1*2b15cb3dSCy Schubert /* 2*2b15cb3dSCy Schubert * Copyright (c) 2009-2012 Niels Provos and Nick Mathewson 3*2b15cb3dSCy Schubert * 4*2b15cb3dSCy Schubert * Redistribution and use in source and binary forms, with or without 5*2b15cb3dSCy Schubert * modification, are permitted provided that the following conditions 6*2b15cb3dSCy Schubert * are met: 7*2b15cb3dSCy Schubert * 1. Redistributions of source code must retain the above copyright 8*2b15cb3dSCy Schubert * notice, this list of conditions and the following disclaimer. 9*2b15cb3dSCy Schubert * 2. Redistributions in binary form must reproduce the above copyright 10*2b15cb3dSCy Schubert * notice, this list of conditions and the following disclaimer in the 11*2b15cb3dSCy Schubert * documentation and/or other materials provided with the distribution. 12*2b15cb3dSCy Schubert * 3. The name of the author may not be used to endorse or promote products 13*2b15cb3dSCy Schubert * derived from this software without specific prior written permission. 14*2b15cb3dSCy Schubert * 15*2b15cb3dSCy Schubert * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16*2b15cb3dSCy Schubert * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17*2b15cb3dSCy Schubert * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18*2b15cb3dSCy Schubert * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19*2b15cb3dSCy Schubert * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20*2b15cb3dSCy Schubert * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21*2b15cb3dSCy Schubert * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22*2b15cb3dSCy Schubert * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23*2b15cb3dSCy Schubert * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24*2b15cb3dSCy Schubert * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25*2b15cb3dSCy Schubert */ 26*2b15cb3dSCy Schubert 27*2b15cb3dSCy Schubert // Get rid of OSX 10.7 and greater deprecation warnings. 28*2b15cb3dSCy Schubert #if defined(__APPLE__) && defined(__clang__) 29*2b15cb3dSCy Schubert #pragma clang diagnostic ignored "-Wdeprecated-declarations" 30*2b15cb3dSCy Schubert #endif 31*2b15cb3dSCy Schubert 32*2b15cb3dSCy Schubert #ifdef _WIN32 33*2b15cb3dSCy Schubert #include <winsock2.h> 34*2b15cb3dSCy Schubert #include <windows.h> 35*2b15cb3dSCy Schubert #endif 36*2b15cb3dSCy Schubert 37*2b15cb3dSCy Schubert #ifndef _WIN32 38*2b15cb3dSCy Schubert #include <sys/types.h> 39*2b15cb3dSCy Schubert #include <sys/socket.h> 40*2b15cb3dSCy Schubert #include <netinet/in.h> 41*2b15cb3dSCy Schubert #endif 42*2b15cb3dSCy Schubert 43*2b15cb3dSCy Schubert #include "event2/util.h" 44*2b15cb3dSCy Schubert #include "event2/event.h" 45*2b15cb3dSCy Schubert #include "event2/bufferevent_ssl.h" 46*2b15cb3dSCy Schubert #include "event2/buffer.h" 47*2b15cb3dSCy Schubert #include "event2/listener.h" 48*2b15cb3dSCy Schubert 49*2b15cb3dSCy Schubert #include "regress.h" 50*2b15cb3dSCy Schubert #include "tinytest.h" 51*2b15cb3dSCy Schubert #include "tinytest_macros.h" 52*2b15cb3dSCy Schubert 53*2b15cb3dSCy Schubert #include <openssl/ssl.h> 