1 /* 2 * Copyright (c) 2009-2012 Niels Provos and Nick Mathewson 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. 9 * 2. Redistributions in binary form must reproduce the above copyright 10 * notice, this list of conditions and the following disclaimer in the 11 * documentation and/or other materials provided with the distribution. 12 * 3. The name of the author may not be used to endorse or promote products 13 * derived from this software without specific prior written permission. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 */ 26 27 // Get rid of OSX 10.7 and greater deprecation warnings. 28 #if defined(__APPLE__) && defined(__clang__) 29 #pragma clang diagnostic ignored "-Wdeprecated-declarations" 30 #endif 31 32 #ifdef _WIN32 33 #include <winsock2.h> 34 #include <windows.h> 35 #endif 36 37 #include "util-internal.h" 38 39 #ifndef _WIN32 40 #include <sys/types.h> 41 #include <sys/socket.h> 42 #include <netinet/in.h> 43 #endif 44 45 #include "event2/util.h" 46 #include "event2/event.h" 47 #include "event2/bufferevent_ssl.h" 48 #include "event2/bufferevent_struct.h" 49 #include "event2/buffer.h" 50 #include "event2/listener.h" 51 52 #include "regress.h" 53 #include "tinytest.h" 54 #include "tinytest_macros.h" 55 56 #include <openssl/bio.h> 57 #include <openssl/err.h> 58 #include <openssl/pem.h> 59 #include "openssl-compat.h" 60 61 #include <string.h> 62 #ifdef _WIN32 63 #include <io.h> 64 #define read _read 65 #define write _write 66 #else 67 #include <unistd.h> 68 #endif 69 70 /* A pre-generated key, to save the cost of doing an RSA key generation step 71 * during the unit tests. It is published in this file, so you would have to 72 * be very foolish to consider using it in your own code. */ 73 static const char KEY[] = 74 "-----BEGIN RSA PRIVATE KEY-----\n" 75 "MIIEogIBAAKCAQEAtK07Ili0dkJb79m/sFmHoVJTWyLoveXex2yX/BtUzzcvZEOu\n" 76 "QLon/++5YOA48kzZm5K9mIwZkZhui1ZgJ5Bjq0LGAWTZGIn+NXjLFshPYvTKpOCW\n" 77 "uzL0Ir0LXMsBLYJQ5A4FomLNxs4I3H/dhDSGy/rSiJB1B4w2xNiwPK08/VL3zZqk\n" 78 "V+GsSvGIIkzhTMbqPJy9K8pqyjwOU2pgORS794yXciTGxWYjTDzJPgQ35YMDATaG\n" 79 "jr4HHo1zxU/Lj0pndSUK5rKLYxYQ3Uc8B3AVYDl9CP/GbOoQ4LBzS68JjcAUyp6i\n" 80 "6NfXlc2D9S9XgqVqwI+JqgJs0eW/+zPY2UEDWwIDAQABAoIBAD2HzV66FOM9YDAD\n" 81 "2RtGskEHV2nvLpIVadRCsFPkPvK+2X3s6rgSbbLkwh4y3lHuSCGKTNVZyQ9jeSos\n" 82 "xVxT+Q2HFQW+gYyw2gj91TQyDY8mzKhv8AVaqff2p5r3a7RC8CdqexK9UVUGL9Bg\n" 83 "H2F5vfpTtkVZ5PEoGDLblNFlMiMW/t1SobUeBVx+Msco/xqk9lFv1A9nnepGy0Gi\n" 84 "D+i6YNGTBsX22YhoCZl/ICxCL8lgqPei4FvBr9dBVh/jQgjuUBm2jz55p2r7+7Aw\n" 85 "khmXHReejoVokQ2+htgSgZNKlKuDy710ZpBqnDi8ynQi82Y2qCpyg/p/xcER54B6\n" 86 "hSftaiECgYEA2RkSoxU+nWk+BClQEUZRi88QK5W/M8oo1DvUs36hvPFkw3Jk/gz0\n" 87 "fgd5bnA+MXj0Fc0QHvbddPjIkyoI/evq9GPV+JYIuH5zabrlI3Jvya8q9QpAcEDO\n" 88 "KkL/O09qXVEW52S6l05nh4PLejyI7aTyTIN5nbVLac/+M8MY/qOjZksCgYEA1Q1o\n" 89 "L8kjSavU2xhQmSgZb9W62Do60sa3e73ljrDPoiyvbExldpSdziFYxHBD/Rep0ePf\n" 90 "eVSGS3VSwevt9/jSGo2Oa83TYYns9agBm03oR/Go/DukESdI792NsEM+PRFypVNy\n" 91 "AohWRLj0UU6DV+zLKp0VBavtx0ATeLFX0eN17TECgYBI2O/3Bz7uhQ0JSm+SjFz6\n" 92 "o+2SInp5P2G57aWu4VQWWY3tQ2p+EQzNaWam10UXRrXoxtmc+ktPX9e2AgnoYoyB\n" 93 "myqGcpnUhqHlnZAb999o9r1cYidDQ4uqhLauSTSwwXAFDzjJYsa8o03Y440y6QFh\n" 94 "CVD6yYXXqLJs3g96CqDexwKBgAHxq1+0QCQt8zVElYewO/svQhMzBNJjic0RQIT6\n" 95 "zAo4yij80XgxhvcYiszQEW6/xobpw2JCCS+rFGQ8mOFIXfJsFD6blDAxp/3d2JXo\n" 