL license (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /* socket-related functions used by s_client and s_server */
  10. #include <stdio.h>
  11. #include <stdlib.h>
  12. #include <string.h>
  13. #include <errno.h>
  14. #include <signal.h>
  15. #include <openssl/opensslconf.h>
  16. /*
  17. * With IPv6, it looks like Digital has mixed up the proper order of
  18. * recursive header file inclusion, resulting in the compiler complaining
  19. * that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is
  20. * needed to have fileno() declared correctly... So let's define u_int
  21. */
  22. #if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
  23. # define __U_INT
  24. typedef unsigned int u_int;
  25. #endif
  26. #ifndef OPENSSL_NO_SOCK
  27. # include "apps.h"
  28. # include "s_apps.h"
  29. # include "internal/sockets.h"
  30. # include <openssl/bio.h>
  31. # include <openssl/err.h>
  32. /* Keep track of our peer's address for the cookie callback */
  33. BIO_ADDR *ourpeer = NULL;
  34. /*
  35. * init_client - helper routine to set up socket communication
  36. * @sock: pointer to storage of resulting socket.
  37. * @host: the host name or path (for AF_UNIX) to connect to.
  38. * @port: the port to connect to (ignored for AF_UNIX).
  39. * @bindhost: source host or path (for AF_UNIX).
  40. * @bindport: source port (ignored for AF_UNIX).
  41. * @family: desired socket family, may be AF_INET, AF_INET6, AF_UNIX or
  42. * AF_UNSPEC
  43. * @type: socket type, must be SOCK_STREAM or SOCK_DGRAM
  44. * @protocol: socket protocol, e.g. IPPROTO_TCP or IPPROTO_UDP (or 0 for any)
  45. *
  46. * This will create a socket and use it to connect to a host:port, or if
  47. * family == AF_UNIX, to the path found in host.
  48. *
  49. * If the host has more than one address, it will try them one by one until
  50. * a successful connection is established. The resulting socket will be
  51. * found in *sock on success, it will be given INVALID_SOCKET otherwise.
  52. *
  53. * Returns 1 on success, 0 on failure.
  54. */
  55. int init_client(int *sock, const char *host, const char *port,
  56. const char *bindhost, const char *bindport,
  57. int family, int type, int protocol)
  58. {
  59. BIO_ADDRINFO *res = NULL;
  60. BIO_ADDRINFO *bindaddr = NULL;
  61. const BIO_ADDRINFO *ai = NULL;
  62. const BIO_ADDRINFO *bi = NULL;
  63. int found = 0;
  64. int ret;
  65. if (BIO_sock_init() != 1)
  66. return 0;
  67. ret = BIO_lookup_ex(host, port, BIO_LOOKUP_CLIENT, family, type, protocol,
  68. &res);
  69. if (ret == 0) {
  70. ERR_print_errors(bio_err);
  71. return 0;
  72. }
  73. if (bindhost != NULL || bindport != NULL) {
  74. ret = BIO_lookup_ex(bindhost, bindport, BIO_LOOKUP_CLIENT,
  75. family, type, protocol, &bindaddr);
  76. if (ret == 0) {
  77. ERR_print_errors (bio_err);
  78. goto out;
  79. }
  80. }
  81. ret = 0;
  82. for (ai = res; ai != NULL; ai = BIO_ADDRINFO_next(ai)) {
  83. /* Admittedly, these checks are quite paranoid, we should not get
  84. * anything in the BIO_ADDRINFO chain that we haven't
  85. * asked for. */
  86. OPENSSL_assert((family == AF_UNSPEC
  87. || family == BIO_ADDRINFO_family(ai))
  88. && (type == 0 || type == BIO_ADDRINFO_socktype(ai))
  89. && (protocol == 0
  90. || protocol == BIO_ADDRINFO_protocol(ai)));
  91. if (bindaddr != NULL) {
  92. for (bi = bindaddr; bi != NULL; bi = BIO_ADDRINFO_next(bi)) {
  93. if (BIO_ADDRINFO_family(bi) == BIO_ADDRINFO_family(ai))
  94. break;
  95. }
  96. if (bi == NULL)
  97. continue;
  98. ++found;
  99. }
  100. *sock = BIO_socket(BIO_ADDRINFO_family(ai), BIO_ADDRINFO_socktype(ai),
  101. BIO_ADDRINFO_protocol(ai), 0);
  102. if (*sock == INVALID_SOCKET) {
  103. /* Maybe the kernel doesn't support the socket family, even if
  104. * BIO_lookup() added it in the returned result...