54*2b15cb3dSCy Schubert #include <openssl/bio.h> 55*2b15cb3dSCy Schubert #include <openssl/err.h> 56*2b15cb3dSCy Schubert #include <openssl/pem.h> 57*2b15cb3dSCy Schubert 58*2b15cb3dSCy Schubert #include <string.h> 59*2b15cb3dSCy Schubert 60*2b15cb3dSCy Schubert /* A short pre-generated key, to save the cost of doing an RSA key generation 61*2b15cb3dSCy Schubert * step during the unit tests. It's only 512 bits long, and it is published 62*2b15cb3dSCy Schubert * in this file, so you would have to be very foolish to consider using it in 63*2b15cb3dSCy Schubert * your own code. */ 64*2b15cb3dSCy Schubert static const char KEY[] = 65*2b15cb3dSCy Schubert "-----BEGIN RSA PRIVATE KEY-----\n" 66*2b15cb3dSCy Schubert "MIIBOgIBAAJBAKibTEzXjj+sqpipePX1lEk5BNFuL/dDBbw8QCXgaJWikOiKHeJq\n" 67*2b15cb3dSCy Schubert "3FQ0OmCnmpkdsPFE4x3ojYmmdgE2i0dJwq0CAwEAAQJAZ08gpUS+qE1IClps/2gG\n" 68*2b15cb3dSCy Schubert "AAer6Bc31K2AaiIQvCSQcH440cp062QtWMC3V5sEoWmdLsbAHFH26/9ZHn5zAflp\n" 69*2b15cb3dSCy Schubert "gQIhANWOx/UYeR8HD0WREU5kcuSzgzNLwUErHLzxP7U6aojpAiEAyh2H35CjN/P7\n" 70*2b15cb3dSCy Schubert "NhcZ4QYw3PeUWpqgJnaE/4i80BSYkSUCIQDLHFhLYLJZ80HwHTADif/ISn9/Ow6b\n" 71*2b15cb3dSCy Schubert "p6BWh3DbMar/eQIgBPS6azH5vpp983KXkNv9AL4VZi9ac/b+BeINdzC6GP0CIDmB\n" 72*2b15cb3dSCy Schubert "U6GFEQTZ3IfuiVabG5pummdC4DNbcdI+WKrSFNmQ\n" 73*2b15cb3dSCy Schubert "-----END RSA PRIVATE KEY-----\n"; 74*2b15cb3dSCy Schubert 75*2b15cb3dSCy Schubert static EVP_PKEY * 76*2b15cb3dSCy Schubert getkey(void) 77*2b15cb3dSCy Schubert { 78*2b15cb3dSCy Schubert EVP_PKEY *key; 79*2b15cb3dSCy Schubert BIO *bio; 80*2b15cb3dSCy Schubert 81*2b15cb3dSCy Schubert /* new read-only BIO backed by KEY. */ 82*2b15cb3dSCy Schubert bio = BIO_new_mem_buf((char*)KEY, -1); 83*2b15cb3dSCy Schubert tt_assert(bio); 84*2b15cb3dSCy Schubert 85*2b15cb3dSCy Schubert key = PEM_read_bio_PrivateKey(bio,NULL,NULL,NULL); 86*2b15cb3dSCy Schubert BIO_free(bio); 87*2b15cb3dSCy Schubert tt_assert(key); 88*2b15cb3dSCy Schubert 89*2b15cb3dSCy Schubert return key; 90*2b15cb3dSCy Schubert end: 91*2b15cb3dSCy Schubert return NULL; 92*2b15cb3dSCy Schubert } 93*2b15cb3dSCy Schubert 94*2b15cb3dSCy Schubert static X509 * 95*2b15cb3dSCy Schubert getcert(void) 96*2b15cb3dSCy Schubert { 97*2b15cb3dSCy Schubert /* Dummy code to make a quick-and-dirty valid certificate with 98*2b15cb3dSCy Schubert OpenSSL. Don't copy this code into your own program! It does a 99*2b15cb3dSCy Schubert number of things in a stupid and insecure way. */ 100*2b15cb3dSCy Schubert X509 *x509 = NULL; 101*2b15cb3dSCy Schubert X509_NAME *name = NULL; 102*2b15cb3dSCy Schubert EVP_PKEY *key = getkey(); 103*2b15cb3dSCy Schubert int nid; 104*2b15cb3dSCy Schubert time_t now = time(NULL); 105*2b15cb3dSCy Schubert 106*2b15cb3dSCy Schubert tt_assert(key); 107*2b15cb3dSCy Schubert 108*2b15cb3dSCy Schubert x509 = X509_new(); 109*2b15cb3dSCy Schubert tt_assert(x509); 110*2b15cb3dSCy Schubert tt_assert(0 != X509_set_version(x509, 2)); 111*2b15cb3dSCy Schubert tt_assert(0 != ASN1_INTEGER_set(X509_get_serialNumber(x509), 112*2b15cb3dSCy Schubert (long)now)); 