96 "MhRl+hrDGI4ng5zcsqxHEMxR2m/zwPiQ8eiSn3gWdVBaEsiCwmxY00ScKxFQ3PJH\n" 97 "Vw4hAoGAdZLd8KfjjG6lg7hfpVqavstqVi9LOgkHeCfdjn7JP+76kYrgLk/XdkrP\n" 98 "N/BHhtFVFjOi/mTQfQ5YfZImkm/1ePBy7437DT8BDkOxspa50kK4HPggHnU64h1w\n" 99 "lhdEOj7mAgHwGwwVZWOgs9Lq6vfztnSuhqjha1daESY6kDscPIQ=\n" 100 "-----END RSA PRIVATE KEY-----\n"; 101 102 EVP_PKEY * ssl_getkey(void)103 ssl_getkey(void) 104 { 105 EVP_PKEY *key; 106 BIO *bio; 107 108 /* new read-only BIO backed by KEY. */ 109 bio = BIO_new_mem_buf((char*)KEY, -1); 110 tt_assert(bio); 111 112 key = PEM_read_bio_PrivateKey(bio,NULL,NULL,NULL); 113 BIO_free(bio); 114 tt_assert(key); 115 116 return key; 117 end: 118 return NULL; 119 } 120 121 X509 * ssl_getcert(void)122 ssl_getcert(void) 123 { 124 /* Dummy code to make a quick-and-dirty valid certificate with 125 OpenSSL. Don't copy this code into your own program! It does a 126 number of things in a stupid and insecure way. */ 127 X509 *x509 = NULL; 128 X509_NAME *name = NULL; 129 EVP_PKEY *key = ssl_getkey(); 130 int nid; 131 time_t now = time(NULL); 132 133 tt_assert(key); 134 135 x509 = X509_new(); 136 tt_assert(x509); 137 tt_assert(0 != X509_set_version(x509, 2)); 138 tt_assert(0 != ASN1_INTEGER_set(X509_get_serialNumber(x509), 139 (long)now)); 140 141 name = X509_NAME_new(); 142 tt_assert(name); 143 nid = OBJ_txt2nid("commonName"); 144 tt_assert(NID_undef != nid); 145 tt_assert(0 != X509_NAME_add_entry_by_NID( 146 name, nid, MBSTRING_ASC, (unsigned char*)"example.com", 147 -1, -1, 0)); 148 149 X509_set_subject_name(x509, name); 150 X509_set_issuer_name(x509, name); 151 152 X509_time_adj(X509_get_notBefore(x509), 0, &now); 153 now += 3600; 154 X509_time_adj(X509_get_notAfter(x509), 0, &now); 155 X509_set_pubkey(x509, key); 156 tt_assert(0 != X509_sign(x509, key, EVP_sha1())); 157 158 return x509; 159 end: 160 X509_free(x509); 161 return NULL; 162 } 163 164 static int disable_tls_11_and_12 = 0; 165 static SSL_CTX *the_ssl_ctx = NULL; 166 167 SSL_CTX * get_ssl_ctx(void)168 get_ssl_ctx(void) 169 { 170 if (the_ssl_ctx) 171 return the_ssl_ctx; 172 the_ssl_ctx = SSL_CTX_new(SSLv23_method()); 173 if (!the_ssl_ctx) 174 return NULL; 175 if (disable_tls_11_and_12) { 176 #ifdef SSL_OP_NO_TLSv1_2 177 SSL_CTX_set_options(the_ssl_ctx, SSL_OP_NO_TLSv1_2); 178 #endif 179 #ifdef SSL_OP_NO_TLSv1_1 180 SSL_CTX_set_options(the_ssl_ctx, SSL_OP_NO_TLSv1_1); 181 #endif 182 } 183 return the_ssl_ctx; 184 } 185 186 void init_ssl(void)187 init_ssl(void) 188 { 189 #if OPENSSL_VERSION_NUMBER < 0x10100000L 190 SSL_library_init(); 191 ERR_load_crypto_strings(); 192 SSL_load_error_strings(); 193 OpenSSL_add_all_algorithms(); 194 if (SSLeay() != OPENSSL_VERSION_NUMBER) { 195 TT_DECLARE("WARN", ("Version mismatch for openssl: compiled with %lx but running with %lx", (unsigned long)OPENSSL_VERSION_NUMBER, (unsigned long) SSLeay())); 196 } 197 #endif 198 } 199 200 /* ==================== 201 Here's a simple test: we read a number from the input, increment it, and 202 reply, until we get to 1001. 