2 * Copyright (c) 2009-2012 Niels Provos and Nick Mathewson
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 * 3. The name of the author may not be used to endorse or promote products
13 * derived from this software without specific prior written permission.
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 // Get rid of OSX 10.7 and greater deprecation warnings.
28 #if defined(__APPLE__) && defined(__clang__)
29 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
37 #include "util-internal.h"
40 #include <sys/types.h>
41 #include <sys/socket.h>
42 #include <netinet/in.h>
45 #include "event2/util.h"
46 #include "event2/event.h"
47 #include "event2/bufferevent_ssl.h"
48 #include "event2/bufferevent_struct.h"
49 #include "event2/buffer.h"
50 #include "event2/listener.h"
54 #include "tinytest_macros.h"
56 #include <openssl/err.h>
57 #include <openssl/pem.h>
58 #include "openssl-compat.h"
69 /* A pre-generated key, to save the cost of doing an RSA key generation step
70 * during the unit tests. It is published in this file, so you would have to
71 * be very foolish to consider using it in your own code. */
72 static const char KEY[] =
73 "-----BEGIN RSA PRIVATE KEY-----\n"
74 "MIIEogIBAAKCAQEAtK07Ili0dkJb79m/sFmHoVJTWyLoveXex2yX/BtUzzcvZEOu\n"
75 "QLon/++5YOA48kzZm5K9mIwZkZhui1ZgJ5Bjq0LGAWTZGIn+NXjLFshPYvTKpOCW\n"
76 "uzL0Ir0LXMsBLYJQ5A4FomLNxs4I3H/dhDSGy/rSiJB1B4w2xNiwPK08/VL3zZqk\n"
77 "V+GsSvGIIkzhTMbqPJy9K8pqyjwOU2pgORS794yXciTGxWYjTDzJPgQ35YMDATaG\n"
78 "jr4HHo1zxU/Lj0pndSUK5rKLYxYQ3Uc8B3AVYDl9CP/GbOoQ4LBzS68JjcAUyp6i\n"
79 "6NfXlc2D9S9XgqVqwI+JqgJs0eW/+zPY2UEDWwIDAQABAoIBAD2HzV66FOM9YDAD\n"
80 "2RtGskEHV2nvLpIVadRCsFPkPvK+2X3s6rgSbbLkwh4y3lHuSCGKTNVZyQ9jeSos\n"
81 "xVxT+Q2HFQW+gYyw2gj91TQyDY8mzKhv8AVaqff2p5r3a7RC8CdqexK9UVUGL9Bg\n"
82 "H2F5vfpTtkVZ5PEoGDLblNFlMiMW/t1SobUeBVx+Msco/xqk9lFv1A9nnepGy0Gi\n"
83 "D+i6YNGTBsX22YhoCZl/ICxCL8lgqPei4FvBr9dBVh/jQgjuUBm2jz55p2r7+7Aw\n"
84 "khmXHReejoVokQ2+htgSgZNKlKuDy710ZpBqnDi8ynQi82Y2qCpyg/p/xcER54B6\n"
85 "hSftaiECgYEA2RkSoxU+nWk+BClQEUZRi88QK5W/M8oo1DvUs36hvPFkw3Jk/gz0\n"
86 "fgd5bnA+MXj0Fc0QHvbddPjIkyoI/evq9GPV+JYIuH5zabrlI3Jvya8q9QpAcEDO\n"
87 "KkL/O09qXVEW52S6l05nh4PLejyI7aTyTIN5nbVLac/+M8MY/qOjZksCgYEA1Q1o\n"
88 "L8kjSavU2xhQmSgZb9W62Do60sa3e73ljrDPoiyvbExldpSdziFYxHBD/Rep0ePf\n"
89 "eVSGS3VSwevt9/jSGo2Oa83TYYns9agBm03oR/Go/DukESdI792NsEM+PRFypVNy\n"
90 "AohWRLj0UU6DV+zLKp0VBavtx0ATeLFX0eN17TECgYBI2O/3Bz7uhQ0JSm+SjFz6\n"
91 "o+2SInp5P2G57aWu4VQWWY3tQ2p+EQzNaWam10UXRrXoxtmc+ktPX9e2AgnoYoyB\n"
92 "myqGcpnUhqHlnZAb999o9r1cYidDQ4uqhLauSTSwwXAFDzjJYsa8o03Y440y6QFh\n"
93 "CVD6yYXXqLJs3g96CqDexwKBgAHxq1+0QCQt8zVElYewO/svQhMzBNJjic0RQIT6\n"
94 "zAo4yij80XgxhvcYiszQEW6/xobpw2JCCS+rFGQ8mOFIXfJsFD6blDAxp/3d2JXo\n"
95 "MhRl+hrDGI4ng5zcsqxHEMxR2m/zwPiQ8eiSn3gWdVBaEsiCwmxY00ScKxFQ3PJH\n"
96 "Vw4hAoGAdZLd8KfjjG6lg7hfpVqavstqVi9LOgkHeCfdjn7JP+76kYrgLk/XdkrP\n"
97 "N/BHhtFVFjOi/mTQfQ5YfZImkm/1ePBy7437DT8BDkOxspa50kK4HPggHnU64h1w\n"
