1 /* 2 * Copyright (c) 2009-2012 Niels Provos and Nick Mathewson 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. 9 * 2. Redistributions in binary form must reproduce the above copyright 10 * notice, this list of conditions and the following disclaimer in the 11 * documentation and/or other materials provided with the distribution. 12 * 3. The name of the author may not be used to endorse or promote products 13 * derived from this software without specific prior written permission. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 */ 26 27 // Get rid of OSX 10.7 and greater deprecation warnings. 28 #if defined(__APPLE__) && defined(__clang__) 29 #pragma clang diagnostic ignored "-Wdeprecated-declarations" 30 #endif 31 32 #ifdef _WIN32 33 #include <winsock2.h> 34 #include <windows.h> 35 #endif 36 37 #include "util-internal.h" 38 39 #ifndef _WIN32 40 #include <sys/types.h> 41 #include <sys/socket.h> 42 #include <netinet/in.h> 43 #endif 44 45 #include "event2/util.h" 46 #include "event2/event.h" 47 #include "event2/bufferevent_ssl.h" 48 #include "event2/bufferevent_struct.h" 49 #include "event2/buffer.h" 50 #include "event2/listener.h" 51 52 #include "regress.h" 53 #include "tinytest.h" 54 #include "tinytest_macros.h" 55 56 #include <openssl/err.h> 57 #include <openssl/pem.h> 58 #include "openssl-compat.h" 59 60 #include <string.h> 61 #ifdef _WIN32 62 #include <io.h> 63 #define read _read 64 #define write _write 65 #else 66 #include <unistd.h> 67 #endif 68 69 /* A pre-generated key, to save the cost of doing an RSA key generation step 70 * during the unit tests. It is published in this file, so you would have to 71 * be very foolish to consider using it in your own code. */ 72 static const char KEY[] = 73 "-----BEGIN RSA PRIVATE KEY-----\n" 74 "MIIEogIBAAKCAQEAtK07Ili0dkJb79m/sFmHoVJTWyLoveXex2yX/BtUzzcvZEOu\n" 75 "QLon/++5YOA48kzZm5K9mIwZkZhui1ZgJ5Bjq0LGAWTZGIn+NXjLFshPYvTKpOCW\n" 76 "uzL0Ir0LXMsBLYJQ5A4FomLNxs4I3H/dhDSGy/rSiJB1B4w2xNiwPK08/VL3zZqk\n" 77 "V+GsSvGIIkzhTMbqPJy9K8pqyjwOU2pgORS794yXciTGxWYjTDzJPgQ35YMDATaG\n" 78 "jr4HHo1zxU/Lj0pndSUK5rKLYxYQ3Uc8B3AVYDl9CP/GbOoQ4LBzS68JjcAUyp6i\n" 79 "6NfXlc2D9S9XgqVqwI+JqgJs0eW/+zPY2UEDWwIDAQABAoIBAD2HzV66FOM9YDAD\n" 80 "2RtGskEHV2nvLpIVadRCsFPkPvK+2X3s6rgSbbLkwh4y3lHuSCGKTNVZyQ9jeSos\n" 81 "xVxT+Q2HFQW+gYyw2gj91TQyDY8mzKhv8AVaqff2p5r3a7RC8CdqexK9UVUGL9Bg\n" 82 "H2F5vfpTtkVZ5PEoGDLblNFlMiMW/t1SobUeBVx+Msco/xqk9lFv1A9nnepGy0Gi\n" 83 "D+i6YNGTBsX22YhoCZl/ICxCL8lgqPei4FvBr9dBVh/jQgjuUBm2jz55p2r7+7Aw\n" 84 "khmXHReejoVokQ2+htgSgZNKlKuDy710ZpBqnDi8ynQi82Y2qCpyg/p/xcER54B6\n" 85 "hSftaiECgYEA2RkSoxU+nWk+BClQEUZRi88QK5W/M8oo1DvUs36hvPFkw3Jk/gz0\n" 86 "fgd5bnA+MXj0Fc0QHvbddPjIkyoI/evq9GPV+JYIuH5zabrlI3Jvya8q9QpAcEDO\n" 87 "KkL/O09qXVEW52S6l05nh4PLejyI7aTyTIN5nbVLac/+M8MY/qOjZksCgYEA1Q1o\n" 88 "L8kjSavU2xhQmSgZb9W62Do60sa3e73ljrDPoiyvbExldpSdziFYxHBD/Rep0ePf\n" 89 "eVSGS3VSwevt9/jSGo2Oa83TYYns9agBm03oR/Go/DukESdI792NsEM+PRFypVNy\n" 90 "AohWRLj0UU6DV+zLKp0VBavtx0ATeLFX0eN17TECgYBI2O/3Bz7uhQ0JSm+SjFz6\n" 91 "o+2SInp5P2G57aWu4VQWWY3tQ2p+EQzNaWam10UXRrXoxtmc+ktPX9e2AgnoYoyB\n" 92 "myqGcpnUhqHlnZAb999o9r1cYidDQ4uqhLauSTSwwXAFDzjJYsa8o03Y440y6QFh\n" 93 "CVD6yYXXqLJs3g96CqDexwKBgAHxq1+0QCQt8zVElYewO/svQhMzBNJjic0RQIT6\n" 94 "zAo4yij80XgxhvcYiszQEW6/xobpw2JCCS+rFGQ8mOFIXfJsFD6blDAxp/3d2JXo\n" 95 "MhRl+hrDGI4ng5zcsqxHEMxR2m/zwPiQ8eiSn3gWdVBaEsiCwmxY00ScKxFQ3PJH\n" 96 "Vw4hAoGAdZLd8KfjjG6lg7hfpVqavstqVi9LOgkHeCfdjn7JP+76kYrgLk/XdkrP\n" 97 "N/BHhtFVFjOi/mTQfQ5YfZImkm/1ePBy7437DT8BDkOxspa50kK4HPggHnU64h1w\n" 98 "lhdEOj7mAgHwGwwVZWOgs9Lq6vfztnSuhqjha1daESY6kDscPIQ=\n" 99 "-----END RSA PRIVATE KEY-----\n"; 100 101 EVP_PKEY * 102 ssl_getkey(void) 103 { 104 EVP_PKEY *key; 105 BIO *bio; 106 107 /* new read-only BIO backed by KEY. */ 108 bio = BIO_new_mem_buf((char*)KEY, -1); 109 tt_assert(bio); 110 111 key = PEM_read_bio_PrivateKey(bio,NULL,NULL,NULL); 112 BIO_free(bio); 113 tt_assert(key); 114 115 return key; 116 end: 117 return NULL; 118 } 119 120 X509 * 121 ssl_getcert(EVP_PKEY *key) 122 { 123 /* Dummy code to make a quick-and-dirty valid certificate with 124 OpenSSL. Don't copy this code into your own program! It does a 125 number of