203 */ 204 205 static int test_is_done = 0; 206 static int n_connected = 0; 207 static int got_close = 0; 208 static int got_error = 0; 209 static int got_timeout = 0; 210 static int renegotiate_at = -1; 211 static int stop_when_connected = 0; 212 static int pending_connect_events = 0; 213 static struct event_base *exit_base = NULL; 214 215 enum regress_openssl_type 216 { 217 REGRESS_OPENSSL_SOCKETPAIR = 1, 218 REGRESS_OPENSSL_FILTER = 2, 219 REGRESS_OPENSSL_RENEGOTIATE = 4, 220 REGRESS_OPENSSL_OPEN = 8, 221 REGRESS_OPENSSL_DIRTY_SHUTDOWN = 16, 222 REGRESS_OPENSSL_FD = 32, 223 224 REGRESS_OPENSSL_CLIENT = 64, 225 REGRESS_OPENSSL_SERVER = 128, 226 227 REGRESS_OPENSSL_FREED = 256, 228 REGRESS_OPENSSL_TIMEOUT = 512, 229 REGRESS_OPENSSL_SLEEP = 1024, 230 231 REGRESS_OPENSSL_CLIENT_WRITE = 2048, 232 }; 233 234 static void bufferevent_openssl_check_fd(struct bufferevent * bev,int filter)235 bufferevent_openssl_check_fd(struct bufferevent *bev, int filter) 236 { 237 tt_int_op(bufferevent_getfd(bev), !=, -1); 238 tt_int_op(bufferevent_setfd(bev, -1), ==, 0); 239 if (filter) { 240 tt_int_op(bufferevent_getfd(bev), !=, -1); 241 } else { 242 tt_int_op(bufferevent_getfd(bev), ==, -1); 243 } 244 245 end: 246 ; 247 } 248 static void bufferevent_openssl_check_freed(struct bufferevent * bev)249 bufferevent_openssl_check_freed(struct bufferevent *bev) 250 { 251 tt_int_op(event_pending(&bev->ev_read, EVLIST_ALL, NULL), ==, 0); 252 tt_int_op(event_pending(&bev->ev_write, EVLIST_ALL, NULL), ==, 0); 253 254 end: 255 ; 256 } 257 258 static void respond_to_number(struct bufferevent * bev,void * ctx)259 respond_to_number(struct bufferevent *bev, void *ctx) 260 { 261 struct evbuffer *b = bufferevent_get_input(bev); 262 char *line; 263 int n; 264 265 enum regress_openssl_type type; 266 type = (enum regress_openssl_type)ctx; 267 268 line = evbuffer_readln(b, NULL, EVBUFFER_EOL_LF); 269 if (! line) 270 return; 271 n = atoi(line); 272 if (n <= 0) 273 TT_FAIL(("Bad number: %s", line)); 274 free(line); 275 TT_BLATHER(("The number was %d", n)); 276 if (n == 1001) { 277 ++test_is_done; 278 bufferevent_free(bev); /* Should trigger close on other side. */ 279 return; 280 } 281 if ((type & REGRESS_OPENSSL_CLIENT) && n == renegotiate_at) { 282 SSL_renegotiate(bufferevent_openssl_get_ssl(bev)); 283 } 284 ++n; 285 evbuffer_add_printf(bufferevent_get_output(bev), 286 "%d\n", n); 287 TT_BLATHER(("Done reading; now writing.")); 288 bufferevent_enable(bev, EV_WRITE); 289 bufferevent_disable(bev, EV_READ); 290 } 291 292 static void done_writing_cb(struct bufferevent * bev,void * ctx)293 done_writing_cb(struct bufferevent *bev, void *ctx) 294 { 295 struct evbuffer *b = bufferevent_get_output(bev); 296 if (evbuffer_get_length(b)) 297 return; 298 TT_BLATHER(("Done writing.")); 299 bufferevent_disable(bev, EV_WRITE); 300 bufferevent_enable(bev, EV_READ); 301 } 302 303 static void eventcb(struct bufferevent * bev,short what,void * ctx)304 eventcb(struct bufferevent *bev, short what, void *ctx) 305 { 306 enum regress_openssl_type type; 307 type = (enum regress_openssl_type)ctx; 308 309 TT_BLATHER(("Got event %d", (int)what)); 310 if (what & BEV_EVENT_CONNECTED) { 311 SSL *ssl; 312 X509 *peer_cert; 313 ++n_connected; 314 ssl = bufferevent_openssl_get_ssl(bev); 315 tt_assert(ssl); 316 peer_cert = SSL_get_peer_certificate(ssl); 317 if (type & REGRESS_OPENSSL_SERVER) { 318 tt_assert(peer_cert == NULL); 319 } else { 320 tt_assert(peer_cert != NULL); 321 } 322 if (stop_when_connected) { 323 if (--pending_connect_events == 0) 324 event_base_loopexit(exit_base, NULL); 325 } 326 327 if ((type & REGRESS_OPENSSL_CLIENT_WRITE) && (type & REGRESS_OPENSSL_CLIENT)) 328 evbuffer_add_printf(bufferevent_get_output(bev), "1\n"); 329 } else if (what & BEV_EVENT_EOF) { 330 TT_BLATHER(("Got a good EOF")); 331 ++got_close; 332 if (type & REGRESS_OPENSSL_FD) { 333 bufferevent_openssl_check_fd(bev, type & REGRESS_OPENSSL_FILTER); 334 } 335 if (type & REGRESS_OPENSSL_FREED) { 336 bufferevent_openssl_check_freed(bev); 337 } 338 bufferevent_free(bev); 339 } else if (what & BEV_EVENT_ERROR) { 340 TT_BLATHER(("Got an error.")); 341 ++got_error; 342 if (type & REGRESS_OPENSSL_FD) { 343 bufferevent_openssl_check_fd(bev, type & REGRESS_OPENSSL_FILTER); 344 } 345 if (type & REGRESS_OPENSSL_FREED) { 346 bufferevent_openssl_check_freed(bev); 347 } 348 bufferevent_free(bev); 349 } else if (what & BEV_EVENT_TIMEOUT) { 350 TT_BLATHER(("Got timeout.")); 351 ++got_timeout; 352 if (type & REGRESS_OPENSSL_FD) { 353 bufferevent_openssl_check_fd(bev, type & REGRESS_OPENSSL_FILTER); 354 } 355 if (type & REGRESS_OPENSSL_FREED) { 356 bufferevent_openssl_check_freed(bev); 357 } 358 bufferevent_free(bev); 359 } 360 end: 361 ; 362 } 363 364 static void open_ssl_bufevs(struct bufferevent ** bev1_out,struct bufferevent ** bev2_out,struct event_base * base,int is_open,int flags,SSL * ssl1,SSL * ssl2,evutil_socket_t * fd_pair,struct bufferevent ** underlying_pair,enum regress_openssl_type type)365 open_ssl_bufevs(struct bufferevent **bev1_out, struct bufferevent **bev2_out, 366 struct event_base *base, int is_open, int flags, SSL *ssl1, SSL *ssl2, 367 evutil_socket_t *fd_pair, struct bufferevent **underlying_pair, 368 enum regress_openssl_type type) 369 { 370 int state1 = is_open ? BUFFEREVENT_SSL_OPEN :BUFFEREVENT_SSL_CONNECTING; 371 int state2 = is_open ? BUFFEREVENT_SSL_OPEN :BUFFEREVENT_SSL_ACCEPTING; 372 int dirty_shutdown = type & REGRESS_OPENSSL_DIRTY_SHUTDOWN; 373 if (fd_pair) { 374 *bev1_out = bufferevent_openssl_socket_new( 375 base, fd_pair[0], ssl1, state1, flags); 376 *bev2_out = bufferevent_openssl_socket_new( 377 base, fd_pair[1], ssl2, state2, flags); 378 } else { 379 *bev1_out = bufferevent_openssl_filter_new( 380 base, underlying_pair[0], ssl1, state1, flags); 381 *bev2_out = bufferevent_openssl_filter_new( 382 base, underlying_pair[1], ssl2, state2, flags); 383 384 } 385 bufferevent_setcb(*bev1_out, respond_to_number, done_writing_cb, 386 eventcb, (void*)(REGRESS_OPENSSL_CLIENT | (long)type)); 387 bufferevent_setcb(*bev2_out, respond_to_number, done_writing_cb, 388 eventcb, (void*)(REGRESS_OPENSSL_SERVER | (long)type)); 389 390 bufferevent_openssl_set_allow_dirty_shutdown(*bev1_out, dirty_shutdown); 391 bufferevent_openssl_set_allow_dirty_shutdown(*bev2_out, dirty_shutdown); 392 } 393 394 static void regress_bufferevent_openssl(void * arg)395 regress_bufferevent_openssl(void *arg) 396 { 397 struct basic_test_data *data = arg; 398 399 struct bufferevent *bev1, *bev2; 400 SSL *ssl1, *ssl2; 401 X509 *cert = ssl_getcert(); 402 EVP_PKEY *key = ssl_getkey(); 403 int flags = BEV_OPT_DEFER_CALLBACKS; 404 struct bufferevent *bev_ll[2] = { NULL, NULL }; 405 evutil_socket_t *fd_pair = NULL; 406 407 enum regress_openssl_type type; 408 type = (enum regress_openssl_type)data->setup_data; 409 410 tt_assert(cert); 411 tt_assert(key); 412 413 init_ssl(); 414 415 if (type & REGRESS_OPENSSL_RENEGOTIATE) { 416 if (SSLeay() >= 0x10001000 && 417 SSLeay() < 0x1000104f) { 418 /* 1.0.1 up to 1.0.1c has a bug where TLS1.1 and 1.2 419 * can't renegotiate with themselves. Disable. */ 420 disable_tls_11_and_12 = 1; 421 } 422 renegotiate_at = 600; 423 } 424 425 ssl1 = SSL_new(get_ssl_ctx()); 426 ssl2 = SSL_new(get_ssl_ctx()); 427 428 SSL_use_certificate(ssl2, cert); 429 SSL_use_PrivateKey(ssl2, key); 430 431 if (!