1 /* 2 * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the OpenSSL license (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 /* socket-related functions used by s_client and s_server */ 11 #include <stdio.h> 12 #include <stdlib.h> 13 #include <string.h> 14 #include <errno.h> 15 #include <signal.h> 16 #include <openssl/opensslconf.h> 17 18 /* 19 * With IPv6, it looks like Digital has mixed up the proper order of 20 * recursive header file inclusion, resulting in the compiler complaining 21 * that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is 22 * needed to have fileno() declared correctly... So let's define u_int 23 */ 24 #if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT) 25 # define __U_INT 26 typedef unsigned int u_int; 27 #endif 28 29 #ifndef OPENSSL_NO_SOCK 30 31 # include "apps.h" 32 # include "s_apps.h" 33 # include "internal/sockets.h" 34 35 # include <openssl/bio.h> 36 # include <openssl/err.h> 37 38 /* Keep track of our peer's address for the cookie callback */ 39 BIO_ADDR *ourpeer = NULL; 40 41 /* 42 * init_client - helper routine to set up socket communication 43 * @sock: pointer to storage of resulting socket. 44 * @host: the host name or path (for AF_UNIX) to connect to. 45 * @port: the port to connect to (ignored for AF_UNIX). 46 * @bindhost: source host or path (for AF_UNIX). 47 * @bindport: source port (ignored for AF_UNIX). 48 * @family: desired socket family, may be AF_INET, AF_INET6, AF_UNIX or 49 * AF_UNSPEC 50 * @type: socket type, must be SOCK_STREAM or SOCK_DGRAM 51 * @protocol: socket protocol, e.g. IPPROTO_TCP or IPPROTO_UDP (or 0 for any) 52 * 53 * This will create a socket and use it to connect to a host:port, or if 54 * family == AF_UNIX, to the path found in host. 55 * 56 * If the host has more than one address, it will try them one by one until 57 * a successful connection is established. The resulting socket will be 58 * found in *sock on success, it will be given INVALID_SOCKET otherwise. 59 * 60 * Returns 1 on success, 0 on failure. 61 */ 62 int init_client(int *sock, const char *host, const char *port, 63 const char *bindhost, const char *bindport, 64 int family, int type, int protocol) 65 { 66 BIO_ADDRINFO *res = NULL; 67 BIO_ADDRINFO *bindaddr = NULL; 68 const BIO_ADDRINFO *ai = NULL; 69 const BIO_ADDRINFO *bi = NULL; 70 int found = 0; 71 int ret; 72 73 if (BIO_sock_init() != 1) 74 return 0; 75 76 ret = BIO_lookup_ex(host, port, BIO_LOOKUP_CLIENT, family, type, protocol, 77 &res); 78 if (ret == 0) { 79 ERR_print_errors(bio_err); 80 return 0; 81 } 82 83 if (bindhost != NULL || bindport != NULL) { 84 ret = BIO_lookup_ex(bindhost, bindport, BIO_LOOKUP_CLIENT, 85 family, type, protocol, &bindaddr); 86 if (ret == 0) { 87 ERR_print_errors (bio_err); 88 goto out; 89 } 90 } 91 92 ret = 0; 93 for (ai = res; ai != NULL; ai = BIO_ADDRINFO_next(ai)) { 94 /* Admittedly, these checks are quite paranoid, we should not get 95 * anything in the BIO_ADDRINFO chain that we haven't 96 * asked for. */ 97 OPENSSL_assert((family == AF_UNSPEC 98 || family == BIO_ADDRINFO_family(ai)) 99 && (type == 0 || type == BIO_ADDRINFO_socktype(ai)) 100 && (protocol == 0 101 || protocol == BIO_ADDRINFO_protocol(ai))); 102 103 if (bindaddr != NULL) { 104 for (bi = bindaddr; bi != NULL; bi = BIO_ADDRINFO_next(bi)) { 105 if (BIO_ADDRINFO_family(bi) == BIO_ADDRINFO_family(ai)) 106 break; 107 } 108 if (bi == NULL) 109 continue; 110 ++found; 111 } 112 113 *sock = BIO_socket(BIO_ADDRINFO_family(ai), BIO_ADDRINFO_socktype(ai), 114 BIO_ADDRINFO_protocol(ai), 0); 115 if (*sock == INVALID_SOCKET) { 116 /* Maybe the kernel doesn't support the socket family, even if 117 * BIO_lookup() added it in the returned result... 118 */ 119 continue; 120 } 121 122 if (bi != NULL) { 123 if (!BIO_bind(*sock, BIO_ADDRINFO_address(bi), 124 BIO_SOCK_REUSEADDR)) { 125 BIO_closesocket(*sock); 126 *sock = INVALID_SOCKET; 127 break; 128 } 129 } 130 131 #ifndef OPENSSL_NO_SCTP 132 if (protocol == IPPROTO_SCTP) { 133 /* 134 * For SCTP we have to set various options on the socket prior to 135 * connecting. This is done automatically by BIO_new_dgram_sctp(). 