98 "lhdEOj7mAgHwGwwVZWOgs9Lq6vfztnSuhqjha1daESY6kDscPIQ=\n"
99 "-----END RSA PRIVATE KEY-----\n";
107 /* new read-only BIO backed by KEY. */
108 bio = BIO_new_mem_buf((char*)KEY, -1);
111 key = PEM_read_bio_PrivateKey(bio,NULL,NULL,NULL);
121 ssl_getcert(EVP_PKEY *key)
123 /* Dummy code to make a quick-and-dirty valid certificate with
124 OpenSSL. Don't copy this code into your own program! It does a
125 number of things in a stupid and insecure way. */
127 X509_NAME *name = NULL;
129 time_t now = time(NULL);
135 tt_assert(0 != X509_set_version(x509, 2));
136 tt_assert(0 != ASN1_INTEGER_set(X509_get_serialNumber(x509),
139 name = X509_NAME_new();
141 nid = OBJ_txt2nid("commonName");
142 tt_assert(NID_undef != nid);
143 tt_assert(0 != X509_NAME_add_entry_by_NID(
144 name, nid, MBSTRING_ASC, (unsigned char*)"example.com",
147 X509_set_subject_name(x509, name);
148 X509_set_issuer_name(x509, name);
149 X509_NAME_free(name);
151 X509_time_adj(X509_get_notBefore(x509), 0, &now);
153 X509_time_adj(X509_get_notAfter(x509), 0, &now);
154 X509_set_pubkey(x509, key);
155 tt_assert(0 != X509_sign(x509, key, EVP_sha1()));
160 X509_NAME_free(name);
164 static int disable_tls_11_and_12 = 0;
165 static SSL_CTX *the_ssl_ctx = NULL;
172 the_ssl_ctx = SSL_CTX_new(SSLv23_method());
175 if (disable_tls_11_and_12) {
176 #ifdef SSL_OP_NO_TLSv1_2
177 SSL_CTX_set_options(the_ssl_ctx, SSL_OP_NO_TLSv1_2);
179 #ifdef SSL_OP_NO_TLSv1_1
180 SSL_CTX_set_options(the_ssl_ctx, SSL_OP_NO_TLSv1_1);
186 static int test_is_done;
187 static int n_connected;
188 static int got_close;
189 static int got_error;
190 static int got_timeout;
191 static int renegotiate_at = -1;
192 static int stop_when_connected;
193 static int pending_connect_events;
194 static struct event_base *exit_base;
195 static X509 *the_cert;
201 #if (OPENSSL_VERSION_NUMBER < 0x10100000L) || \
202 (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L)
204 ERR_load_crypto_strings();
205 SSL_load_error_strings();
206 OpenSSL_add_all_algorithms();
207 if (SSLeay() != OPENSSL_VERSION_NUMBER) {
209 ("Version mismatch for openssl: compiled with %lx but running with %lx",
210 (unsigned long)OPENSSL_VERSION_NUMBER, (unsigned long)SSLeay()));
216 ssl_test_setup(const struct testcase_t *testcase)
220 the_key = ssl_getkey();
221 EVUTIL_ASSERT(the_key);
223 the_cert = ssl_getcert(the_key);
224 EVUTIL_ASSERT(the_cert);
226 disable_tls_11_and_12 = 0;
228 return basic_test_setup(testcase);
231 ssl_test_cleanup(const struct testcase_t *testcase, void *ptr)
233 int ret = basic_test_cleanup(testcase, ptr);
244 stop_when_connected = 0;
245 pending_connect_events = 0;
249 EVP_PKEY_free(the_key);
251 SSL_CTX_free(the_ssl_ctx);
256 const struct testcase_setup_t ssl_setup = {
257 ssl_test_setup, ssl_test_cleanup
261 /* ====================
262 Here's a simple test: we read a number from the input, increment it, and
263 reply, until we get to 1001.