things in a stupid and insecure way. */ 126 X509 *x509 = NULL; 127 X509_NAME *name = NULL; 128 int nid; 129 time_t now = time(NULL); 130 131 tt_assert(key); 132 133 x509 = X509_new(); 134 tt_assert(x509); 135 tt_assert(0 != X509_set_version(x509, 2)); 136 tt_assert(0 != ASN1_INTEGER_set(X509_get_serialNumber(x509), 137 (long)now)); 138 139 name = X509_NAME_new(); 140 tt_assert(name); 141 nid = OBJ_txt2nid("commonName"); 142 tt_assert(NID_undef != nid); 143 tt_assert(0 != X509_NAME_add_entry_by_NID( 144 name, nid, MBSTRING_ASC, (unsigned char*)"example.com", 145 -1, -1, 0)); 146 147 X509_set_subject_name(x509, name); 148 X509_set_issuer_name(x509, name); 149 X509_NAME_free(name); 150 151 X509_time_adj(X509_getm_notBefore(x509), 0, &now); 152 now += 3600; 153 X509_time_adj(X509_getm_notAfter(x509), 0, &now); 154 X509_set_pubkey(x509, key); 155 tt_assert(0 != X509_sign(x509, key, EVP_sha1())); 156 157 return x509; 158 end: 159 X509_free(x509); 160 X509_NAME_free(name); 161 return NULL; 162 } 163 164 static int disable_tls_11_and_12 = 0; 165 static SSL_CTX *the_ssl_ctx = NULL; 166 167 SSL_CTX * 168 get_ssl_ctx(void) 169 { 170 if (the_ssl_ctx) 171 return the_ssl_ctx; 172 the_ssl_ctx = SSL_CTX_new(SSLv23_method()); 173 if (!the_ssl_ctx) 174 return NULL; 175 if (disable_tls_11_and_12) { 176 #ifdef SSL_OP_NO_TLSv1_2 177 SSL_CTX_set_options(the_ssl_ctx, SSL_OP_NO_TLSv1_2); 178 #endif 179 #ifdef SSL_OP_NO_TLSv1_1 180 SSL_CTX_set_options(the_ssl_ctx, SSL_OP_NO_TLSv1_1); 181 #endif 182 } 183 return the_ssl_ctx; 184 } 185 186 static int test_is_done; 187 static int n_connected; 188 static int got_close; 189 static int got_error; 190 static int got_timeout; 191 static int renegotiate_at = -1; 192 static int stop_when_connected; 193 static int pending_connect_events; 194 static struct event_base *exit_base; 195 static X509 *the_cert; 196 EVP_PKEY *the_key; 197 198 void 199 init_ssl(void) 200 { 201 #if (OPENSSL_VERSION_NUMBER < 0x10100000L) || \ 202 (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L) 203 SSL_library_init(); 204 ERR_load_crypto_strings(); 205 SSL_load_error_strings(); 206 OpenSSL_add_all_algorithms(); 207 if (SSLeay() != OPENSSL_VERSION_NUMBER) { 208 TT_DECLARE("WARN", 209 ("Version mismatch for openssl: compiled with %lx but running with %lx", 210 (unsigned long)OPENSSL_VERSION_NUMBER, (unsigned long)SSLeay())); 211 } 212 #endif 213 } 214 215 static void * 216 ssl_test_setup(const struct testcase_t *testcase) 217 { 218 init_ssl(); 219 220 the_key = ssl_getkey(); 221 EVUTIL_ASSERT(the_key); 222 223 the_cert = ssl_getcert(the_key); 224 EVUTIL_ASSERT(the_cert); 225 226 disable_tls_11_and_12 = 0; 227 228 return basic_test_setup(testcase); 229 } 230 static int 231 ssl_test_cleanup(const struct testcase_t *testcase, void *ptr) 232 { 233 int ret = basic_test_cleanup(testcase, ptr); 234 if (!ret) { 235 return ret; 236 } 237 238 test_is_done = 0; 239 n_connected = 0; 240 got_close = 0; 241 got_error = 0; 242 got_timeout = 0; 243 renegotiate_at = -1; 244 stop_when_connected = 0; 245 pending_connect_events = 0; 246 exit_base = NULL; 247 248 X509_free(the_cert); 249 EVP_PKEY_free(the_key); 250 251 SSL_CTX_free(the_ssl_ctx); 252 the_ssl_ctx = NULL; 253 254 return 1; 255 } 256 const struct testcase_setup_t ssl_setup = { 257 ssl_test_setup, ssl_test_cleanup 258 }; 259 260 261 /* ==================== 262 Here's a simple test: we read a number from the input, increment it, and 263 reply, until we get to 1001. 264 */ 265 266 enum regress_openssl_type 267 { 268 REGRESS_OPENSSL_SOCKETPAIR = 1, 269 REGRESS_OPENSSL_FILTER = 2, 270 REGRESS_OPENSSL_RENEGOTIATE = 4, 271 REGRESS_OPENSSL_OPEN = 8, 272 REGRESS_OPENSSL_DIRTY_SHUTDOWN = 16, 273 REGRESS_OPENSSL_FD = 32, 274 275 REGRESS_OPENSSL_CLIENT = 64, 276 REGRESS_OPENSSL_SERVER = 128, 277 278 REGRESS_OPENSSL_FREED = 256, 279 REGRESS_OPENSSL_TIMEOUT = 512, 280 REGRESS_OPENSSL_SLEEP = 1024, 281 282 REGRESS_OPENSSL_CLIENT_WRITE = 2048, 283 284 REGRESS_DEFERRED_CALLBACKS = 4096, 285 }; 286 287 static void 288 bufferevent_openssl_check_fd(struct bufferevent *bev, int filter) 289 { 290 tt_fd_op(bufferevent_getfd(bev), !