1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause 3 * 4 * Copyright (c) 2026 Gleb Smirnoff <glebius@FreeBSD.org> 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE 19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25 * SUCH DAMAGE. 26 */ 27 28 #include <sys/ioctl.h> 29 #include <sys/socket.h> 30 #include <sys/sysctl.h> 31 #include <sys/mman.h> 32 #include <netinet/in.h> 33 #include <fcntl.h> 34 #include <stdlib.h> 35 #include <poll.h> 36 #include <pthread.h> 37 38 #include <openssl/ssl.h> 39 #include <openssl/err.h> 40 #include <openssl/bio.h> 41 #include <openssl/x509v3.h> 42 43 #include <atf-c.h> 44 45 #define FSIZE (size_t)(2 * 1024 * 1024) 46 47 struct ctx { 48 EVP_PKEY *pkey; /* Self-signed key ... */ 49 X509 *cert; /* ... and certificate */ 50 SSL_CTX *ctx; /* client context */ 51 SSL *cln; /* client connection */ 52 SSL *srv; /* server connection */ 53 int cs; /* client socket */ 54 int ss; /* server socket */ 55 int fd; /* test file descriptor */ 56 void *mfd; /* mapped contents of the test file */ 57 uint16_t port; /* server listening port */ 58 pthread_t thr; /* server thread */ 59 off_t offset; /* SSL_sendfile offset */ 60 size_t size; /* SSL_sendfile size */ 61 bool nb; /* SSL_sendfile mode */ 62 ossl_ssize_t sbytes; /* SSL_sendfile returned sbytes */ 63 enum { 64 INIT, 65 READY, 66 RUNNING, 67 EXITING, 68 } state; 69 pthread_mutex_t mtx; 70 pthread_cond_t cv; 71 }; 72 73 static void *server_thread(void *arg); 74 75 static void 76 common_init(struct ctx *c) 77 { 78 char hostname[sizeof("localhost:65536")]; 79 char tempname[] = "/tmp/ssl_sendfile_test.XXXXXXXXXX"; 80 X509_NAME *name; 81 X509_EXTENSION *ext; 82 SSL *ssl; 83 bool enable; 84 size_t len = sizeof(enable); 85 86 if (sysctlbyname("kern.ipc.tls.enable", &enable, &len, NULL, 0) == -1) { 87 if (errno == ENOENT) 88 atf_tc_skip("kernel does not have options KERN_TLS"); 89 atf_libc_error(errno, "Failed to read kern.ipc.tls.enable"); 90 } 91 if (!enable) 92 atf_tc_skip("kern.ipc.tls.enable is off"); 93 94 c->state = INIT; 95 96 /* 97 * Generate self signed key & certificate. 98 */ 99 SSL_library_init(); 100 OpenSSL_add_all_algorithms(); 101 SSL_load_error_strings(); 102 ATF_REQUIRE(c->pkey = EVP_RSA_gen(2048)); 103 ATF_REQUIRE(c->cert = X509_new()); 104 ASN1_INTEGER_set(X509_get_serialNumber(c->cert), 1); 105 X509_set_version(c->cert, 2); 106 X509_gmtime_adj(X509_get_notBefore(c->cert), 0); 107 X509_gmtime_adj(X509_get_notAfter(c->cert), 60L*60*24*365); 108 X509_set_pubkey(c->cert, c->pkey); 109 name = X509_get_subject_name(c->cert); 110 X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, 111 (unsigned char *)"localhost", -1, -1, 0); 112 X509_set_issuer_name(c->cert, name); 113 ext = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints, 114 "critical,CA:FALSE"); 115 X509_add_ext(c->cert, ext, -1); 116 X509_EXTENSION_free(ext); 117 ATF_REQUIRE(X509_sign(c->cert, c->pkey, EVP_sha256()) > 0); 118 119 /* 120 * Create random filled file with memory mapping. 