提交 dcf88c5b 编写于 作者: M Matt Caswell

Add better error logging if SCTP AUTH chunks are not enabled

In order to use SCTP over DTLS we need ACTP AUTH chunks to be enabled in
the kernel.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3286)
上级 8ccc2377
......@@ -36,6 +36,7 @@ static ERR_STRING_DATA BIO_str_functs[] = {
{ERR_FUNC(BIO_F_BIO_LOOKUP_EX), "BIO_lookup_ex"},
{ERR_FUNC(BIO_F_BIO_MAKE_PAIR), "bio_make_pair"},
{ERR_FUNC(BIO_F_BIO_NEW), "BIO_new"},
{ERR_FUNC(BIO_F_BIO_NEW_DGRAM_SCTP), "BIO_new_dgram_sctp"},
{ERR_FUNC(BIO_F_BIO_NEW_FILE), "BIO_new_file"},
{ERR_FUNC(BIO_F_BIO_NEW_MEM_BUF), "BIO_new_mem_buf"},
{ERR_FUNC(BIO_F_BIO_NREAD), "BIO_nread"},
......
......@@ -842,6 +842,8 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag)
sizeof(struct sctp_authchunk));
if (ret < 0) {
BIO_vfree(bio);
BIOerr(BIO_F_BIO_NEW_DGRAM_SCTP, ERR_R_SYS_LIB);
ERR_add_error_data(1, "Ensure SCTP AUTH chunks are enabled in kernel");
return (NULL);
}
auth.sauth_chunk = OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE;
......@@ -850,13 +852,16 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag)
sizeof(struct sctp_authchunk));
if (ret < 0) {
BIO_vfree(bio);
BIOerr(BIO_F_BIO_NEW_DGRAM_SCTP, ERR_R_SYS_LIB);
ERR_add_error_data(1, "Ensure SCTP AUTH chunks are enabled in kernel");
return (NULL);
}
/*
* Test if activation was successful. When using accept(), SCTP-AUTH has
* to be activated for the listening socket already, otherwise the
* connected socket won't use it.
* connected socket won't use it. Similarly with connect(): the socket
* prior to connection must be activated for SCTP-AUTH
*/
sockopt_len = (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
authchunks = OPENSSL_zalloc(sockopt_len);
......@@ -883,8 +888,14 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag)
OPENSSL_free(authchunks);
OPENSSL_assert(auth_data);
OPENSSL_assert(auth_forward);
if (!auth_data || !auth_forward) {
BIO_vfree(bio);
BIOerr(BIO_F_BIO_NEW_DGRAM_SCTP, ERR_R_SYS_LIB);
ERR_add_error_data(1,
"Ensure SCTP AUTH chunks are enabled on the "
"underlying socket");
return NULL;
}
# ifdef SCTP_AUTHENTICATION_EVENT
# ifdef SCTP_EVENT
......
......@@ -811,6 +811,7 @@ int ERR_load_BIO_strings(void);
# define BIO_F_BIO_LOOKUP_EX 143
# define BIO_F_BIO_MAKE_PAIR 121
# define BIO_F_BIO_NEW 108
# define BIO_F_BIO_NEW_DGRAM_SCTP 145
# define BIO_F_BIO_NEW_FILE 109
# define BIO_F_BIO_NEW_MEM_BUF 126
# define BIO_F_BIO_NREAD 123
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册