2
0

s_socket.c 13 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395
  1. /*
  2. * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /* socket-related functions used by s_client and s_server */
  10. #include <stdio.h>
  11. #include <stdlib.h>
  12. #include <string.h>
  13. #include <errno.h>
  14. #include <signal.h>
  15. #include <openssl/opensslconf.h>
  16. /*
  17. * With IPv6, it looks like Digital has mixed up the proper order of
  18. * recursive header file inclusion, resulting in the compiler complaining
  19. * that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is
  20. * needed to have fileno() declared correctly... So let's define u_int
  21. */
  22. #if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
  23. # define __U_INT
  24. typedef unsigned int u_int;
  25. #endif
  26. #ifndef OPENSSL_NO_SOCK
  27. # include "apps.h"
  28. # include "s_apps.h"
  29. # include "internal/sockets.h"
  30. # include <openssl/bio.h>
  31. # include <openssl/err.h>
  32. /* Keep track of our peer's address for the cookie callback */
  33. BIO_ADDR *ourpeer = NULL;
  34. /*
  35. * init_client - helper routine to set up socket communication
  36. * @sock: pointer to storage of resulting socket.
  37. * @host: the host name or path (for AF_UNIX) to connect to.
  38. * @port: the port to connect to (ignored for AF_UNIX).
  39. * @bindhost: source host or path (for AF_UNIX).
  40. * @bindport: source port (ignored for AF_UNIX).
  41. * @family: desired socket family, may be AF_INET, AF_INET6, AF_UNIX or
  42. * AF_UNSPEC
  43. * @type: socket type, must be SOCK_STREAM or SOCK_DGRAM
  44. * @protocol: socket protocol, e.g. IPPROTO_TCP or IPPROTO_UDP (or 0 for any)
  45. *
  46. * This will create a socket and use it to connect to a host:port, or if
  47. * family == AF_UNIX, to the path found in host.
  48. *
  49. * If the host has more than one address, it will try them one by one until
  50. * a successful connection is established. The resulting socket will be
  51. * found in *sock on success, it will be given INVALID_SOCKET otherwise.
  52. *
  53. * Returns 1 on success, 0 on failure.
  54. */
  55. int init_client(int *sock, const char *host, const char *port,
  56. const char *bindhost, const char *bindport,
  57. int family, int type, int protocol)
  58. {
  59. BIO_ADDRINFO *res = NULL;
  60. BIO_ADDRINFO *bindaddr = NULL;
  61. const BIO_ADDRINFO *ai = NULL;
  62. const BIO_ADDRINFO *bi = NULL;
  63. int found = 0;
  64. int ret;
  65. if (BIO_sock_init() != 1)
  66. return 0;
  67. ret = BIO_lookup_ex(host, port, BIO_LOOKUP_CLIENT, family, type, protocol,
  68. &res);
  69. if (ret == 0) {
  70. ERR_print_errors(bio_err);
  71. return 0;
  72. }
  73. if (bindhost != NULL || bindport != NULL) {
  74. ret = BIO_lookup_ex(bindhost, bindport, BIO_LOOKUP_CLIENT,
  75. family, type, protocol, &bindaddr);
  76. if (ret == 0) {
  77. ERR_print_errors (bio_err);
  78. goto out;
  79. }
  80. }
  81. ret = 0;
  82. for (ai = res; ai != NULL; ai = BIO_ADDRINFO_next(ai)) {
  83. /* Admittedly, these checks are quite paranoid, we should not get
  84. * anything in the BIO_ADDRINFO chain that we haven't
  85. * asked for. */
  86. OPENSSL_assert((family == AF_UNSPEC
  87. || family == BIO_ADDRINFO_family(ai))
  88. && (type == 0 || type == BIO_ADDRINFO_socktype(ai))
  89. && (protocol == 0
  90. || protocol == BIO_ADDRINFO_protocol(ai)));
  91. if (bindaddr != NULL) {
  92. for (bi = bindaddr; bi != NULL; bi = BIO_ADDRINFO_next(bi)) {
  93. if (BIO_ADDRINFO_family(bi) == BIO_ADDRINFO_family(ai))
  94. break;
  95. }
  96. if (bi == NULL)
  97. continue;
  98. ++found;
  99. }
  100. *sock = BIO_socket(BIO_ADDRINFO_family(ai), BIO_ADDRINFO_socktype(ai),
  101. BIO_ADDRINFO_protocol(ai), 0);
  102. if (*sock == INVALID_SOCKET) {
  103. /* Maybe the kernel doesn't support the socket family, even if
  104. * BIO_lookup() added it in the returned result...
