1 /* $NetBSD: regress_ssl.c,v 1.3 2017/01/31 23:17:40 christos Exp $ */ 2 /* 3 * Copyright (c) 2009-2012 Niels Provos and Nick Mathewson 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. The name of the author may not be used to endorse or promote products 14 * derived from this software without specific prior written permission. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 */ 27 28 // Get rid of OSX 10.7 and greater deprecation warnings. 29 #if defined(__APPLE__) && defined(__clang__) 30 #pragma clang diagnostic ignored "-Wdeprecated-declarations" 31 #endif 32 33 #ifdef _WIN32 34 #include <winsock2.h> 35 #include <windows.h> 36 #endif 37 38 #include "util-internal.h" 39 40 #ifndef _WIN32 41 #include <sys/types.h> 42 #include <sys/socket.h> 43 #include <netinet/in.h> 44 #endif 45 46 #include "event2/util.h" 47 #include "event2/event.h" 48 #include "event2/bufferevent_ssl.h" 49 #include "event2/bufferevent_struct.h" 50 #include "event2/buffer.h" 51 #include "event2/listener.h" 52 53 #include "regress.h" 54 #include "tinytest.h" 55 #include "tinytest_macros.h" 56 57 #include <openssl/bio.h> 58 #include <openssl/err.h> 59 #include <openssl/pem.h> 60 #include "openssl-compat.h" 61 62 #include <string.h> 63 #ifdef _WIN32 64 #include <io.h> 65 #define read _read 66 #define write _write 67 #else 68 #include <unistd.h> 69 #endif 70 71 /* A pre-generated key, to save the cost of doing an RSA key generation step 72 * during the unit tests. It is published in this file, so you would have to 73 * be very foolish to consider using it in your own code. */ 74 static const char KEY[] = 75 "-----BEGIN RSA PRIVATE KEY-----\n" 76 "MIIEogIBAAKCAQEAtK07Ili0dkJb79m/sFmHoVJTWyLoveXex2yX/BtUzzcvZEOu\n" 77 "QLon/++5YOA48kzZm5K9mIwZkZhui1ZgJ5Bjq0LGAWTZGIn+NXjLFshPYvTKpOCW\n" 78 "uzL0Ir0LXMsBLYJQ5A4FomLNxs4I3H/dhDSGy/rSiJB1B4w2xNiwPK08/VL3zZqk\n" 79 "V+GsSvGIIkzhTMbqPJy9K8pqyjwOU2pgORS794yXciTGxWYjTDzJPgQ35YMDATaG\n" 80 "jr4HHo1zxU/Lj0pndSUK5rKLYxYQ3Uc8B3AVYDl9CP/GbOoQ4LBzS68JjcAUyp6i\n" 81 "6NfXlc2D9S9XgqVqwI+JqgJs0eW/+zPY2UEDWwIDAQABAoIBAD2HzV66FOM9YDAD\n" 82 "2RtGskEHV2nvLpIVadRCsFPkPvK+2X3s6rgSbbLkwh4y3lHuSCGKTNVZyQ9jeSos\n" 83 "xVxT+Q2HFQW+gYyw2gj91TQyDY8mzKhv8AVaqff2p5r3a7RC8CdqexK9UVUGL9Bg\n" 84 "H2F5vfpTtkVZ5PEoGDLblNFlMiMW/t1SobUeBVx+Msco/xqk9lFv1A9nnepGy0Gi\n" 85 "D+i6YNGTBsX22YhoCZl/ICxCL8lgqPei4FvBr9dBVh/jQgjuUBm2jz55p2r7+7Aw\n" 86 "khmXHReejoVokQ2+htgSgZNKlKuDy710ZpBqnDi8ynQi82Y2qCpyg/p/xcER54B6\n" 87 "hSftaiECgYEA2RkSoxU+nWk+BClQEUZRi88QK5W/M8oo1DvUs36hvPFkw3Jk/gz0\n" 88 "fgd5bnA+MXj0Fc0QHvbddPjIkyoI/evq9GPV+JYIuH5zabrlI3Jvya8q9QpAcEDO\n" 89 "KkL/O09qXVEW52S6l05nh4PLejyI7aTyTIN5nbVLac/+M8MY/qOjZksCgYEA1Q1o\n" 90 "L8kjSavU2xhQmSgZb9W62Do60sa3e73ljrDPoiyvbExldpSdziFYxHBD/Rep0ePf\n" 91 "eVSGS3VSwevt9/jSGo2Oa83TYYns9agBm03oR/Go/DukESdI792NsEM+PRFypVNy\n" 92 "AohWRLj0UU6DV+zLKp0VBavtx0ATeLFX0eN17TECgYBI2O/3Bz7uhQ0JSm+SjFz6\n" 93 "o+2SInp5P2G57aWu4VQWWY3tQ2p+EQzNaWam10UXRrXoxtmc+ktPX9e2AgnoYoyB\n" 94 "myqGcpnUhqHlnZAb999o9r1cYidDQ4uqhLauSTSwwXAFDzjJYsa8o03Y440y6QFh\n" 95 "CVD6yYXXqLJs3g96CqDexwKBgAHxq1+0QCQt8zVElYewO/svQhMzBNJjic0RQIT6\n" 96 "zAo4yij80XgxhvcYiszQEW6/xobpw2JCCS+rFGQ8mOFIXfJsFD6blDAxp/3d2JXo\n" 