113*2b15cb3dSCy Schubert 114*2b15cb3dSCy Schubert name = X509_NAME_new(); 115*2b15cb3dSCy Schubert tt_assert(name); 116*2b15cb3dSCy Schubert nid = OBJ_txt2nid("commonName"); 117*2b15cb3dSCy Schubert tt_assert(NID_undef != nid); 118*2b15cb3dSCy Schubert tt_assert(0 != X509_NAME_add_entry_by_NID( 119*2b15cb3dSCy Schubert name, nid, MBSTRING_ASC, (unsigned char*)"example.com", 120*2b15cb3dSCy Schubert -1, -1, 0)); 121*2b15cb3dSCy Schubert 122*2b15cb3dSCy Schubert X509_set_subject_name(x509, name); 123*2b15cb3dSCy Schubert X509_set_issuer_name(x509, name); 124*2b15cb3dSCy Schubert 125*2b15cb3dSCy Schubert X509_time_adj(X509_get_notBefore(x509), 0, &now); 126*2b15cb3dSCy Schubert now += 3600; 127*2b15cb3dSCy Schubert X509_time_adj(X509_get_notAfter(x509), 0, &now); 128*2b15cb3dSCy Schubert X509_set_pubkey(x509, key); 129*2b15cb3dSCy Schubert tt_assert(0 != X509_sign(x509, key, EVP_sha1())); 130*2b15cb3dSCy Schubert 131*2b15cb3dSCy Schubert return x509; 132*2b15cb3dSCy Schubert end: 133*2b15cb3dSCy Schubert X509_free(x509); 134*2b15cb3dSCy Schubert return NULL; 135*2b15cb3dSCy Schubert } 136*2b15cb3dSCy Schubert 137*2b15cb3dSCy Schubert static int disable_tls_11_and_12 = 0; 138*2b15cb3dSCy Schubert static SSL_CTX *the_ssl_ctx = NULL; 139*2b15cb3dSCy Schubert 140*2b15cb3dSCy Schubert static SSL_CTX * 141*2b15cb3dSCy Schubert get_ssl_ctx(void) 142*2b15cb3dSCy Schubert { 143*2b15cb3dSCy Schubert if (the_ssl_ctx) 144*2b15cb3dSCy Schubert return the_ssl_ctx; 145*2b15cb3dSCy Schubert the_ssl_ctx = SSL_CTX_new(SSLv23_method()); 146*2b15cb3dSCy Schubert if (!the_ssl_ctx) 147*2b15cb3dSCy Schubert return NULL; 148*2b15cb3dSCy Schubert if (disable_tls_11_and_12) { 149*2b15cb3dSCy Schubert #ifdef SSL_OP_NO_TLSv1_2 150*2b15cb3dSCy Schubert SSL_CTX_set_options(the_ssl_ctx, SSL_OP_NO_TLSv1_2); 151*2b15cb3dSCy Schubert #endif 152*2b15cb3dSCy Schubert #ifdef SSL_OP_NO_TLSv1_1 153*2b15cb3dSCy Schubert SSL_CTX_set_options(the_ssl_ctx, SSL_OP_NO_TLSv1_1); 154*2b15cb3dSCy Schubert #endif 155*2b15cb3dSCy Schubert } 156*2b15cb3dSCy Schubert return the_ssl_ctx; 157*2b15cb3dSCy Schubert } 158*2b15cb3dSCy Schubert 159*2b15cb3dSCy Schubert static void 160*2b15cb3dSCy Schubert init_ssl(void) 161*2b15cb3dSCy Schubert { 162*2b15cb3dSCy Schubert SSL_library_init(); 163*2b15cb3dSCy Schubert ERR_load_crypto_strings(); 164*2b15cb3dSCy Schubert SSL_load_error_strings(); 165*2b15cb3dSCy Schubert OpenSSL_add_all_algorithms(); 166*2b15cb3dSCy Schubert if (SSLeay() != OPENSSL_VERSION_NUMBER) { 167*2b15cb3dSCy Schubert TT_DECLARE("WARN", ("Version mismatch for openssl: compiled with %lx but running with %lx", (unsigned long)OPENSSL_VERSION_NUMBER, (unsigned long) SSLeay())); 168*2b15cb3dSCy Schubert } 169*2b15cb3dSCy Schubert } 170*2b15cb3dSCy Schubert 171*2b15cb3dSCy Schubert /* ==================== 172*2b15cb3dSCy Schubert Here's a simple test: we read a number from the input, increment it, and 173*2b15cb3dSCy Schubert reply, until we get to 1001. 