136 * We don't actually need the created BIO though so we free it again 137 * immediately. 138 */ 139 BIO *tmpbio = BIO_new_dgram_sctp(*sock, BIO_NOCLOSE); 140 141 if (tmpbio == NULL) { 142 ERR_print_errors(bio_err); 143 return 0; 144 } 145 BIO_free(tmpbio); 146 } 147 #endif 148 149 if (!BIO_connect(*sock, BIO_ADDRINFO_address(ai), 150 protocol == IPPROTO_TCP ? BIO_SOCK_NODELAY : 0)) { 151 BIO_closesocket(*sock); 152 *sock = INVALID_SOCKET; 153 continue; 154 } 155 156 /* Success, don't try any more addresses */ 157 break; 158 } 159 160 if (*sock == INVALID_SOCKET) { 161 if (bindaddr != NULL && !found) { 162 BIO_printf(bio_err, "Can't bind %saddress for %s%s%s\n", 163 BIO_ADDRINFO_family(res) == AF_INET6 ? "IPv6 " : 164 BIO_ADDRINFO_family(res) == AF_INET ? "IPv4 " : 165 BIO_ADDRINFO_family(res) == AF_UNIX ? "unix " : "", 166 bindhost != NULL ? bindhost : "", 167 bindport != NULL ? ":" : "", 168 bindport != NULL ? bindport : ""); 169 ERR_clear_error(); 170 ret = 0; 171 } 172 ERR_print_errors(bio_err); 173 } else { 174 /* Remove any stale errors from previous connection attempts */ 175 ERR_clear_error(); 176 ret = 1; 177 } 178 out: 179 if (bindaddr != NULL) { 180 BIO_ADDRINFO_free (bindaddr); 181 } 182 BIO_ADDRINFO_free(res); 183 return ret; 184 } 185 186 /* 187 * do_server - helper routine to perform a server operation 188 * @accept_sock: pointer to storage of resulting socket. 189 * @host: the host name or path (for AF_UNIX) to connect to. 190 * @port: the port to connect to (ignored for AF_UNIX). 191 * @family: desired socket family, may be AF_INET, AF_INET6, AF_UNIX or 192 * AF_UNSPEC 193 * @type: socket type, must be SOCK_STREAM or SOCK_DGRAM 194 * @cb: pointer to a function that receives the accepted socket and 195 * should perform the communication with the connecting client. 196 * @context: pointer to memory that's passed verbatim to the cb function. 197 * @naccept: number of times an incoming connect should be accepted. If -1, 198 * unlimited number. 199 * 200 * This will create a socket and use it to listen to a host:port, or if 201 * family == AF_UNIX, to the path found in host, then start accepting 202 * incoming connections and run cb on the resulting socket. 203 * 204 * 0 on failure, something other on success. 205 */ 206 int do_server(int *accept_sock, const char *host, const char *port, 207 int family, int type, int protocol, do_server_cb cb, 208 unsigned char *context, int naccept, BIO *bio_s_out) 209 { 210 int asock = 0; 211 int sock; 212 int i; 213 BIO_ADDRINFO *res = NULL; 214 const BIO_ADDRINFO *next; 215 int sock_family, sock_type, sock_protocol, sock_port; 216 const BIO_ADDR *sock_address; 217 int sock_options = BIO_SOCK_REUSEADDR; 218 int ret = 0; 219 220 if (BIO_sock_init() != 1) 221 return 0; 222 223 if (!BIO_lookup_ex(host, port, BIO_LOOKUP_SERVER, family, type, protocol, 224 &res)) { 225 ERR_print_errors(bio_err); 226 return 0; 227 } 228 229 /* Admittedly, these checks are quite paranoid, we should not get 230 * anything in the BIO_ADDRINFO chain that we haven't asked for */ 231 OPENSSL_assert((family == AF_UNSPEC || family == BIO_ADDRINFO_family(res)) 232 && (type == 0 || type == BIO_ADDRINFO_socktype(res)) 233 && (protocol == 0 || protocol == BIO_ADDRINFO_protocol(res))); 234 235 sock_family = BIO_ADDRINFO_family(res); 236 sock_type = BIO_ADDRINFO_socktype(res); 237 sock_protocol = BIO_ADDRINFO_protocol(res); 238 sock_address = BIO_ADDRINFO_address(res); 239 next = BIO_ADDRINFO_next(res); 240 if (sock_family == AF_INET6) 241 sock_options |= BIO_SOCK_V6_ONLY; 242 if (next != NULL 243 && BIO_ADDRINFO_socktype(next) == sock_type 244 && BIO_ADDRINFO_protocol(next) == sock_protocol) { 245 if (sock_family == AF_INET 246 && BIO_ADDRINFO_family(next) == AF_INET6) { 247 sock_family = AF_INET6; 248 sock_address = BIO_ADDRINFO_address(next); 249 } else if (sock_family == AF_INET6 250 && BIO_ADDRINFO_family(next) == AF_INET) { 251 sock_options &= ~BIO_SOCK_V6_ONLY; 252 } 253 } 254 255 asock = BIO_socket(sock_family, sock_type, sock_protocol, 0); 256 if (asock == INVALID_SOCKET 257 || !BIO_listen(asock, sock_address, sock_options)) { 258 BIO_ADDRINFO_free(res); 259 ERR_print_errors(bio_err); 260 if (asock != INVALID_SOCKET) 261 BIO_closesocket(asock); 262 goto end; 263 } 264 265 #ifndef OPENSSL_NO_SCTP 266 if (protocol == IPPROTO_SCTP) { 267 /* 268 * For SCTP we have to set various options on the socket prior to 269 * accepting. This is done automatically by BIO_new_dgram_sctp(). 