=, EVUTIL_INVALID_SOCKET); 291 tt_fd_op(bufferevent_setfd(bev, EVUTIL_INVALID_SOCKET), ==, 0); 292 if (filter) { 293 tt_fd_op(bufferevent_getfd(bev), !=, EVUTIL_INVALID_SOCKET); 294 } else { 295 tt_fd_op(bufferevent_getfd(bev), ==, EVUTIL_INVALID_SOCKET); 296 } 297 298 end: 299 ; 300 } 301 static void 302 bufferevent_openssl_check_freed(struct bufferevent *bev) 303 { 304 tt_int_op(event_pending(&bev->ev_read, EVLIST_ALL, NULL), ==, 0); 305 tt_int_op(event_pending(&bev->ev_write, EVLIST_ALL, NULL), ==, 0); 306 307 end: 308 ; 309 } 310 311 static void 312 free_on_cb(struct bufferevent *bev, void *ctx) 313 { 314 TT_BLATHER(("free_on_cb: %p", bev)); 315 bufferevent_free(bev); 316 } 317 318 static void 319 respond_to_number(struct bufferevent *bev, void *ctx) 320 { 321 struct evbuffer *b = bufferevent_get_input(bev); 322 char *line; 323 int n; 324 325 enum regress_openssl_type type; 326 type = (enum regress_openssl_type)ctx; 327 328 line = evbuffer_readln(b, NULL, EVBUFFER_EOL_LF); 329 if (! line) 330 return; 331 n = atoi(line); 332 if (n <= 0) 333 TT_FAIL(("Bad number: %s", line)); 334 free(line); 335 TT_BLATHER(("The number was %d", n)); 336 if (n == 1001) { 337 ++test_is_done; 338 bufferevent_free(bev); /* Should trigger close on other side. */ 339 return; 340 } 341 if ((type & REGRESS_OPENSSL_CLIENT) && n == renegotiate_at) { 342 SSL_renegotiate(bufferevent_openssl_get_ssl(bev)); 343 } 344 ++n; 345 evbuffer_add_printf(bufferevent_get_output(bev), 346 "%d\n", n); 347 TT_BLATHER(("Done reading; now writing.")); 348 bufferevent_enable(bev, EV_WRITE); 349 bufferevent_disable(bev, EV_READ); 350 } 351 352 static void 353 done_writing_cb(struct bufferevent *bev, void *ctx) 354 { 355 struct evbuffer *b = bufferevent_get_output(bev); 356 if (evbuffer_get_length(b)) 357 return; 358 TT_BLATHER(("Done writing.")); 359 bufferevent_disable(bev, EV_WRITE); 360 bufferevent_enable(bev, EV_READ); 361 } 362 363 static void 364 eventcb(struct bufferevent *bev, short what, void *ctx) 365 { 366 X509 *peer_cert = NULL; 367 enum regress_openssl_type type; 368 369 type = (enum regress_openssl_type)ctx; 370 371 TT_BLATHER(("Got event %d", (int)what)); 372 if (what & BEV_EVENT_CONNECTED) { 373 SSL *ssl; 374 ++n_connected; 375 ssl = bufferevent_openssl_get_ssl(bev); 376 tt_assert(ssl); 377 peer_cert = SSL_get_peer_certificate(ssl); 378 if (type & REGRESS_OPENSSL_SERVER) { 379 tt_assert(peer_cert == NULL); 380 } else { 381 tt_assert(peer_cert != NULL); 382 } 383 if (stop_when_connected) { 384 if (--pending_connect_events == 0) 385 event_base_loopexit(exit_base, NULL); 386 } 387 388 if ((type & REGRESS_OPENSSL_CLIENT_WRITE) && (type & REGRESS_OPENSSL_CLIENT)) 389 evbuffer_add_printf(bufferevent_get_output(bev), "1\n"); 390 } else if (what & BEV_EVENT_EOF) { 391 TT_BLATHER(("Got a good EOF")); 392 ++got_close; 393 if (type & REGRESS_OPENSSL_FD) { 394 bufferevent_openssl_check_fd(bev, type & REGRESS_OPENSSL_FILTER); 395 } 396 if (type & REGRESS_OPENSSL_FREED) { 397 bufferevent_openssl_check_freed(bev); 398 } 399 bufferevent_free(bev); 400 } else if (what & BEV_EVENT_ERROR) { 401 TT_BLATHER(("Got an error.")); 402 ++got_error; 403 if (type & REGRESS_OPENSSL_FD) { 404 bufferevent_openssl_check_fd(bev, type & REGRESS_OPENSSL_FILTER); 405 } 406 if (type & REGRESS_OPENSSL_FREED) { 407 bufferevent_openssl_check_freed(bev); 408 } 409 bufferevent_free(bev); 410 } else if (what & BEV_EVENT_TIMEOUT) { 411 TT_BLATHER(("Got timeout.")); 412 ++got_timeout; 413 if (type & REGRESS_OPENSSL_FD) { 414 bufferevent_openssl_check_fd(bev, type & REGRESS_OPENSSL_FILTER); 415 } 416 if (type & REGRESS_OPENSSL_FREED) { 417 bufferevent_openssl_check_freed(bev); 418 } 419 bufferevent_free(bev); 420 } 421 422 end: 423 if (peer_cert) 424 X509_free(peer_cert); 425 } 426 427 static void 428 open_ssl_bufevs(struct bufferevent **bev1_out, struct bufferevent **bev2_out, 429 struct event_base *base, int is_open, int flags, SSL *ssl1, SSL *ssl2, 430 evutil_socket_t *fd_pair, struct bufferevent **underlying_pair, 431 enum regress_openssl_type type) 432 { 433 int state1 = is_open ? BUFFEREVENT_SSL_OPEN :BUFFEREVENT_SSL_CONNECTING; 434 int state2 = is_open ? BUFFEREVENT_SSL_OPEN :BUFFEREVENT_SSL_ACCEPTING; 435 int dirty_shutdown = type & REGRESS_OPENSSL_DIRTY_SHUTDOWN; 436 if (fd_pair) { 437 *bev1_out = bufferevent_openssl_socket_new( 438 base, fd_pair[0], ssl1, state1, flags); 439 *bev2_out = bufferevent_openssl_socket_new( 440 base, fd_pair[1], ssl2, state2, flags); 441 } else { 442 *bev1_out = bufferevent_openssl_filter_new( 443 base, underlying_pair[0], ssl1, state1, flags); 444 *bev2_out = bufferevent_openssl_filter_new( 445 base, underlying_pair[1], ssl2, state2, flags); 446 447 } 448 bufferevent_setcb(*bev1_out, respond_to_number, done_writing_cb, 449 eventcb, (void*)(REGRESS_OPENSSL_CLIENT | (long)type)); 450 bufferevent_setcb(*bev2_out, respond_to_number, done_writing_cb, 451 eventcb, (void*)(REGRESS_OPENSSL_SERVER | (long)type)); 452 453 bufferevent_openssl_set_allow_dirty_shutdown(*bev1_out, dirty_shutdown); 454 bufferevent_openssl_set_allow_dirty_shutdown(*bev2_out, dirty_shutdown); 455 } 456 457 static void 458 regress_bufferevent_openssl(void *arg) 459 { 460 struct basic_test_data *data = arg; 461 462 struct bufferevent *bev1, *bev2; 463 SSL *ssl1, *ssl2; 464 int flags = BEV_OPT_DEFER_CALLBACKS; 465 struct bufferevent *bev_ll[2] = { NULL, NULL }; 466 evutil_socket_t *fd_pair = NULL; 467 468 enum regress_openssl_type type; 469 type = (enum regress_openssl_type)data->setup_data; 470 471 if (type & REGRESS_OPENSSL_RENEGOTIATE) { 472 if (OPENSSL_VERSION_NUMBER >= 0x10001000 && 473 OPENSSL_VERSION_NUMBER < 0x1000104f) { 474 /* 1.0.1 up to 1.0.1c has a bug where TLS1.1 and 1.2 475 * can't renegotiate with themselves. Disable. */ 476 disable_tls_11_and_12 = 1; 477 } 478 renegotiate_at = 600; 479 } 480 481 ssl1 = SSL_new(get_ssl_ctx()); 482 ssl2 = SSL_new(get_ssl_ctx()); 483 484 SSL_use_certificate(ssl2, the_cert); 485 SSL_use_PrivateKey(ssl2, the_key); 486 487 if (!(type & REGRESS_OPENSSL_OPEN)) 488 flags |= BEV_OPT_CLOSE_ON_FREE; 489 490 if (!(type & REGRESS_OPENSSL_FILTER)) { 491 tt_assert(type & REGRESS_OPENSSL_SOCKETPAIR); 492 fd_pair = data->pair; 493 } else { 494 bev_ll[0] = bufferevent_socket_new(data->base, data->pair[0], 495 BEV_OPT_CLOSE_ON_FREE); 496 bev_ll[1] = bufferevent_socket_new(data->base, data->pair[1], 497 BEV_OPT_CLOSE_ON_FREE); 498 } 499 500 open_ssl_bufevs(&bev1, &bev2, data->base, 0, flags, ssl1, ssl2, 501 fd_pair, bev_ll, type); 502 503 if (!(type & REGRESS_OPENSSL_FILTER)) { 504 tt_fd_op(bufferevent_getfd(bev1), ==, data->pair[0]); 505 } else { 506 tt_ptr_op(bufferevent_get_underlying(bev1), ==, bev_ll[0]); 507 } 508 509 if (type & REGRESS_OPENSSL_OPEN) { 510 pending_connect_events = 2; 511 stop_when_connected = 1; 512 exit_base = data->base; 513 event_base_dispatch(data->base); 514 /* Okay, now the renegotiation is done. Make new 515 * bufferevents to test opening in BUFFEREVENT_SSL_OPEN */ 516 flags |= BEV_OPT_CLOSE_ON_FREE; 517 bufferevent_free(bev1); 518 bufferevent_free(bev2); 519 bev1 = bev2 = NULL; 520 open_ssl_bufevs(&bev1, &bev2, data->base, 1, flags, ssl1, ssl2, 521 fd_pair, bev_ll, type); 522 } 523 524 if (!(type & REGRESS_OPENSSL_TIMEOUT)) { 525 bufferevent_enable(bev1, EV_READ|EV_WRITE); 526 bufferevent_enable(bev2, EV_READ|EV_WRITE); 527 528 if (!(type & REGRESS_OPENSSL_CLIENT_WRITE)) 529 evbuffer_add_printf(bufferevent_get_output(bev1), "1\n"); 530 531 event_base_dispatch(data->base); 532 533 tt_assert(test_is_done == 1); 534 tt_assert(n_connected == 2); 535 536 /* We don't handle shutdown properly yet */ 537 if (type & REGRESS_OPENSSL_DIRTY_SHUTDOWN) { 538 tt_int_op(got_close, ==, 1); 539 tt_int_op(got_error, ==, 0); 540 } else { 541 tt_int_op(got_error, ==, 1); 542 } 543 tt_int_op(got_timeout, ==, 0); 544 } else { 545 struct timeval t = { 2, 0 }; 546 547 bufferevent_enable(bev1, EV_READ|EV_WRITE); 548 bufferevent_disable(bev2, EV_READ|EV_WRITE); 549 550 bufferevent_set_timeouts(bev1, &t, &t); 551 552 if (!