  105. */
  106. continue;
  107. }
  108. if (bi != NULL) {
  109. if (!BIO_bind(*sock, BIO_ADDRINFO_address(bi),
  110. BIO_SOCK_REUSEADDR)) {
  111. BIO_closesocket(*sock);
  112. *sock = INVALID_SOCKET;
  113. break;
  114. }
  115. }
  116. #ifndef OPENSSL_NO_SCTP
  117. if (protocol == IPPROTO_SCTP) {
  118. /*
  119. * For SCTP we have to set various options on the socket prior to
  120. * connecting. This is done automatically by BIO_new_dgram_sctp().
  121. * We don't actually need the created BIO though so we free it again
  122. * immediately.
  123. */
  124. BIO *tmpbio = BIO_new_dgram_sctp(*sock, BIO_NOCLOSE);
  125. if (tmpbio == NULL) {
  126. ERR_print_errors(bio_err);
  127. return 0;
  128. }
  129. BIO_free(tmpbio);
  130. }
  131. #endif
  132. if (!BIO_connect(*sock, BIO_ADDRINFO_address(ai), 0)) {
  133. BIO_closesocket(*sock);
  134. *sock = INVALID_SOCKET;
  135. continue;
  136. }
  137. /* Success, don't try any more addresses */
  138. break;
  139. }
  140. if (*sock == INVALID_SOCKET) {
  141. if (bindaddr != NULL && !found) {
  142. BIO_printf(bio_err, "Can't bind %saddress for %s%s%s\n",
  143. BIO_ADDRINFO_family(res) == AF_INET6 ? "IPv6 " :
  144. BIO_ADDRINFO_family(res) == AF_INET ? "IPv4 " :
  145. BIO_ADDRINFO_family(res) == AF_UNIX ? "unix " : "",
  146. bindhost != NULL ? bindhost : "",
  147. bindport != NULL ? ":" : "",
  148. bindport != NULL ? bindport : "");
  149. ERR_clear_error();
  150. ret = 0;
  151. }
  152. ERR_print_errors(bio_err);
  153. } else {
  154. /* Remove any stale errors from previous connection attempts */
  155. ERR_clear_error();
  156. ret = 1;
  157. }
  158. out:
  159. if (bindaddr != NULL) {
  160. BIO_ADDRINFO_free (bindaddr);
  161. }
  162. BIO_ADDRINFO_free(res);
  163. return ret;
  164. }
  165. /*
  166. * do_server - helper routine to perform a server operation
  167. * @accept_sock: pointer to storage of resulting socket.
  168. * @host: the host name or path (for AF_UNIX) to connect to.
  169. * @port: the port to connect to (ignored for AF_UNIX).
  170. * @family: desired socket family, may be AF_INET, AF_INET6, AF_UNIX or
  171. * AF_UNSPEC
  172. * @type: socket type, must be SOCK_STREAM or SOCK_DGRAM
  173. * @cb: pointer to a function that receives the accepted socket and
  174. * should perform the communication with the connecting client.
  175. * @context: pointer to memory that's passed verbatim to the cb function.
  176. * @naccept: number of times an incoming connect should be accepted. If -1,
  177. * unlimited number.
  178. *
  179. * This will create a socket and use it to listen to a host:port, or if
  180. * family == AF_UNIX, to the path found in host, then start accepting
  181. * incoming connections and run cb on the resulting socket.
  182. *
  183. * 0 on failure, something other on success.