97 "MhRl+hrDGI4ng5zcsqxHEMxR2m/zwPiQ8eiSn3gWdVBaEsiCwmxY00ScKxFQ3PJH\n" 98 "Vw4hAoGAdZLd8KfjjG6lg7hfpVqavstqVi9LOgkHeCfdjn7JP+76kYrgLk/XdkrP\n" 99 "N/BHhtFVFjOi/mTQfQ5YfZImkm/1ePBy7437DT8BDkOxspa50kK4HPggHnU64h1w\n" 100 "lhdEOj7mAgHwGwwVZWOgs9Lq6vfztnSuhqjha1daESY6kDscPIQ=\n" 101 "-----END RSA PRIVATE KEY-----\n"; 102 static void *xkey = __UNCONST(KEY); 103 104 EVP_PKEY * 105 ssl_getkey(void) 106 { 107 EVP_PKEY *key; 108 BIO *bio; 109 110 /* new read-only BIO backed by KEY. */ 111 bio = BIO_new_mem_buf(xkey, -1); 112 tt_assert(bio); 113 114 key = PEM_read_bio_PrivateKey(bio,NULL,NULL,NULL); 115 BIO_free(bio); 116 tt_assert(key); 117 118 return key; 119 end: 120 return NULL; 121 } 122 123 X509 * 124 ssl_getcert(void) 125 { 126 /* Dummy code to make a quick-and-dirty valid certificate with 127 OpenSSL. Don't copy this code into your own program! It does a 128 number of things in a stupid and insecure way. */ 129 X509 *x509 = NULL; 130 X509_NAME *name = NULL; 131 EVP_PKEY *key = ssl_getkey(); 132 int nid; 133 time_t now = time(NULL); 134 135 tt_assert(key); 136 137 x509 = X509_new(); 138 tt_assert(x509); 139 tt_assert(0 != X509_set_version(x509, 2)); 140 tt_assert(0 != ASN1_INTEGER_set(X509_get_serialNumber(x509), 141 (long)now)); 142 143 name = X509_NAME_new(); 144 tt_assert(name); 145 nid = OBJ_txt2nid("commonName"); 146 tt_assert(NID_undef != nid); 147 tt_assert(0 != X509_NAME_add_entry_by_NID( 148 name, nid, MBSTRING_ASC, __UNCONST("example.com"), 149 -1, -1, 0)); 150 151 X509_set_subject_name(x509, name); 152 X509_set_issuer_name(x509, name); 153 154 X509_time_adj(X509_get_notBefore(x509), 0, &now); 155 now += 3600; 156 X509_time_adj(X509_get_notAfter(x509), 0, &now); 157 X509_set_pubkey(x509, key); 158 tt_assert(0 != X509_sign(x509, key, EVP_sha1())); 159 160 return x509; 161 end: 162 X509_free(x509); 163 return NULL; 164 } 165 166 static int disable_tls_11_and_12 = 0; 167 static SSL_CTX *the_ssl_ctx = NULL; 168 169 SSL_CTX * 170 get_ssl_ctx(void) 171 { 172 if (the_ssl_ctx) 173 return the_ssl_ctx; 174 the_ssl_ctx = SSL_CTX_new(SSLv23_method()); 175 if (!the_ssl_ctx) 176 return NULL; 177 if (disable_tls_11_and_12) { 178 #ifdef SSL_OP_NO_TLSv1_2 179 SSL_CTX_set_options(the_ssl_ctx, SSL_OP_NO_TLSv1_2); 180 #endif 181 #ifdef SSL_OP_NO_TLSv1_1 182 SSL_CTX_set_options(the_ssl_ctx, SSL_OP_NO_TLSv1_1); 183 #endif 184 } 185 return the_ssl_ctx; 186 } 187 188 void 189 init_ssl(void) 190 { 191 #if OPENSSL_VERSION_NUMBER < 0x10100000L 192 SSL_library_init(); 193 ERR_load_crypto_strings(); 194 SSL_load_error_strings(); 195 OpenSSL_add_all_algorithms(); 196 if (SSLeay() != OPENSSL_VERSION_NUMBER) { 197 TT_DECLARE("WARN", ("Version mismatch for openssl: compiled with %lx but running with %lx", (unsigned long)OPENSSL_VERSION_NUMBER, (unsigned long) SSLeay())); 198 } 199 #endif 200 } 201 202 /* ==================== 203 Here's a simple test: we read a number from the input, increment it, and 204 reply, until we get to 1001. 