diff options
Diffstat (limited to 'apps/s_socket.c')
| -rw-r--r-- | apps/s_socket.c | 866 |
1 files changed, 324 insertions, 542 deletions
diff --git a/apps/s_socket.c b/apps/s_socket.c index 83624ca84f15..76f928900207 100644 --- a/apps/s_socket.c +++ b/apps/s_socket.c @@ -1,74 +1,19 @@ /* - * apps/s_socket.c - socket-related functions used by s_client and s_server - */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ +/* socket-related functions used by s_client and s_server */ #include <stdio.h> #include <stdlib.h> #include <string.h> #include <errno.h> #include <signal.h> - -#ifdef FLAT_INC -# include "e_os2.h" -#else -# include "../e_os2.h" -#endif +#include <openssl/opensslconf.h> /* * With IPv6, it looks like Digital has mixed up the proper order of @@ -81,533 +26,370 @@ typedef unsigned int u_int; #endif -#define USE_SOCKETS -#define NON_MAIN -#include "apps.h" -#undef USE_SOCKETS -#undef NON_MAIN -#include "s_apps.h" -#include <openssl/ssl.h> - -#ifdef FLAT_INC -# include "e_os.h" -#else -# include "../e_os.h" -#endif - #ifndef OPENSSL_NO_SOCK -# if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_BSDSOCK) -# include "netdb.h" -# endif +# include "apps.h" +# include "s_apps.h" +# include "internal/sockets.h" -static struct hostent *GetHostByName(char *name); -# if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)) -static void ssl_sock_cleanup(void); -# endif -static int ssl_sock_init(void); -static int init_client_ip(int *sock, unsigned char ip[4], int port, int type); -static int init_server(int *sock, int port, int type); -static int init_server_long(int *sock, int port, char *ip, int type); -static int do_accept(int acc_sock, int *sock, char **host); -static int host_ip(char *str, unsigned char ip[4]); - -# ifdef OPENSSL_SYS_WIN16 -# define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ -# else -# define SOCKET_PROTOCOL IPPROTO_TCP -# endif - -# if defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK) -static int wsa_init_done = 0; -# endif +# include <openssl/bio.h> +# include <openssl/err.h> -# ifdef OPENSSL_SYS_WINDOWS -static struct WSAData wsa_state; -static int wsa_init_done = 0; +/* Keep track of our peer's address for the cookie callback */ +BIO_ADDR *ourpeer = NULL; -# ifdef OPENSSL_SYS_WIN16 -static HWND topWnd = 0; -static FARPROC lpTopWndProc = NULL; -static FARPROC lpTopHookProc = NULL; -extern HINSTANCE _hInstance; /* nice global CRT provides */ - -static LONG FAR PASCAL topHookProc(HWND hwnd, UINT message, WPARAM wParam, - LPARAM lParam) -{ - if (hwnd == topWnd) { - switch (message) { - case WM_DESTROY: - case WM_CLOSE: - SetWindowLong(topWnd, GWL_WNDPROC, (LONG) lpTopWndProc); - ssl_sock_cleanup(); - break; - } - } - return CallWindowProc(lpTopWndProc, hwnd, message, wParam, lParam); -} - -static BOOL CALLBACK enumproc(HWND hwnd, LPARAM lParam) +/* + * init_client - helper routine to set up socket communication + * @sock: pointer to storage of resulting socket. + * @host: the host name or path (for AF_UNIX) to connect to. + * @port: the port to connect to (ignored for AF_UNIX). + * @bindhost: source host or path (for AF_UNIX). + * @bindport: source port (ignored for AF_UNIX). + * @family: desired socket family, may be AF_INET, AF_INET6, AF_UNIX or + * AF_UNSPEC + * @type: socket type, must be SOCK_STREAM or SOCK_DGRAM + * @protocol: socket protocol, e.g. IPPROTO_TCP or IPPROTO_UDP (or 0 for any) + * + * This will create a socket and use it to connect to a host:port, or if + * family == AF_UNIX, to the path found in host. + * + * If the host has more than one address, it will try them one by one until + * a successful connection is established. The resulting socket will be + * found in *sock on success, it will be given INVALID_SOCKET otherwise. + * + * Returns 1 on success, 0 on failure. + */ +int init_client(int *sock, const char *host, const char *port, + const char *bindhost, const char *bindport, + int family, int type, int protocol) { - topWnd = hwnd; - return (FALSE); -} + BIO_ADDRINFO *res = NULL; + BIO_ADDRINFO *bindaddr = NULL; + const BIO_ADDRINFO *ai = NULL; + const BIO_ADDRINFO *bi = NULL; + int found = 0; + int ret; -# endif /* OPENSSL_SYS_WIN32 */ -# endif /* OPENSSL_SYS_WINDOWS */ + if (BIO_sock_init() != 1) + return 0; -# ifdef OPENSSL_SYS_WINDOWS -static void ssl_sock_cleanup(void) -{ - if (wsa_init_done) { - wsa_init_done = 0; -# ifndef OPENSSL_SYS_WINCE - WSACancelBlockingCall(); -# endif - WSACleanup(); - } -} -# elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK) -static void sock_cleanup(void) -{ - if (wsa_init_done) { - wsa_init_done = 0; - WSACleanup(); + ret = BIO_lookup_ex(host, port, BIO_LOOKUP_CLIENT, family, type, protocol, + &res); + if (ret == 0) { + ERR_print_errors(bio_err); + return 0; } -} -# endif -static int ssl_sock_init(void) -{ -# ifdef WATT32 - extern int _watt_do_exit; - _watt_do_exit = 0; - if (sock_init()) - return (0); -# elif defined(OPENSSL_SYS_WINDOWS) - if (!wsa_init_done) { - int err; - -# ifdef SIGINT - signal(SIGINT, (void (*)(int))ssl_sock_cleanup); -# endif - wsa_init_done = 1; - memset(&wsa_state, 0, sizeof(wsa_state)); - if (WSAStartup(0x0101, &wsa_state) != 0) { - err = WSAGetLastError(); - BIO_printf(bio_err, "unable to start WINSOCK, error code=%d\n", - err); - return (0); + if (bindhost != NULL || bindport != NULL) { + ret = BIO_lookup_ex(bindhost, bindport, BIO_LOOKUP_CLIENT, + family, type, protocol, &bindaddr); + if (ret == 0) { + ERR_print_errors (bio_err); + goto out; } -# ifdef OPENSSL_SYS_WIN16 - EnumTaskWindows(GetCurrentTask(), enumproc, 0L); - lpTopWndProc = (FARPROC) GetWindowLong(topWnd, GWL_WNDPROC); - lpTopHookProc = MakeProcInstance((FARPROC) topHookProc, _hInstance); - - SetWindowLong(topWnd, GWL_WNDPROC, (LONG) lpTopHookProc); -# endif /* OPENSSL_SYS_WIN16 */ } -# elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK) - WORD wVerReq; - WSADATA wsaData; - int err; - - if (!wsa_init_done) { - -# ifdef SIGINT - signal(SIGINT, (void (*)(int))sock_cleanup); -# endif - - wsa_init_done = 1; - wVerReq = MAKEWORD(2, 0); - err = WSAStartup(wVerReq, &wsaData); - if (err != 0) { - BIO_printf(bio_err, "unable to start WINSOCK2, error code=%d\n", - err); - return (0); - } - } -# endif /* OPENSSL_SYS_WINDOWS */ - return (1); -} - -int init_client(int *sock, char *host, int port, int type) -{ - unsigned char ip[4]; - - memset(ip, '\0', sizeof(ip)); - if (!host_ip(host, &(ip[0]))) - return 0; - return init_client_ip(sock, ip, port, type); -} -static int init_client_ip(int *sock, unsigned char ip[4], int port, int type) -{ - unsigned long addr; - struct sockaddr_in them; - int s, i; - - if (!ssl_sock_init()) - return (0); - - memset((char *)&them, 0, sizeof(them)); - them.sin_family = AF_INET; - them.sin_port = htons((unsigned short)port); - addr = (unsigned long) - ((unsigned long)ip[0] << 24L) | - ((unsigned long)ip[1] << 16L) | - ((unsigned long)ip[2] << 8L) | ((unsigned long)ip[3]); - them.sin_addr.s_addr = htonl(addr); - - if (type == SOCK_STREAM) - s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL); - else /* ( type == SOCK_DGRAM) */ - s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); - - if (s == INVALID_SOCKET) { - perror("socket"); - return (0); - } -# if defined(SO_KEEPALIVE) && !defined(OPENSSL_SYS_MPE) - if (type == SOCK_STREAM) { - i = 0; - i = setsockopt(s, SOL_SOCKET, SO_KEEPALIVE, (char *)&i, sizeof(i)); - if (i < 0) { - closesocket(s); - perror("keepalive"); - return (0); + ret = 0; + for (ai = res; ai != NULL; ai = BIO_ADDRINFO_next(ai)) { + /* Admittedly, these checks are quite paranoid, we should not get + * anything in the BIO_ADDRINFO chain that we haven't + * asked for. */ + OPENSSL_assert((family == AF_UNSPEC + || family == BIO_ADDRINFO_family(ai)) + && (type == 0 || type == BIO_ADDRINFO_socktype(ai)) + && (protocol == 0 + || protocol == BIO_ADDRINFO_protocol(ai))); + + if (bindaddr != NULL) { + for (bi = bindaddr; bi != NULL; bi = BIO_ADDRINFO_next(bi)) { + if (BIO_ADDRINFO_family(bi) == BIO_ADDRINFO_family(ai)) + break; + } + if (bi == NULL) + continue; + ++found; } - } -# endif - if (connect(s, (struct sockaddr *)&them, sizeof(them)) == -1) { - closesocket(s); - perror("connect"); - return (0); - } - *sock = s; - return (1); -} + *sock = BIO_socket(BIO_ADDRINFO_family(ai), BIO_ADDRINFO_socktype(ai), + BIO_ADDRINFO_protocol(ai), 0); + if (*sock == INVALID_SOCKET) { + /* Maybe the kernel doesn't support the socket family, even if + * BIO_lookup() added it in the returned result... + */ + continue; + } -int do_server(int port, int type, int *ret, - int (*cb) (char *hostname, int s, int stype, - unsigned char *context), unsigned char *context, - int naccept) -{ - int sock; - char *name = NULL; - int accept_socket = 0; - int i; + if (bi != NULL) { + if (!BIO_bind(*sock, BIO_ADDRINFO_address(bi), + BIO_SOCK_REUSEADDR)) { + BIO_closesocket(*sock); + *sock = INVALID_SOCKET; + break; + } + } - if (!init_server(&accept_socket, port, type)) - return (0); +#ifndef OPENSSL_NO_SCTP + if (protocol == IPPROTO_SCTP) { + /* + * For SCTP we have to set various options on the socket prior to + * connecting. This is done automatically by BIO_new_dgram_sctp(). + * We don't actually need the created BIO though so we free it again + * immediately. + */ + BIO *tmpbio = BIO_new_dgram_sctp(*sock, BIO_NOCLOSE); - if (ret != NULL) { - *ret = accept_socket; - /* return(1); */ - } - for (;;) { - if (type == SOCK_STREAM) { - if (do_accept(accept_socket, &sock, &name) == 0) { - SHUTDOWN(accept_socket); - return (0); + if (tmpbio == NULL) { + ERR_print_errors(bio_err); + return 0; } - } else - sock = accept_socket; - i = (*cb) (name, sock, type, context); - if (name != NULL) - OPENSSL_free(name); - if (type == SOCK_STREAM) - SHUTDOWN2(sock); - if (naccept != -1) - naccept--; - if (i < 0 || naccept == 0) { - SHUTDOWN2(accept_socket); - return (i); + BIO_free(tmpbio); } - } -} +#endif -static int init_server_long(int *sock, int port, char *ip, int type) -{ - int ret = 0; - struct