1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause 3 * 4 * Copyright (c) 2026 Gleb Smirnoff <glebius@FreeBSD.org> 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE 19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25 * SUCH DAMAGE. 26 */ 27 28 #include <sys/ioctl.h> 29 #include <sys/socket.h> 30 #include <sys/sysctl.h> 31 #include <sys/mman.h> 32 #include <netinet/in.h> 33 #include <fcntl.h> 34 #include <stdlib.h> 35 #include <poll.h> 36 #include <pthread.h> 37 38 #include <openssl/ssl.h> 39 #include <openssl/err.h> 40 #include <openssl/bio.h> 41 #include <openssl/x509v3.h> 42 43 #include <atf-c.h> 44 45 #define FSIZE (size_t)(2 * 1024 * 1024) 46 47 struct ctx { 48 EVP_PKEY *pkey; /* Self-signed key ... */ 49 X509 *cert; /* ... and certificate */ 50 SSL_CTX *ctx; /* client context */ 51 SSL *cln; /* client connection */ 52 SSL *srv; /* server connection */ 53 int cs; /* client socket */ 54 int ss; /* server socket */ 55 int fd; /* test file descriptor */ 56 void *mfd; /* mapped contents of the test file */ 57 uint16_t port; /* server listening port */ 58 pthread_t thr; /* server thread */ 59 off_t offset; /* SSL_sendfile offset */ 60 size_t size; /* SSL_sendfile size */ 61 bool nb; /* SSL_sendfile mode */ 62 ossl_ssize_t sbytes; /* SSL_sendfile returned sbytes */ 63 enum { 64 INIT, 65 READY, 66 RUNNING, 67 EXITING, 68 } state; 69 pthread_mutex_t mtx; 70 pthread_cond_t cv; 71 }; 72 73 static void *server_thread(void *arg); 74 75 static void 76 common_init(struct ctx *c) 77 { 78 char hostname[sizeof("localhost:65536")]; 79 char tempname[] = "/tmp/ssl_sendfile_test.XXXXXXXXXX"; 80 X509_NAME *name; 81 X509_EXTENSION *ext; 82 SSL *ssl; 83 bool enable; 84 size_t len = sizeof(enable); 85 86 if (sysctlbyname("kern.ipc.tls.enable", &enable, &len, NULL, 0) == -1) { 87 if (errno == ENOENT) 88 atf_tc_skip("kernel does not have options KERN_TLS"); 89 atf_libc_error(errno, "Failed to read kern.ipc.tls.enable"); 90 } 91 if (!enable) 92 atf_tc_skip("kern.ipc.tls.enable is off"); 93 94 c->state = INIT; 95 96 /* 97 * Generate self signed key & certificate. 98 */ 99 SSL_library_init(); 100 OpenSSL_add_all_algorithms(); 101 SSL_load_error_strings(); 102 ATF_REQUIRE(c->pkey = EVP_RSA_gen(2048)); 103 ATF_REQUIRE(c->cert = X509_new()); 104 ASN1_INTEGER_set(X509_get_serialNumber(c->cert), 1); 105 X509_set_version(c->cert, 2); 106 X509_gmtime_adj(X509_get_notBefore(c->cert), 0); 107 X509_gmtime_adj(X509_get_notAfter(c->cert), 60L*60*24*365); 108 X509_set_pubkey(c->cert, c->pkey); 109 name = X509_get_subject_name(c->cert); 110 X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, 111 (unsigned char *)"localhost", -1, -1, 0); 112 X509_set_issuer_name(c->cert, name); 113 ext = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints, 114 "critical,CA:FALSE"); 115 X509_add_ext(c->cert, ext, -1); 116 X509_EXTENSION_free(ext); 117 ATF_REQUIRE(X509_sign(c->cert, c->pkey, EVP_sha256()) > 0); 118 119 /* 120 * Create random filled file with memory mapping. 