205 */ 206 207 static int test_is_done = 0; 208 static int n_connected = 0; 209 static int got_close = 0; 210 static int got_error = 0; 211 static int got_timeout = 0; 212 static int renegotiate_at = -1; 213 static int stop_when_connected = 0; 214 static int pending_connect_events = 0; 215 static struct event_base *exit_base = NULL; 216 217 enum regress_openssl_type 218 { 219 REGRESS_OPENSSL_SOCKETPAIR = 1, 220 REGRESS_OPENSSL_FILTER = 2, 221 REGRESS_OPENSSL_RENEGOTIATE = 4, 222 REGRESS_OPENSSL_OPEN = 8, 223 REGRESS_OPENSSL_DIRTY_SHUTDOWN = 16, 224 REGRESS_OPENSSL_FD = 32, 225 226 REGRESS_OPENSSL_CLIENT = 64, 227 REGRESS_OPENSSL_SERVER = 128, 228 229 REGRESS_OPENSSL_FREED = 256, 230 REGRESS_OPENSSL_TIMEOUT = 512, 231 REGRESS_OPENSSL_SLEEP = 1024, 232 233 REGRESS_OPENSSL_CLIENT_WRITE = 2048, 234 }; 235 236 static void 237 bufferevent_openssl_check_fd(struct bufferevent *bev, int filter) 238 { 239 tt_int_op(bufferevent_getfd(bev), !=, -1); 240 tt_int_op(bufferevent_setfd(bev, -1), ==, 0); 241 if (filter) { 242 tt_int_op(bufferevent_getfd(bev), !=, -1); 243 } else { 244 tt_int_op(bufferevent_getfd(bev), ==, -1); 245 } 246 247 end: 248 ; 249 } 250 static void 251 bufferevent_openssl_check_freed(struct bufferevent *bev) 252 { 253 tt_int_op(event_pending(&bev->ev_read, EVLIST_ALL, NULL), ==, 0); 254 tt_int_op(event_pending(&bev->ev_write, EVLIST_ALL, NULL), ==, 0); 255 256 end: 257 ; 258 } 259 260 static void 261 respond_to_number(struct bufferevent *bev, void *ctx) 262 { 263 struct evbuffer *b = bufferevent_get_input(bev); 264 char *line; 265 int n; 266 267 enum regress_openssl_type type; 268 type = (enum regress_openssl_type)ctx; 269 270 line = evbuffer_readln(b, NULL, EVBUFFER_EOL_LF); 271 if (! line) 272 return; 273 n = atoi(line); 274 if (n <= 0) 275 TT_FAIL(("Bad number: %s", line)); 276 free(line); 277 TT_BLATHER(("The number was %d", n)); 278 if (n == 1001) { 279 ++test_is_done; 280 bufferevent_free(bev); /* Should trigger close on other side. */ 281 return; 282 } 283 if ((type & REGRESS_OPENSSL_CLIENT) && n == renegotiate_at) { 284 SSL_renegotiate(bufferevent_openssl_get_ssl(bev)); 285 } 286 ++n; 287 evbuffer_add_printf(bufferevent_get_output(bev), 288 "%d\n", n); 289 TT_BLATHER(("Done reading; now writing.")); 290 bufferevent_enable(bev, EV_WRITE); 291 bufferevent_disable(bev, EV_READ); 292 } 293 294 static void 295 done_writing_cb(struct bufferevent *bev, void *ctx) 296 { 297 struct evbuffer *b = bufferevent_get_output(bev); 298 if (evbuffer_get_length(b)) 299 return; 300 TT_BLATHER(("Done writing.")); 301 bufferevent_disable(bev, EV_WRITE); 302 bufferevent_enable(bev, EV_READ); 303 } 304 305 static void 306 eventcb(struct bufferevent *bev, short what, void *ctx) 307 { 308 enum regress_openssl_type type; 309 type = (enum regress_openssl_type)ctx; 310 311 TT_BLATHER(("Got event %d", (int)what)); 312 if (what & BEV_EVENT_CONNECTED) { 313 SSL *ssl; 314 X509 *peer_cert; 315 ++n_connected; 316 ssl = bufferevent_openssl_get_ssl(bev); 317 tt_assert(ssl); 318 peer_cert = SSL_get_peer_certificate(ssl); 319 if (type & REGRESS_OPENSSL_SERVER) { 320 tt_assert(peer_cert == NULL); 321 } else { 322 tt_assert(peer_cert != NULL); 323 } 324 if (stop_when_connected) { 325 if (--pending_connect_events == 0) 326 event_base_loopexit(exit_base, NULL); 327 } 328 329 if ((type & REGRESS_OPENSSL_CLIENT_WRITE) && (type & REGRESS_OPENSSL_CLIENT)) 330 evbuffer_add_printf(bufferevent_get_output(bev), "1\n"); 331 } else if (what & BEV_EVENT_EOF) { 332 TT_BLATHER(("Got a good EOF")); 333 ++got_close; 334 if (type & REGRESS_OPENSSL_FD) { 335 bufferevent_openssl_check_fd(bev, type & REGRESS_OPENSSL_FILTER); 336 } 337 if (type & REGRESS_OPENSSL_FREED) { 338 bufferevent_openssl_check_freed(bev); 339 } 340 bufferevent_free(bev); 341 } else if (what & BEV_EVENT_ERROR) { 342 TT_BLATHER(("Got an error.")); 343 ++got_error; 344 if (type & REGRESS_OPENSSL_FD) { 345 bufferevent_openssl_check_fd(bev, type & REGRESS_OPENSSL_FILTER); 346 } 347 if (type & REGRESS_OPENSSL_FREED) { 348 bufferevent_openssl_check_freed(bev); 349 } 350 bufferevent_free(bev); 351 } else if (what & BEV_EVENT_TIMEOUT) { 352 TT_BLATHER(("Got timeout.")); 353 ++got_timeout; 354 if (type & REGRESS_OPENSSL_FD) { 355 bufferevent_openssl_check_fd(bev, type & REGRESS_OPENSSL_FILTER); 356 } 357 if (type & REGRESS_OPENSSL_FREED) { 358 bufferevent_openssl_check_freed(bev); 359 } 360 bufferevent_free(bev); 361 } 362 end: 363 ; 364 } 365 366 static void 367 open_ssl_bufevs(struct bufferevent **bev1_out, struct bufferevent **bev2_out, 368 struct event_base *base, int is_open, int flags, SSL *ssl1, SSL *ssl2, 369 evutil_socket_t *fd_pair, struct bufferevent **underlying_pair, 370 enum regress_openssl_type type) 371 { 372 int state1 = is_open ? BUFFEREVENT_SSL_OPEN :BUFFEREVENT_SSL_CONNECTING; 373 int state2 = is_open ? BUFFEREVENT_SSL_OPEN :BUFFEREVENT_SSL_ACCEPTING; 374 int dirty_shutdown = type & REGRESS_OPENSSL_DIRTY_SHUTDOWN; 375 if (fd_pair) { 376 *bev1_out = bufferevent_openssl_socket_new( 377 base, fd_pair[0], ssl1, state1, flags); 378 *bev2_out = bufferevent_openssl_socket_new( 379 base, fd_pair[1], ssl2, state2, flags); 380 } else { 381 *bev1_out = bufferevent_openssl_filter_new( 382 base, underlying_pair[0], ssl1, state1, flags); 383 *bev2_out = bufferevent_openssl_filter_new( 384 base, underlying_pair[1], ssl2, state2, flags); 385 386 } 387 bufferevent_setcb(*bev1_out, respond_to_number, done_writing_cb, 388 eventcb, (void*)(REGRESS_OPENSSL_CLIENT | (long)type)); 389 bufferevent_setcb(*bev2_out, respond_to_number, done_writing_cb, 390 eventcb, (void*)(REGRESS_OPENSSL_SERVER | (long)type)); 391 392 bufferevent_openssl_set_allow_dirty_shutdown(*bev1_out, dirty_shutdown); 393 bufferevent_openssl_set_allow_dirty_shutdown(*bev2_out, dirty_shutdown); 394 } 395 396 static void 397 regress_bufferevent_openssl(void *arg) 398 { 399 struct basic_test_data *data = arg; 400 401 struct bufferevent *bev1, *bev2; 402 SSL *ssl1, *ssl2; 403 X509 *cert = ssl_getcert(); 404 EVP_PKEY *key = ssl_getkey(); 405 int flags = BEV_OPT_DEFER_CALLBACKS; 406 struct bufferevent *bev_ll[2] = { NULL, NULL }; 407 evutil_socket_t *fd_pair = NULL; 408 409 enum regress_openssl_type type; 410 type = (enum regress_openssl_type)data->setup_data; 411 412 tt_assert(cert); 413 tt_assert(key); 414 415 init_ssl(); 416 417 if (type & REGRESS_OPENSSL_RENEGOTIATE) { 418 if (SSLeay() >= 0x10001000 && 419 SSLeay() < 0x1000104f) { 420 /* 1.0.1 up to 1.0.1c has a bug where TLS1.1 and 1.2 421 * can't renegotiate with themselves. Disable. */ 422 disable_tls_11_and_12 = 1; 423 } 424 renegotiate_at = 600; 425 } 426 427 ssl1 = SSL_new(get_ssl_ctx()); 428 ssl2 = SSL_new(get_ssl_ctx()); 429 430 SSL_use_certificate(ssl2, cert); 431 SSL_use_PrivateKey(ssl2, key); 432 433 if (!