270 * We don't actually need the created BIO though so we free it again 271 * immediately. 272 */ 273 BIO *tmpbio = BIO_new_dgram_sctp(asock, BIO_NOCLOSE); 274 275 if (tmpbio == NULL) { 276 BIO_closesocket(asock); 277 ERR_print_errors(bio_err); 278 goto end; 279 } 280 BIO_free(tmpbio); 281 } 282 #endif 283 284 sock_port = BIO_ADDR_rawport(sock_address); 285 286 BIO_ADDRINFO_free(res); 287 res = NULL; 288 289 if (sock_port == 0) { 290 /* dynamically allocated port, report which one */ 291 union BIO_sock_info_u info; 292 char *hostname = NULL; 293 char *service = NULL; 294 int success = 0; 295 296 if ((info.addr = BIO_ADDR_new()) != NULL 297 && BIO_sock_info(asock, BIO_SOCK_INFO_ADDRESS, &info) 298 && (hostname = BIO_ADDR_hostname_string(info.addr, 1)) != NULL 299 && (service = BIO_ADDR_service_string(info.addr, 1)) != NULL 300 && BIO_printf(bio_s_out, 301 strchr(hostname, ':') == NULL 302 ? /* IPv4 */ "ACCEPT %s:%s\n" 303 : /* IPv6 */ "ACCEPT [%s]:%s\n", 304 hostname, service) > 0) 305 success = 1; 306 307 (void)BIO_flush(bio_s_out); 308 OPENSSL_free(hostname); 309 OPENSSL_free(service); 310 BIO_ADDR_free(info.addr); 311 if (!success) { 312 BIO_closesocket(asock); 313 ERR_print_errors(bio_err); 314 goto end; 315 } 316 } else { 317 (void)BIO_printf(bio_s_out, "ACCEPT\n"); 318 (void)BIO_flush(bio_s_out); 319 } 320 321 if (accept_sock != NULL) 322 *accept_sock = asock; 323 for (;;) { 324 char sink[64]; 325 struct timeval timeout; 326 fd_set readfds; 327 328 if (type == SOCK_STREAM) { 329 BIO_ADDR_free(ourpeer); 330 ourpeer = BIO_ADDR_new(); 331 if (ourpeer == NULL) { 332 BIO_closesocket(asock); 333 ERR_print_errors(bio_err); 334 goto end; 335 } 336 do { 337 sock = BIO_accept_ex(asock, ourpeer, 0); 338 } while (sock < 0 && BIO_sock_should_retry(sock)); 339 if (sock < 0) { 340 ERR_print_errors(bio_err); 341 BIO_closesocket(asock); 342 break; 343 } 344 BIO_set_tcp_ndelay(sock, 1); 345 i = (*cb)(sock, type, protocol, context); 346 347 /* 348 * If we ended with an alert being sent, but still with data in the 349 * network buffer to be read, then calling BIO_closesocket() will 350 * result in a TCP-RST being sent. On some platforms (notably 351 * Windows) then this will result in the peer immediately abandoning 352 * the connection including any buffered alert data before it has 353 * had a chance to be read. Shutting down the sending side first, 354 * and then closing the socket sends TCP-FIN first followed by 355 * TCP-RST. This seems to allow the peer to read the alert data. 356 */ 357 shutdown(sock, 1); /* SHUT_WR */ 358 /* 359 * We just said we have nothing else to say, but it doesn't mean 360 * that the other side has nothing. It's even recommended to 361 * consume incoming data. [In testing context this ensures that 362 * alerts are passed on...] 363 */ 364 timeout.tv_sec = 0; 365 timeout.tv_usec = 500000; /* some extreme round-trip */ 366 do { 367 FD_ZERO(&readfds); 368 openssl_fdset(sock, &readfds); 369 } while (select(sock + 1, &readfds, NULL, NULL, &timeout) > 0 370 && readsocket(sock, sink, sizeof(sink)) > 0); 371 372 BIO_closesocket(sock); 373 } else { 374 i = (*cb)(asock, type, protocol, context); 375 } 376 377 if (naccept != -1) 378 naccept--; 379 if (i < 0 || naccept == 0) { 380 BIO_closesocket(asock); 381 ret = i; 382 break; 383 } 384 } 385 end: 386 # ifdef AF_UNIX 387 if (family == AF_UNIX) 388 unlink(host); 389 # endif 390 BIO_ADDR_free(ourpeer); 391 ourpeer = NULL; 392 return ret; 393 } 394 395 #endif /* OPENSSL_NO_SOCK */ 396