174*2b15cb3dSCy Schubert */ 175*2b15cb3dSCy Schubert 176*2b15cb3dSCy Schubert static int test_is_done = 0; 177*2b15cb3dSCy Schubert static int n_connected = 0; 178*2b15cb3dSCy Schubert static int got_close = 0; 179*2b15cb3dSCy Schubert static int got_error = 0; 180*2b15cb3dSCy Schubert static int renegotiate_at = -1; 181*2b15cb3dSCy Schubert static int stop_when_connected = 0; 182*2b15cb3dSCy Schubert static int pending_connect_events = 0; 183*2b15cb3dSCy Schubert static struct event_base *exit_base = NULL; 184*2b15cb3dSCy Schubert 185*2b15cb3dSCy Schubert static void 186*2b15cb3dSCy Schubert respond_to_number(struct bufferevent *bev, void *ctx) 187*2b15cb3dSCy Schubert { 188*2b15cb3dSCy Schubert struct evbuffer *b = bufferevent_get_input(bev); 189*2b15cb3dSCy Schubert char *line; 190*2b15cb3dSCy Schubert int n; 191*2b15cb3dSCy Schubert line = evbuffer_readln(b, NULL, EVBUFFER_EOL_LF); 192*2b15cb3dSCy Schubert if (! line) 193*2b15cb3dSCy Schubert return; 194*2b15cb3dSCy Schubert n = atoi(line); 195*2b15cb3dSCy Schubert if (n <= 0) 196*2b15cb3dSCy Schubert TT_FAIL(("Bad number: %s", line)); 197*2b15cb3dSCy Schubert TT_BLATHER(("The number was %d", n)); 198*2b15cb3dSCy Schubert if (n == 1001) { 199*2b15cb3dSCy Schubert ++test_is_done; 200*2b15cb3dSCy Schubert bufferevent_free(bev); /* Should trigger close on other side. */ 201*2b15cb3dSCy Schubert return; 202*2b15cb3dSCy Schubert } 203*2b15cb3dSCy Schubert if (!strcmp(ctx, "client") && n == renegotiate_at) { 204*2b15cb3dSCy Schubert SSL_renegotiate(bufferevent_openssl_get_ssl(bev)); 205*2b15cb3dSCy Schubert } 206*2b15cb3dSCy Schubert ++n; 207*2b15cb3dSCy Schubert evbuffer_add_printf(bufferevent_get_output(bev), 208*2b15cb3dSCy Schubert "%d\n", n); 209*2b15cb3dSCy Schubert TT_BLATHER(("Done reading; now writing.")); 210*2b15cb3dSCy Schubert bufferevent_enable(bev, EV_WRITE); 211*2b15cb3dSCy Schubert bufferevent_disable(bev, EV_READ); 212*2b15cb3dSCy Schubert } 213*2b15cb3dSCy Schubert 214*2b15cb3dSCy Schubert static void 215*2b15cb3dSCy Schubert done_writing_cb(struct bufferevent *bev, void *ctx) 216*2b15cb3dSCy Schubert { 217*2b15cb3dSCy Schubert struct evbuffer *b = bufferevent_get_output(bev); 218*2b15cb3dSCy Schubert if (evbuffer_get_length(b)) 219*2b15cb3dSCy Schubert return; 220*2b15cb3dSCy Schubert TT_BLATHER(("Done writing.")); 221*2b15cb3dSCy Schubert bufferevent_disable(bev, EV_WRITE); 222*2b15cb3dSCy Schubert bufferevent_enable(bev, EV_READ); 223*2b15cb3dSCy Schubert } 224*2b15cb3dSCy Schubert 225*2b15cb3dSCy Schubert static void 226*2b15cb3dSCy Schubert eventcb(struct bufferevent *bev, short what, void *ctx) 227*2b15cb3dSCy Schubert { 228*2b15cb3dSCy Schubert TT_BLATHER(("Got event %d", (int)what)); 229*2b15cb3dSCy Schubert if (what & BEV_EVENT_CONNECTED) { 230*2b15cb3dSCy Schubert SSL *ssl; 231*2b15cb3dSCy Schubert X509 *peer_cert; 232*2b15cb3dSCy Schubert ++n_connected; 233*2b15cb3dSCy Schubert ssl = bufferevent_openssl_get_ssl(bev); 234*2b15cb3dSCy Schubert tt_assert(ssl); 235*2b15cb3dSCy Schubert peer_cert = SSL_get_peer_certificate(ssl); 236*2b15cb3dSCy Schubert if (0==strcmp(ctx, "server")) { 237*2b15cb3dSCy Schubert tt_assert(peer_cert == NULL); 238*2b15cb3dSCy Schubert } else { 239*2b15cb3dSCy Schubert tt_assert(peer_cert != NULL); 240*2b15cb3dSCy Schubert } 241*2b15cb3dSCy Schubert if (stop_when_connected) { 242*2b15cb3dSCy Schubert if (--pending_connect_events == 0) 243*2b15cb3dSCy Schubert event_base_loopexit(exit_base, NULL); 244*2b15cb3dSCy Schubert } 245*2b15cb3dSCy Schubert } else if (what & BEV_EVENT_EOF) { 246*2b15cb3dSCy Schubert TT_BLATHER(("Got a good EOF")); 247*2b15cb3dSCy Schubert ++got_close; 248*2b15cb3dSCy Schubert bufferevent_free(bev); 249*2b15cb3dSCy Schubert } else if (what & BEV_EVENT_ERROR) { 250*2b15cb3dSCy Schubert TT_BLATHER(("Got an error.")); 251*2b15cb3dSCy Schubert ++got_error; 252*2b15cb3dSCy Schubert bufferevent_free(bev); 253*2b15cb3dSCy Schubert } 254*2b15cb3dSCy Schubert end: 255*2b15cb3dSCy Schubert ; 256*2b15cb3dSCy Schubert } 257*2b15cb3dSCy Schubert 258*2b15cb3dSCy Schubert static void 259*2b15cb3dSCy Schubert open_ssl_bufevs(struct bufferevent **bev1_out, struct bufferevent **bev2_out, 260*2b15cb3dSCy Schubert struct event_base *base, int is_open, int flags, SSL *ssl1, SSL *ssl2, 261*2b15cb3dSCy Schubert evutil_socket_t *fd_pair, struct bufferevent **underlying_pair) 262*2b15cb3dSCy Schubert { 263*2b15cb3dSCy Schubert int state1 = is_open ? BUFFEREVENT_SSL_OPEN :BUFFEREVENT_SSL_CONNECTING; 264*2b15cb3dSCy Schubert int state2 = is_open ? BUFFEREVENT_SSL_OPEN :BUFFEREVENT_SSL_ACCEPTING; 265*2b15cb3dSCy Schubert if (fd_pair) { 266*2b15cb3dSCy Schubert *bev1_out = bufferevent_openssl_socket_new( 267*2b15cb3dSCy Schubert base, fd_pair[0], ssl1, state1, flags); 268*2b15cb3dSCy Schubert *bev2_out = bufferevent_openssl_socket_new( 269*2b15cb3dSCy Schubert base, fd_pair[1], ssl2, state2, flags); 270*2b15cb3dSCy Schubert } else { 271*2b15cb3dSCy Schubert *bev1_out = bufferevent_openssl_filter_new( 272*2b15cb3dSCy Schubert base, underlying_pair[0], ssl1, state1, flags); 273*2b15cb3dSCy Schubert *bev2_out = bufferevent_openssl_filter_new( 274*2b15cb3dSCy Schubert base, underlying_pair[1], ssl2, state2, flags); 275*2b15cb3dSCy Schubert 276*2b15cb3dSCy Schubert } 277*2b15cb3dSCy Schubert bufferevent_setcb(*bev1_out, respond_to_number, done_writing_cb, 278*2b15cb3dSCy Schubert eventcb, (void*)"client"); 279*2b15cb3dSCy Schubert bufferevent_setcb(*bev2_out, respond_to_number, done_writing_cb, 280*2b15cb3dSCy Schubert eventcb, (void*)"server"); 281*2b15cb3dSCy Schubert } 282*2b15cb3dSCy Schubert 283*2b15cb3dSCy Schubert static void 284*2b15cb3dSCy Schubert regress_bufferevent_openssl(void *arg) 285*2b15cb3dSCy Schubert { 286*2b15cb3dSCy Schubert struct basic_test_data *data = arg; 287*2b15cb3dSCy Schubert 288*2b15cb3dSCy Schubert struct bufferevent *bev1, *bev2; 289*2b15cb3dSCy Schubert SSL *ssl1, *ssl2; 290*2b15cb3dSCy Schubert X509 *cert = getcert(); 291*2b15cb3dSCy Schubert EVP_PKEY *key = getkey(); 292*2b15cb3dSCy Schubert const int start_open = strstr((char*)data->setup_data, "open")!=NULL; 293*2b15cb3dSCy Schubert const int filter = strstr((char*)data->setup_data, "filter")!