(type & REGRESS_OPENSSL_OPEN)) 434 flags |= BEV_OPT_CLOSE_ON_FREE; 435 436 if (!(type & REGRESS_OPENSSL_FILTER)) { 437 tt_assert(type & REGRESS_OPENSSL_SOCKETPAIR); 438 fd_pair = data->pair; 439 } else { 440 bev_ll[0] = bufferevent_socket_new(data->base, data->pair[0], 441 BEV_OPT_CLOSE_ON_FREE); 442 bev_ll[1] = bufferevent_socket_new(data->base, data->pair[1], 443 BEV_OPT_CLOSE_ON_FREE); 444 } 445 446 open_ssl_bufevs(&bev1, &bev2, data->base, 0, flags, ssl1, ssl2, 447 fd_pair, bev_ll, type); 448 449 if (!(type & REGRESS_OPENSSL_FILTER)) { 450 tt_int_op(bufferevent_getfd(bev1), ==, data->pair[0]); 451 } else { 452 tt_ptr_op(bufferevent_get_underlying(bev1), ==, bev_ll[0]); 453 } 454 455 if (type & REGRESS_OPENSSL_OPEN) { 456 pending_connect_events = 2; 457 stop_when_connected = 1; 458 exit_base = data->base; 459 event_base_dispatch(data->base); 460 /* Okay, now the renegotiation is done. Make new 461 * bufferevents to test opening in BUFFEREVENT_SSL_OPEN */ 462 flags |= BEV_OPT_CLOSE_ON_FREE; 463 bufferevent_free(bev1); 464 bufferevent_free(bev2); 465 bev1 = bev2 = NULL; 466 open_ssl_bufevs(&bev1, &bev2, data->base, 1, flags, ssl1, ssl2, 467 fd_pair, bev_ll, type); 468 } 469 470 if (!(type & REGRESS_OPENSSL_TIMEOUT)) { 471 bufferevent_enable(bev1, EV_READ|EV_WRITE); 472 bufferevent_enable(bev2, EV_READ|EV_WRITE); 473 474 if (!(type & REGRESS_OPENSSL_CLIENT_WRITE)) 475 evbuffer_add_printf(bufferevent_get_output(bev1), "1\n"); 476 477 event_base_dispatch(data->base); 478 479 tt_assert(test_is_done == 1); 480 tt_assert(n_connected == 2); 481 482 /* We don't handle shutdown properly yet */ 483 if (type & REGRESS_OPENSSL_DIRTY_SHUTDOWN) { 484 tt_int_op(got_close, ==, 1); 485 tt_int_op(got_error, ==, 0); 486 } else { 487 tt_int_op(got_error, ==, 1); 488 } 489 tt_int_op(got_timeout, ==, 0); 490 } else { 491 struct timeval t = { 2, 0 }; 492 493 bufferevent_enable(bev1, EV_READ|EV_WRITE); 494 bufferevent_disable(bev2, EV_READ|EV_WRITE); 495 496 bufferevent_set_timeouts(bev1, &t, &t); 497 498 if (!(type & REGRESS_OPENSSL_CLIENT_WRITE)) 499 evbuffer_add_printf(bufferevent_get_output(bev1), "1\n"); 500 501 event_base_dispatch(data->base); 502 503 tt_assert(test_is_done == 0); 504 tt_assert(n_connected == 0); 505 506 tt_int_op(got_close, ==, 0); 507 tt_int_op(got_error, ==, 0); 508 tt_int_op(got_timeout, ==, 1); 509 } 510 end: 511 return; 512 } 513 514 static void 515 acceptcb_deferred(evutil_socket_t fd, short events, void *arg) 516 { 517 struct bufferevent *bev = arg; 518 bufferevent_enable(bev, EV_READ|EV_WRITE); 519 } 520 static void 521 acceptcb(struct evconnlistener *listener, evutil_socket_t fd, 522 struct sockaddr *addr, int socklen, void *arg) 523 { 524 struct basic_test_data *data = arg; 525 struct bufferevent *bev; 526 enum regress_openssl_type type; 527 SSL *ssl = SSL_new(get_ssl_ctx()); 