266 enum regress_openssl_type
268 REGRESS_OPENSSL_SOCKETPAIR = 1,
269 REGRESS_OPENSSL_FILTER = 2,
270 REGRESS_OPENSSL_RENEGOTIATE = 4,
271 REGRESS_OPENSSL_OPEN = 8,
272 REGRESS_OPENSSL_DIRTY_SHUTDOWN = 16,
273 REGRESS_OPENSSL_FD = 32,
275 REGRESS_OPENSSL_CLIENT = 64,
276 REGRESS_OPENSSL_SERVER = 128,
278 REGRESS_OPENSSL_FREED = 256,
279 REGRESS_OPENSSL_TIMEOUT = 512,
280 REGRESS_OPENSSL_SLEEP = 1024,
282 REGRESS_OPENSSL_CLIENT_WRITE = 2048,
284 REGRESS_DEFERRED_CALLBACKS = 4096,
288 bufferevent_openssl_check_fd(struct bufferevent *bev, int filter)
290 tt_fd_op(bufferevent_getfd(bev), !=, EVUTIL_INVALID_SOCKET);
291 tt_fd_op(bufferevent_setfd(bev, EVUTIL_INVALID_SOCKET), ==, 0);
293 tt_fd_op(bufferevent_getfd(bev), !=, EVUTIL_INVALID_SOCKET);
295 tt_fd_op(bufferevent_getfd(bev), ==, EVUTIL_INVALID_SOCKET);
302 bufferevent_openssl_check_freed(struct bufferevent *bev)
304 tt_int_op(event_pending(&bev->ev_read, EVLIST_ALL, NULL), ==, 0);
305 tt_int_op(event_pending(&bev->ev_write, EVLIST_ALL, NULL), ==, 0);
312 free_on_cb(struct bufferevent *bev, void *ctx)
314 TT_BLATHER(("free_on_cb: %p", bev));
315 bufferevent_free(bev);
319 respond_to_number(struct bufferevent *bev, void *ctx)
321 struct evbuffer *b = bufferevent_get_input(bev);
325 enum regress_openssl_type type;
326 type = (enum regress_openssl_type)ctx;
328 line = evbuffer_readln(b, NULL, EVBUFFER_EOL_LF);
333 TT_FAIL(("Bad number: %s", line));
335 TT_BLATHER(("The number was %d", n));
338 bufferevent_free(bev); /* Should trigger close on other side. */
341 if ((type & REGRESS_OPENSSL_CLIENT) && n == renegotiate_at) {
342 SSL_renegotiate(bufferevent_openssl_get_ssl(bev));
345 evbuffer_add_printf(bufferevent_get_output(bev),
347 TT_BLATHER(("Done reading; now writing."));
348 bufferevent_enable(bev, EV_WRITE);
349 bufferevent_disable(bev, EV_READ);
353 done_writing_cb(struct bufferevent *bev, void *ctx)
355 struct evbuffer *b = bufferevent_get_output(bev);
356 if (evbuffer_get_length(b))
358 TT_BLATHER(("Done writing."));
359 bufferevent_disable(bev, EV_WRITE);
360 bufferevent_enable(bev, EV_READ);
364 eventcb(struct bufferevent *bev, short what, void *ctx)
366 X509 *peer_cert = NULL;
367 enum regress_openssl_type type;
369 type = (enum regress_openssl_type)ctx;
371 TT_BLATHER(("Got event %d", (int)what));
372 if (what & BEV_EVENT_CONNECTED) {
375 ssl = bufferevent_openssl_get_ssl(bev);
377 peer_cert = SSL_get_peer_certificate(ssl);
378 if (type & REGRESS_OPENSSL_SERVER) {
379 tt_assert(peer_cert == NULL);
381 tt_assert(peer_cert != NULL);
383 if (stop_when_connected) {
384 if (--pending_connect_events == 0)
385 event_base_loopexit(exit_base, NULL);
388 if ((type & REGRESS_OPENSSL_CLIENT_WRITE) && (type & REGRESS_OPENSSL_CLIENT))
389 evbuffer_add_printf(bufferevent_get_output(bev), "1\n");