(type & REGRESS_OPENSSL_CLIENT_WRITE)) 553 evbuffer_add_printf(bufferevent_get_output(bev1), "1\n"); 554 555 event_base_dispatch(data->base); 556 557 tt_assert(test_is_done == 0); 558 tt_assert(n_connected == 0); 559 560 tt_int_op(got_close, ==, 0); 561 tt_int_op(got_error, ==, 0); 562 tt_int_op(got_timeout, ==, 1); 563 564 bufferevent_free(bev2); 565 } 566 567 end: 568 return; 569 } 570 571 static void 572 acceptcb_deferred(evutil_socket_t fd, short events, void *arg) 573 { 574 struct bufferevent *bev = arg; 575 bufferevent_enable(bev, EV_READ|EV_WRITE); 576 } 577 static void 578 acceptcb(struct evconnlistener *listener, evutil_socket_t fd, 579 struct sockaddr *addr, int socklen, void *arg) 580 { 581 struct basic_test_data *data = arg; 582 struct bufferevent *bev; 583 enum regress_openssl_type type; 584 SSL *ssl = SSL_new(get_ssl_ctx()); 585 586 type = (enum regress_openssl_type)data->setup_data; 587 588 SSL_use_certificate(ssl, the_cert); 589 SSL_use_PrivateKey(ssl, the_key); 590 591 bev = bufferevent_openssl_socket_new( 592 data->base, fd, ssl, BUFFEREVENT_SSL_ACCEPTING, 593 BEV_OPT_CLOSE_ON_FREE|BEV_OPT_DEFER_CALLBACKS); 594 tt_assert(bev); 595 596 bufferevent_setcb(bev, respond_to_number, NULL, eventcb, 597 (void*)(REGRESS_OPENSSL_SERVER)); 598 599 if (type & REGRESS_OPENSSL_SLEEP) { 600 struct timeval when = { 1, 0 }; 601 event_base_once(data->base, -1, EV_TIMEOUT, 602 acceptcb_deferred, bev, &when); 603 bufferevent_disable(bev, EV_READ|EV_WRITE); 604 } else { 605 bufferevent_enable(bev, EV_READ|EV_WRITE); 606 } 607 608 /* Only accept once, then disable ourself. */ 609 evconnlistener_disable(listener); 610 611 end: 612 ; 613 } 614 615 struct rwcount 616 { 617 evutil_socket_t fd; 618 size_t read; 619 size_t write; 620 }; 621 static int 622 bio_rwcount_new(BIO *b) 623 { 624 BIO_set_init(b, 0); 625 BIO_set_data(b, NULL); 626 return 1; 627 } 628 static int 629 bio_rwcount_free(BIO *b) 630 { 631 TT_BLATHER(("bio_rwcount_free: %p", b)); 632 if (!b) 633 return 0; 634 if (BIO_get_shutdown(b)) { 635 BIO_set_init(b, 0); 636 BIO_set_data(b, NULL); 637 } 638 return 1; 639 } 640 static int 641 bio_rwcount_read(BIO *b, char *out, int outlen) 642 { 643 struct rwcount *rw = BIO_get_data(b); 644 ev_ssize_t ret = recv(rw->fd, out, outlen, 0); 645 ++rw->read; 646 if (ret == -1 && EVUTIL_ERR_RW_RETRIABLE(EVUTIL_SOCKET_ERROR())) { 647 BIO_set_retry_read(b); 648 } 649 return ret; 650 } 651 static int 652 bio_rwcount_write(BIO *b, const char *in, int inlen) 653 { 654 struct rwcount *rw = BIO_get_data(b); 655 ev_ssize_t ret = send(rw->fd, in, inlen, 0); 656 ++rw->write; 657 if (ret == -1 && EVUTIL_ERR_RW_RETRIABLE(EVUTIL_SOCKET_ERROR())) { 658 BIO_set_retry_write(b); 659 } 660 return ret; 661 } 662 static long 663 bio_rwcount_ctrl(BIO *b, int cmd, long num, void *ptr) 664 { 665 struct rwcount *rw = BIO_get_data(b); 666 long ret = 0; 667 switch (cmd) { 668 case BIO_C_GET_FD: 669 ret = rw->fd; 670 break; 671 case BIO_CTRL_GET_CLOSE: 672 ret = BIO_get_shutdown(b); 673 break; 674 case BIO_CTRL_SET_CLOSE: 675 BIO_set_shutdown(b, (int)num); 676 break; 677 case BIO_CTRL_PENDING: 678 ret = 0; 679 break; 680 case BIO_CTRL_WPENDING: 681 ret = 0; 682 break; 683 case BIO_CTRL_DUP: 684 case BIO_CTRL_FLUSH: 685 ret = 1; 686 break; 687 } 688 return ret; 689 } 690 static int 691 bio_rwcount_puts(BIO *b, const char *s) 692 { 693 return bio_rwcount_write(b, s, strlen(s)); 694 } 695 #define BIO_TYPE_LIBEVENT_RWCOUNT 0xff1 696 static BIO_METHOD *methods_rwcount; 697 698 static BIO_METHOD * 699 BIO_s_rwcount(void) 700 { 701 if (methods_rwcount == NULL) { 702 methods_rwcount = BIO_meth_new(BIO_TYPE_LIBEVENT_RWCOUNT, "rwcount"); 703 if (methods_rwcount == NULL) 704 return NULL; 705 BIO_meth_set_write(methods_rwcount, bio_rwcount_write); 706 BIO_meth_set_read(methods_rwcount, bio_rwcount_read); 707 BIO_meth_set_puts(methods_rwcount, bio_rwcount_puts); 708 BIO_meth_set_ctrl(methods_rwcount, bio_rwcount_ctrl); 709 BIO_meth_set_create(methods_rwcount, bio_rwcount_new); 710 BIO_meth_set_destroy(methods_rwcount, bio_rwcount_free); 711 } 712 return methods_rwcount; 713 } 714 static BIO * 715 BIO_new_rwcount(int close_flag) 716 { 717 BIO *result; 718 if (!