(type & REGRESS_OPENSSL_OPEN)) 432 flags |= BEV_OPT_CLOSE_ON_FREE; 433 434 if (!(type & REGRESS_OPENSSL_FILTER)) { 435 tt_assert(type & REGRESS_OPENSSL_SOCKETPAIR); 436 fd_pair = data->pair; 437 } else { 438 bev_ll[0] = bufferevent_socket_new(data->base, data->pair[0], 439 BEV_OPT_CLOSE_ON_FREE); 440 bev_ll[1] = bufferevent_socket_new(data->base, data->pair[1], 441 BEV_OPT_CLOSE_ON_FREE); 442 } 443 444 open_ssl_bufevs(&bev1, &bev2, data->base, 0, flags, ssl1, ssl2, 445 fd_pair, bev_ll, type); 446 447 if (!(type & REGRESS_OPENSSL_FILTER)) { 448 tt_int_op(bufferevent_getfd(bev1), ==, data->pair[0]); 449 } else { 450 tt_ptr_op(bufferevent_get_underlying(bev1), ==, bev_ll[0]); 451 } 452 453 if (type & REGRESS_OPENSSL_OPEN) { 454 pending_connect_events = 2; 455 stop_when_connected = 1; 456 exit_base = data->base; 457 event_base_dispatch(data->base); 458 /* Okay, now the renegotiation is done. Make new 459 * bufferevents to test opening in BUFFEREVENT_SSL_OPEN */ 460 flags |= BEV_OPT_CLOSE_ON_FREE; 461 bufferevent_free(bev1); 462 bufferevent_free(bev2); 463 bev1 = bev2 = NULL; 464 open_ssl_bufevs(&bev1, &bev2, data->base, 1, flags, ssl1, ssl2, 465 fd_pair, bev_ll, type); 466 } 467 468 if (!(type & REGRESS_OPENSSL_TIMEOUT)) { 469 bufferevent_enable(bev1, EV_READ|EV_WRITE); 470 bufferevent_enable(bev2, EV_READ|EV_WRITE); 471 472 if (!(type & REGRESS_OPENSSL_CLIENT_WRITE)) 473 evbuffer_add_printf(bufferevent_get_output(bev1), "1\n"); 474 475 event_base_dispatch(data->base); 476 477 tt_assert(test_is_done == 1); 478 tt_assert(n_connected == 2); 479 480 /* We don't handle shutdown properly yet */ 481 if (type & REGRESS_OPENSSL_DIRTY_SHUTDOWN) { 482 tt_int_op(got_close, ==, 1); 483 tt_int_op(got_error, ==, 0); 484 } else { 485 tt_int_op(got_error, ==, 1); 486 } 487 tt_int_op(got_timeout, ==, 0); 488 } else { 489 struct timeval t = { 2, 0 }; 490 491 bufferevent_enable(bev1, EV_READ|EV_WRITE); 492 bufferevent_disable(bev2, EV_READ|EV_WRITE); 493 494 bufferevent_set_timeouts(bev1, &t, &t); 495 496 if (!(type & REGRESS_OPENSSL_CLIENT_WRITE)) 497 evbuffer_add_printf(bufferevent_get_output(bev1), "1\n"); 498 499 event_base_dispatch(data->base); 500 501 tt_assert(test_is_done == 0); 502 tt_assert(n_connected == 0); 503 504 tt_int_op(got_close, ==, 0); 505 tt_int_op(got_error, ==, 0); 506 tt_int_op(got_timeout, ==, 1); 507 } 508 end: 509 return; 510 } 511 512 static void acceptcb_deferred(evutil_socket_t fd,short events,void * arg)513 acceptcb_deferred(evutil_socket_t fd, short events, void *arg) 514 { 515 struct bufferevent *bev = arg; 516 bufferevent_enable(bev, EV_READ|EV_WRITE); 517 } 518 static void acceptcb(struct evconnlistener * listener,evutil_socket_t fd,struct sockaddr * addr,int socklen,void * arg)519 acceptcb(struct evconnlistener *listener, evutil_socket_t fd, 520 struct sockaddr *addr, int socklen, void *arg) 521 { 