  184. */
  185. int do_server(int *accept_sock, const char *host, const char *port,
  186. int family, int type, int protocol, do_server_cb cb,
  187. unsigned char *context, int naccept)
  188. {
  189. int asock = 0;
  190. int sock;
  191. int i;
  192. BIO_ADDRINFO *res = NULL;
  193. const BIO_ADDRINFO *next;
  194. int sock_family, sock_type, sock_protocol;
  195. const BIO_ADDR *sock_address;
  196. int sock_options = BIO_SOCK_REUSEADDR;
  197. int ret = 0;
  198. if (BIO_sock_init() != 1)
  199. return 0;
  200. if (!BIO_lookup_ex(host, port, BIO_LOOKUP_SERVER, family, type, protocol,
  201. &res)) {
  202. ERR_print_errors(bio_err);
  203. return 0;
  204. }
  205. /* Admittedly, these checks are quite paranoid, we should not get
  206. * anything in the BIO_ADDRINFO chain that we haven't asked for */
  207. OPENSSL_assert((family == AF_UNSPEC || family == BIO_ADDRINFO_family(res))
  208. && (type == 0 || type == BIO_ADDRINFO_socktype(res))
  209. && (protocol == 0 || protocol == BIO_ADDRINFO_protocol(res)));
  210. sock_family = BIO_ADDRINFO_family(res);
  211. sock_type = BIO_ADDRINFO_socktype(res);
  212. sock_protocol = BIO_ADDRINFO_protocol(res);
  213. sock_address = BIO_ADDRINFO_address(res);
  214. next = BIO_ADDRINFO_next(res);
  215. if (sock_family == AF_INET6)
  216. sock_options |= BIO_SOCK_V6_ONLY;
  217. if (next != NULL
  218. && BIO_ADDRINFO_socktype(next) == sock_type
  219. && BIO_ADDRINFO_protocol(next) == sock_protocol) {
  220. if (sock_family == AF_INET
  221. && BIO_ADDRINFO_family(next) == AF_INET6) {
  222. sock_family = AF_INET6;
  223. sock_address = BIO_ADDRINFO_address(next);
  224. } else if (sock_family == AF_INET6
  225. && BIO_ADDRINFO_family(next) == AF_INET) {
  226. sock_options &= ~BIO_SOCK_V6_ONLY;
  227. }
  228. }
  229. asock = BIO_socket(sock_family, sock_type, sock_protocol, 0);
  230. if (asock == INVALID_SOCKET
  231. || !BIO_listen(asock, sock_address, sock_options)) {
  232. BIO_ADDRINFO_free(res);
  233. ERR_print_errors(bio_err);
  234. if (asock != INVALID_SOCKET)
  235. BIO_closesocket(asock);
  236. goto end;
  237. }
  238. #ifndef OPENSSL_NO_SCTP
  239. if (protocol == IPPROTO_SCTP) {
  240. /*
  241. * For SCTP we have to set various options on the socket prior to
  242. * accepting. This is done automatically by BIO_new_dgram_sctp().
  243. * We don't actually need the created BIO though so we free it again
  244. * immediately.
  245. */
  246. BIO *tmpbio = BIO_new_dgram_sctp(asock, BIO_NOCLOSE);
  247. if (tmpbio == NULL) {
  248. BIO_closesocket(asock);
  249. ERR_print_errors(bio_err);
  250. goto end;
  251. }
  252. BIO_free(tmpbio);
  253. }
  254. #endif
  255. BIO_ADDRINFO_free(res);
  256. res = NULL;
  257. if (accept_sock != NULL)
  258. *accept_sock = asock;
  259. for (;;) {
  260. if (type == SOCK_STREAM) {
  261. BIO_ADDR_free(ourpeer);
  262. ourpeer = BIO_ADDR_new();
  263. if (ourpeer == NULL) {
  264. BIO_closesocket(asock);
  265. ERR_print_errors(bio_err);
  266. goto end;
  267. }
  268. do {
  269. sock = BIO_accept_ex(asock, ourpeer, 0);
  270. } while (sock < 0 && BIO_sock_should_retry(sock));
  271. if (sock < 0) {
  272. ERR_print_errors(bio_err);
  273. BIO_closesocket(asock);
  274. break;
  275. }
  276. i = (*cb)(sock, type, protocol, context);
  277. /*
  278. * Give the socket time to send its last data before we close it.
  279. * No amount of setting SO_LINGER etc on the socket seems to
  280. * persuade Windows to send the data before closing the socket...
  281. * but sleeping for a short time seems to do it (units in ms)
  282. * TODO: Find a better way to do this
  283. */
  284. #if defined(OPENSSL_SYS_WINDOWS)
  285. Sleep(50);
  286. #elif defined(OPENSSL_SYS_CYGWIN)
  287. usleep(50000);
  288. #endif
  289. /*
  290. * If we ended with an alert being sent, but still with data in the
  291. * network buffer to be read, then calling BIO_closesocket() will
  292. * result in a TCP-RST being sent. On some platforms (notably
  293. * Windows) then this will result in the peer immediately abandoning
  294. * the connection including any buffered alert data before it has
  295. * had a chance to be read. Shutting down the sending side first,
  296. * and then closing the socket sends TCP-FIN first followed by
  297. * TCP-RST. This seems to allow the peer to read the alert data.
  298. */
  299. shutdown(sock, 1); /* SHUT_WR */
  300. BIO_closesocket(sock);
  301. } else {
  302. i = (*cb)(asock, type, protocol, context);
  303. }
  304. if (naccept != -1)
  305. naccept--;
  306. if (i < 0 || naccept == 0) {
  307. BIO_closesocket(asock);
  308. ret = i;
  309. break;
  310. }
  311. }
  312. end:
  313. # ifdef AF_UNIX
  314. if (family == AF_UNIX)
  315. unlink(host);
  316. # endif
  317. BIO_ADDR_free(ourpeer);
  318. ourpeer = NULL;
  319. return ret;
  320. }
  321. #endif /* OPENSSL_NO_SOCK */