Commit dcf88c5b authored by Matt Caswell's avatar Matt Caswell
Browse files

Add better error logging if SCTP AUTH chunks are not enabled 



In order to use SCTP over DTLS we need ACTP AUTH chunks to be enabled in
the kernel.

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3286)
parent 8ccc2377

crypto/bio/bio_err.c

+1 −0
Original line number Diff line number Diff line
@@ -36,6 +36,7 @@ static ERR_STRING_DATA BIO_str_functs[] = { 
    {ERR_FUNC(BIO_F_BIO_LOOKUP_EX), "BIO_lookup_ex"},

    {ERR_FUNC(BIO_F_BIO_MAKE_PAIR), "bio_make_pair"},

    {ERR_FUNC(BIO_F_BIO_NEW), "BIO_new"},

    {ERR_FUNC(BIO_F_BIO_NEW_DGRAM_SCTP), "BIO_new_dgram_sctp"},

    {ERR_FUNC(BIO_F_BIO_NEW_FILE), "BIO_new_file"},

    {ERR_FUNC(BIO_F_BIO_NEW_MEM_BUF), "BIO_new_mem_buf"},

    {ERR_FUNC(BIO_F_BIO_NREAD), "BIO_nread"},

crypto/bio/bss_dgram.c

+14 −3
Original line number Diff line number Diff line
@@ -842,6 +842,8 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag) 
                   sizeof(struct sctp_authchunk));

    if (ret < 0) {

        BIO_vfree(bio);

        BIOerr(BIO_F_BIO_NEW_DGRAM_SCTP, ERR_R_SYS_LIB);

        ERR_add_error_data(1, "Ensure SCTP AUTH chunks are enabled in kernel");

        return (NULL);

    }

    auth.sauth_chunk = OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE;
@@ -850,13 +852,16 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag) 
                   sizeof(struct sctp_authchunk));

    if (ret < 0) {

        BIO_vfree(bio);

        BIOerr(BIO_F_BIO_NEW_DGRAM_SCTP, ERR_R_SYS_LIB);

        ERR_add_error_data(1, "Ensure SCTP AUTH chunks are enabled in kernel");

        return (NULL);

    }



    /*

     * Test if activation was successful. When using accept(), SCTP-AUTH has

     * to be activated for the listening socket already, otherwise the

     * connected socket won't use it.

     * connected socket won't use it. Similarly with connect(): the socket

     * prior to connection must be activated for SCTP-AUTH

     */

    sockopt_len = (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));

    authchunks = OPENSSL_zalloc(sockopt_len);
@@ -883,8 +888,14 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag) 


    OPENSSL_free(authchunks);



    OPENSSL_assert(auth_data);

    OPENSSL_assert(auth_forward);

    if (!auth_data || !auth_forward) {

        BIO_vfree(bio);

        BIOerr(BIO_F_BIO_NEW_DGRAM_SCTP, ERR_R_SYS_LIB);

        ERR_add_error_data(1,

                           "Ensure SCTP AUTH chunks are enabled on the "

                           "underlying socket");

        return NULL;

    }



#  ifdef SCTP_AUTHENTICATION_EVENT

#   ifdef SCTP_EVENT

include/openssl/bio.h

+1 −0
Original line number Diff line number Diff line
@@ -811,6 +811,7 @@ int ERR_load_BIO_strings(void); 
# define BIO_F_BIO_LOOKUP_EX                              143

# define BIO_F_BIO_MAKE_PAIR                              121

# define BIO_F_BIO_NEW                                    108

# define BIO_F_BIO_NEW_DGRAM_SCTP                         145

# define BIO_F_BIO_NEW_FILE                               109

# define BIO_F_BIO_NEW_MEM_BUF                            126

# define BIO_F_BIO_NREAD                                  123