xref: /freebsd/contrib/libevent/test/regress_ssl.c (revision 7ef62cebc2f965b0f640263e179276928885e33d)
1 /*
2  * Copyright (c) 2009-2012 Niels Provos and Nick Mathewson
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  * 3. The name of the author may not be used to endorse or promote products
13  *    derived from this software without specific prior written permission.
14  *
15  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25  */
26 
27 // Get rid of OSX 10.7 and greater deprecation warnings.
28 #if defined(__APPLE__) && defined(__clang__)
29 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
30 #endif
31 
32 #ifdef _WIN32
33 #include <winsock2.h>
34 #include <windows.h>
35 #endif
36 
37 #include "util-internal.h"
38 
39 #ifndef _WIN32
40 #include <sys/types.h>
41 #include <sys/socket.h>
42 #include <netinet/in.h>
43 #endif
44 
45 #include "event2/util.h"
46 #include "event2/event.h"
47 #include "event2/bufferevent_ssl.h"
48 #include "event2/bufferevent_struct.h"
49 #include "event2/buffer.h"
50 #include "event2/listener.h"
51 
52 #include "regress.h"
53 #include "tinytest.h"
54 #include "tinytest_macros.h"
55 
56 #include <openssl/bio.h>
57 #include <openssl/err.h>
58 #include <openssl/pem.h>
59 #include "openssl-compat.h"
60 
61 #include <string.h>
62 #ifdef _WIN32
63 #include <io.h>
64 #define read _read
65 #define write _write
66 #else
67 #include <unistd.h>
68 #endif
69 
70 /* A pre-generated key, to save the cost of doing an RSA key generation step
71  * during the unit tests. It is published in this file, so you would have to
72  * be very foolish to consider using it in your own code. */
73 static const char KEY[] =
74     "-----BEGIN RSA PRIVATE KEY-----\n"
75     "MIIEogIBAAKCAQEAtK07Ili0dkJb79m/sFmHoVJTWyLoveXex2yX/BtUzzcvZEOu\n"
76     "QLon/++5YOA48kzZm5K9mIwZkZhui1ZgJ5Bjq0LGAWTZGIn+NXjLFshPYvTKpOCW\n"
77     "uzL0Ir0LXMsBLYJQ5A4FomLNxs4I3H/dhDSGy/rSiJB1B4w2xNiwPK08/VL3zZqk\n"
78     "V+GsSvGIIkzhTMbqPJy9K8pqyjwOU2pgORS794yXciTGxWYjTDzJPgQ35YMDATaG\n"
79     "jr4HHo1zxU/Lj0pndSUK5rKLYxYQ3Uc8B3AVYDl9CP/GbOoQ4LBzS68JjcAUyp6i\n"
80     "6NfXlc2D9S9XgqVqwI+JqgJs0eW/+zPY2UEDWwIDAQABAoIBAD2HzV66FOM9YDAD\n"
81     "2RtGskEHV2nvLpIVadRCsFPkPvK+2X3s6rgSbbLkwh4y3lHuSCGKTNVZyQ9jeSos\n"
82     "xVxT+Q2HFQW+gYyw2gj91TQyDY8mzKhv8AVaqff2p5r3a7RC8CdqexK9UVUGL9Bg\n"
83     "H2F5vfpTtkVZ5PEoGDLblNFlMiMW/t1SobUeBVx+Msco/xqk9lFv1A9nnepGy0Gi\n"
84     "D+i6YNGTBsX22YhoCZl/ICxCL8lgqPei4FvBr9dBVh/jQgjuUBm2jz55p2r7+7Aw\n"
85     "khmXHReejoVokQ2+htgSgZNKlKuDy710ZpBqnDi8ynQi82Y2qCpyg/p/xcER54B6\n"
86     "hSftaiECgYEA2RkSoxU+nWk+BClQEUZRi88QK5W/M8oo1DvUs36hvPFkw3Jk/gz0\n"
87     "fgd5bnA+MXj0Fc0QHvbddPjIkyoI/evq9GPV+JYIuH5zabrlI3Jvya8q9QpAcEDO\n"
88     "KkL/O09qXVEW52S6l05nh4PLejyI7aTyTIN5nbVLac/+M8MY/qOjZksCgYEA1Q1o\n"
89     "L8kjSavU2xhQmSgZb9W62Do60sa3e73ljrDPoiyvbExldpSdziFYxHBD/Rep0ePf\n"
90     "eVSGS3VSwevt9/jSGo2Oa83TYYns9agBm03oR/Go/DukESdI792NsEM+PRFypVNy\n"
91     "AohWRLj0UU6DV+zLKp0VBavtx0ATeLFX0eN17TECgYBI2O/3Bz7uhQ0JSm+SjFz6\n"
92     "o+2SInp5P2G57aWu4VQWWY3tQ2p+EQzNaWam10UXRrXoxtmc+ktPX9e2AgnoYoyB\n"
93     "myqGcpnUhqHlnZAb999o9r1cYidDQ4uqhLauSTSwwXAFDzjJYsa8o03Y440y6QFh\n"
