root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity
openssl/ssl/rio/rio_notifier.c

380 lines
10 KiB
C
Raw Blame History

/*
* Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "internal/sockets.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include "internal/thread_once.h"
#include "internal/rio_notifier.h"
/*
* Sets a socket as close-on-exec, except that this is a no-op if we are certain
* we do not need to do this or the OS does not support the concept.
*/
static int set_cloexec(int fd)
{
#if !defined(SOCK_CLOEXEC) && defined(FD_CLOEXEC)
return fcntl(fd, F_SETFD, FD_CLOEXEC) >= 0;
#else
return 1;
#endif
}
#if defined(OPENSSL_SYS_WINDOWS)
static CRYPTO_ONCE ensure_wsa_startup_once = CRYPTO_ONCE_STATIC_INIT;
static int wsa_started;
static void ossl_wsa_cleanup(void)
{
if (wsa_started) {
wsa_started = 0;
WSACleanup();
}
}
DEFINE_RUN_ONCE_STATIC(do_wsa_startup)
{
WORD versionreq = 0x0202; /* Version 2.2 */
WSADATA wsadata;
if (WSAStartup(versionreq, &wsadata) != 0)
return 0;
wsa_started = 1;
OPENSSL_atexit(ossl_wsa_cleanup);
return 1;
}
static ossl_inline int ensure_wsa_startup(void)
{
return RUN_ONCE(&ensure_wsa_startup_once, do_wsa_startup);
}
#endif
#if RIO_NOTIFIER_METHOD == RIO_NOTIFIER_METHOD_SOCKET
/* Create a close-on-exec socket. */
static int create_socket(int domain, int socktype, int protocol)
{
int fd;
# if defined(OPENSSL_SYS_WINDOWS)
static const int on = 1;
/*
* Use WSASocketA to create a socket which is immediately marked as
* non-inheritable, avoiding race conditions if another thread is about to
* call CreateProcess.
* NOTE: windows xp (0x501) doesn't support the non-inheritance flag here
* but preventing inheritance isn't mandatory, just a safety precaution
* so we can get away with not including it for older platforms
*/
# ifdef WSA_FLAG_NO_HANDLE_INHERIT
fd = (int)WSASocketA(domain, socktype, protocol, NULL, 0,
WSA_FLAG_NO_HANDLE_INHERIT);
/*
* Its also possible that someone is building a binary on a newer windows
* SDK, but running it on a runtime that doesn't support inheritance
* suppression. In that case the above will return INVALID_SOCKET, and
* our response for those older platforms is to try the call again
* without the flag
*/
if (fd == INVALID_SOCKET)
fd = (int)WSASocketA(domain, socktype, protocol, NULL, 0, 0);
# else
fd = (int)WSASocketA(domain, socktype, protocol, NULL, 0, 0);
# endif
if (fd == INVALID_SOCKET) {
int err = get_last_socket_error();
ERR_raise_data(ERR_LIB_SYS, err,
"calling WSASocketA() = %d", err);
return INVALID_SOCKET;
}
/* Prevent interference with the socket from other processes on Windows. */
if (setsockopt(fd, SOL_SOCKET, SO_EXCLUSIVEADDRUSE, (void *)&on, sizeof(on)) < 0) {
ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
"calling setsockopt()");
BIO_closesocket(fd);
return INVALID_SOCKET;
}
# else
# if defined(SOCK_CLOEXEC)
socktype |= SOCK_CLOEXEC;
# endif
fd = BIO_socket(domain, socktype, protocol, 0);
if (fd == INVALID_SOCKET) {
ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
"calling BIO_socket()");
return INVALID_SOCKET;
}
/*
* Make socket close-on-exec unless this was already done above at socket
* creation time.
*/
if (!set_cloexec(fd)) {
ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
"calling set_cloexec()");
BIO_closesocket(fd);
return INVALID_SOCKET;
}
# endif
return fd;
}
/*
* The SOCKET notifier method manually creates a connected TCP socket pair by
* temporarily creating a TCP listener on a random port and connecting back to
* it.
*
* Win32 does not support socketpair(2), and Win32 pipes are not compatible with
* Winsock select(2). This means our only means of making select(2) wakeable is
* to artificially create a loopback TCP connection and send bytes to it.
*/
int ossl_rio_notifier_init(RIO_NOTIFIER *nfy)
{
int rc, lfd = -1, rfd = -1, wfd = -1;
struct sockaddr_in sa = {0}, accept_sa;
socklen_t sa_len = sizeof(sa), accept_sa_len = sizeof(accept_sa);
# if defined(OPENSSL_SYS_WINDOWS)
if (!ensure_wsa_startup()) {
ERR_raise_data(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR,
"Cannot start Windows sockets");
return 0;
}
# endif
/* Create a close-on-exec socket. */
lfd = create_socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (lfd == INVALID_SOCKET) {
ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
"calling create_socket()");
return 0;
}
/* Bind the socket to a random loopback port. */
sa.sin_family = AF_INET;
sa.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
rc = bind(lfd, (const struct sockaddr *)&sa, sizeof(sa));
if (rc < 0) {
ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
"calling bind()");
goto err;
}
/* Determine what random port was allocated. */
rc = getsockname(lfd, (struct sockaddr *)&sa, &sa_len);
if (rc < 0) {
ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
"calling getsockname()");
goto err;
}
/* Start listening. */
rc = listen(lfd, 1);
if (rc < 0) {
ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
"calling listen()");
goto err;
}
/* Create another socket to connect to the listener. */
wfd = create_socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (wfd == INVALID_SOCKET) {
ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
"calling create_socket()");
goto err;
}
/*
* Disable Nagle's algorithm on the writer so that wakeups happen
* immediately.