522 struct basic_test_data *data = arg; 523 struct bufferevent *bev; 524 enum regress_openssl_type type; 525 SSL *ssl = SSL_new(get_ssl_ctx()); 526 527 type = (enum regress_openssl_type)data->setup_data; 528 529 SSL_use_certificate(ssl, ssl_getcert()); 530 SSL_use_PrivateKey(ssl, ssl_getkey()); 531 532 bev = bufferevent_openssl_socket_new( 533 data->base, 534 fd, 535 ssl, 536 BUFFEREVENT_SSL_ACCEPTING, 537 BEV_OPT_CLOSE_ON_FREE|BEV_OPT_DEFER_CALLBACKS); 538 539 bufferevent_setcb(bev, respond_to_number, NULL, eventcb, 540 (void*)(REGRESS_OPENSSL_SERVER)); 541 542 if (type & REGRESS_OPENSSL_SLEEP) { 543 struct timeval when = { 1, 0 }; 544 event_base_once(data->base, -1, EV_TIMEOUT, 545 acceptcb_deferred, bev, &when); 546 bufferevent_disable(bev, EV_READ|EV_WRITE); 547 } else { 548 bufferevent_enable(bev, EV_READ|EV_WRITE); 549 } 550 551 /* Only accept once, then disable ourself. */ 552 evconnlistener_disable(listener); 553 } 554 555 struct rwcount 556 { 557 int fd; 558 size_t read; 559 size_t write; 560 }; 561 static int bio_rwcount_new(BIO * b)562 bio_rwcount_new(BIO *b) 563 { 564 BIO_set_init(b, 0); 565 BIO_set_data(b, NULL); 566 return 1; 567 } 568 static int bio_rwcount_free(BIO * b)569 bio_rwcount_free(BIO *b) 570 { 571 if (!b) 572 return 0; 573 if (BIO_get_shutdown(b)) { 574 BIO_set_init(b, 0); 575 BIO_set_data(b, NULL); 576 } 577 return 1; 578 } 579 static int bio_rwcount_read(BIO * b,char * out,int outlen)580 bio_rwcount_read(BIO *b, char *out, int outlen) 581 { 582 struct rwcount *rw = BIO_get_data(b); 583 ev_ssize_t ret = recv(rw->fd, out, outlen, 0); 584 ++rw->read; 585 if (ret == -1 && EVUTIL_ERR_RW_RETRIABLE(EVUTIL_SOCKET_ERROR())) { 586 BIO_set_retry_read(b); 587 } 588 return ret; 589 } 590 static int bio_rwcount_write(BIO * b,const char * in,int inlen)591 bio_rwcount_write(BIO *b, const char *in, int inlen) 592 { 593 594 struct rwcount *rw = BIO_get_data(b); 595 ev_ssize_t ret = send(rw->fd, in, inlen, 0); 596 ++rw->write; 597 if (ret == -1 && EVUTIL_ERR_RW_RETRIABLE(EVUTIL_SOCKET_ERROR())) { 598 BIO_set_retry_write(b); 599 } 600 return ret; 601 } 602 static long bio_rwcount_ctrl(BIO * b,int cmd,long num,void * ptr)603 bio_rwcount_ctrl(BIO *b, int cmd, long num, void *ptr) 604 { 605 long ret = 0; 606 switch (cmd) { 607 case BIO_CTRL_GET_CLOSE: 608 ret = BIO_get_shutdown(b); 609 break; 610 case BIO_CTRL_SET_CLOSE: 611 BIO_set_shutdown(b, (int)num); 612 break; 613 case BIO_CTRL_PENDING: 614 ret = 0; 615 break; 616 case BIO_CTRL_WPENDING: 617 ret = 0; 618 break; 619 case BIO_CTRL_DUP: 620 case BIO_CTRL_FLUSH: 621 ret = 1; 622 break; 623 } 624 return ret; 625 } 626 static int bio_rwcount_puts(BIO * b,const char * s)627 bio_rwcount_puts(BIO *b, const char *s) 628 { 629 return bio_rwcount_write(b, s, strlen(s)); 630 } 631 #define BIO_TYPE_LIBEVENT_RWCOUNT 0xff1 632 static BIO_METHOD *methods_rwcount; 633 634 static BIO_METHOD * BIO_s_rwcount(void)635 BIO_s_rwcount(void) 636 { 637 if (methods_rwcount == NULL) { 638 methods_rwcount = BIO_meth_new(BIO_TYPE_LIBEVENT_RWCOUNT, "rwcount"); 639 if (methods_rwcount == NULL) 640 return NULL; 641 BIO_meth_set_write(methods_rwcount, bio_rwcount_write); 642 BIO_meth_set_read(methods_rwcount, bio_rwcount_read); 643 BIO_meth_set_puts(methods_rwcount, bio_rwcount_puts); 644 BIO_meth_set_ctrl(methods_rwcount, bio_rwcount_ctrl); 645 BIO_meth_set_create(methods_rwcount, bio_rwcount_new); 646 BIO_meth_set_destroy(methods_rwcount, bio_rwcount_free); 647 } 648 return methods_rwcount; 649 } 650 static BIO * BIO_new_rwcount(int close_flag)651 BIO_new_rwcount(int close_flag) 652 { 653 BIO *result; 654 if (!