94     "CVD6yYXXqLJs3g96CqDexwKBgAHxq1+0QCQt8zVElYewO/svQhMzBNJjic0RQIT6\n"
95     "zAo4yij80XgxhvcYiszQEW6/xobpw2JCCS+rFGQ8mOFIXfJsFD6blDAxp/3d2JXo\n"
96     "MhRl+hrDGI4ng5zcsqxHEMxR2m/zwPiQ8eiSn3gWdVBaEsiCwmxY00ScKxFQ3PJH\n"
97     "Vw4hAoGAdZLd8KfjjG6lg7hfpVqavstqVi9LOgkHeCfdjn7JP+76kYrgLk/XdkrP\n"
98     "N/BHhtFVFjOi/mTQfQ5YfZImkm/1ePBy7437DT8BDkOxspa50kK4HPggHnU64h1w\n"
99     "lhdEOj7mAgHwGwwVZWOgs9Lq6vfztnSuhqjha1daESY6kDscPIQ=\n"
100     "-----END RSA PRIVATE KEY-----\n";
101 
102 EVP_PKEY *
103 ssl_getkey(void)
104 {
105 	EVP_PKEY *key;
106 	BIO *bio;
107 
108 	/* new read-only BIO backed by KEY. */
109 	bio = BIO_new_mem_buf((char*)KEY, -1);
110 	tt_assert(bio);
111 
112 	key = PEM_read_bio_PrivateKey(bio,NULL,NULL,NULL);
113 	BIO_free(bio);
114 	tt_assert(key);
115 
116 	return key;
117 end:
118 	return NULL;
119 }
120 
121 X509 *
122 ssl_getcert(void)
123 {
124 	/* Dummy code to make a quick-and-dirty valid certificate with
125 	   OpenSSL.  Don't copy this code into your own program! It does a
126 	   number of things in a stupid and insecure way. */
127 	X509 *x509 = NULL;
128 	X509_NAME *name = NULL;
129 	EVP_PKEY *key = ssl_getkey();
130 	int nid;
131 	time_t now = time(NULL);
132 
133 	tt_assert(key);
134 
135 	x509 = X509_new();
136 	tt_assert(x509);
137 	tt_assert(0 != X509_set_version(x509, 2));
138 	tt_assert(0 != ASN1_INTEGER_set(X509_get_serialNumber(x509),
139 		(long)now));
140 
141 	name = X509_NAME_new();
142 	tt_assert(name);
143 	nid = OBJ_txt2nid("commonName");
144 	tt_assert(NID_undef != nid);
145 	tt_assert(0 != X509_NAME_add_entry_by_NID(
146 		    name, nid, MBSTRING_ASC, (unsigned char*)"example.com",
147 		    -1, -1, 0));
148 
149 	X509_set_subject_name(x509, name);
150 	X509_set_issuer_name(x509, name);
151 
152 	X509_time_adj(X509_get_notBefore(x509), 0, &now);
153 	now += 3600;
154 	X509_time_adj(X509_get_notAfter(x509), 0, &now);
155 	X509_set_pubkey(x509, key);
156 	tt_assert(0 != X509_sign(x509, key, EVP_sha1()));
157 
158 	return x509;
159 end:
160 	X509_free(x509);
161 	return NULL;
162 }
163 
164 static int disable_tls_11_and_12 = 0;
165 static SSL_CTX *the_ssl_ctx = NULL;
166 
167 SSL_CTX *
168 get_ssl_ctx(void)
169 {
170 	if (the_ssl_ctx)
171 		return the_ssl_ctx;
172 	the_ssl_ctx = SSL_CTX_new(SSLv23_method());
173 	if (!the_ssl_ctx)
174 		return NULL;
175 	if (disable_tls_11_and_12) {
176 #ifdef SSL_OP_NO_TLSv1_2
177 		SSL_CTX_set_options(the_ssl_ctx, SSL_OP_NO_TLSv1_2);
178 #endif
179 #ifdef SSL_OP_NO_TLSv1_1
180 		SSL_CTX_set_options(the_ssl_ctx, SSL_OP_NO_TLSv1_1);
181 #endif
182 	}
183 	return the_ssl_ctx;
184 }
185 
186 void
187 init_ssl(void)
188 {
189 #if OPENSSL_VERSION_NUMBER < 0x10100000L
190 	SSL_library_init();
191 	ERR_load_crypto_strings();
192 	SSL_load_error_strings();
193 	OpenSSL_add_all_algorithms();
194 	if (SSLeay() != OPENSSL_VERSION_NUMBER) {
195 		TT_DECLARE("WARN", ("Version mismatch for openssl: compiled with %lx but running with %lx", (unsigned long)OPENSSL_VERSION_NUMBER, (unsigned long) SSLeay()));
196 	}
197 #endif
198 }
199 
200 /* ====================
201    Here's a simple test: we read a number from the input, increment it, and
202    reply, until we get to 1001.