390 } else if (what & BEV_EVENT_EOF) {
391 TT_BLATHER(("Got a good EOF"));
393 if (type & REGRESS_OPENSSL_FD) {
394 bufferevent_openssl_check_fd(bev, type & REGRESS_OPENSSL_FILTER);
396 if (type & REGRESS_OPENSSL_FREED) {
397 bufferevent_openssl_check_freed(bev);
399 bufferevent_free(bev);
400 } else if (what & BEV_EVENT_ERROR) {
401 TT_BLATHER(("Got an error."));
403 if (type & REGRESS_OPENSSL_FD) {
404 bufferevent_openssl_check_fd(bev, type & REGRESS_OPENSSL_FILTER);
406 if (type & REGRESS_OPENSSL_FREED) {
407 bufferevent_openssl_check_freed(bev);
409 bufferevent_free(bev);
410 } else if (what & BEV_EVENT_TIMEOUT) {
411 TT_BLATHER(("Got timeout."));
413 if (type & REGRESS_OPENSSL_FD) {
414 bufferevent_openssl_check_fd(bev, type & REGRESS_OPENSSL_FILTER);
416 if (type & REGRESS_OPENSSL_FREED) {
417 bufferevent_openssl_check_freed(bev);
419 bufferevent_free(bev);
424 X509_free(peer_cert);
428 open_ssl_bufevs(struct bufferevent **bev1_out, struct bufferevent **bev2_out,
429 struct event_base *base, int is_open, int flags, SSL *ssl1, SSL *ssl2,
430 evutil_socket_t *fd_pair, struct bufferevent **underlying_pair,
431 enum regress_openssl_type type)
433 int state1 = is_open ? BUFFEREVENT_SSL_OPEN :BUFFEREVENT_SSL_CONNECTING;
434 int state2 = is_open ? BUFFEREVENT_SSL_OPEN :BUFFEREVENT_SSL_ACCEPTING;
435 int dirty_shutdown = type & REGRESS_OPENSSL_DIRTY_SHUTDOWN;
437 *bev1_out = bufferevent_openssl_socket_new(
438 base, fd_pair[0], ssl1, state1, flags);
439 *bev2_out = bufferevent_openssl_socket_new(
440 base, fd_pair[1], ssl2, state2, flags);
442 *bev1_out = bufferevent_openssl_filter_new(
443 base, underlying_pair[0], ssl1, state1, flags);
444 *bev2_out = bufferevent_openssl_filter_new(
445 base, underlying_pair[1], ssl2, state2, flags);
448 bufferevent_setcb(*bev1_out, respond_to_number, done_writing_cb,
449 eventcb, (void*)(REGRESS_OPENSSL_CLIENT | (long)type));
450 bufferevent_setcb(*bev2_out, respond_to_number, done_writing_cb,
451 eventcb, (void*)(REGRESS_OPENSSL_SERVER | (long)type));
453 bufferevent_openssl_set_allow_dirty_shutdown(*bev1_out, dirty_shutdown);
454 bufferevent_openssl_set_allow_dirty_shutdown(*bev2_out, dirty_shutdown);
458 regress_bufferevent_openssl(void *arg)
460 struct basic_test_data *data = arg;
462 struct bufferevent *bev1, *bev2;
464 int flags = BEV_OPT_DEFER_CALLBACKS;
465 struct bufferevent *bev_ll[2] = { NULL, NULL };
466 evutil_socket_t *fd_pair = NULL;
468 enum regress_openssl_type type;
469 type = (enum regress_openssl_type)data->setup_data;
471 if (type & REGRESS_OPENSSL_RENEGOTIATE) {
472 if (SSLeay() >= 0x10001000 &&
473 SSLeay() < 0x1000104f) {
474 /* 1.0.1 up to 1.0.1c has a bug where TLS1.1 and 1.2
475 * can't renegotiate with themselves. Disable. */
476 disable_tls_11_and_12 = 1;
478 renegotiate_at = 600;