528 529 type = (enum regress_openssl_type)data->setup_data; 530 531 SSL_use_certificate(ssl, ssl_getcert()); 532 SSL_use_PrivateKey(ssl, ssl_getkey()); 533 534 bev = bufferevent_openssl_socket_new( 535 data->base, 536 fd, 537 ssl, 538 BUFFEREVENT_SSL_ACCEPTING, 539 BEV_OPT_CLOSE_ON_FREE|BEV_OPT_DEFER_CALLBACKS); 540 541 bufferevent_setcb(bev, respond_to_number, NULL, eventcb, 542 (void*)(REGRESS_OPENSSL_SERVER)); 543 544 if (type & REGRESS_OPENSSL_SLEEP) { 545 struct timeval when = { 1, 0 }; 546 event_base_once(data->base, -1, EV_TIMEOUT, 547 acceptcb_deferred, bev, &when); 548 bufferevent_disable(bev, EV_READ|EV_WRITE); 549 } else { 550 bufferevent_enable(bev, EV_READ|EV_WRITE); 551 } 552 553 /* Only accept once, then disable ourself. */ 554 evconnlistener_disable(listener); 555 } 556 557 struct rwcount 558 { 559 int fd; 560 size_t read; 561 size_t write; 562 }; 563 static int 564 bio_rwcount_new(BIO *b) 565 { 566 BIO_set_init(b, 0); 567 BIO_set_data(b, NULL); 568 return 1; 569 } 570 static int 571 bio_rwcount_free(BIO *b) 572 { 573 if (!b) 574 return 0; 575 if (BIO_get_shutdown(b)) { 576 BIO_set_init(b, 0); 577 BIO_set_data(b, NULL); 578 } 579 return 1; 580 } 581 static int 582 bio_rwcount_read(BIO *b, char *out, int outlen) 583 { 584 struct rwcount *rw = BIO_get_data(b); 585 ev_ssize_t ret = recv(rw->fd, out, outlen, 0); 586 ++rw->read; 587 if (ret == -1 && EVUTIL_ERR_RW_RETRIABLE(EVUTIL_SOCKET_ERROR())) { 588 BIO_set_retry_read(b); 589 } 590 return ret; 591 } 592 static int 593 bio_rwcount_write(BIO *b, const char *in, int inlen) 594 { 595 596 struct rwcount *rw = BIO_get_data(b); 597 ev_ssize_t ret = send(rw->fd, in, inlen, 0); 598 ++rw->write; 599 if (ret == -1 && EVUTIL_ERR_RW_RETRIABLE(EVUTIL_SOCKET_ERROR())) { 600 BIO_set_retry_write(b); 601 } 602 return ret; 603 } 604 static long 605 bio_rwcount_ctrl(BIO *b, int cmd, long num, void *ptr) 606 { 607 long ret = 0; 608 switch (cmd) { 609 case BIO_CTRL_GET_CLOSE: 610 ret = BIO_get_shutdown(b); 611 break; 612 case BIO_CTRL_SET_CLOSE: 613 BIO_set_shutdown(b, (int)num); 614 break; 615 case BIO_CTRL_PENDING: 616 ret = 0; 617 break; 618 case BIO_CTRL_WPENDING: 619 ret = 0; 620 break; 621 case BIO_CTRL_DUP: 622 case BIO_CTRL_FLUSH: 623 ret = 1; 624 break; 625 } 626 return ret; 627 } 628 static int 629 bio_rwcount_puts(BIO *b, const char *s) 630 { 631 return bio_rwcount_write(b, s, strlen(s)); 632 } 633 #define BIO_TYPE_LIBEVENT_RWCOUNT 0xff1 634 static BIO_METHOD *methods_rwcount; 635 636 static BIO_METHOD * 637 BIO_s_rwcount(void) 638 { 639 if (methods_rwcount == NULL) { 640 methods_rwcount = BIO_meth_new(BIO_TYPE_LIBEVENT_RWCOUNT, "rwcount"); 641 if (methods_rwcount == NULL) 642 return NULL; 643 BIO_meth_set_write(methods_rwcount, bio_rwcount_write); 644 BIO_meth_set_read(methods_rwcount, bio_rwcount_read); 645 BIO_meth_set_puts(methods_rwcount, bio_rwcount_puts); 646 BIO_meth_set_ctrl(methods_rwcount, bio_rwcount_ctrl); 647 BIO_meth_set_create(methods_rwcount, bio_rwcount_new); 648 BIO_meth_set_destroy(methods_rwcount, bio_rwcount_free); 649 } 650 return methods_rwcount; 651 } 652 static BIO * 653 BIO_new_rwcount(int close_flag) 654 { 655 BIO *result; 656 if (!