203 */
204 
205 static int test_is_done = 0;
206 static int n_connected = 0;
207 static int got_close = 0;
208 static int got_error = 0;
209 static int got_timeout = 0;
210 static int renegotiate_at = -1;
211 static int stop_when_connected = 0;
212 static int pending_connect_events = 0;
213 static struct event_base *exit_base = NULL;
214 
215 enum regress_openssl_type
216 {
217 	REGRESS_OPENSSL_SOCKETPAIR = 1,
218 	REGRESS_OPENSSL_FILTER = 2,
219 	REGRESS_OPENSSL_RENEGOTIATE = 4,
220 	REGRESS_OPENSSL_OPEN = 8,
221 	REGRESS_OPENSSL_DIRTY_SHUTDOWN = 16,
222 	REGRESS_OPENSSL_FD = 32,
223 
224 	REGRESS_OPENSSL_CLIENT = 64,
225 	REGRESS_OPENSSL_SERVER = 128,
226 
227 	REGRESS_OPENSSL_FREED = 256,
228 	REGRESS_OPENSSL_TIMEOUT = 512,
229 	REGRESS_OPENSSL_SLEEP = 1024,
230 
231 	REGRESS_OPENSSL_CLIENT_WRITE = 2048,
232 };
233 
234 static void
235 bufferevent_openssl_check_fd(struct bufferevent *bev, int filter)
236 {
237 	tt_int_op(bufferevent_getfd(bev), !=, -1);
238 	tt_int_op(bufferevent_setfd(bev, -1), ==, 0);
239 	if (filter) {
240 		tt_int_op(bufferevent_getfd(bev), !=, -1);
241 	} else {
242 		tt_int_op(bufferevent_getfd(bev), ==, -1);
243 	}
244 
245 end:
246 	;
247 }
248 static void
249 bufferevent_openssl_check_freed(struct bufferevent *bev)
250 {
251 	tt_int_op(event_pending(&bev->ev_read, EVLIST_ALL, NULL), ==, 0);
252 	tt_int_op(event_pending(&bev->ev_write, EVLIST_ALL, NULL), ==, 0);
253 
254 end:
255 	;
256 }
257 
258 static void
259 respond_to_number(struct bufferevent *bev, void *ctx)
260 {
261 	struct evbuffer *b = bufferevent_get_input(bev);
262 	char *line;
263 	int n;
264 
265 	enum regress_openssl_type type;
266 	type = (enum regress_openssl_type)ctx;
267 
268 	line = evbuffer_readln(b, NULL, EVBUFFER_EOL_LF);
269 	if (! line)
270 		return;
271 	n = atoi(line);
272 	if (n <= 0)
273 		TT_FAIL(("Bad number: %s", line));
274 	free(line);
275 	TT_BLATHER(("The number was %d", n));
276 	if (n == 1001) {
277 		++test_is_done;
278 		bufferevent_free(bev); /* Should trigger close on other side. */
279 		return;
280 	}
281 	if ((type & REGRESS_OPENSSL_CLIENT) && n == renegotiate_at) {
282 		SSL_renegotiate(bufferevent_openssl_get_ssl(bev));
283 	}
284 	++n;
285 	evbuffer_add_printf(bufferevent_get_output(bev),
286 	    "%d\n", n);
287 	TT_BLATHER(("Done reading; now writing."));
288 	bufferevent_enable(bev, EV_WRITE);
289 	bufferevent_disable(bev, EV_READ);
290 }
291 
292 static void
293 done_writing_cb(struct bufferevent *bev, void *ctx)
294 {
295 	struct evbuffer *b = bufferevent_get_output(bev);
296 	if (evbuffer_get_length(b))
297 		return;
298 	TT_BLATHER(("Done writing."));
299 	bufferevent_disable(bev, EV_WRITE);
300 	bufferevent_enable(bev, EV_READ);
301 }
302 
303 static void
304 eventcb(struct bufferevent *bev, short what, void *ctx)
305 {
306 	enum regress_openssl_type type;
307 	type = (enum regress_openssl_type)ctx;
308 
309 	TT_BLATHER(("Got event %d", (int)what));
310 	if (what & BEV_EVENT_CONNECTED) {
311 		SSL *ssl;
312 		X509 *peer_cert;
313 		++n_connected;
314 		ssl = bufferevent_openssl_get_ssl(bev);
315 		tt_assert(ssl);
316 		peer_cert = SSL_get_peer_certificate(ssl);
317 		if (type & REGRESS_OPENSSL_SERVER) {
318 			tt_assert(peer_cert == NULL);
319 		} else {
320 			tt_assert(peer_cert != NULL);
321 		}
322 		if (stop_when_connected) {