(result = BIO_new(BIO_s_rwcount()))) 719 return NULL; 720 BIO_set_init(result, 1); 721 BIO_set_data(result, NULL); 722 BIO_set_shutdown(result, !!close_flag); 723 return result; 724 } 725 726 static void 727 regress_bufferevent_openssl_connect(void *arg) 728 { 729 struct basic_test_data *data = arg; 730 731 struct event_base *base = data->base; 732 733 struct evconnlistener *listener; 734 struct bufferevent *bev; 735 struct sockaddr_in sin; 736 struct sockaddr_storage ss; 737 ev_socklen_t slen; 738 SSL *ssl; 739 struct rwcount rw = { -1, 0, 0 }; 740 enum regress_openssl_type type; 741 742 type = (enum regress_openssl_type)data->setup_data; 743 744 memset(&sin, 0, sizeof(sin)); 745 sin.sin_family = AF_INET; 746 sin.sin_addr.s_addr = htonl(0x7f000001); 747 748 memset(&ss, 0, sizeof(ss)); 749 slen = sizeof(ss); 750 751 listener = evconnlistener_new_bind(base, acceptcb, data, 752 LEV_OPT_CLOSE_ON_FREE|LEV_OPT_REUSEABLE, 753 -1, (struct sockaddr *)&sin, sizeof(sin)); 754 755 tt_assert(listener); 756 tt_assert(evconnlistener_get_fd(listener) >= 0); 757 758 ssl = SSL_new(get_ssl_ctx()); 759 tt_assert(ssl); 760 761 bev = bufferevent_openssl_socket_new( 762 data->base, -1, ssl, 763 BUFFEREVENT_SSL_CONNECTING, 764 BEV_OPT_CLOSE_ON_FREE|BEV_OPT_DEFER_CALLBACKS); 765 tt_assert(bev); 766 767 bufferevent_setcb(bev, respond_to_number, free_on_cb, eventcb, 768 (void*)(REGRESS_OPENSSL_CLIENT)); 769 770 tt_assert(getsockname(evconnlistener_get_fd(listener), 771 (struct sockaddr*)&ss, &slen) == 0); 772 tt_assert(slen == sizeof(struct sockaddr_in)); 773 tt_int_op(((struct sockaddr*)&ss)->sa_family, ==, AF_INET); 774 775 tt_assert(0 == 776 bufferevent_socket_connect(bev, (struct sockaddr*)&ss, slen)); 777 /* Possible only when we have fd, since be_openssl can and will overwrite 778 * bio otherwise before */ 779 if (type & REGRESS_OPENSSL_SLEEP) { 780 BIO *bio; 781 782 rw.fd = bufferevent_getfd(bev); 783 bio = BIO_new_rwcount(0); 784 tt_assert(bio); 785 BIO_set_data(bio, &rw); 786 SSL_set_bio(ssl, bio, bio); 787 } 788 evbuffer_add_printf(bufferevent_get_output(bev), "1\n"); 789 bufferevent_enable(bev, EV_READ|EV_WRITE); 790 791 event_base_dispatch(base); 792 793 tt_int_op(rw.read, <=, 100); 794 tt_int_op(rw.write, <=, 100); 795 end: 796 evconnlistener_free(listener); 797 } 798 799 struct wm_context 800 { 801 int server; 802 int flags; 803 struct evbuffer *data; 804 size_t to_read; 805 size_t wm_high; 806 size_t limit; 807 size_t get; 808 struct bufferevent *bev; 809 struct wm_context *neighbour; 810 }; 811 static void 812 wm_transfer(struct bufferevent *bev, void *arg) 813 { 814 struct wm_context *ctx = arg; 815 struct evbuffer *in = bufferevent_get_input(bev); 816 struct evbuffer *out = bufferevent_get_output(bev); 817 size_t len = evbuffer_get_length(in); 818 size_t drain = len < ctx->to_read ? len : ctx->to_read; 819 820 if (ctx->get >= ctx->limit) { 821 TT_BLATHER(("wm_transfer-%s(%p): break", 822 ctx->server ? "server" : "client", bev)); 823 bufferevent_setcb(bev, NULL, NULL, NULL, NULL); 824 bufferevent_disable(bev, EV_READ); 825 if (ctx->neighbour->get >= ctx->neighbour->limit) { 826 event_base_loopbreak(bufferevent_get_base(bev)); 827 } 828 } else { 829 ctx->get += drain; 830 evbuffer_drain(in, drain); 831 } 832 833 TT_BLATHER(("wm_transfer-%s(%p): " 834 "in: " EV_SIZE_FMT ", " 835 "out: " EV_SIZE_FMT ", " 836 "got: " EV_SIZE_FMT "", 837 ctx->server ? "server" : "client", bev, 838 evbuffer_get_length(in), 839 evbuffer_get_length(out), 840 ctx->get)); 841 842 evbuffer_add_buffer_reference(out, ctx->data); 843 } 844 static void 845 wm_eventcb(struct bufferevent *bev, short what, void *arg) 846 { 847 struct wm_context *ctx = arg; 848 TT_BLATHER(("wm_eventcb-%s(%p): %i", 849 ctx->server ? "server" : "client", bev, what)); 850 if (what & BEV_EVENT_CONNECTED) { 851 } else { 852 ctx->get = 0; 853 } 854 } 855 static void 856 wm_acceptcb(struct evconnlistener *listener, evutil_socket_t fd, 857 struct sockaddr *addr, int socklen, void *arg) 858 { 859 struct wm_context *ctx = arg; 860 struct bufferevent *bev; 861 struct event_base *base = evconnlistener_get_base(listener); 862 SSL *ssl = SSL_new(get_ssl_ctx()); 863 864 SSL_use_certificate(ssl, the_cert); 865 SSL_use_PrivateKey(ssl, the_key); 866 867 bev = bufferevent_openssl_socket_new( 868 base, fd, ssl, BUFFEREVENT_SSL_ACCEPTING, ctx->flags); 869 870 