  105. */
  106. continue;
  107. }
  108. if (bi != NULL) {
  109. if (!BIO_bind(*sock, BIO_ADDRINFO_address(bi),
  110. BIO_SOCK_REUSEADDR)) {
  111. BIO_closesocket(*sock);
  112. *sock = INVALID_SOCKET;
  113. break;
  114. }
  115. }
  116. #ifndef OPENSSL_NO_SCTP
  117. if (protocol == IPPROTO_SCTP) {
  118. /*
  119. * For SCTP we have to set various options on the socket prior to
  120. * connecting. This is done automatically by BIO_new_dgram_sctp().
  121. * We don't actually need the created BIO though so we free it again
  122. * immediately.
  123. */
  124. BIO *tmpbio = BIO_new_dgram_sctp(*sock, BIO_NOCLOSE);
  125. if (tmpbio == NULL) {
  126. ERR_print_errors(bio_err);
  127. return 0;
  128. }
  129. BIO_free(tmpbio);
  130. }
  131. #endif
  132. if (!BIO_connect(*sock, BIO_ADDRINFO_address(ai),
  133. protocol == IPPROTO_TCP ? BIO_SOCK_NODELAY : 0)) {
  134. BIO_closesocket(*sock);
  135. *sock = INVALID_SOCKET;
  136. continue;
  137. }
  138. /* Success, don't try any more addresses */
  139. break;
  140. }
  141. if (*sock == INVALID_SOCKET) {
  142. if (bindaddr != NULL && !found) {
  143. BIO_printf(bio_err, "Can't bind %saddress for %s%s%s\n",
  144. BIO_ADDRINFO_family(res) == AF_INET6 ? "IPv6 " :
  145. BIO_ADDRINFO_family(res) == AF_INET ? "IPv4 " :
  146. BIO_ADDRINFO_family(res) == AF_UNIX ? "unix " : "",
  147. bindhost != NULL ? bindhost : "",
  148. bindport != NULL ? ":" : "",
  149. bindport != NULL ? bindport : "");
  150. ERR_clear_error();
  151. ret = 0;
  152. }
  153. ERR_print_errors(bio_err);
  154. } else {
  155. /* Remove any stale errors from previous connection attempts */
  156. ERR_clear_error();
  157. ret = 1;
  158. }
  159. out:
  160. if (bindaddr != NULL) {
  161. BIO_ADDRINFO_free (bindaddr);
  162. }
  163. BIO_ADDRINFO_free(res);
  164. return ret;
  165. }
  166. /*
  167. * do_server - helper routine to perform a server operation
  168. * @accept_sock: pointer to storage of resulting socket.
  169. * @host: the host name or path (for AF_UNIX) to connect to.
  170. * @port: the port to connect to (ignored for AF_UNIX).
  171. * @family: desired socket family, may be AF_INET, AF_INET6, AF_UNIX or
  172. * AF_UNSPEC
  173. * @type: socket type, must be SOCK_STREAM or SOCK_DGRAM
  174. * @cb: pointer to a function that receives the accepted socket and
  175. * should perform the communication with the connecting client.
  176. * @context: pointer to memory that's passed verbatim to the cb function.
  177. * @naccept: number of times an incoming connect should be accepted. If -1,
  178. * unlimited number.