323 			if (--pending_connect_events == 0)
324 				event_base_loopexit(exit_base, NULL);
325 		}
326 
327 		if ((type & REGRESS_OPENSSL_CLIENT_WRITE) && (type & REGRESS_OPENSSL_CLIENT))
328 			evbuffer_add_printf(bufferevent_get_output(bev), "1\n");
329 	} else if (what & BEV_EVENT_EOF) {
330 		TT_BLATHER(("Got a good EOF"));
331 		++got_close;
332 		if (type & REGRESS_OPENSSL_FD) {
333 			bufferevent_openssl_check_fd(bev, type & REGRESS_OPENSSL_FILTER);
334 		}
335 		if (type & REGRESS_OPENSSL_FREED) {
336 			bufferevent_openssl_check_freed(bev);
337 		}
338 		bufferevent_free(bev);
339 	} else if (what & BEV_EVENT_ERROR) {
340 		TT_BLATHER(("Got an error."));
341 		++got_error;
342 		if (type & REGRESS_OPENSSL_FD) {
343 			bufferevent_openssl_check_fd(bev, type & REGRESS_OPENSSL_FILTER);
344 		}
345 		if (type & REGRESS_OPENSSL_FREED) {
346 			bufferevent_openssl_check_freed(bev);
347 		}
348 		bufferevent_free(bev);
349 	} else if (what & BEV_EVENT_TIMEOUT) {
350 		TT_BLATHER(("Got timeout."));
351 		++got_timeout;
352 		if (type & REGRESS_OPENSSL_FD) {
353 			bufferevent_openssl_check_fd(bev, type & REGRESS_OPENSSL_FILTER);
354 		}
355 		if (type & REGRESS_OPENSSL_FREED) {
356 			bufferevent_openssl_check_freed(bev);
357 		}
358 		bufferevent_free(bev);
359 	}
360 end:
361 	;
362 }
363 
364 static void
365 open_ssl_bufevs(struct bufferevent **bev1_out, struct bufferevent **bev2_out,
366     struct event_base *base, int is_open, int flags, SSL *ssl1, SSL *ssl2,
367     evutil_socket_t *fd_pair, struct bufferevent **underlying_pair,
368     enum regress_openssl_type type)
369 {
370 	int state1 = is_open ? BUFFEREVENT_SSL_OPEN :BUFFEREVENT_SSL_CONNECTING;
371 	int state2 = is_open ? BUFFEREVENT_SSL_OPEN :BUFFEREVENT_SSL_ACCEPTING;
372 	int dirty_shutdown = type & REGRESS_OPENSSL_DIRTY_SHUTDOWN;
373 	if (fd_pair) {
374 		*bev1_out = bufferevent_openssl_socket_new(
375 			base, fd_pair[0], ssl1, state1, flags);
376 		*bev2_out = bufferevent_openssl_socket_new(
377 			base, fd_pair[1], ssl2, state2, flags);
378 	} else {
379 		*bev1_out = bufferevent_openssl_filter_new(
380 			base, underlying_pair[0], ssl1, state1, flags);
381 		*bev2_out = bufferevent_openssl_filter_new(
382 			base, underlying_pair[1], ssl2, state2, flags);
383 
384 	}
385 	bufferevent_setcb(*bev1_out, respond_to_number, done_writing_cb,
386 	    eventcb, (void*)(REGRESS_OPENSSL_CLIENT | (long)type));
387 	bufferevent_setcb(*bev2_out, respond_to_number, done_writing_cb,
388 	    eventcb, (void*)(REGRESS_OPENSSL_SERVER | (long)type));
389 
390 	bufferevent_openssl_set_allow_dirty_shutdown(*bev1_out, dirty_shutdown);
391 	bufferevent_openssl_set_allow_dirty_shutdown(*bev2_out, dirty_shutdown);
392 }
393 
394 static void
395 regress_bufferevent_openssl(void *arg)
396 {
397 	struct basic_test_data *data = arg;
398 
399 	struct bufferevent *bev1, *bev2;
400 	SSL *ssl1, *ssl2;
401 	X509 *cert = ssl_getcert();
402 	EVP_PKEY *key = ssl_getkey();
403 	int flags = BEV_OPT_DEFER_CALLBACKS;
404 	struct bufferevent *bev_ll[2] = { NULL, NULL };
405 	evutil_socket_t *fd_pair = NULL;
406 
407 	enum regress_openssl_type type;
408 	type = (enum regress_openssl_type)data->setup_data;
409 
410 	tt_assert(cert);
411 	tt_assert(key);
412 
413 	init_ssl();
414 
415 	if (type & REGRESS_OPENSSL_RENEGOTIATE) {