TT_BLATHER(("wm_transfer-%s(%p): accept", 871 ctx->server ? "server" : "client", bev)); 872 873 bufferevent_setwatermark(bev, EV_READ, 0, ctx->wm_high); 874 bufferevent_setcb(bev, wm_transfer, NULL, wm_eventcb, ctx); 875 bufferevent_enable(bev, EV_READ|EV_WRITE); 876 ctx->bev = bev; 877 878 /* Only accept once, then disable ourself. */ 879 evconnlistener_disable(listener); 880 } 881 static void 882 regress_bufferevent_openssl_wm(void *arg) 883 { 884 struct basic_test_data *data = arg; 885 struct event_base *base = data->base; 886 887 struct evconnlistener *listener; 888 struct bufferevent *bev; 889 struct sockaddr_in sin; 890 struct sockaddr_storage ss; 891 enum regress_openssl_type type = 892 (enum regress_openssl_type)data->setup_data; 893 int bev_flags = BEV_OPT_CLOSE_ON_FREE; 894 ev_socklen_t slen; 895 SSL *ssl; 896 struct wm_context client, server; 897 char *payload; 898 size_t payload_len = 1<<10; 899 size_t wm_high = 5<<10; 900 901 memset(&sin, 0, sizeof(sin)); 902 sin.sin_family = AF_INET; 903 sin.sin_addr.s_addr = htonl(0x7f000001); 904 905 memset(&ss, 0, sizeof(ss)); 906 slen = sizeof(ss); 907 908 if (type & REGRESS_DEFERRED_CALLBACKS) 909 bev_flags |= BEV_OPT_DEFER_CALLBACKS; 910 911 memset(&client, 0, sizeof(client)); 912 memset(&server, 0, sizeof(server)); 913 client.server = 0; 914 server.server = 1; 915 client.flags = server.flags = bev_flags; 916 client.data = evbuffer_new(); 917 server.data = evbuffer_new(); 918 payload = calloc(1, payload_len); 919 memset(payload, 'A', payload_len); 920 evbuffer_add(server.data, payload, payload_len); 921 evbuffer_add(client.data, payload, payload_len); 922 client.wm_high = server.wm_high = wm_high; 923 client.limit = server.limit = wm_high<<3; 924 client.to_read = server.to_read = payload_len>>1; 925 926 TT_BLATHER(("openssl_wm: " 927 "payload_len = " EV_SIZE_FMT ", " 928 "wm_high = " EV_SIZE_FMT ", " 929 "limit = " EV_SIZE_FMT ", " 930 "to_read: " EV_SIZE_FMT "", 931 payload_len, 932 wm_high, 933 server.limit, 934 server.to_read)); 935 936 listener = evconnlistener_new_bind(base, wm_acceptcb, &server, 937 LEV_OPT_CLOSE_ON_FREE|LEV_OPT_REUSEABLE, 938 -1, (struct sockaddr *)&sin, sizeof(sin)); 939 940 tt_assert(listener); 941 tt_assert(evconnlistener_get_fd(listener) >= 0); 942 943 ssl = SSL_new(get_ssl_ctx()); 944 tt_assert(ssl); 945 946 if (type & REGRESS_OPENSSL_FILTER) { 947 bev = bufferevent_socket_new(data->base, -1, client.flags); 948 tt_assert(bev); 949 bev = bufferevent_openssl_filter_new( 950 base, bev, ssl, BUFFEREVENT_SSL_CONNECTING, client.flags); 951 } else { 952 bev = bufferevent_openssl_socket_new( 953 data->base, -1, ssl, 954 BUFFEREVENT_SSL_CONNECTING, 955 client.flags); 956 } 957 tt_assert(bev); 958 client.bev = bev; 959 960 server.neighbour = &client; 961 client.neighbour = &server; 962 963 bufferevent_setwatermark(bev, EV_READ, 0, client.wm_high); 964 bufferevent_setcb(bev, wm_transfer, NULL, wm_eventcb, &client); 965 966 tt_assert(getsockname(evconnlistener_get_fd(listener), 967 (struct sockaddr*)&ss, &slen) == 0); 968 969 tt_assert(!bufferevent_socket_connect(bev, (struct sockaddr*)&ss, slen)); 970 tt_assert(!evbuffer_add_buffer_reference(bufferevent_get_output(bev), client.data)); 971 tt_assert(!bufferevent_enable(bev, EV_READ|EV_WRITE)); 972 973 event_base_dispatch(base); 974 975 tt_int_op(client.get, ==, client.limit); 976 tt_int_op(server.get, ==, server.limit); 977 978 end: 979 free(payload); 980 evbuffer_free(client.data); 981 evbuffer_free(server.data); 982 evconnlistener_free(listener); 983 bufferevent_free(client.bev); 984 bufferevent_free(server.bev); 985 986 /* XXX: by some reason otherise there is a leak */ 987 if (!