121 */ 122 ATF_REQUIRE((c->fd = mkstemp(tempname)) > 0); 123 ATF_REQUIRE(unlink(tempname) == 0); 124 ATF_REQUIRE(ftruncate(c->fd, FSIZE) == 0); 125 ATF_REQUIRE((c->mfd = mmap(NULL, FSIZE, PROT_READ | PROT_WRITE, 126 MAP_SHARED, c->fd, 0)) != MAP_FAILED); 127 arc4random_buf(c->mfd, FSIZE); 128 129 ATF_REQUIRE(pthread_mutex_init(&c->mtx, NULL) == 0); 130 ATF_REQUIRE(pthread_cond_init(&c->cv, NULL) == 0); 131 132 /* 133 * Start server and wait for it to finish bind(2) + listen(2). 134 */ 135 ATF_REQUIRE(pthread_mutex_lock(&c->mtx) == 0); 136 ATF_REQUIRE(pthread_create(&c->thr, NULL, server_thread, c) == 0); 137 if (c->state != READY) 138 ATF_REQUIRE(pthread_cond_wait(&c->cv, &c->mtx) == 0); 139 ATF_REQUIRE(c->state == READY); 140 ATF_REQUIRE(pthread_mutex_unlock(&c->mtx) == 0); 141 142 /* 143 * Connect client. 144 */ 145 ATF_REQUIRE(c->ctx = SSL_CTX_new(TLS_client_method())); 146 ATF_REQUIRE(X509_STORE_add_cert(SSL_CTX_get_cert_store(c->ctx), 147 c->cert)); 148 ATF_REQUIRE(ssl = c->cln = SSL_new(c->ctx)); 149 ATF_REQUIRE((c->cs = socket(AF_INET, SOCK_STREAM, 0)) > 0); 150 ATF_REQUIRE(connect(c->cs, (struct sockaddr *)&(struct sockaddr_in) 151 { .sin_family = AF_INET, .sin_len = sizeof(struct sockaddr_in), 152 .sin_addr.s_addr = htonl(INADDR_LOOPBACK), .sin_port = c->port }, 153 sizeof(struct sockaddr_in)) == 0); 154 ATF_REQUIRE(SSL_set_fd(ssl, c->cs) == 1); 155 ATF_REQUIRE(snprintf(hostname, sizeof(hostname), "localhost:%u", 156 ntohs(c->port)) >= (int)sizeof("localhost:0")); 157 ATF_REQUIRE(SSL_set_tlsext_host_name(ssl, hostname) == 1); 158 SSL_set_verify(ssl, SSL_VERIFY_PEER, NULL); 159 ATF_REQUIRE(SSL_connect(ssl) == 1); 160 SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); 161 ATF_REQUIRE(fcntl(c->cs, F_SETFL, O_NONBLOCK) != -1); 162 } 163 164 static void 165 common_cleanup(struct ctx *c) 166 { 167 168 ATF_REQUIRE(pthread_mutex_lock(&c->mtx) == 0); 169 c->state = EXITING; 170 ATF_REQUIRE(pthread_cond_signal(&c->cv) == 0); 171 ATF_REQUIRE(pthread_mutex_unlock(&c->mtx) == 0); 172 ATF_REQUIRE(pthread_join(c->thr, NULL) == 0); 173 174 ATF_REQUIRE(pthread_mutex_destroy(&c->mtx) == 0); 175 ATF_REQUIRE(pthread_cond_destroy(&c->cv) == 0); 176 177 SSL_free(c->cln); 178 SSL_CTX_free(c->ctx); 179 X509_free(c->cert); 180 EVP_PKEY_free(c->pkey); 181 } 182 183 static void * 184 server_thread(void *arg) { 185 struct ctx *c = arg; 186 SSL_CTX *srv; 187 SSL *ssl; 188 struct sockaddr_in sin = { 189 .sin_family = AF_INET, 190 .sin_len = sizeof(sin), 191 .sin_addr.s_addr = htonl(INADDR_LOOPBACK), 192 }; 193 int s; 194 195 ATF_REQUIRE(srv = SSL_CTX_new(TLS_server_method())); 196 ATF_REQUIRE(SSL_CTX_set_options(srv, SSL_OP_ENABLE_KTLS) & 197 SSL_OP_ENABLE_KTLS); 198 SSL_CTX_use_PrivateKey(srv, c->pkey); 199 SSL_CTX_use_certificate(srv, c->cert); 200 ATF_REQUIRE((s = socket(AF_INET, SOCK_STREAM, 0)) > 0); 201 ATF_REQUIRE(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &(socklen_t){1}, 202 sizeof(int)) == 0); 203 ATF_REQUIRE(bind(s, (struct sockaddr *)&sin, sizeof(sin)) == 0); 204 ATF_REQUIRE(getsockname(s, (struct sockaddr *)&sin, 205 &(socklen_t){ sizeof(sin) }) == 0); 206 ATF_REQUIRE(listen(s, -1) == 0); 207 208 