[openssl/openssl] f54970: OpenSSL 3.2.0, QUIC, macOS, error 56 on connected ...

Sashan noreply at github.com
Tue Apr 16 14:39:08 UTC 2024


  Branch: refs/heads/openssl-3.2
  Home:   https://github.com/openssl/openssl
  Commit: f54970c0df1e3a0bc856dc7e4a50ad4893c0dcd5
      https://github.com/openssl/openssl/commit/f54970c0df1e3a0bc856dc7e4a50ad4893c0dcd5
  Author: Alexandr Nedvedicky <sashan at openssl.org>
  Date:   2024-04-16 (Tue, 16 Apr 2024)

  Changed paths:
    M crypto/bio/bss_dgram.c
    M test/quic_client_test.c

  Log Message:
  -----------
  OpenSSL 3.2.0, QUIC, macOS, error 56 on connected UDP socket

current `translate_msg()` function attempts to set `->msg_name`
(and `->msg_namelen`) with `BIO`'s peer name (connection destination)
regardless if underlying socket is connected or not. Such implementation
uncovers differences in socket implementation between various OSes.

As we have learned hard way `sendmsg()` and `sendmmsg()` on `OpenBSD`
and (`MacOS` too) fail to send messages with `->msg_name` being
set on connected socket. In such case the caller receives
`EISCON` errro.

I think `translate_msg()` caller should provide a hint to indicate
whether we deal with connected (or un-connected) socket. For
connected sockets the peer's name should not be set/filled
by `translate_msg()`. On the other hand if socket is un-connected,
then `translate_msg()` must populate `->msg_name` and `->msg_namelen`
members.

The caller can use `getpeername(2)` to see if socket is
connected. If `getpeername()` succeeds then we must be dealing
with connected socket and `translate_msg()` must not set
`->msg_name` and `->msg_namelen` members. If `getpeername(2)`
fails, then `translate_msg()` must provide peer's name (destination
address) in `->msg_name` and set `->msg_namelen` accordingly.

The propposed fix introduces `is_connected()` function,
which applies `getpeername()` to socket bound to `BIO` instance.
The `dgram_sendmmsg()` uses `is_connected()` as a hint
for `translate_msg()` function, so msghdr gets initialized
with respect to socket state.

The change also modifies existing `test/quic_client_test.c`
so it also covers the case of connected socket. To keep
things simple we can introduce optional argument `connect_first`
to `./quic_client_test` function. Without `connect_first`
the test run as usual. With `connect_first` the test creates
and connects socket first. Then it passes such socket to
`BIO` sub-system to perform `QUIC` connect test as usual.

Fixes #23251

Reviewed-by: Neil Horman <nhorman at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23396)

(cherry picked from commit c062403abd71550057b3647b01cc8af4cc2fc18c)



To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications


More information about the openssl-commits mailing list