121 */ 122 ATF_REQUIRE((c->fd = mkstemp(tempname)) > 0); 123 ATF_REQUIRE(unlink(tempname) == 0); 124 ATF_REQUIRE(ftruncate(c->fd, FSIZE) == 0); 125 ATF_REQUIRE((c->mfd = mmap(NULL, FSIZE, PROT_READ | PROT_WRITE, 126 MAP_SHARED, c->fd, 0)) != MAP_FAILED); 127 arc4random_buf(c->mfd, FSIZE); 128 129 ATF_REQUIRE(pthread_mutex_init(&c->mtx, NULL) == 0); 130 ATF_REQUIRE(pthread_cond_init(&c->cv, NULL) == 0); 131 132 /* 133 * Start server and wait for it to finish bind(2) + listen(2). 134 */ 135 ATF_REQUIRE(pthread_mutex_lock(&c->mtx) == 0); 136 ATF_REQUIRE(pthread_create(&c->thr, NULL, server_thread, c) == 0); 137 if (c->state != READY) 138 ATF_REQUIRE(pthread_cond_wait(&c->cv, &c->mtx) == 0); 139 ATF_REQUIRE(c->state == READY); 140 ATF_REQUIRE(pthread_mutex_unlock(&c->mtx) == 0); 141 142 /* 143 * Connect client. 144 */ 145 ATF_REQUIRE(c->ctx = SSL_CTX_new(TLS_client_method())); 146 ATF_REQUIRE(X509_STORE_add_cert(SSL_CTX_get_cert_store(c->ctx), 147 c->cert)); 148 ATF_REQUIRE(ssl = c->cln = SSL_new(c->ctx)); 149 ATF_REQUIRE((c->cs = socket(AF_INET, SOCK_STREAM, 0)) > 0); 150 ATF_REQUIRE(connect(c->cs, (struct sockaddr *)&(struct sockaddr_in) 151 { .sin_family = AF_INET, .sin_len = sizeof(struct sockaddr_in), 152 .sin_addr.s_addr = htonl(INADDR_LOOPBACK), .sin_port = c->port }, 153 sizeof(struct sockaddr_in)) == 0); 154 ATF_REQUIRE(SSL_set_fd(ssl, c->cs) == 1); 155 ATF_REQUIRE(snprintf(hostname, sizeof(hostname), "localhost:%u", 156 ntohs(c->port)) >= (int)sizeof("localhost:0")); 157 ATF_REQUIRE(SSL_set_tlsext_host_name(ssl, hostname) == 1); 158 SSL_set_verify(ssl, SSL_VERIFY_PEER, NULL); 159 ATF_REQUIRE(SSL_connect(ssl) == 1); 160 SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); 161 ATF_REQUIRE(fcntl(c->cs, F_SETFL, O_NONBLOCK) != -1); 162 } 163 164 static void 165 common_cleanup(struct ctx *c) 166 { 167 168 ATF_REQUIRE(pthread_mutex_lock(&c->mtx) == 0); 169 c->state = EXITING; 170 ATF_REQUIRE(pthread_cond_signal(&c->cv) == 0); 171 ATF_REQUIRE(pthread_mutex_unlock(&c->mtx) == 0); 172 ATF_REQUIRE(pthread_join(c->thr, NULL) == 0); 173 174 ATF_REQUIRE(pthread_mutex_destroy(&c->mtx) == 0); 175 ATF_REQUIRE(pthread_cond_destroy(&c->cv) == 0); 176 177 SSL_free(c->cln); 178 SSL_CTX_free(c->ctx); 179 X509_free(c->cert); 180 EVP_PKEY_free(c->pkey); 181 } 182 183 static void * 184 server_thread(void *arg) { 185 struct ctx *c = arg; 186 SSL_CTX *srv; 187 SSL *ssl; 188 struct sockaddr_in sin = { 189 .sin_family = AF_INET, 190 .sin_len = sizeof(sin), 191 .sin_addr.s_addr = htonl(INADDR_LOOPBACK), 192 }; 193 int s; 194 195 ATF_REQUIRE(srv = SSL_CTX_new(TLS_server_method())); 196 ATF_REQUIRE(SSL_CTX_set_options(srv, SSL_OP_ENABLE_KTLS) & 197 SSL_OP_ENABLE_KTLS); 198 SSL_CTX_use_PrivateKey(srv, c->pkey); 199 SSL_CTX_use_certificate(srv, c->cert); 200 ATF_REQUIRE((s = socket(AF_INET, SOCK_STREAM, 0)) > 0); 201 ATF_REQUIRE(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &(socklen_t){1}, 202 sizeof(int)) == 0); 203 ATF_REQUIRE(bind(s, (struct sockaddr *)&sin, sizeof(sin)) == 0); 204 ATF_REQUIRE(getsockname(s, (struct sockaddr *)&sin, 205 &(socklen_t){ sizeof(sin) }) == 0); 206 