sockaddr_in server; - int s = -1; - - if (!ssl_sock_init()) - return (0); - - memset((char *)&server, 0, sizeof(server)); - server.sin_family = AF_INET; - server.sin_port = htons((unsigned short)port); - if (ip == NULL) - server.sin_addr.s_addr = INADDR_ANY; - else -/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */ -# ifndef BIT_FIELD_LIMITS - memcpy(&server.sin_addr.s_addr, ip, 4); -# else - memcpy(&server.sin_addr, ip, 4); -# endif + if (!BIO_connect(*sock, BIO_ADDRINFO_address(ai), + protocol == IPPROTO_TCP ? BIO_SOCK_NODELAY : 0)) { + BIO_closesocket(*sock); + *sock = INVALID_SOCKET; + continue; + } - if (type == SOCK_STREAM) - s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL); - else /* type == SOCK_DGRAM */ - s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); - - if (s == INVALID_SOCKET) - goto err; -# if defined SOL_SOCKET && defined SO_REUSEADDR - { - int j = 1; - setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof(j)); + /* Success, don't try any more addresses */ + break; } -# endif - if (bind(s, (struct sockaddr *)&server, sizeof(server)) == -1) { -# ifndef OPENSSL_SYS_WINDOWS - perror("bind"); -# endif - goto err; + + if (*sock == INVALID_SOCKET) { + if (bindaddr != NULL && !found) { + BIO_printf(bio_err, "Can't bind %saddress for %s%s%s\n", + BIO_ADDRINFO_family(res) == AF_INET6 ? "IPv6 " : + BIO_ADDRINFO_family(res) == AF_INET ? "IPv4 " : + BIO_ADDRINFO_family(res) == AF_UNIX ? "unix " : "", + bindhost != NULL ? bindhost : "", + bindport != NULL ? ":" : "", + bindport != NULL ? bindport : ""); + ERR_clear_error(); + ret = 0; + } + ERR_print_errors(bio_err); + } else { + /* Remove any stale errors from previous connection attempts */ + ERR_clear_error(); + ret = 1; } - /* Make it 128 for linux */ - if (type == SOCK_STREAM && listen(s, 128) == -1) - goto err; - *sock = s; - ret = 1; - err: - if ((ret == 0) && (s != -1)) { - SHUTDOWN(s); +out: + if (bindaddr != NULL) { + BIO_ADDRINFO_free (bindaddr); } - return (ret); + BIO_ADDRINFO_free(res); + return ret; } -static int init_server(int *sock, int port, int type) -{ - return (init_server_long(sock, port, NULL, type)); -} - -static int do_accept(int acc_sock, int *sock, char **host) +/* + * do_server - helper routine to perform a server operation + * @accept_sock: pointer to storage of resulting socket. + * @host: the host name or path (for AF_UNIX) to connect to. + * @port: the port to connect to (ignored for AF_UNIX). + * @family: desired socket family, may be AF_INET, AF_INET6, AF_UNIX or + * AF_UNSPEC + * @type: socket type, must be SOCK_STREAM or SOCK_DGRAM + * @cb: pointer to a function that receives the accepted socket and + * should perform the communication with the connecting client. + * @context: pointer to memory that's passed verbatim to the cb function. + * @naccept: number of times an incoming connect should be accepted. If -1, + * unlimited number. + * + * This will create a socket and use it to listen to a host:port, or if + * family == AF_UNIX, to the path found in host, then start accepting + * incoming connections and run cb on the resulting socket. + * + * 0 on failure, something other on success. + */ +int do_server(int *accept_sock, const char *host, const char *port, + int family, int type, int protocol, do_server_cb cb, + unsigned char *context, int naccept, BIO *bio_s_out) { - int ret; - struct hostent *h1, *h2; - static struct sockaddr_in from; - int len; -/* struct linger ling; */ - - if (!ssl_sock_init()) - return (0); + int asock = 0; + int sock; + int i; + BIO_ADDRINFO *res = NULL; + const BIO_ADDRINFO *next; + int sock_family, sock_type, sock_protocol, sock_port; + const BIO_ADDR *sock_address; + int sock_options = BIO_SOCK_REUSEADDR; + int ret = 0; -# ifndef OPENSSL_SYS_WINDOWS - redoit: -# endif + if (BIO_sock_init() != 1) + return 0; - memset((char *)&from, 0, sizeof(from)); - len = sizeof(from); - /* - * Note: under VMS with SOCKETSHR the fourth parameter is currently of - * type (int *) whereas under other systems it is (void *) if you don't - * have a cast it will choke the compiler: if you do have a cast then you - * can either go for (int *) or (void *). - */ - ret = accept(acc_sock, (struct sockaddr *)&from, (void *)&len); - if (ret == INVALID_SOCKET) { -# if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)) - int i; - i = WSAGetLastError(); - BIO_printf(bio_err, "accept error %d\n", i); -# else - if (errno == EINTR) { - /* - * check_timeout(); - */ - goto redoit; - } - fprintf(stderr, "errno=%d ", errno); - perror("accept"); -# endif - return (0); + if (!BIO_lookup_ex(host, port, BIO_LOOKUP_SERVER, family, type, protocol, + &res)) { + ERR_print_errors(bio_err); + return 0; } -/*- - ling.l_onoff=1; - ling.l_linger=0; - i=setsockopt(ret,SOL_SOCKET,SO_LINGER,(char *)&ling,sizeof(ling)); - if (i < 0) { perror("linger"); return(0); } - i=0; - i=setsockopt(ret,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i)); - if (i < 0) { perror("keepalive"); return(0); } -*/ - - if (host == NULL) - goto end; -# ifndef BIT_FIELD_LIMITS - /* I should use WSAAsyncGetHostByName() under windows */ - h1 = gethostbyaddr((char *)&from.sin_addr.s_addr, - sizeof(from.sin_addr.s_addr), AF_INET); -# else - h1 = gethostbyaddr((char *)&from.sin_addr, - sizeof(struct in_addr), AF_INET); -# endif - if (h1 == NULL) { - BIO_printf(bio_err, "bad gethostbyaddr\n"); - *host = NULL; - /* return(0); */ - } else { - if ((*host = (char *)OPENSSL_malloc(strlen(h1->h_name) + 1)) == NULL) { - perror("OPENSSL_malloc"); - closesocket(ret); - return (0); - } - BUF_strlcpy(*host, h1->h_name, strlen(h1->h_name) + 1); - - h2 = GetHostByName(*host); - if (h2 == NULL) { - BIO_printf(bio_err, "gethostbyname failure\n"); - closesocket(ret); - return (0); - } - if (h2->h_addrtype != AF_INET) { - BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n"); - closesocket(ret); - return (0); + /* Admittedly, these checks are quite paranoid, we should not get + * anything in the BIO_ADDRINFO chain that we haven't asked for */ + OPENSSL_assert((family == AF_UNSPEC || family == BIO_ADDRINFO_family(res)) + && (type == 0 || type == BIO_ADDRINFO_socktype(res)) + && (protocol == 0 || protocol == BIO_ADDRINFO_protocol(res))); + + sock_family = BIO_ADDRINFO_family(res); + sock_type = BIO_ADDRINFO_socktype(res); + sock_protocol = BIO_ADDRINFO_protocol(res); + sock_address = BIO_ADDRINFO_address(res); + next = BIO_ADDRINFO_next(res); + if (sock_family == AF_INET6) + sock_options |= BIO_SOCK_V6_ONLY; + if (next != NULL + && BIO_ADDRINFO_socktype(next) == sock_type + && BIO_ADDRINFO_protocol(next) == sock_protocol) { + if (sock_family == AF_INET + && BIO_ADDRINFO_family(next) == AF_INET6) { + sock_family = AF_INET6; + sock_address = BIO_ADDRINFO_address(next); + } else if (sock_family == AF_INET6 + && BIO_ADDRINFO_family(next) == AF_INET) { + sock_options &= ~BIO_SOCK_V6_ONLY; } } - end: - *sock = ret; - return (1); -} -int extract_host_port(char *str, char **host_ptr, unsigned char *ip, - short *port_ptr) -{ - char *h, *p; - - h = str; - p = strchr(str, ':'); - if (p == NULL) { - BIO_printf(bio_err, "no port defined\n"); - return (0); + asock = BIO_socket(sock_family, sock_type, sock_protocol, 0); + if (asock == INVALID_SOCKET + || !BIO_listen(asock, sock_address, sock_options)) { + BIO_ADDRINFO_free(res); + ERR_print_errors(bio_err); + if (asock != INVALID_SOCKET) + BIO_closesocket(asock); + goto end; } - *(p++) = '\0'; - - if ((ip != NULL) && !host_ip(str, ip)) - goto err; - if (host_ptr != NULL) - *host_ptr = h; - - if (!extract_port(p, port_ptr)) - goto err; - return (1); - err: - return (0); -} -static int host_ip(char *str, unsigned char ip[4]) -{ - unsigned int in[4]; - int i; - - if (sscanf(str, "%u.%u.%u.%u", &(in[0]), &(in[1]), &(in[2]), &(in[3])) == - 4) { - for (i = 0; i < 4; i++) - if (in[i] > 255) { - BIO_printf(bio_err, "invalid IP address\n"); - goto err; - } - ip[0] = in[0]; - ip[1] = in[1]; - ip[2] = in[2]; - ip[3] = in[3]; - } else { /* do a gethostbyname */ - struct hostent *he; - - if (!ssl_sock_init()) - return (0); - - he = GetHostByName(str); - if (he == NULL) { - BIO_printf(bio_err, "gethostbyname failure\n"); - goto err; +#ifndef OPENSSL_NO_SCTP + if (protocol == IPPROTO_SCTP) { + /* + * For SCTP we have to set various options on the socket prior to + * accepting. This is done automatically by BIO_new_dgram_sctp(). + * We don't actually need the created BIO though so we free it again + * immediately. + */ + BIO *tmpbio = BIO_new_dgram_sctp(asock, BIO_NOCLOSE); + + if (tmpbio == NULL) { + BIO_closesocket(asock); + ERR_print_errors(bio_err); + goto end; } - /* cast to short because of win16 winsock definition */ - if ((short)he->h_addrtype != AF_INET) { - BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n"); - return (0); - } - ip[0] = he->h_addr_list[0][0]; - ip[1] = he->h_addr_list[0][1]; - ip[2] = he->h_addr_list[0][2]; - ip[3] = he->h_addr_list[0][3]; + BIO_free(tmpbio); } - return (1); - err: - return (0); -} +#endif -int extract_port(char *str, short *port_ptr) -{ - int i; - struct servent *s; - - i = atoi(str); - if (i != 0) - *port_ptr = (unsigned short)i; - else { - s = getservbyname(str, "tcp"); - if (s == NULL) { - BIO_printf(bio_err, "getservbyname failure for %s\n", str); - return (0); + sock_port = BIO_ADDR_rawport(sock_address); + + BIO_ADDRINFO_free(res); + res = NULL; + + if (sock_port == 0) { + /* dynamically allocated port, report which one */ + union BIO_sock_info_u info; + char *hostname = NULL; + char *service = NULL; + int success = 0; + + if ((info.addr = BIO_ADDR_new()) != NULL + && BIO_sock_info(asock, BIO_SOCK_INFO_ADDRESS, &info) + && (hostname = BIO_ADDR_hostname_string(info.addr, 1)) != NULL + && (service = BIO_ADDR_service_string(info.addr, 1)) != NULL + && BIO_printf(bio_s_out, + strchr(hostname, ':') == NULL + ? /* IPv4 */ "ACCEPT %s:%s\n" + : /* IPv6 */ "ACCEPT [%s]:%s\n", + hostname, service) > 0) + success = 1; + + (void)BIO_flush(bio_s_out); + OPENSSL_free(hostname); + OPENSSL_free(service); + BIO_ADDR_free(info.addr); + if (!success) { + BIO_closesocket(asock); + ERR_print_errors(bio_err); + goto end; } - *port_ptr = ntohs((unsigned short)s->s_port); + } else { + (void)BIO_printf(bio_s_out, "ACCEPT\n"); + (void)BIO_flush(bio_s_out); } - return (1); -} -# define GHBN_NUM 4 -static struct ghbn_cache_st { - char name[128]; - struct hostent ent; - unsigned long order; -} ghbn_cache[GHBN_NUM]; - -static unsigned long ghbn_hits = 0L; -static unsigned long ghbn_miss = 0L; + if (accept_sock != NULL) + *accept_sock = asock; + for (;;) { + char sink[64]; + struct timeval timeout; + fd_set readfds; -static struct hostent *GetHostByName(char *name) -{ - struct hostent *ret; - int i, lowi = 0; - unsigned long low = (unsigned long)-1; - - for (i = 0; i < GHBN_NUM; i++) { - if (low > ghbn_cache[i].order) { - low = ghbn_cache[i].order; - lowi = i; - } - if (ghbn_cache[i].order > 0) { - if (strncmp(name, ghbn_cache[i].name, 128) == 0) + if (type == SOCK_STREAM) { + BIO_ADDR_free(ourpeer); + ourpeer = BIO_ADDR_new(); + if (ourpeer == NULL) { + BIO_closesocket(asock); + ERR_print_errors(bio_err); + goto end; + } + do { + sock = BIO_accept_ex(asock, ourpeer, 0); + } while (sock < 0 && BIO_sock_should_retry(sock)); + if (sock < 0) { + ERR_print_errors(bio_err); + BIO_closesocket(asock); break; + } + BIO_set_tcp_ndelay(sock, 1); + i = (*cb)(sock, type, protocol, context); + + /* + * If we ended with an alert being sent, but still with data in the + * network buffer to be read, then calling BIO_closesocket() will + * result in a TCP-RST being sent. On some platforms (notably + * Windows) then this will result in the peer immediately abandoning + * the connection including any buffered alert data before it has + * had a chance to be read. Shutting down the sending side first, + * and then closing the socket sends TCP-FIN first followed by + * TCP-RST. This seems to allow the peer to read the alert data. + */ + shutdown(sock, 1); /* SHUT_WR */ + /* + * We just said we have nothing else to say, but it doesn't mean + * that the other side has nothing. It's even recommended to + * consume incoming data. [In testing context this ensures that + * alerts are passed on...] + */ + timeout.tv_sec = 0; + timeout.tv_usec = 500000; /* some extreme round-trip */ + do { + FD_ZERO(&readfds); + openssl_fdset(sock, &readfds); + } while (select(sock + 1, &readfds, NULL, NULL, &timeout) > 0 + && readsocket(sock, sink, sizeof(sink)) > 0); + + BIO_closesocket(sock); + } else { + i = (*cb)(asock, type, protocol, context); } - } - if (i == GHBN_NUM) { /* no hit */ - ghbn_miss++; - ret = gethostbyname(name); - if (ret == NULL) - return (NULL); - /* else add to cache */ - if (strlen(name) < sizeof(ghbn_cache[0].name)) { - strcpy(ghbn_cache[lowi].name, name); - memcpy((char *)&(ghbn_cache[lowi].ent), ret, - sizeof(struct hostent)); - ghbn_cache[lowi].order = ghbn_miss + ghbn_hits; + + if (naccept != -1) + naccept--; + if (i < 0 || naccept == 0) { + BIO_closesocket(asock); + ret = i; + break; } - return (ret); - } else { - ghbn_hits++; - ret = &(ghbn_cache[i].ent); - ghbn_cache[i].order = ghbn_miss + ghbn_hits; - return (ret); } + end: +# ifdef AF_UNIX + if (family == AF_UNIX) + unlink(host); +# endif + BIO_ADDR_free(ourpeer); + ourpeer = NULL; + return ret; } -#endif +#endif /* OPENSSL_NO_SOCK */ |