  179. *
  180. * This will create a socket and use it to listen to a host:port, or if
  181. * family == AF_UNIX, to the path found in host, then start accepting
  182. * incoming connections and run cb on the resulting socket.
  183. *
  184. * 0 on failure, something other on success.
  185. */
  186. int do_server(int *accept_sock, const char *host, const char *port,
  187. int family, int type, int protocol, do_server_cb cb,
  188. unsigned char *context, int naccept, BIO *bio_s_out)
  189. {
  190. int asock = 0;
  191. int sock;
  192. int i;
  193. BIO_ADDRINFO *res = NULL;
  194. const BIO_ADDRINFO *next;
  195. int sock_family, sock_type, sock_protocol, sock_port;
  196. const BIO_ADDR *sock_address;
  197. int sock_options = BIO_SOCK_REUSEADDR;
  198. int ret = 0;
  199. if (BIO_sock_init() != 1)
  200. return 0;
  201. if (!BIO_lookup_ex(host, port, BIO_LOOKUP_SERVER, family, type, protocol,
  202. &res)) {
  203. ERR_print_errors(bio_err);
  204. return 0;
  205. }
  206. /* Admittedly, these checks are quite paranoid, we should not get
  207. * anything in the BIO_ADDRINFO chain that we haven't asked for */
  208. OPENSSL_assert((family == AF_UNSPEC || family == BIO_ADDRINFO_family(res))
  209. && (type == 0 || type == BIO_ADDRINFO_socktype(res))
  210. && (protocol == 0 || protocol == BIO_ADDRINFO_protocol(res)));
  211. sock_family = BIO_ADDRINFO_family(res);
  212. sock_type = BIO_ADDRINFO_socktype(res);
  213. sock_protocol = BIO_ADDRINFO_protocol(res);
  214. sock_address = BIO_ADDRINFO_address(res);
  215. next = BIO_ADDRINFO_next(res);
  216. if (sock_family == AF_INET6)
  217. sock_options |= BIO_SOCK_V6_ONLY;
  218. if (next != NULL
  219. && BIO_ADDRINFO_socktype(next) == sock_type
  220. && BIO_ADDRINFO_protocol(next) == sock_protocol) {
  221. if (sock_family == AF_INET
  222. && BIO_ADDRINFO_family(next) == AF_INET6) {
  223. sock_family = AF_INET6;
  224. sock_address = BIO_ADDRINFO_address(next);
  225. } else if (sock_family == AF_INET6
  226. && BIO_ADDRINFO_family(next) == AF_INET) {
  227. sock_options &= ~BIO_SOCK_V6_ONLY;
  228. }
  229. }
  230. asock = BIO_socket(sock_family, sock_type, sock_protocol, 0);
  231. if (asock == INVALID_SOCKET
  232. || !BIO_listen(asock, sock_address, sock_options)) {
  233. BIO_ADDRINFO_free(res);
  234. ERR_print_errors(bio_err);
  235. if (asock != INVALID_SOCKET)
  236. BIO_closesocket(asock);
  237. goto end;
  238. }
  239. #ifndef OPENSSL_NO_SCTP
  240. if (protocol == IPPROTO_SCTP) {
  241. /*
  242. * For SCTP we have to set various options on the socket prior to
  243. * accepting. This is done automatically by BIO_new_dgram_sctp().
  244. * We don't actually need the created BIO though so we free it again
  245. * immediately.