=NULL; 294*2b15cb3dSCy Schubert int flags = BEV_OPT_DEFER_CALLBACKS; 295*2b15cb3dSCy Schubert struct bufferevent *bev_ll[2] = { NULL, NULL }; 296*2b15cb3dSCy Schubert evutil_socket_t *fd_pair = NULL; 297*2b15cb3dSCy Schubert 298*2b15cb3dSCy Schubert tt_assert(cert); 299*2b15cb3dSCy Schubert tt_assert(key); 300*2b15cb3dSCy Schubert 301*2b15cb3dSCy Schubert init_ssl(); 302*2b15cb3dSCy Schubert 303*2b15cb3dSCy Schubert if (strstr((char*)data->setup_data, "renegotiate")) { 304*2b15cb3dSCy Schubert if (SSLeay() >= 0x10001000 && 305*2b15cb3dSCy Schubert SSLeay() < 0x1000104f) { 306*2b15cb3dSCy Schubert /* 1.0.1 up to 1.0.1c has a bug where TLS1.1 and 1.2 307*2b15cb3dSCy Schubert * can't renegotiate with themselves. Disable. */ 308*2b15cb3dSCy Schubert disable_tls_11_and_12 = 1; 309*2b15cb3dSCy Schubert } 310*2b15cb3dSCy Schubert renegotiate_at = 600; 311*2b15cb3dSCy Schubert } 312*2b15cb3dSCy Schubert 313*2b15cb3dSCy Schubert ssl1 = SSL_new(get_ssl_ctx()); 314*2b15cb3dSCy Schubert ssl2 = SSL_new(get_ssl_ctx()); 315*2b15cb3dSCy Schubert 316*2b15cb3dSCy Schubert SSL_use_certificate(ssl2, cert); 317*2b15cb3dSCy Schubert SSL_use_PrivateKey(ssl2, key); 318*2b15cb3dSCy Schubert 319*2b15cb3dSCy Schubert if (! start_open) 320*2b15cb3dSCy Schubert flags |= BEV_OPT_CLOSE_ON_FREE; 321*2b15cb3dSCy Schubert 322*2b15cb3dSCy Schubert if (!filter) { 323*2b15cb3dSCy Schubert tt_assert(strstr((char*)data->setup_data, "socketpair")); 324*2b15cb3dSCy Schubert fd_pair = data->pair; 325*2b15cb3dSCy Schubert } else { 326*2b15cb3dSCy Schubert bev_ll[0] = bufferevent_socket_new(data->base, data->pair[0], 327*2b15cb3dSCy Schubert BEV_OPT_CLOSE_ON_FREE); 328*2b15cb3dSCy Schubert bev_ll[1] = bufferevent_socket_new(data->base, data->pair[1], 329*2b15cb3dSCy Schubert BEV_OPT_CLOSE_ON_FREE); 330*2b15cb3dSCy Schubert } 331*2b15cb3dSCy Schubert 332*2b15cb3dSCy Schubert open_ssl_bufevs(&bev1, &bev2, data->base, 0, flags, ssl1, ssl2, 333*2b15cb3dSCy Schubert fd_pair, bev_ll); 334*2b15cb3dSCy Schubert 335*2b15cb3dSCy Schubert if (!filter) { 336*2b15cb3dSCy Schubert tt_int_op(bufferevent_getfd(bev1), ==, data->pair[0]); 337*2b15cb3dSCy Schubert } else { 338*2b15cb3dSCy Schubert tt_ptr_op(bufferevent_get_underlying(bev1), ==, bev_ll[0]); 339*2b15cb3dSCy Schubert } 340*2b15cb3dSCy Schubert 341*2b15cb3dSCy Schubert if (start_open) { 342*2b15cb3dSCy Schubert pending_connect_events = 2; 343*2b15cb3dSCy Schubert stop_when_connected = 1; 344*2b15cb3dSCy Schubert exit_base = data->base; 345*2b15cb3dSCy Schubert event_base_dispatch(data->base); 346*2b15cb3dSCy Schubert /* Okay, now the renegotiation is done. Make new 347*2b15cb3dSCy Schubert * bufferevents to test opening in BUFFEREVENT_SSL_OPEN */ 348*2b15cb3dSCy Schubert flags |= BEV_OPT_CLOSE_ON_FREE; 349*2b15cb3dSCy Schubert bufferevent_free(bev1); 350*2b15cb3dSCy Schubert bufferevent_free(bev2); 351*2b15cb3dSCy Schubert bev1 = bev2 = NULL; 352*2b15cb3dSCy Schubert open_ssl_bufevs(&bev1, &bev2, data->base, 1, flags, ssl1, ssl2, 353*2b15cb3dSCy Schubert fd_pair, bev_ll); 354*2b15cb3dSCy Schubert } 355*2b15cb3dSCy Schubert 356*2b15cb3dSCy Schubert bufferevent_enable(bev1, EV_READ|EV_WRITE); 357*2b15cb3dSCy