416 		if (SSLeay() >= 0x10001000 &&
417 		    SSLeay() <  0x1000104f) {
418 			/* 1.0.1 up to 1.0.1c has a bug where TLS1.1 and 1.2
419 			 * can't renegotiate with themselves. Disable. */
420 			disable_tls_11_and_12 = 1;
421 		}
422 		renegotiate_at = 600;
423 	}
424 
425 	ssl1 = SSL_new(get_ssl_ctx());
426 	ssl2 = SSL_new(get_ssl_ctx());
427 
428 	SSL_use_certificate(ssl2, cert);
429 	SSL_use_PrivateKey(ssl2, key);
430 
431 	if (!(type & REGRESS_OPENSSL_OPEN))
432 		flags |= BEV_OPT_CLOSE_ON_FREE;
433 
434 	if (!(type & REGRESS_OPENSSL_FILTER)) {
435 		tt_assert(type & REGRESS_OPENSSL_SOCKETPAIR);
436 		fd_pair = data->pair;
437 	} else {
438 		bev_ll[0] = bufferevent_socket_new(data->base, data->pair[0],
439 		    BEV_OPT_CLOSE_ON_FREE);
440 		bev_ll[1] = bufferevent_socket_new(data->base, data->pair[1],
441 		    BEV_OPT_CLOSE_ON_FREE);
442 	}
443 
444 	open_ssl_bufevs(&bev1, &bev2, data->base, 0, flags, ssl1, ssl2,
445 	    fd_pair, bev_ll, type);
446 
447 	if (!(type & REGRESS_OPENSSL_FILTER)) {
448 		tt_int_op(bufferevent_getfd(bev1), ==, data->pair[0]);
449 	} else {
450 		tt_ptr_op(bufferevent_get_underlying(bev1), ==, bev_ll[0]);
451 	}
452 
453 	if (type & REGRESS_OPENSSL_OPEN) {
454 		pending_connect_events = 2;
455 		stop_when_connected = 1;
456 		exit_base = data->base;
457 		event_base_dispatch(data->base);
458 		/* Okay, now the renegotiation is done.  Make new
459 		 * bufferevents to test opening in BUFFEREVENT_SSL_OPEN */
460 		flags |= BEV_OPT_CLOSE_ON_FREE;
461 		bufferevent_free(bev1);
462 		bufferevent_free(bev2);
463 		bev1 = bev2 = NULL;
464 		open_ssl_bufevs(&bev1, &bev2, data->base, 1, flags, ssl1, ssl2,
465 		    fd_pair, bev_ll, type);
466 	}
467 
468 	if (!(type & REGRESS_OPENSSL_TIMEOUT)) {
469 		bufferevent_enable(bev1, EV_READ|EV_WRITE);
470 		bufferevent_enable(bev2, EV_READ|EV_WRITE);
471 
472 		if (!(type & REGRESS_OPENSSL_CLIENT_WRITE))
473 			evbuffer_add_printf(bufferevent_get_output(bev1), "1\n");
474 
475 		event_base_dispatch(data->base);
476 
477 		tt_assert(test_is_done == 1);
478 		tt_assert(n_connected == 2);
479 
480 		/* We don't handle shutdown properly yet */
481 		if (type & REGRESS_OPENSSL_DIRTY_SHUTDOWN) {
482 			tt_int_op(got_close, ==, 1);
483 			tt_int_op(got_error, ==, 0);
484 		} else {
485 			tt_int_op(got_error, ==, 1);
486 		}
487 		tt_int_op(got_timeout, ==, 0);
488 	} else {
489 		struct timeval t = { 2, 0 };
490 
491 		bufferevent_enable(bev1, EV_READ|EV_WRITE);
492 		bufferevent_disable(bev2, EV_READ|EV_WRITE);
493 
494 		bufferevent_set_timeouts(bev1, &t, &t);
495 
496 		if (!(type & REGRESS_OPENSSL_CLIENT_WRITE))
497 			evbuffer_add_printf(bufferevent_get_output(bev1), "1\n");
498 
499 		event_base_dispatch(data->base);
500 
501 		tt_assert(test_is_done == 0);
502 		tt_assert(n_connected == 0);
503 
504 		tt_int_op(got_close, ==, 0);
505 		tt_int_op(got_error, ==, 0);
506 		tt_int_op(got_timeout, ==, 1);
507 	}
508 end:
509 	return;
510 }
511 
512 static void
513 acceptcb_deferred(evutil_socket_t fd, short events, void *arg)
514 {
515 	struct bufferevent *bev = arg;
516 	bufferevent_enable(bev, EV_READ|EV_WRITE);
517 }
518 static void
519 acceptcb(struct evconnlistener *listener, evutil_socket_t fd,
520     struct sockaddr *addr, int socklen, void *arg)
521 {
522 	struct basic_test_data *data = arg;