ATF_REQUIRE(pthread_mutex_lock(&c->mtx) == 0); 209 c->port = sin.sin_port; 210 c->state = READY; 211 ATF_REQUIRE(pthread_cond_signal(&c->cv) == 0); 212 ATF_REQUIRE(pthread_mutex_unlock(&c->mtx) == 0); 213 214 ATF_REQUIRE((c->ss = accept(s, NULL, NULL)) > 0); 215 ssl = c->srv = SSL_new(srv); 216 SSL_set_fd(ssl, c->ss); 217 SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); 218 ATF_REQUIRE(SSL_accept(ssl) > 0); 219 220 ATF_REQUIRE(pthread_mutex_lock(&c->mtx) == 0); 221 while (c->state != EXITING) { 222 if (c->state == RUNNING) { 223 ATF_REQUIRE(fcntl(c->ss, F_SETFL, 224 c->nb ? O_NONBLOCK : 0) != -1); 225 c->sbytes = SSL_sendfile(ssl, c->fd, c->offset, 226 c->size, 0); 227 c->state = READY; 228 } 229 ATF_REQUIRE(c->state == READY); 230 ATF_REQUIRE(pthread_cond_signal(&c->cv) == 0); 231 ATF_REQUIRE(pthread_cond_wait(&c->cv, &c->mtx) == 0); 232 } 233 ATF_REQUIRE(pthread_mutex_unlock(&c->mtx) == 0); 234 235 SSL_shutdown(ssl); 236 SSL_free(ssl); 237 close(c->ss); 238 SSL_CTX_free(srv); 239 close(s); 240 241 return (NULL); 242 } 243 244 static void 245 sendme_locked(struct ctx *c, off_t offset, size_t size, bool nb) 246 { 247 ATF_REQUIRE(c->state == READY); 248 c->state = RUNNING; 249 c->offset = offset; 250 c->size = size; 251 c->nb = nb; 252 ATF_REQUIRE(pthread_cond_signal(&c->cv) == 0); 253 } 254 255 static void 256 sendme(struct ctx *c, off_t offset, size_t size, bool nb) 257 { 258 ATF_REQUIRE(pthread_mutex_lock(&c->mtx) == 0); 259 sendme_locked(c, offset, size, nb); 260 ATF_REQUIRE(pthread_mutex_unlock(&c->mtx) == 0); 261 } 262 263 /* 264 * Block until non-blocking socket has at least a byte. 265 */ 266 static int 267 SSL_read_b(SSL *ssl, void *buf, int size) 268 { 269 int rv, fd; 270 271 ATF_REQUIRE((fd = SSL_get_fd(ssl)) > 0); 272 while ((rv = SSL_read(ssl, buf, size)) <= 0 && 273 SSL_get_error(ssl, rv) == SSL_ERROR_WANT_READ) 274 ATF_REQUIRE(poll(&(struct pollfd){ .fd = fd, .events = POLLIN }, 275 1, INFTIM) == 1); 276 277 return (rv); 278 } 279 280 ATF_TC_WITHOUT_HEAD(basic); 281 ATF_TC_BODY(basic, tc) 282 { 283 struct ctx c; 284 char buf[64]; 285 size_t nread; 286 int n; 287 288 common_init(&c); 289 290 sendme(&c, 0, 0, false); 291 nread = 0; 292 while (nread < FSIZE && (n = SSL_read_b(c.cln, buf, sizeof(buf))) > 0) { 293 ATF_REQUIRE(memcmp((char *)c.mfd + nread, buf, n) == 0); 294 nread += n; 295 } 296 ATF_REQUIRE(nread == FSIZE); 297 ATF_REQUIRE(c.sbytes == FSIZE); 298 299 common_cleanup(&c); 300 } 301 302 ATF_TC_WITHOUT_HEAD(random); 303 ATF_TC_BODY(random, tc) 304 { 305 struct ctx c; 306 #define RSIZE (256*1024) 307 308 common_init(&c); 309 310 for (u_int i = 0; i < 10; i++) { 311 char buf[RSIZE]; 312 off_t offset; 313 size_t size, n, nread, expect; 314 315 offset = arc4random() % FSIZE; 316 size = arc4random() % RSIZE; 317 sendme(&c, offset, size, false); 318 expect = offset + size < FSIZE ? size : FSIZE - offset; 319 nread = 0; 320 while (nread < expect && 321 (n = SSL_read_b(c.cln, buf, sizeof(buf))) > 0) { 322 ATF_REQUIRE(memcmp((char *)c.mfd + offset + nread, buf, 323 n) == 0); 324 nread += n; 325 } 326 