ATF_REQUIRE(listen(s, -1) == 0); 207 208 ATF_REQUIRE(pthread_mutex_lock(&c->mtx) == 0); 209 c->port = sin.sin_port; 210 c->state = READY; 211 ATF_REQUIRE(pthread_cond_signal(&c->cv) == 0); 212 ATF_REQUIRE(pthread_mutex_unlock(&c->mtx) == 0); 213 214 ATF_REQUIRE((c->ss = accept(s, NULL, NULL)) > 0); 215 ssl = c->srv = SSL_new(srv); 216 SSL_set_fd(ssl, c->ss); 217 SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); 218 ATF_REQUIRE(SSL_accept(ssl) > 0); 219 220 ATF_REQUIRE(pthread_mutex_lock(&c->mtx) == 0); 221 while (c->state != EXITING) { 222 if (c->state == RUNNING) { 223 ATF_REQUIRE(fcntl(c->ss, F_SETFL, 224 c->nb ? O_NONBLOCK : 0) != -1); 225 c->sbytes = SSL_sendfile(ssl, c->fd, c->offset, 226 c->size, 0); 227 c->state = READY; 228 } 229 ATF_REQUIRE(c->state == READY); 230 ATF_REQUIRE(pthread_cond_signal(&c->cv) == 0); 231 ATF_REQUIRE(pthread_cond_wait(&c->cv, &c->mtx) == 0); 232 } 233 ATF_REQUIRE(pthread_mutex_unlock(&c->mtx) == 0); 234 235 SSL_shutdown(ssl); 236 SSL_free(ssl); 237 close(c->ss); 238 SSL_CTX_free(srv); 239 close(s); 240 241 return (NULL); 242 } 243 244 static void 245 sendme_locked(struct ctx *c, off_t offset, size_t size, bool nb) 246 { 247 ATF_REQUIRE(c->state == READY); 248 c->state = RUNNING; 249 c->offset = offset; 250 c->size = size; 251 c->nb = nb; 252 ATF_REQUIRE(pthread_cond_signal(&c->cv) == 0); 253 } 254 255 static void 256 sendme_locked_wait(struct ctx *c, off_t offset, size_t size, bool nb) 257 { 258 sendme_locked(c, offset, size, nb); 259 while (c->state != READY) 260 ATF_REQUIRE(pthread_cond_wait(&c->cv, &c->mtx) == 0); 261 } 262 263 static void 264 sendme(struct ctx *c, off_t offset, size_t size, bool nb) 265 { 266 ATF_REQUIRE(pthread_mutex_lock(&c->mtx) == 0); 267 sendme_locked(c, offset, size, nb); 268 ATF_REQUIRE(pthread_mutex_unlock(&c->mtx) == 0); 269 } 270 271 /* 272 * Block until non-blocking socket has at least a byte. 273 */ 274 static int 275 SSL_read_b(SSL *ssl, void *buf, int size) 276 { 277 int rv, fd; 278 279 ATF_REQUIRE((fd = SSL_get_fd(ssl)) > 0); 280 while ((rv = SSL_read(ssl, buf, size)) <= 0 && 281 SSL_get_error(ssl, rv) == SSL_ERROR_WANT_READ) 282 ATF_REQUIRE(poll(&(struct pollfd){ .fd = fd, .events = POLLIN }, 283 1, INFTIM) == 1); 284 285 return (rv); 286 } 287 288 static void 289 require_sbytes(struct ctx *c, ssize_t expect) 290 { 291 ATF_REQUIRE(pthread_mutex_lock(&c->mtx) == 0); 292 ATF_REQUIRE(c->sbytes == expect); 293 ATF_REQUIRE(pthread_mutex_unlock(&c->mtx) == 0); 294 } 295 296 ATF_TC_WITHOUT_HEAD(basic); 297 ATF_TC_BODY(basic, tc) 298 { 299 struct ctx c; 300 char buf[64]; 301 size_t nread; 302 int n; 303 304 common_init(&c); 305 306 sendme(&c, 0, 0, false); 307 nread = 0; 308 while (nread < FSIZE && (n = SSL_read_b(c.cln, buf, sizeof(buf))) > 0) { 309 ATF_REQUIRE(memcmp((char *)c.mfd + nread, buf, n) == 0); 310 nread += n; 311 } 312 ATF_REQUIRE(nread == FSIZE); 313 require_sbytes(&c, FSIZE); 314 315 common_cleanup(&c); 316 } 317 318 ATF_TC_WITHOUT_HEAD(random); 319 ATF_TC_BODY(random, tc) 320 { 321 struct ctx c; 322 #define RSIZE (256*1024) 323 324 