523 	struct bufferevent *bev;
524 	enum regress_openssl_type type;
525 	SSL *ssl = SSL_new(get_ssl_ctx());
526 
527 	type = (enum regress_openssl_type)data->setup_data;
528 
529 	SSL_use_certificate(ssl, ssl_getcert());
530 	SSL_use_PrivateKey(ssl, ssl_getkey());
531 
532 	bev = bufferevent_openssl_socket_new(
533 		data->base,
534 		fd,
535 		ssl,
536 		BUFFEREVENT_SSL_ACCEPTING,
537 		BEV_OPT_CLOSE_ON_FREE|BEV_OPT_DEFER_CALLBACKS);
538 
539 	bufferevent_setcb(bev, respond_to_number, NULL, eventcb,
540 	    (void*)(REGRESS_OPENSSL_SERVER));
541 
542 	if (type & REGRESS_OPENSSL_SLEEP) {
543 		struct timeval when = { 1, 0 };
544 		event_base_once(data->base, -1, EV_TIMEOUT,
545 		    acceptcb_deferred, bev, &when);
546 		bufferevent_disable(bev, EV_READ|EV_WRITE);
547 	} else {
548 		bufferevent_enable(bev, EV_READ|EV_WRITE);
549 	}
550 
551 	/* Only accept once, then disable ourself. */
552 	evconnlistener_disable(listener);
553 }
554 
555 struct rwcount
556 {
557 	int fd;
558 	size_t read;
559 	size_t write;
560 };
561 static int
562 bio_rwcount_new(BIO *b)
563 {
564 	BIO_set_init(b, 0);
565 	BIO_set_data(b, NULL);
566 	return 1;
567 }
568 static int
569 bio_rwcount_free(BIO *b)
570 {
571 	if (!b)
572 		return 0;
573 	if (BIO_get_shutdown(b)) {
574 		BIO_set_init(b, 0);
575 		BIO_set_data(b, NULL);
576 	}
577 	return 1;
578 }
579 static int
580 bio_rwcount_read(BIO *b, char *out, int outlen)
581 {
582 	struct rwcount *rw = BIO_get_data(b);
583 	ev_ssize_t ret = recv(rw->fd, out, outlen, 0);
584 	++rw->read;
585 	if (ret == -1 && EVUTIL_ERR_RW_RETRIABLE(EVUTIL_SOCKET_ERROR())) {
586 		BIO_set_retry_read(b);
587 	}
588 	return ret;
589 }
590 static int
591 bio_rwcount_write(BIO *b, const char *in, int inlen)
592 {
593 
594 	struct rwcount *rw = BIO_get_data(b);
595 	ev_ssize_t ret = send(rw->fd, in, inlen, 0);
596 	++rw->write;
597 	if (ret == -1 && EVUTIL_ERR_RW_RETRIABLE(EVUTIL_SOCKET_ERROR())) {
598 		BIO_set_retry_write(b);
599 	}
600 	return ret;
601 }
602 static long
603 bio_rwcount_ctrl(BIO *b, int cmd, long num, void *ptr)
604 {
605 	long ret = 0;
606 	switch (cmd) {
607 	case BIO_CTRL_GET_CLOSE:
608 		ret = BIO_get_shutdown(b);
609 		break;
610 	case BIO_CTRL_SET_CLOSE:
611 		BIO_set_shutdown(b, (int)num);
612 		break;
613 	case BIO_CTRL_PENDING:
614 		ret = 0;
615 		break;
616 	case BIO_CTRL_WPENDING:
617 		ret = 0;
618 		break;
619 	case BIO_CTRL_DUP:
620 	case BIO_CTRL_FLUSH:
621 		ret = 1;
622 		break;
623 	}
624 	return ret;
625 }
626 static int
627 bio_rwcount_puts(BIO *b, const char *s)
628 {
629 	return bio_rwcount_write(b, s, strlen(s));
630 }
631 #define BIO_TYPE_LIBEVENT_RWCOUNT 0xff1
632 static BIO_METHOD *methods_rwcount;
633 
634 static BIO_METHOD *
635 BIO_s_rwcount(void)
636 {
637 	if (methods_rwcount == NULL) {
638 		methods_rwcount = BIO_meth_new(BIO_TYPE_LIBEVENT_RWCOUNT, "rwcount");
639 		if (methods_rwcount == NULL)
640 			return NULL;
641 		BIO_meth_set_write(methods_rwcount, bio_rwcount_write);
642 		BIO_meth_set_read(methods_rwcount, bio_rwcount_read);
643 		BIO_meth_set_puts(methods_rwcount, bio_rwcount_puts);
644 		BIO_meth_set_ctrl(methods_rwcount, bio_rwcount_ctrl);
645 		BIO_meth_set_create(methods_rwcount, bio_rwcount_new);
646 		BIO_meth_set_destroy(methods_rwcount, bio_rwcount_free);
647 	}