*/
if (!BIO_set_tcp_ndelay(wfd, 1)) {
ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
"calling BIO_set_tcp_ndelay()");
goto err;
}
/*
* Connect the writer to the listener.
*/
rc = connect(wfd, (struct sockaddr *)&sa, sizeof(sa));
if (rc < 0) {
ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
"calling connect()");
goto err;
}
/*
* The connection accepted from the listener is the read side.
*/
rfd = accept(lfd, (struct sockaddr *)&accept_sa, &accept_sa_len);
if (rfd == INVALID_SOCKET) {
ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
"calling accept()");
goto err;
}
rc = getsockname(wfd, (struct sockaddr *)&sa, &sa_len);
if (rc < 0) {
ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
"calling getsockname()");
goto err;
}
/* Close the listener, which we don't need anymore. */
BIO_closesocket(lfd);
lfd = -1;
/*
* Sanity check - ensure someone else didn't connect to our listener during
* the brief window of possibility above.
*/
if (accept_sa.sin_family != AF_INET || accept_sa.sin_port != sa.sin_port) {
ERR_raise_data(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR,
"connected address differs from accepted address");
goto err;
}
/* Make both sides of the connection non-blocking. */
if (!BIO_socket_nbio(rfd, 1)) {
ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
"calling BIO_socket_nbio()");
goto err;
}
if (!BIO_socket_nbio(wfd, 1)) {
ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
"calling BIO_socket_nbio()");
goto err;
}
nfy->rfd = rfd;
nfy->wfd = wfd;
return 1;
err:
if (lfd != INVALID_SOCKET)
BIO_closesocket(lfd);
if (wfd != INVALID_SOCKET)
BIO_closesocket(wfd);
if (rfd != INVALID_SOCKET)
BIO_closesocket(rfd);
return 0;
}
#elif RIO_NOTIFIER_METHOD == RIO_NOTIFIER_METHOD_SOCKETPAIR
int ossl_rio_notifier_init(RIO_NOTIFIER *nfy)
{
int fds[2], domain = AF_INET, type = SOCK_STREAM;
# if defined(SOCK_CLOEXEC)
type |= SOCK_CLOEXEC;
# endif
# if defined(SOCK_NONBLOCK)
type |= SOCK_NONBLOCK;
# endif
# if defined(OPENSSL_SYS_UNIX) && defined(AF_UNIX)
domain = AF_UNIX;
# endif
if (socketpair(domain, type, 0, fds) < 0) {
ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
"calling socketpair()");
return 0;
}
if (!set_cloexec(fds[0]) || !set_cloexec(fds[1])) {
ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
"calling set_cloexec()");
goto err;
}
# if !defined(SOCK_NONBLOCK)
if (!BIO_socket_nbio(fds[0], 1) || !BIO_socket_nbio(fds[1], 1)) {
ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
"calling BIO_socket_nbio()");
goto err;
}
# endif
if (domain == AF_INET && !BIO_set_tcp_ndelay(fds[1], 1)) {
ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
"calling BIO_set_tcp_ndelay()");
goto err;
}
nfy->rfd = fds[0];
nfy->wfd = fds[1];
return 1;
err:
BIO_closesocket(fds[1]);
BIO_closesocket(fds[0]);
return 0;
}
#endif
void ossl_rio_notifier_cleanup(RIO_NOTIFIER *nfy)
{
if (nfy->rfd < 0)
return;
BIO_closesocket(nfy->wfd);
BIO_closesocket(nfy->rfd);
nfy->rfd = nfy->wfd = -1;
}
int ossl_rio_notifier_signal(RIO_NOTIFIER *nfy)
{
static const unsigned char ch = 0;
ossl_ssize_t wr;
do
/*
* Note: If wr returns 0 the buffer is already full so we don't need to
* do anything.
*/
wr = writesocket(nfy->wfd, (void *)&ch, sizeof(ch));
while (wr < 0 && get_last_socket_error_is_eintr());
return 1;
}
int ossl_rio_notifier_unsignal(RIO_NOTIFIER *nfy)
{
unsigned char buf[16];
ossl_ssize_t rd;
/*
* signal() might have been called multiple times. Drain the buffer until
* it's empty.
*/
do
rd = readsocket(nfy->rfd, (void *)buf, sizeof(buf));
while (rd == sizeof(buf)
|| (rd < 0 && get_last_socket_error_is_eintr()));
if (rd < 0 && !BIO_fd_non_fatal_error(get_last_socket_error()))
return 0;
return 1;
}
Reference in New Issue View Git Blame Copy Permalink