(type & REGRESS_OPENSSL_FILTER)) 988 event_base_loop(base, EVLOOP_ONCE); 989 } 990 991 struct testcase_t ssl_testcases[] = { 992 #define T(a) ((void *)(a)) 993 { "bufferevent_socketpair", regress_bufferevent_openssl, 994 TT_ISOLATED, &ssl_setup, T(REGRESS_OPENSSL_SOCKETPAIR) }, 995 { "bufferevent_socketpair_write_after_connect", regress_bufferevent_openssl, 996 TT_ISOLATED, &ssl_setup, 997 T(REGRESS_OPENSSL_SOCKETPAIR|REGRESS_OPENSSL_CLIENT_WRITE) }, 998 { "bufferevent_filter", regress_bufferevent_openssl, 999 TT_ISOLATED, &ssl_setup, T(REGRESS_OPENSSL_FILTER) }, 1000 { "bufferevent_filter_write_after_connect", regress_bufferevent_openssl, 1001 TT_ISOLATED, &ssl_setup, 1002 T(REGRESS_OPENSSL_FILTER|REGRESS_OPENSSL_CLIENT_WRITE) }, 1003 { "bufferevent_renegotiate_socketpair", regress_bufferevent_openssl, 1004 TT_ISOLATED, &ssl_setup, 1005 T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_RENEGOTIATE) }, 1006 { "bufferevent_renegotiate_filter", regress_bufferevent_openssl, 1007 TT_ISOLATED, &ssl_setup, 1008 T(REGRESS_OPENSSL_FILTER | REGRESS_OPENSSL_RENEGOTIATE) }, 1009 { "bufferevent_socketpair_startopen", regress_bufferevent_openssl, 1010 TT_ISOLATED, &ssl_setup, 1011 T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_OPEN) }, 1012 { "bufferevent_filter_startopen", regress_bufferevent_openssl, 1013 TT_ISOLATED, &ssl_setup, 1014 T(REGRESS_OPENSSL_FILTER | REGRESS_OPENSSL_OPEN) }, 1015 1016 { "bufferevent_socketpair_dirty_shutdown", regress_bufferevent_openssl, 1017 TT_ISOLATED, &ssl_setup, 1018 T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_DIRTY_SHUTDOWN) }, 1019 { "bufferevent_filter_dirty_shutdown", regress_bufferevent_openssl, 1020 TT_ISOLATED, &ssl_setup, 1021 T(REGRESS_OPENSSL_FILTER | REGRESS_OPENSSL_DIRTY_SHUTDOWN) }, 1022 { "bufferevent_renegotiate_socketpair_dirty_shutdown", 1023 regress_bufferevent_openssl, 1024 TT_ISOLATED, 1025 &ssl_setup, 1026 T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_RENEGOTIATE | REGRESS_OPENSSL_DIRTY_SHUTDOWN) }, 1027 { "bufferevent_renegotiate_filter_dirty_shutdown", 1028 regress_bufferevent_openssl, 1029 TT_ISOLATED, 1030 &ssl_setup, 1031 T(REGRESS_OPENSSL_FILTER | REGRESS_OPENSSL_RENEGOTIATE | REGRESS_OPENSSL_DIRTY_SHUTDOWN) }, 1032 { "bufferevent_socketpair_startopen_dirty_shutdown", 1033 regress_bufferevent_openssl, 1034 TT_ISOLATED, &ssl_setup, 1035 T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_OPEN | REGRESS_OPENSSL_DIRTY_SHUTDOWN) }, 1036 { "bufferevent_filter_startopen_dirty_shutdown", 1037 regress_bufferevent_openssl, 1038 TT_ISOLATED, &ssl_setup, 1039 T(REGRESS_OPENSSL_FILTER | REGRESS_OPENSSL_OPEN | REGRESS_OPENSSL_DIRTY_SHUTDOWN) }, 1040 1041 { "bufferevent_socketpair_fd", regress_bufferevent_openssl, 1042 TT_ISOLATED, &ssl_setup, 1043 T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_FD) }, 1044 { "bufferevent_socketpair_freed", regress_bufferevent_openssl, 1045 TT_ISOLATED, &ssl_setup, 1046 T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_FREED) }, 1047 { "bufferevent_socketpair_freed_fd", regress_bufferevent_openssl, 1048 TT_ISOLATED, &ssl_setup, 1049 T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_FREED | REGRESS_OPENSSL_FD) }, 1050 { "bufferevent_filter_freed_fd", regress_bufferevent_openssl, 1051 TT_ISOLATED, &ssl_setup, 1052 T(REGRESS_OPENSSL_FILTER | REGRESS_OPENSSL_FREED | REGRESS_OPENSSL_FD) }, 1053 1054 { "bufferevent_socketpair_timeout", regress_bufferevent_openssl, 1055 TT_ISOLATED, &ssl_setup, 1056 T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_TIMEOUT) }, 1057 { "bufferevent_socketpair_timeout_freed_fd", regress_bufferevent_openssl, 1058 TT_ISOLATED, &ssl_setup, 1059 T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_TIMEOUT | REGRESS_OPENSSL_FREED | REGRESS_OPENSSL_FD) }, 1060 1061 { "bufferevent_connect", regress_bufferevent_openssl_connect, 1062 TT_FORK|TT_NEED_BASE, &ssl_setup, NULL }, 1063 { "bufferevent_connect_sleep", regress_bufferevent_openssl_connect, 1064 TT_FORK|TT_NEED_BASE, &ssl_setup, T(REGRESS_OPENSSL_SLEEP) }, 1065 1066 { "bufferevent_wm", regress_bufferevent_openssl_wm, 1067 TT_FORK|TT_NEED_BASE, &ssl_setup, NULL }, 1068 { "bufferevent_wm_filter", regress_bufferevent_openssl_wm, 1069 TT_FORK|TT_NEED_BASE, &ssl_setup, T(REGRESS_OPENSSL_FILTER) }, 1070 { "bufferevent_wm_defer", regress_bufferevent_openssl_wm, 1071 TT_FORK|TT_NEED_BASE, &ssl_setup, T(REGRESS_DEFERRED_CALLBACKS) }, 1072 { "bufferevent_wm_filter_defer", regress_bufferevent_openssl_wm, 1073 TT_FORK|TT_NEED_BASE, &ssl_setup, T(REGRESS_OPENSSL_FILTER|REGRESS_DEFERRED_CALLBACKS) }, 1074 1075 #undef T 1076 1077 END_OF_TESTCASES, 1078 }; 1079