diff options
| author | Matt Caswell <matt@openssl.org> | 2017-04-20 10:58:27 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2017-04-25 11:13:39 +0100 |
| commit | dcf88c5b79cbd433ee37276cdf63cdb5d49673cd (patch) | |
| tree | c7ec92f256022aca0ad1007c50ec620a40ae1a59 | |
| parent | 8ccc237720d59cdf249c2c901d19f1fec739e66e (diff) | |
| download | openssl-dcf88c5b79cbd433ee37276cdf63cdb5d49673cd.tar.gz | |
Add better error logging if SCTP AUTH chunks are not enabled
In order to use SCTP over DTLS we need ACTP AUTH chunks to be enabled in
the kernel.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3286)
| -rw-r--r-- | crypto/bio/bio_err.c | 1 | ||||
| -rw-r--r-- | crypto/bio/bss_dgram.c | 17 | ||||
| -rw-r--r-- | include/openssl/bio.h | 1 |
3 files changed, 16 insertions, 3 deletions
diff --git a/crypto/bio/bio_err.c b/crypto/bio/bio_err.c index c49a934095..9442d80e61 100644 --- a/crypto/bio/bio_err.c +++ b/crypto/bio/bio_err.c @@ -36,6 +36,7 @@ static ERR_STRING_DATA BIO_str_functs[] = { {ERR_FUNC(BIO_F_BIO_LOOKUP_EX), "BIO_lookup_ex"}, {ERR_FUNC(BIO_F_BIO_MAKE_PAIR), "bio_make_pair"}, {ERR_FUNC(BIO_F_BIO_NEW), "BIO_new"}, + {ERR_FUNC(BIO_F_BIO_NEW_DGRAM_SCTP), "BIO_new_dgram_sctp"}, {ERR_FUNC(BIO_F_BIO_NEW_FILE), "BIO_new_file"}, {ERR_FUNC(BIO_F_BIO_NEW_MEM_BUF), "BIO_new_mem_buf"}, {ERR_FUNC(BIO_F_BIO_NREAD), "BIO_nread"}, diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c index d43e8dc471..d3a7b03fba 100644 --- a/crypto/bio/bss_dgram.c +++ b/crypto/bio/bss_dgram.c @@ -842,6 +842,8 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag) sizeof(struct sctp_authchunk)); if (ret < 0) { BIO_vfree(bio); + BIOerr(BIO_F_BIO_NEW_DGRAM_SCTP, ERR_R_SYS_LIB); + ERR_add_error_data(1, "Ensure SCTP AUTH chunks are enabled in kernel"); return (NULL); } auth.sauth_chunk = OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE; @@ -850,13 +852,16 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag) sizeof(struct sctp_authchunk)); if (ret < 0) { BIO_vfree(bio); + BIOerr(BIO_F_BIO_NEW_DGRAM_SCTP, ERR_R_SYS_LIB); + ERR_add_error_data(1, "Ensure SCTP AUTH chunks are enabled in kernel"); return (NULL); } /* * Test if activation was successful. When using accept(), SCTP-AUTH has * to be activated for the listening socket already, otherwise the - * connected socket won't use it. + * connected socket won't use it. Similarly with connect(): the socket + * prior to connection must be activated for SCTP-AUTH */ sockopt_len = (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t)); authchunks = OPENSSL_zalloc(sockopt_len); @@ -883,8 +888,14 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag) OPENSSL_free(authchunks); - OPENSSL_assert(auth_data); - OPENSSL_assert(auth_forward); + if (!auth_data || !auth_forward) { + BIO_vfree(bio); + BIOerr(BIO_F_BIO_NEW_DGRAM_SCTP, ERR_R_SYS_LIB); + ERR_add_error_data(1, + "Ensure SCTP AUTH chunks are enabled on the " + "underlying socket"); + return NULL; + } # ifdef SCTP_AUTHENTICATION_EVENT # ifdef SCTP_EVENT diff --git a/include/openssl/bio.h b/include/openssl/bio.h index 225642bed0..dea28c1cc1 100644 --- a/include/openssl/bio.h +++ b/include/openssl/bio.h @@ -811,6 +811,7 @@ int ERR_load_BIO_strings(void); # define BIO_F_BIO_LOOKUP_EX 143 # define BIO_F_BIO_MAKE_PAIR 121 # define BIO_F_BIO_NEW 108 +# define BIO_F_BIO_NEW_DGRAM_SCTP 145 # define BIO_F_BIO_NEW_FILE 109 # define BIO_F_BIO_NEW_MEM_BUF 126 # define BIO_F_BIO_NREAD 123 |