648 	return methods_rwcount;
649 }
650 static BIO *
651 BIO_new_rwcount(int close_flag)
652 {
653 	BIO *result;
654 	if (!(result = BIO_new(BIO_s_rwcount())))
655 		return NULL;
656 	BIO_set_init(result, 1);
657 	BIO_set_data(result,  NULL);
658 	BIO_set_shutdown(result, !!close_flag);
659 	return result;
660 }
661 
662 static void
663 regress_bufferevent_openssl_connect(void *arg)
664 {
665 	struct basic_test_data *data = arg;
666 
667 	struct event_base *base = data->base;
668 
669 	struct evconnlistener *listener;
670 	struct bufferevent *bev;
671 	struct sockaddr_in sin;
672 	struct sockaddr_storage ss;
673 	ev_socklen_t slen;
674 	SSL *ssl;
675 	BIO *bio;
676 	struct rwcount rw = { -1, 0, 0 };
677 	enum regress_openssl_type type;
678 
679 	type = (enum regress_openssl_type)data->setup_data;
680 
681 	init_ssl();
682 
683 	memset(&sin, 0, sizeof(sin));
684 	sin.sin_family = AF_INET;
685 	sin.sin_addr.s_addr = htonl(0x7f000001);
686 
687 	memset(&ss, 0, sizeof(ss));
688 	slen = sizeof(ss);
689 
690 	listener = evconnlistener_new_bind(base, acceptcb, data,
691 	    LEV_OPT_CLOSE_ON_FREE|LEV_OPT_REUSEABLE,
692 	    -1, (struct sockaddr *)&sin, sizeof(sin));
693 
694 	tt_assert(listener);
695 	tt_assert(evconnlistener_get_fd(listener) >= 0);
696 
697 	ssl = SSL_new(get_ssl_ctx());
698 	tt_assert(ssl);
699 
700 	bev = bufferevent_openssl_socket_new(
701 		data->base, -1, ssl,
702 		BUFFEREVENT_SSL_CONNECTING,
703 		BEV_OPT_CLOSE_ON_FREE|BEV_OPT_DEFER_CALLBACKS);
704 	tt_assert(bev);
705 
706 	bufferevent_setcb(bev, respond_to_number, NULL, eventcb,
707 	    (void*)(REGRESS_OPENSSL_CLIENT));
708 
709 	tt_assert(getsockname(evconnlistener_get_fd(listener),
710 		(struct sockaddr*)&ss, &slen) == 0);
711 	tt_assert(slen == sizeof(struct sockaddr_in));
712 	tt_int_op(((struct sockaddr*)&ss)->sa_family, ==, AF_INET);
713 
714 	tt_assert(0 ==
715 	    bufferevent_socket_connect(bev, (struct sockaddr*)&ss, slen));
716 	/* Possible only when we have fd, since be_openssl can and will overwrite
717 	 * bio otherwise before */
718 	if (type & REGRESS_OPENSSL_SLEEP) {
719 		rw.fd = bufferevent_getfd(bev);
720 		bio = BIO_new_rwcount(0);
721 		tt_assert(bio);
722 		BIO_set_data(bio, &rw);
723 		SSL_set_bio(ssl, bio, bio);
724 	}
725 	evbuffer_add_printf(bufferevent_get_output(bev), "1\n");
726 	bufferevent_enable(bev, EV_READ|EV_WRITE);
727 
728 	event_base_dispatch(base);
729 
730 	tt_int_op(rw.read, <=, 100);
731 	tt_int_op(rw.write, <=, 100);
732 end:
733 	;
734 }
735 
736 struct testcase_t ssl_testcases[] = {
737 #define T(a) ((void *)(a))
738 	{ "bufferevent_socketpair", regress_bufferevent_openssl,
739 	  TT_ISOLATED, &basic_setup, T(REGRESS_OPENSSL_SOCKETPAIR) },
740 	{ "bufferevent_socketpair_write_after_connect", regress_bufferevent_openssl,
741 	  TT_ISOLATED, &basic_setup,
742 	  T(REGRESS_OPENSSL_SOCKETPAIR|REGRESS_OPENSSL_CLIENT_WRITE) },
743 	{ "bufferevent_filter", regress_bufferevent_openssl,
744 	  TT_ISOLATED, &basic_setup, T(REGRESS_OPENSSL_FILTER) },
745 	{ "bufferevent_filter_write_after_connect", regress_bufferevent_openssl,
746 	  TT_ISOLATED, &basic_setup,
747 	  T(REGRESS_OPENSSL_FILTER|REGRESS_OPENSSL_CLIENT_WRITE) },
748 	{ "bufferevent_renegotiate_socketpair", regress_bufferevent_openssl,
749 	  TT_ISOLATED, &basic_setup,