common_init(&c); 325 326 for (u_int i = 0; i < 10; i++) { 327 char buf[RSIZE]; 328 off_t offset; 329 size_t size, n, nread, expect; 330 331 offset = arc4random() % FSIZE; 332 size = arc4random() % RSIZE; 333 sendme(&c, offset, size, false); 334 expect = offset + size < FSIZE ? size : FSIZE - offset; 335 nread = 0; 336 while (nread < expect && 337 (n = SSL_read_b(c.cln, buf, sizeof(buf))) > 0) { 338 ATF_REQUIRE(memcmp((char *)c.mfd + offset + nread, buf, 339 n) == 0); 340 nread += n; 341 } 342 ATF_REQUIRE(nread == expect); 343 require_sbytes(&c, (ssize_t)expect); 344 } 345 346 common_cleanup(&c); 347 } 348 349 /* Truncate the file while sendfile(2) is working on it. */ 350 ATF_TC_WITHOUT_HEAD(truncate); 351 ATF_TC_BODY(truncate, tc) 352 { 353 struct ctx c; 354 char buf[128 * 1024]; 355 size_t nread; 356 int n; 357 #define TRUNC (FSIZE - 1024) 358 359 common_init(&c); 360 361 ATF_REQUIRE(setsockopt(c.ss, SOL_SOCKET, SO_SNDBUF, &(int){FSIZE / 16}, 362 sizeof(int)) == 0); 363 ATF_REQUIRE(setsockopt(c.cs, SOL_SOCKET, SO_RCVBUF, &(int){FSIZE / 16}, 364 sizeof(int)) == 0); 365 366 sendme(&c, 0, 0, false); 367 /* Make sure sender is waiting on the socket buffer. */ 368 while (poll(&(struct pollfd){ .fd = c.ss, .events = POLLOUT }, 1, 1) 369 != 0) 370 ; 371 ATF_REQUIRE(ftruncate(c.fd, TRUNC) == 0); 372 nread = 0; 373 while (nread < TRUNC && (n = SSL_read_b(c.cln, buf, sizeof(buf))) > 0) { 374 ATF_REQUIRE(memcmp((char *)c.mfd + nread, buf, n) == 0); 375 nread += n; 376 } 377 ATF_REQUIRE(nread == TRUNC); 378 require_sbytes(&c, TRUNC); 379 380 common_cleanup(&c); 381 } 382 383 /* Grow the file while sendfile(2) is working on it. */ 384 ATF_TC_WITHOUT_HEAD(grow); 385 ATF_TC_BODY(grow, tc) 386 { 387 struct ctx c; 388 char buf[128 * 1024]; 389 size_t nread; 390 void *map; 391 int n; 392 #define GROW (FSIZE/2) 393 394 common_init(&c); 395 396 ATF_REQUIRE(setsockopt(c.ss, SOL_SOCKET, SO_SNDBUF, &(int){FSIZE / 16}, 397 sizeof(int)) == 0); 398 ATF_REQUIRE(setsockopt(c.cs, SOL_SOCKET, SO_RCVBUF, &(int){FSIZE / 16}, 399 sizeof(int)) == 0); 400 401 sendme(&c, 0, 0, false); 402 /* Make sure sender is waiting on the socket buffer. */ 403 while (poll(&(struct pollfd){ .fd = c.ss, .events = POLLOUT }, 1, 1) 404 != 0) 405 ; 406 /* Grow the file and create second map. */ 407 ATF_REQUIRE(ftruncate(c.fd, FSIZE + GROW) == 0); 408 ATF_REQUIRE((map = mmap(NULL, GROW, PROT_READ | PROT_WRITE, 409 MAP_SHARED, c.fd, FSIZE)) != MAP_FAILED); 410 arc4random_buf(map, GROW); 411 412 /* Read out original part. */ 413 nread = 0; 414 while (nread < FSIZE && (n = SSL_read_b(c.cln, buf, 415 FSIZE - nread > sizeof(buf) ? sizeof(buf) : FSIZE - nread)) > 0) { 416 ATF_REQUIRE(memcmp((char *)c.mfd + nread, buf, n) == 0); 417 nread += n; 418 } 419 ATF_REQUIRE(nread == FSIZE); 420 /* Read out grown part. */ 421 nread = 0; 422 while (nread < GROW && (n = SSL_read_b(c.cln, buf, sizeof(buf))) > 0) { 423 ATF_REQUIRE(memcmp((char *)map + nread, buf, n) == 0); 424 nread += n; 425 } 426 ATF_REQUIRE(nread == GROW); 427 require_sbytes(&c, FSIZE + GROW); 428 429 