ATF_REQUIRE(nread == expect); 327 ATF_REQUIRE(c.sbytes == (ssize_t)expect); 328 } 329 330 common_cleanup(&c); 331 } 332 333 /* Truncate the file while sendfile(2) is working on it. */ 334 ATF_TC_WITHOUT_HEAD(truncate); 335 ATF_TC_BODY(truncate, tc) 336 { 337 struct ctx c; 338 char buf[128 * 1024]; 339 size_t nread; 340 int n; 341 #define TRUNC (FSIZE - 1024) 342 343 common_init(&c); 344 345 ATF_REQUIRE(setsockopt(c.ss, SOL_SOCKET, SO_SNDBUF, &(int){FSIZE / 16}, 346 sizeof(int)) == 0); 347 ATF_REQUIRE(setsockopt(c.cs, SOL_SOCKET, SO_RCVBUF, &(int){FSIZE / 16}, 348 sizeof(int)) == 0); 349 350 sendme(&c, 0, 0, false); 351 /* Make sure sender is waiting on the socket buffer. */ 352 while (poll(&(struct pollfd){ .fd = c.ss, .events = POLLOUT }, 1, 1) 353 != 0) 354 ; 355 ATF_REQUIRE(ftruncate(c.fd, TRUNC) == 0); 356 nread = 0; 357 while (nread < TRUNC && (n = SSL_read_b(c.cln, buf, sizeof(buf))) > 0) { 358 ATF_REQUIRE(memcmp((char *)c.mfd + nread, buf, n) == 0); 359 nread += n; 360 } 361 ATF_REQUIRE(nread == TRUNC); 362 ATF_REQUIRE(pthread_mutex_lock(&c.mtx) == 0); 363 ATF_REQUIRE(c.sbytes == TRUNC); 364 ATF_REQUIRE(pthread_mutex_unlock(&c.mtx) == 0); 365 366 common_cleanup(&c); 367 } 368 369 /* Grow the file while sendfile(2) is working on it. */ 370 ATF_TC_WITHOUT_HEAD(grow); 371 ATF_TC_BODY(grow, tc) 372 { 373 struct ctx c; 374 char buf[128 * 1024]; 375 size_t nread; 376 void *map; 377 int n; 378 #define GROW (FSIZE/2) 379 380 common_init(&c); 381 382 ATF_REQUIRE(setsockopt(c.ss, SOL_SOCKET, SO_SNDBUF, &(int){FSIZE / 16}, 383 sizeof(int)) == 0); 384 ATF_REQUIRE(setsockopt(c.cs, SOL_SOCKET, SO_RCVBUF, &(int){FSIZE / 16}, 385 sizeof(int)) == 0); 386 387 sendme(&c, 0, 0, false); 388 /* Make sure sender is waiting on the socket buffer. */ 389 while (poll(&(struct pollfd){ .fd = c.ss, .events = POLLOUT }, 1, 1) 390 != 0) 391 ; 392 /* Grow the file and create second map. */ 393 ATF_REQUIRE(ftruncate(c.fd, FSIZE + GROW) == 0); 394 ATF_REQUIRE((map = mmap(NULL, GROW, PROT_READ | PROT_WRITE, 395 MAP_SHARED, c.fd, FSIZE)) != MAP_FAILED); 396 arc4random_buf(map, GROW); 397 398 /* Read out original part. */ 399 nread = 0; 400 while (nread < FSIZE && (n = SSL_read_b(c.cln, buf, 401 FSIZE - nread > sizeof(buf) ? sizeof(buf) : FSIZE - nread)) > 0) { 402 ATF_REQUIRE(memcmp((char *)c.mfd + nread, buf, n) == 0); 403 nread += n; 404 } 405 ATF_REQUIRE(nread == FSIZE); 406 /* Read out grown part. */ 407 nread = 0; 408 while (nread < GROW && (n = SSL_read_b(c.cln, buf, sizeof(buf))) > 0) { 409 ATF_REQUIRE(memcmp((char *)map + nread, buf, n) == 0); 410 nread += n; 411 } 412 ATF_REQUIRE(nread == GROW); 413 ATF_REQUIRE(pthread_mutex_lock(&c.mtx) == 0); 414 ATF_REQUIRE(c.sbytes == FSIZE + GROW); 415 ATF_REQUIRE(pthread_mutex_unlock(&c.mtx) == 0); 416 417 common_cleanup(&c); 418 } 419 420 ATF_TC_WITHOUT_HEAD(offset_beyond_eof); 421 ATF_TC_BODY(offset_beyond_eof, tc) 422 { 423 struct ctx c; 424 425 common_init(&c); 426 427 c.sbytes = -1; 428 sendme(&c, FSIZE + 1, 0, false); 429 ATF_REQUIRE(pthread_mutex_lock(&c.mtx) == 0); 430 while (c.state != READY) 431 