(result = BIO_new(BIO_s_rwcount()))) 657 return NULL; 658 BIO_set_init(result, 1); 659 BIO_set_data(result, NULL); 660 BIO_set_shutdown(result, !!close_flag); 661 return result; 662 } 663 664 static void 665 regress_bufferevent_openssl_connect(void *arg) 666 { 667 struct basic_test_data *data = arg; 668 669 struct event_base *base = data->base; 670 671 struct evconnlistener *listener; 672 struct bufferevent *bev; 673 struct sockaddr_in sin; 674 struct sockaddr_storage ss; 675 ev_socklen_t slen; 676 SSL *ssl; 677 BIO *bio; 678 struct rwcount rw = { -1, 0, 0 }; 679 enum regress_openssl_type type; 680 681 type = (enum regress_openssl_type)data->setup_data; 682 683 init_ssl(); 684 685 memset(&sin, 0, sizeof(sin)); 686 sin.sin_family = AF_INET; 687 sin.sin_addr.s_addr = htonl(0x7f000001); 688 689 memset(&ss, 0, sizeof(ss)); 690 slen = sizeof(ss); 691 692 listener = evconnlistener_new_bind(base, acceptcb, data, 693 LEV_OPT_CLOSE_ON_FREE|LEV_OPT_REUSEABLE, 694 -1, (struct sockaddr *)&sin, sizeof(sin)); 695 696 tt_assert(listener); 697 tt_assert(evconnlistener_get_fd(listener) >= 0); 698 699 ssl = SSL_new(get_ssl_ctx()); 700 tt_assert(ssl); 701 702 bev = bufferevent_openssl_socket_new( 703 data->base, -1, ssl, 704 BUFFEREVENT_SSL_CONNECTING, 705 BEV_OPT_CLOSE_ON_FREE|BEV_OPT_DEFER_CALLBACKS); 706 tt_assert(bev); 707 708 bufferevent_setcb(bev, respond_to_number, NULL, eventcb, 709 (void*)(REGRESS_OPENSSL_CLIENT)); 710 711 tt_assert(getsockname(evconnlistener_get_fd(listener), 712 (struct sockaddr*)&ss, &slen) == 0); 713 tt_assert(slen == sizeof(struct sockaddr_in)); 714 tt_int_op(((struct sockaddr*)&ss)->sa_family, ==, AF_INET); 715 716 tt_assert(0 == 717 bufferevent_socket_connect(bev, (struct sockaddr*)&ss, slen)); 718 /* Possible only when we have fd, since be_openssl can and will overwrite 719 * bio otherwise before */ 720 if (type & REGRESS_OPENSSL_SLEEP) { 721 rw.fd = bufferevent_getfd(bev); 722 bio = BIO_new_rwcount(0); 723 tt_assert(bio); 724 BIO_set_data(bio, &rw); 725 SSL_set_bio(ssl, bio, bio); 726 } 727 evbuffer_add_printf(bufferevent_get_output(bev), "1\n"); 728 bufferevent_enable(bev, EV_READ|EV_WRITE); 729 730 event_base_dispatch(base); 731 732 tt_int_op(rw.read, <=, 100); 733 tt_int_op(rw.write, <=, 100); 734 end: 735 ; 736 } 737 738 struct testcase_t ssl_testcases[] = { 739 #define T(a) ((void *)(a)) 740 { "bufferevent_socketpair", regress_bufferevent_openssl, 741 TT_ISOLATED, &basic_setup, T(REGRESS_OPENSSL_SOCKETPAIR) }, 742 { "bufferevent_socketpair_write_after_connect", regress_bufferevent_openssl, 743 TT_ISOLATED, &basic_setup, 744 T(REGRESS_OPENSSL_SOCKETPAIR|REGRESS_OPENSSL_CLIENT_WRITE) }, 745 { "bufferevent_filter", regress_bufferevent_openssl, 746 TT_ISOLATED, &basic_setup, T(REGRESS_OPENSSL_FILTER) }, 747 { "bufferevent_filter_write_after_connect", regress_bufferevent_openssl, 748 TT_ISOLATED, &basic_setup, 749 T(REGRESS_OPENSSL_FILTER|REGRESS_OPENSSL_CLIENT_WRITE) }, 750 { "bufferevent_renegotiate_socketpair", regress_bufferevent_openssl, 751 TT_ISOLATED, &basic_setup, 752 T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_RENEGOTIATE) }, 