Schubert bufferevent_enable(bev2, EV_READ|EV_WRITE); 358*2b15cb3dSCy Schubert 359*2b15cb3dSCy Schubert evbuffer_add_printf(bufferevent_get_output(bev1), "1\n"); 360*2b15cb3dSCy Schubert 361*2b15cb3dSCy Schubert event_base_dispatch(data->base); 362*2b15cb3dSCy Schubert 363*2b15cb3dSCy Schubert tt_assert(test_is_done == 1); 364*2b15cb3dSCy Schubert tt_assert(n_connected == 2); 365*2b15cb3dSCy Schubert 366*2b15cb3dSCy Schubert /* We don't handle shutdown properly yet. 367*2b15cb3dSCy Schubert tt_int_op(got_close, ==, 1); 368*2b15cb3dSCy Schubert tt_int_op(got_error, ==, 0); 369*2b15cb3dSCy Schubert */ 370*2b15cb3dSCy Schubert end: 371*2b15cb3dSCy Schubert return; 372*2b15cb3dSCy Schubert } 373*2b15cb3dSCy Schubert 374*2b15cb3dSCy Schubert static void 375*2b15cb3dSCy Schubert acceptcb(struct evconnlistener *listener, evutil_socket_t fd, 376*2b15cb3dSCy Schubert struct sockaddr *addr, int socklen, void *arg) 377*2b15cb3dSCy Schubert { 378*2b15cb3dSCy Schubert struct basic_test_data *data = arg; 379*2b15cb3dSCy Schubert struct bufferevent *bev; 380*2b15cb3dSCy Schubert SSL *ssl = SSL_new(get_ssl_ctx()); 381*2b15cb3dSCy Schubert 382*2b15cb3dSCy Schubert SSL_use_certificate(ssl, getcert()); 383*2b15cb3dSCy Schubert SSL_use_PrivateKey(ssl, getkey()); 384*2b15cb3dSCy Schubert 385*2b15cb3dSCy Schubert bev = bufferevent_openssl_socket_new( 386*2b15cb3dSCy Schubert data->base, 387*2b15cb3dSCy Schubert fd, 388*2b15cb3dSCy Schubert ssl, 389*2b15cb3dSCy Schubert BUFFEREVENT_SSL_ACCEPTING, 390*2b15cb3dSCy Schubert BEV_OPT_CLOSE_ON_FREE|BEV_OPT_DEFER_CALLBACKS); 391*2b15cb3dSCy Schubert 392*2b15cb3dSCy Schubert bufferevent_setcb(bev, respond_to_number, NULL, eventcb, 393*2b15cb3dSCy Schubert (void*)"server"); 394*2b15cb3dSCy Schubert 395*2b15cb3dSCy Schubert bufferevent_enable(bev, EV_READ|EV_WRITE); 396*2b15cb3dSCy Schubert 397*2b15cb3dSCy Schubert /* Only accept once, then disable ourself. */ 398*2b15cb3dSCy Schubert evconnlistener_disable(listener); 399*2b15cb3dSCy Schubert } 400*2b15cb3dSCy Schubert 401*2b15cb3dSCy Schubert static void 402*2b15cb3dSCy Schubert regress_bufferevent_openssl_connect(void *arg) 403*2b15cb3dSCy Schubert { 404*2b15cb3dSCy Schubert struct basic_test_data *data = arg; 405*2b15cb3dSCy Schubert 406*2b15cb3dSCy Schubert struct event_base *base = data->base; 407*2b15cb3dSCy Schubert 408*2b15cb3dSCy Schubert struct evconnlistener *listener; 409*2b15cb3dSCy Schubert struct bufferevent *bev; 410*2b15cb3dSCy Schubert struct sockaddr_in sin; 411*2b15cb3dSCy Schubert struct sockaddr_storage ss; 412*2b15cb3dSCy Schubert ev_socklen_t slen; 413*2b15cb3dSCy Schubert 414*2b15cb3dSCy Schubert init_ssl(); 415*2b15cb3dSCy Schubert 416*2b15cb3dSCy Schubert memset(&sin, 0, sizeof(sin)); 417*2b15cb3dSCy Schubert sin.sin_family = AF_INET; 418*2b15cb3dSCy Schubert sin.sin_addr.s_addr = htonl(0x7f000001); 419*2b15cb3dSCy Schubert 420*2b15cb3dSCy Schubert memset(&ss, 0, sizeof(ss)); 421*2b15cb3dSCy Schubert slen = sizeof(ss); 422*2b15cb3dSCy Schubert 423*2b15cb3dSCy Schubert listener = evconnlistener_new_bind(base, acceptcb, data, 424*2b15cb3dSCy