750 	  T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_RENEGOTIATE) },
751 	{ "bufferevent_renegotiate_filter", regress_bufferevent_openssl,
752 	  TT_ISOLATED, &basic_setup,
753 	  T(REGRESS_OPENSSL_FILTER | REGRESS_OPENSSL_RENEGOTIATE) },
754 	{ "bufferevent_socketpair_startopen", regress_bufferevent_openssl,
755 	  TT_ISOLATED, &basic_setup,
756 	  T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_OPEN) },
757 	{ "bufferevent_filter_startopen", regress_bufferevent_openssl,
758 	  TT_ISOLATED, &basic_setup,
759 	  T(REGRESS_OPENSSL_FILTER | REGRESS_OPENSSL_OPEN) },
760 
761 	{ "bufferevent_socketpair_dirty_shutdown", regress_bufferevent_openssl,
762 	  TT_ISOLATED, &basic_setup,
763 	  T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_DIRTY_SHUTDOWN) },
764 	{ "bufferevent_filter_dirty_shutdown", regress_bufferevent_openssl,
765 	  TT_ISOLATED, &basic_setup,
766 	  T(REGRESS_OPENSSL_FILTER | REGRESS_OPENSSL_DIRTY_SHUTDOWN) },
767 	{ "bufferevent_renegotiate_socketpair_dirty_shutdown",
768 	  regress_bufferevent_openssl,
769 	  TT_ISOLATED,
770 	  &basic_setup,
771 	  T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_RENEGOTIATE | REGRESS_OPENSSL_DIRTY_SHUTDOWN) },
772 	{ "bufferevent_renegotiate_filter_dirty_shutdown",
773 	  regress_bufferevent_openssl,
774 	  TT_ISOLATED,
775 	  &basic_setup,
776 	  T(REGRESS_OPENSSL_FILTER | REGRESS_OPENSSL_RENEGOTIATE | REGRESS_OPENSSL_DIRTY_SHUTDOWN) },
777 	{ "bufferevent_socketpair_startopen_dirty_shutdown",
778 	  regress_bufferevent_openssl,
779 	  TT_ISOLATED, &basic_setup,
780 	  T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_OPEN | REGRESS_OPENSSL_DIRTY_SHUTDOWN) },
781 	{ "bufferevent_filter_startopen_dirty_shutdown",
782 	  regress_bufferevent_openssl,
783 	  TT_ISOLATED, &basic_setup,
784 	  T(REGRESS_OPENSSL_FILTER | REGRESS_OPENSSL_OPEN | REGRESS_OPENSSL_DIRTY_SHUTDOWN) },
785 
786 	{ "bufferevent_socketpair_fd", regress_bufferevent_openssl,
787 	  TT_ISOLATED, &basic_setup,
788 	  T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_FD) },
789 	{ "bufferevent_socketpair_freed", regress_bufferevent_openssl,
790 	  TT_ISOLATED, &basic_setup,
791 	  T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_FREED) },
792 	{ "bufferevent_socketpair_freed_fd", regress_bufferevent_openssl,
793 	  TT_ISOLATED, &basic_setup,
794 	  T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_FREED | REGRESS_OPENSSL_FD) },
795 	{ "bufferevent_filter_freed_fd", regress_bufferevent_openssl,
796 	  TT_ISOLATED, &basic_setup,
797 	  T(REGRESS_OPENSSL_FILTER | REGRESS_OPENSSL_FREED | REGRESS_OPENSSL_FD) },
798 
799 	{ "bufferevent_socketpair_timeout", regress_bufferevent_openssl,
800 	  TT_ISOLATED, &basic_setup,
801 	  T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_TIMEOUT) },
802 	{ "bufferevent_socketpair_timeout_freed_fd", regress_bufferevent_openssl,
803 	  TT_ISOLATED, &basic_setup,
804 	  T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_TIMEOUT | REGRESS_OPENSSL_FREED | REGRESS_OPENSSL_FD) },
805 
806 	{ "bufferevent_connect", regress_bufferevent_openssl_connect,
807 	  TT_FORK|TT_NEED_BASE, &basic_setup, NULL },
808 	{ "bufferevent_connect_sleep", regress_bufferevent_openssl_connect,
809 	  TT_FORK|TT_NEED_BASE, &basic_setup, T(REGRESS_OPENSSL_SLEEP) },
810 
811 #undef T
812 
813 	END_OF_TESTCASES,
814 };
815