ATF_REQUIRE(pthread_cond_wait(&c.cv, &c.mtx) == 0); 432 ATF_REQUIRE(c.sbytes == 0); 433 ATF_REQUIRE(pthread_mutex_unlock(&c.mtx) == 0); 434 435 common_cleanup(&c); 436 } 437 438 /* 439 * Prove that we can differentiate a short write due to EAGAIN from one due to 440 * end of file. 441 */ 442 ATF_TC_WITHOUT_HEAD(eagain_vs_eof); 443 ATF_TC_BODY(eagain_vs_eof, tc) 444 { 445 struct ctx c; 446 char buf[16 * 1024]; 447 ssize_t nread; 448 int n; 449 450 common_init(&c); 451 452 /* 453 * Exercise short write due to no buffer space on non-blocking 454 * socket. Internall sendfile(2) returns -1 and errno == EAGAIN. 455 */ 456 ATF_REQUIRE(pthread_mutex_lock(&c.mtx) == 0); 457 sendme_locked(&c, 0, FSIZE, true); 458 while (c.state != READY) 459 ATF_REQUIRE(pthread_cond_wait(&c.cv, &c.mtx) == 0); 460 ATF_REQUIRE(c.sbytes > 0); 461 ATF_REQUIRE(SSL_get_error(c.srv, c.sbytes) == 0); 462 #if 0 /* see https://github.com/openssl/openssl/issues/29742 */ 463 ATF_REQUIRE(BIO_should_retry(SSL_get_wbio(c.srv))); 464 #endif 465 466 /* 467 * Exercise second attempt on already full buffer. 468 */ 469 sendme_locked(&c, 0, FSIZE, true); 470 while (c.state != READY) 471 ATF_REQUIRE(pthread_cond_wait(&c.cv, &c.mtx) == 0); 472 ATF_REQUIRE(c.sbytes == -1); 473 ATF_REQUIRE(SSL_get_error(c.srv, c.sbytes) == SSL_ERROR_WANT_WRITE); 474 ATF_REQUIRE(BIO_should_retry(SSL_get_wbio(c.srv))); 475 476 /* Clear the buffer. */ 477 nread = 0; 478 while (nread < c.sbytes && 479 (n = SSL_read_b(c.cln, buf, sizeof(buf))) > 0) { 480 ATF_REQUIRE(memcmp((char *)c.mfd + nread, buf, n) == 0); 481 nread += n; 482 } 483 484 /* 485 * Exercise zero length write: offset == file size. 486 * 487 * SSL_ERROR_SYSCALL seems a strange error code, as the syscall did not 488 * fail, and errno is clear, because a request to send 0 bytes is 489 * legitimate one. This test just documents the existing behavior 490 * rather than asserts that this is a correct behavior. 491 */ 492 sendme_locked(&c, FSIZE, 0, true); 493 while (c.state != READY) 494 ATF_REQUIRE(pthread_cond_wait(&c.cv, &c.mtx) == 0); 495 ATF_REQUIRE(c.sbytes == 0); 496 ATF_REQUIRE(SSL_get_error(c.srv, c.sbytes) == SSL_ERROR_SYSCALL); 497 #if 0 /* see https://github.com/openssl/openssl/issues/29742 */ 498 ATF_REQUIRE(!BIO_should_retry(SSL_get_wbio(c.srv))); 499 #endif 500 501 /* 502 * Exercise short write due to end of file. 503 */ 504 sendme_locked(&c, FSIZE - 100, 0, true); 505 while (c.state != READY) 506 ATF_REQUIRE(pthread_cond_wait(&c.cv, &c.mtx) == 0); 507 ATF_REQUIRE(c.sbytes == 100); 508 ATF_REQUIRE(SSL_get_error(c.srv, c.sbytes) == 0); 509 #if 0 /* see https://github.com/openssl/openssl/issues/29742 */ 510 ATF_REQUIRE(!BIO_should_retry(SSL_get_wbio(c.srv))); 511 #endif 512 513 ATF_REQUIRE(pthread_mutex_unlock(&c.mtx) == 0); 514 515 common_cleanup(&c); 516 } 517 518 ATF_TP_ADD_TCS(tp) 519 { 520 ATF_TP_ADD_TC(tp, basic); 521 ATF_TP_ADD_TC(tp, random); 522 ATF_TP_ADD_TC(tp, truncate); 523 ATF_TP_ADD_TC(tp, grow); 524 ATF_TP_ADD_TC(tp, offset_beyond_eof); 525 ATF_TP_ADD_TC(tp, eagain_vs_eof); 526 527 return atf_no_error(); 528 } 529