Schubert LEV_OPT_CLOSE_ON_FREE|LEV_OPT_REUSEABLE, 425*2b15cb3dSCy Schubert -1, (struct sockaddr *)&sin, sizeof(sin)); 426*2b15cb3dSCy Schubert 427*2b15cb3dSCy Schubert tt_assert(listener); 428*2b15cb3dSCy Schubert tt_assert(evconnlistener_get_fd(listener) >= 0); 429*2b15cb3dSCy Schubert 430*2b15cb3dSCy Schubert bev = bufferevent_openssl_socket_new( 431*2b15cb3dSCy Schubert data->base, -1, SSL_new(get_ssl_ctx()), 432*2b15cb3dSCy Schubert BUFFEREVENT_SSL_CONNECTING, 433*2b15cb3dSCy Schubert BEV_OPT_CLOSE_ON_FREE|BEV_OPT_DEFER_CALLBACKS); 434*2b15cb3dSCy Schubert tt_assert(bev); 435*2b15cb3dSCy Schubert 436*2b15cb3dSCy Schubert bufferevent_setcb(bev, respond_to_number, NULL, eventcb, 437*2b15cb3dSCy Schubert (void*)"client"); 438*2b15cb3dSCy Schubert 439*2b15cb3dSCy Schubert tt_assert(getsockname(evconnlistener_get_fd(listener), 440*2b15cb3dSCy Schubert (struct sockaddr*)&ss, &slen) == 0); 441*2b15cb3dSCy Schubert tt_assert(slen == sizeof(struct sockaddr_in)); 442*2b15cb3dSCy Schubert tt_int_op(((struct sockaddr*)&ss)->sa_family, ==, AF_INET); 443*2b15cb3dSCy Schubert tt_int_op(((struct sockaddr*)&ss)->sa_family, ==, AF_INET); 444*2b15cb3dSCy Schubert 445*2b15cb3dSCy Schubert tt_assert(0 == 446*2b15cb3dSCy Schubert bufferevent_socket_connect(bev, (struct sockaddr*)&ss, slen)); 447*2b15cb3dSCy Schubert evbuffer_add_printf(bufferevent_get_output(bev), "1\n"); 448*2b15cb3dSCy Schubert bufferevent_enable(bev, EV_READ|EV_WRITE); 449*2b15cb3dSCy Schubert 450*2b15cb3dSCy Schubert event_base_dispatch(base); 451*2b15cb3dSCy Schubert end: 452*2b15cb3dSCy Schubert ; 453*2b15cb3dSCy Schubert } 454*2b15cb3dSCy Schubert 455*2b15cb3dSCy Schubert struct testcase_t ssl_testcases[] = { 456*2b15cb3dSCy Schubert 457*2b15cb3dSCy Schubert { "bufferevent_socketpair", regress_bufferevent_openssl, TT_ISOLATED, 458*2b15cb3dSCy Schubert &basic_setup, (void*)"socketpair" }, 459*2b15cb3dSCy Schubert { "bufferevent_filter", regress_bufferevent_openssl, 460*2b15cb3dSCy Schubert TT_ISOLATED, 461*2b15cb3dSCy Schubert &basic_setup, (void*)"filter" }, 462*2b15cb3dSCy Schubert { "bufferevent_renegotiate_socketpair", regress_bufferevent_openssl, 463*2b15cb3dSCy Schubert TT_ISOLATED, 464*2b15cb3dSCy Schubert &basic_setup, (void*)"socketpair renegotiate" }, 465*2b15cb3dSCy Schubert { "bufferevent_renegotiate_filter", regress_bufferevent_openssl, 466*2b15cb3dSCy Schubert TT_ISOLATED, 467*2b15cb3dSCy Schubert &basic_setup, (void*)"filter renegotiate" }, 468*2b15cb3dSCy Schubert { "bufferevent_socketpair_startopen", regress_bufferevent_openssl, 469*2b15cb3dSCy Schubert TT_ISOLATED, &basic_setup, (void*)"socketpair open" }, 470*2b15cb3dSCy Schubert { "bufferevent_filter_startopen", regress_bufferevent_openssl, 471*2b15cb3dSCy Schubert TT_ISOLATED, &basic_setup, (void*)"filter open" }, 472*2b15cb3dSCy Schubert 473*2b15cb3dSCy Schubert { "bufferevent_connect", regress_bufferevent_openssl_connect, 474*2b15cb3dSCy Schubert TT_FORK|TT_NEED_BASE, &basic_setup, NULL }, 475*2b15cb3dSCy Schubert 476*2b15cb3dSCy Schubert END_OF_TESTCASES, 477*2b15cb3dSCy Schubert }; 478