common_cleanup(&c); 430 } 431 432 ATF_TC_WITHOUT_HEAD(offset_beyond_eof); 433 ATF_TC_BODY(offset_beyond_eof, tc) 434 { 435 struct ctx c; 436 437 common_init(&c); 438 439 c.sbytes = -1; 440 sendme(&c, FSIZE + 1, 0, false); 441 ATF_REQUIRE(pthread_mutex_lock(&c.mtx) == 0); 442 while (c.state != READY) 443 ATF_REQUIRE(pthread_cond_wait(&c.cv, &c.mtx) == 0); 444 ATF_REQUIRE(c.sbytes == 0); 445 ATF_REQUIRE(pthread_mutex_unlock(&c.mtx) == 0); 446 447 common_cleanup(&c); 448 } 449 450 /* 451 * Prove that we can differentiate a short write due to EAGAIN from one due to 452 * end of file. 453 */ 454 ATF_TC_WITHOUT_HEAD(eagain_vs_eof); 455 ATF_TC_BODY(eagain_vs_eof, tc) 456 { 457 struct ctx c; 458 char buf[16 * 1024]; 459 ssize_t nread; 460 int n; 461 462 common_init(&c); 463 464 /* 465 * Exercise short write due to no buffer space on non-blocking 466 * socket. Internall sendfile(2) returns -1 and errno == EAGAIN. 467 */ 468 ATF_REQUIRE(pthread_mutex_lock(&c.mtx) == 0); 469 sendme_locked_wait(&c, 0, FSIZE, true); 470 ATF_REQUIRE(c.sbytes > 0); 471 ATF_REQUIRE(SSL_get_error(c.srv, c.sbytes) == 0); 472 #if 0 /* see https://github.com/openssl/openssl/issues/29742 */ 473 ATF_REQUIRE(BIO_should_retry(SSL_get_wbio(c.srv))); 474 #endif 475 476 /* 477 * Exercise second attempt on already full buffer. 478 */ 479 sendme_locked_wait(&c, 0, FSIZE, true); 480 ATF_REQUIRE(c.sbytes == -1); 481 ATF_REQUIRE(SSL_get_error(c.srv, c.sbytes) == SSL_ERROR_WANT_WRITE); 482 ATF_REQUIRE(BIO_should_retry(SSL_get_wbio(c.srv))); 483 484 /* Clear the buffer. */ 485 nread = 0; 486 while (nread < c.sbytes && 487 (n = SSL_read_b(c.cln, buf, sizeof(buf))) > 0) { 488 ATF_REQUIRE(memcmp((char *)c.mfd + nread, buf, n) == 0); 489 nread += n; 490 } 491 492 /* 493 * Exercise zero length write: offset == file size. 494 * 495 * SSL_ERROR_SYSCALL seems a strange error code, as the syscall did not 496 * fail, and errno is clear, because a request to send 0 bytes is 497 * legitimate one. This test just documents the existing behavior 498 * rather than asserts that this is a correct behavior. 499 */ 500 sendme_locked_wait(&c, FSIZE, 0, true); 501 ATF_REQUIRE(c.sbytes == 0); 502 ATF_REQUIRE(SSL_get_error(c.srv, c.sbytes) == SSL_ERROR_SYSCALL); 503 #if 0 /* see https://github.com/openssl/openssl/issues/29742 */ 504 ATF_REQUIRE(!BIO_should_retry(SSL_get_wbio(c.srv))); 505 #endif 506 507 /* 508 * Exercise short write due to end of file. 509 */ 510 sendme_locked_wait(&c, FSIZE - 100, 0, true); 511 ATF_REQUIRE(c.sbytes == 100); 512 ATF_REQUIRE(SSL_get_error(c.srv, c.sbytes) == 0); 513 #if 0 /* see https://github.com/openssl/openssl/issues/29742 */ 514 ATF_REQUIRE(!BIO_should_retry(SSL_get_wbio(c.srv))); 515 #endif 516 517 ATF_REQUIRE(pthread_mutex_unlock(&c.mtx) == 0); 518 519 common_cleanup(&c); 520 } 521 522 ATF_TP_ADD_TCS(tp) 523 { 524 ATF_TP_ADD_TC(tp, basic); 525 ATF_TP_ADD_TC(tp, random); 526 ATF_TP_ADD_TC(tp, truncate); 527 ATF_TP_ADD_TC(tp, grow); 528 ATF_TP_ADD_TC(tp, offset_beyond_eof); 529 ATF_TP_ADD_TC(tp, eagain_vs_eof); 530 531 return atf_no_error(); 532 } 533