(result = BIO_new(BIO_s_rwcount()))) 655 return NULL; 656 BIO_set_init(result, 1); 657 BIO_set_data(result, NULL); 658 BIO_set_shutdown(result, !!close_flag); 659 return result; 660 } 661 662 static void regress_bufferevent_openssl_connect(void * arg)663 regress_bufferevent_openssl_connect(void *arg) 664 { 665 struct basic_test_data *data = arg; 666 667 struct event_base *base = data->base; 668 669 struct evconnlistener *listener; 670 struct bufferevent *bev; 671 struct sockaddr_in sin; 672 struct sockaddr_storage ss; 673 ev_socklen_t slen; 674 SSL *ssl; 675 BIO *bio; 676 struct rwcount rw = { -1, 0, 0 }; 677 enum regress_openssl_type type; 678 679 type = (enum regress_openssl_type)data->setup_data; 680 681 init_ssl(); 682 683 memset(&sin, 0, sizeof(sin)); 684 sin.sin_family = AF_INET; 685 sin.sin_addr.s_addr = htonl(0x7f000001); 686 687 memset(&ss, 0, sizeof(ss)); 688 slen = sizeof(ss); 689 690 listener = evconnlistener_new_bind(base, acceptcb, data, 691 LEV_OPT_CLOSE_ON_FREE|LEV_OPT_REUSEABLE, 692 -1, (struct sockaddr *)&sin, sizeof(sin)); 693 694 tt_assert(listener); 695 tt_assert(evconnlistener_get_fd(listener) >= 0); 696 697 ssl = SSL_new(get_ssl_ctx()); 698 tt_assert(ssl); 699 700 bev = bufferevent_openssl_socket_new( 701 data->base, -1, ssl, 702 BUFFEREVENT_SSL_CONNECTING, 703 BEV_OPT_CLOSE_ON_FREE|BEV_OPT_DEFER_CALLBACKS); 704 tt_assert(bev); 705 706 bufferevent_setcb(bev, respond_to_number, NULL, eventcb, 707 (void*)(REGRESS_OPENSSL_CLIENT)); 708 709 tt_assert(getsockname(evconnlistener_get_fd(listener), 710 (struct sockaddr*)&ss, &slen) == 0); 711 tt_assert(slen == sizeof(struct sockaddr_in)); 712 tt_int_op(((struct sockaddr*)&ss)->sa_family, ==, AF_INET); 713 714 tt_assert(0 == 715 bufferevent_socket_connect(bev, (struct sockaddr*)&ss, slen)); 716 /* Possible only when we have fd, since be_openssl can and will overwrite 717 * bio otherwise before */ 718 if (type & REGRESS_OPENSSL_SLEEP) { 719 rw.fd = bufferevent_getfd(bev); 720 bio = BIO_new_rwcount(0); 721 tt_assert(bio); 722 BIO_set_data(bio, &rw); 723 SSL_set_bio(ssl, bio, bio); 724 } 725 evbuffer_add_printf(bufferevent_get_output(bev), "1\n"); 726 bufferevent_enable(bev, EV_READ|EV_WRITE); 727 728 event_base_dispatch(base); 729 730 tt_int_op(rw.read, <=, 100); 731 tt_int_op(rw.write, <=, 100); 732 end: 733 ; 734 } 735 736 struct testcase_t ssl_testcases[] = { 737 #define T(a) ((void *)(a)) 738 { "bufferevent_socketpair", regress_bufferevent_openssl, 739 TT_ISOLATED, &basic_setup, T(REGRESS_OPENSSL_SOCKETPAIR) }, 740 { "bufferevent_socketpair_write_after_connect", regress_bufferevent_openssl, 741 TT_ISOLATED, &basic_setup, 742 T(REGRESS_OPENSSL_SOCKETPAIR|REGRESS_OPENSSL_CLIENT_WRITE) }, 743 { "bufferevent_filter", regress_bufferevent_openssl, 744 TT_ISOLATED, &basic_setup, T(REGRESS_OPENSSL_FILTER) }, 745 { "bufferevent_filter_write_after_connect", regress_bufferevent_openssl, 746 TT_ISOLATED, &basic_setup, 747 T(REGRESS_OPENSSL_FILTER|REGRESS_OPENSSL_CLIENT_WRITE) }, 748 { "bufferevent_renegotiate_socketpair", regress_bufferevent_openssl, 749 TT_ISOLATED, &basic_setup, 750 T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_RENEGOTIATE) }, 751 { "bufferevent_renegotiate_filter", regress_bufferevent_openssl, 752 TT_ISOLATED, &basic_setup, 753 T(REGRESS_OPENSSL_FILTER | REGRESS_OPENSSL_RENEGOTIATE) }, 754 { "bufferevent_socketpair_startopen", regress_bufferevent_openssl, 755 TT_ISOLATED, &basic_setup, 756 T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_OPEN) }, 757 { "bufferevent_filter_startopen", regress_bufferevent_openssl, 758 TT_ISOLATED, &basic_setup, 759 T(REGRESS_OPENSSL_FILTER | REGRESS_OPENSSL_OPEN) }, 760 761 { "bufferevent_socketpair_dirty_shutdown", regress_bufferevent_openssl, 762 TT_ISOLATED, &basic_setup, 763 T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_DIRTY_SHUTDOWN) }, 764 { "bufferevent_filter_dirty_shutdown", regress_bufferevent_openssl, 765 TT_ISOLATED, &basic_setup, 766 T(REGRESS_OPENSSL_FILTER | REGRESS_OPENSSL_DIRTY_SHUTDOWN) }, 767 { "bufferevent_renegotiate_socketpair_dirty_shutdown", 768 regress_bufferevent_openssl, 769 TT_ISOLATED, 770 &basic_setup, 771 T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_RENEGOTIATE | REGRESS_OPENSSL_DIRTY_SHUTDOWN) }, 772 { "bufferevent_renegotiate_filter_dirty_shutdown", 773 regress_bufferevent_openssl, 774 TT_ISOLATED, 775 &basic_setup, 776 T(REGRESS_OPENSSL_FILTER | REGRESS_OPENSSL_RENEGOTIATE | REGRESS_OPENSSL_DIRTY_SHUTDOWN) }, 777 { "bufferevent_socketpair_startopen_dirty_shutdown", 778 regress_bufferevent_openssl, 779 TT_ISOLATED, &basic_setup, 780 T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_OPEN | REGRESS_OPENSSL_DIRTY_SHUTDOWN) }, 781 { "bufferevent_filter_startopen_dirty_shutdown", 782 regress_bufferevent_openssl, 783 TT_ISOLATED, &basic_setup, 784 T(REGRESS_OPENSSL_FILTER | REGRESS_OPENSSL_OPEN | REGRESS_OPENSSL_DIRTY_SHUTDOWN) }, 785 786 { "bufferevent_socketpair_fd", regress_bufferevent_openssl, 787 TT_ISOLATED, &basic_setup, 788 T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_FD) }, 789 { "bufferevent_socketpair_freed", regress_bufferevent_openssl, 790 TT_ISOLATED, &basic_setup, 791 T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_FREED) }, 792 { "bufferevent_socketpair_freed_fd", regress_bufferevent_openssl, 793 TT_ISOLATED, &basic_setup, 794 T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_FREED | REGRESS_OPENSSL_FD) }, 795 { "bufferevent_filter_freed_fd", regress_bufferevent_openssl, 796 TT_ISOLATED, &basic_setup, 797 T(REGRESS_OPENSSL_FILTER | REGRESS_OPENSSL_FREED | REGRESS_OPENSSL_FD) }, 798 799 { "bufferevent_socketpair_timeout", regress_bufferevent_openssl, 800 TT_ISOLATED, &basic_setup, 801 T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_TIMEOUT) }, 802 { "bufferevent_socketpair_timeout_freed_fd", regress_bufferevent_openssl, 803 TT_ISOLATED, &basic_setup, 804 T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_TIMEOUT | REGRESS_OPENSSL_FREED | REGRESS_OPENSSL_FD) }, 805 806 { "bufferevent_connect", regress_bufferevent_openssl_connect, 807 TT_FORK|TT_NEED_BASE, &basic_setup, NULL }, 808 { "bufferevent_connect_sleep", regress_bufferevent_openssl_connect, 809 TT_FORK|TT_NEED_BASE, &basic_setup, T(REGRESS_OPENSSL_SLEEP) }, 810 811 #undef T 812 813 END_OF_TESTCASES, 814 }; 815