  246. */
  247. BIO *tmpbio = BIO_new_dgram_sctp(asock, BIO_NOCLOSE);
  248. if (tmpbio == NULL) {
  249. BIO_closesocket(asock);
  250. ERR_print_errors(bio_err);
  251. goto end;
  252. }
  253. BIO_free(tmpbio);
  254. }
  255. #endif
  256. sock_port = BIO_ADDR_rawport(sock_address);
  257. BIO_ADDRINFO_free(res);
  258. res = NULL;
  259. if (sock_port == 0) {
  260. /* dynamically allocated port, report which one */
  261. union BIO_sock_info_u info;
  262. char *hostname = NULL;
  263. char *service = NULL;
  264. int success = 0;
  265. if ((info.addr = BIO_ADDR_new()) != NULL
  266. && BIO_sock_info(asock, BIO_SOCK_INFO_ADDRESS, &info)
  267. && (hostname = BIO_ADDR_hostname_string(info.addr, 1)) != NULL
  268. && (service = BIO_ADDR_service_string(info.addr, 1)) != NULL
  269. && BIO_printf(bio_s_out,
  270. strchr(hostname, ':') == NULL
  271. ? /* IPv4 */ "ACCEPT %s:%s\n"
  272. : /* IPv6 */ "ACCEPT [%s]:%s\n",
  273. hostname, service) > 0)
  274. success = 1;
  275. (void)BIO_flush(bio_s_out);
  276. OPENSSL_free(hostname);
  277. OPENSSL_free(service);
  278. BIO_ADDR_free(info.addr);
  279. if (!success) {
  280. BIO_closesocket(asock);
  281. ERR_print_errors(bio_err);
  282. goto end;
  283. }
  284. } else {
  285. (void)BIO_printf(bio_s_out, "ACCEPT\n");
  286. (void)BIO_flush(bio_s_out);
  287. }
  288. if (accept_sock != NULL)
  289. *accept_sock = asock;
  290. for (;;) {
  291. char sink[64];
  292. struct timeval timeout;
  293. fd_set readfds;
  294. if (type == SOCK_STREAM) {
  295. BIO_ADDR_free(ourpeer);
  296. ourpeer = BIO_ADDR_new();
  297. if (ourpeer == NULL) {
  298. BIO_closesocket(asock);
  299. ERR_print_errors(bio_err);
  300. goto end;
  301. }
  302. do {
  303. sock = BIO_accept_ex(asock, ourpeer, 0);
  304. } while (sock < 0 && BIO_sock_should_retry(sock));
  305. if (sock < 0) {
  306. ERR_print_errors(bio_err);
  307. BIO_closesocket(asock);
  308. break;
  309. }
  310. BIO_set_tcp_ndelay(sock, 1);
  311. i = (*cb)(sock, type, protocol, context);
  312. /*
  313. * If we ended with an alert being sent, but still with data in the
  314. * network buffer to be read, then calling BIO_closesocket() will
  315. * result in a TCP-RST being sent. On some platforms (notably
  316. * Windows) then this will result in the peer immediately abandoning
  317. * the connection including any buffered alert data before it has
  318. * had a chance to be read. Shutting down the sending side first,
  319. * and then closing the socket sends TCP-FIN first followed by
  320. * TCP-RST. This seems to allow the peer to read the alert data.
  321. */
  322. shutdown(sock, 1); /* SHUT_WR */
  323. /*
  324. * We just said we have nothing else to say, but it doesn't mean
  325. * that the other side has nothing. It's even recommended to
  326. * consume incoming data. [In testing context this ensures that
  327. * alerts are passed on...]
  328. */
  329. timeout.tv_sec = 0;
  330. timeout.tv_usec = 500000; /* some extreme round-trip */
  331. do {
  332. FD_ZERO(&readfds);
  333. openssl_fdset(sock, &readfds);
  334. } while (select(sock + 1, &readfds, NULL, NULL, &timeout) > 0
  335. && readsocket(sock, sink, sizeof(sink)) > 0);
  336. BIO_closesocket(sock);
  337. } else {
  338. i = (*cb)(asock, type, protocol, context);
  339. }
  340. if (naccept != -1)
  341. naccept--;
  342. if (i < 0 || naccept == 0) {
  343. BIO_closesocket(asock);
  344. ret = i;
  345. break;
  346. }
  347. }
  348. end:
  349. # ifdef AF_UNIX
  350. if (family == AF_UNIX)
  351. unlink(host);
  352. # endif
  353. BIO_ADDR_free(ourpeer);
  354. ourpeer = NULL;
  355. return ret;
  356. }
  357. #endif /* OPENSSL_NO_SOCK */