753 { "bufferevent_renegotiate_filter", regress_bufferevent_openssl, 754 TT_ISOLATED, &basic_setup, 755 T(REGRESS_OPENSSL_FILTER | REGRESS_OPENSSL_RENEGOTIATE) }, 756 { "bufferevent_socketpair_startopen", regress_bufferevent_openssl, 757 TT_ISOLATED, &basic_setup, 758 T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_OPEN) }, 759 { "bufferevent_filter_startopen", regress_bufferevent_openssl, 760 TT_ISOLATED, &basic_setup, 761 T(REGRESS_OPENSSL_FILTER | REGRESS_OPENSSL_OPEN) }, 762 763 { "bufferevent_socketpair_dirty_shutdown", regress_bufferevent_openssl, 764 TT_ISOLATED, &basic_setup, 765 T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_DIRTY_SHUTDOWN) }, 766 { "bufferevent_filter_dirty_shutdown", regress_bufferevent_openssl, 767 TT_ISOLATED, &basic_setup, 768 T(REGRESS_OPENSSL_FILTER | REGRESS_OPENSSL_DIRTY_SHUTDOWN) }, 769 { "bufferevent_renegotiate_socketpair_dirty_shutdown", 770 regress_bufferevent_openssl, 771 TT_ISOLATED, 772 &basic_setup, 773 T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_RENEGOTIATE | REGRESS_OPENSSL_DIRTY_SHUTDOWN) }, 774 { "bufferevent_renegotiate_filter_dirty_shutdown", 775 regress_bufferevent_openssl, 776 TT_ISOLATED, 777 &basic_setup, 778 T(REGRESS_OPENSSL_FILTER | REGRESS_OPENSSL_RENEGOTIATE | REGRESS_OPENSSL_DIRTY_SHUTDOWN) }, 779 { "bufferevent_socketpair_startopen_dirty_shutdown", 780 regress_bufferevent_openssl, 781 TT_ISOLATED, &basic_setup, 782 T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_OPEN | REGRESS_OPENSSL_DIRTY_SHUTDOWN) }, 783 { "bufferevent_filter_startopen_dirty_shutdown", 784 regress_bufferevent_openssl, 785 TT_ISOLATED, &basic_setup, 786 T(REGRESS_OPENSSL_FILTER | REGRESS_OPENSSL_OPEN | REGRESS_OPENSSL_DIRTY_SHUTDOWN) }, 787 788 { "bufferevent_socketpair_fd", regress_bufferevent_openssl, 789 TT_ISOLATED, &basic_setup, 790 T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_FD) }, 791 { "bufferevent_socketpair_freed", regress_bufferevent_openssl, 792 TT_ISOLATED, &basic_setup, 793 T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_FREED) }, 794 { "bufferevent_socketpair_freed_fd", regress_bufferevent_openssl, 795 TT_ISOLATED, &basic_setup, 796 T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_FREED | REGRESS_OPENSSL_FD) }, 797 { "bufferevent_filter_freed_fd", regress_bufferevent_openssl, 798 TT_ISOLATED, &basic_setup, 799 T(REGRESS_OPENSSL_FILTER | REGRESS_OPENSSL_FREED | REGRESS_OPENSSL_FD) }, 800 801 { "bufferevent_socketpair_timeout", regress_bufferevent_openssl, 802 TT_ISOLATED, &basic_setup, 803 T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_TIMEOUT) }, 804 { "bufferevent_socketpair_timeout_freed_fd", regress_bufferevent_openssl, 805 TT_ISOLATED, &basic_setup, 806 T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_TIMEOUT | REGRESS_OPENSSL_FREED | REGRESS_OPENSSL_FD) }, 807 808 { "bufferevent_connect", regress_bufferevent_openssl_connect, 809 TT_FORK|TT_NEED_BASE, &basic_setup, NULL }, 810 { "bufferevent_connect_sleep", regress_bufferevent_openssl_connect, 811 TT_FORK|TT_NEED_BASE, &basic_setup, T(REGRESS_OPENSSL_SLEEP) }, 812 813 #undef T 814 815 END_OF_TESTCASES, 816 }; 817