Regarding netinet/sctp.h inclusion in bss_dgram.c

Naveen Shivanna navin.shivanna at gmail.com
Tue Oct 15 10:34:29 UTC 2019


Thanks.
Regarding BIO_dgram_sctp_wait_for_dry() and BIO_dgram_sctp_msg_waiting(),
we can use the new control options which are already merged in master :
BIO_CTRL_DGRAM_SCTP_WAIT_FOR_DRY
BIO_CTRL_DGRAM_SCTP_MSG_WAITING.



On Tue, 15 Oct, 2019, 3:19 PM Matt Caswell, <matt at openssl.org> wrote:

>
>
> On 15/10/2019 10:32, Matt Caswell wrote:
> >
> >
> > On 15/10/2019 07:51, Naveen Shivanna wrote:
> >> Hi,
> >>
> >> After adding 'enable-sctp' compile option, OpenSSL (DTLS) can work with
> >> SCTP as transport.
> >>
> >> OpenSSL bss_dgram.c file includes the kernel /netinet/sctp.h.
> >>
> >> We have our own custom SCTP implementation (also implements  custom BIO
> >> METHODS, do not use the default methods), so we need to remove the
> >> dependency of kernel sctp.h from bss_gram.c file. Our build environment
> >> do not have the sctp.h and we are not supposed to install lksctp-tools.
> >>
> >> Can we tailor the bss_gram.c with new compile macro or is there any
> >> other better solution ?
> >
> > Hmm. There isn't really a "good" way to do this. I can think of two
> options:
> >
> > 1) Modify the OpenSSL source (perhaps in the way that you suggest with a
> > compile time macro)
> >
> > or
> >
> > 2) Provide a "dummy" implementation of netinet/sctp.h. This would have
> > to provide "stub" implementations of any SCTP related functions/macros
> > used by bss_dgram.c. That would enable you to build unmodified OpenSSL
> > source.
>
> Thinking about this a little more, I think you may encounter other
> problems with replacing the standard SCTP BIO with your own one. The
> functions BIO_dgram_sctp_wait_for_dry() and BIO_dgram_sctp_msg_waiting()
> spring to mind. They get called by libssl in certain scenarios, are
> specific to the standard SCTP BIO, and are not replaceable via BIO_METHOD.
>
> I think you would have to implement your own versions of those
> functions, which implies that modifying the OpenSSL source is the only
> possibility.
>
> Matt
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20191015/d053fbf9/attachment.html>


More information about the openssl-users mailing list