481 ssl1 = SSL_new(get_ssl_ctx());
482 ssl2 = SSL_new(get_ssl_ctx());
484 SSL_use_certificate(ssl2, the_cert);
485 SSL_use_PrivateKey(ssl2, the_key);
487 if (!(type & REGRESS_OPENSSL_OPEN))
488 flags |= BEV_OPT_CLOSE_ON_FREE;
490 if (!(type & REGRESS_OPENSSL_FILTER)) {
491 tt_assert(type & REGRESS_OPENSSL_SOCKETPAIR);
492 fd_pair = data->pair;
494 bev_ll[0] = bufferevent_socket_new(data->base, data->pair[0],
495 BEV_OPT_CLOSE_ON_FREE);
496 bev_ll[1] = bufferevent_socket_new(data->base, data->pair[1],
497 BEV_OPT_CLOSE_ON_FREE);
500 open_ssl_bufevs(&bev1, &bev2, data->base, 0, flags, ssl1, ssl2,
501 fd_pair, bev_ll, type);
503 if (!(type & REGRESS_OPENSSL_FILTER)) {
504 tt_fd_op(bufferevent_getfd(bev1), ==, data->pair[0]);
506 tt_ptr_op(bufferevent_get_underlying(bev1), ==, bev_ll[0]);
509 if (type & REGRESS_OPENSSL_OPEN) {
510 pending_connect_events = 2;
511 stop_when_connected = 1;
512 exit_base = data->base;
513 event_base_dispatch(data->base);
514 /* Okay, now the renegotiation is done. Make new
515 * bufferevents to test opening in BUFFEREVENT_SSL_OPEN */
516 flags |= BEV_OPT_CLOSE_ON_FREE;
517 bufferevent_free(bev1);
518 bufferevent_free(bev2);
520 open_ssl_bufevs(&bev1, &bev2, data->base, 1, flags, ssl1, ssl2,
521 fd_pair, bev_ll, type);
524 if (!(type & REGRESS_OPENSSL_TIMEOUT)) {
525 bufferevent_enable(bev1, EV_READ|EV_WRITE);
526 bufferevent_enable(bev2, EV_READ|EV_WRITE);
528 if (!(type & REGRESS_OPENSSL_CLIENT_WRITE))
529 evbuffer_add_printf(bufferevent_get_output(bev1), "1\n");
531 event_base_dispatch(data->base);
533 tt_assert(test_is_done == 1);
534 tt_assert(n_connected == 2);
536 /* We don't handle shutdown properly yet */
537 if (type & REGRESS_OPENSSL_DIRTY_SHUTDOWN) {
538 tt_int_op(got_close, ==, 1);
539 tt_int_op(got_error, ==, 0);
541 tt_int_op(got_error, ==, 1);
543 tt_int_op(got_timeout, ==, 0);
545 struct timeval t = { 2, 0 };
547 bufferevent_enable(bev1, EV_READ|EV_WRITE);
548 bufferevent_disable(bev2, EV_READ|EV_WRITE);
550 bufferevent_set_timeouts(bev1, &t, &t);
552 if (!(type & REGRESS_OPENSSL_CLIENT_WRITE))
553 evbuffer_add_printf(bufferevent_get_output(bev1), "1\n");
555 event_base_dispatch(data->base);
557 tt_assert(test_is_done == 0);
558 tt_assert(n_connected == 0);
560 tt_int_op(got_close, ==, 0);
561 tt_int_op(got_error, ==, 0);
562 tt_int_op(got_timeout, ==, 1);
564 bufferevent_free(bev2);
572 acceptcb_deferred(evutil_socket_t fd, short events, void *arg)
574 struct bufferevent *bev = arg;
575 bufferevent_enable(bev, EV_READ|EV_WRITE);
578 acceptcb(struct evconnlistener *listener, evutil_socket_t fd,
579 struct sockaddr *addr, int socklen, void *arg)
581 struct basic_test_data *data = arg;
582 struct bufferevent *bev;
583 enum regress_openssl_type type;
584 SSL *ssl = SSL_new(get_ssl_ctx());
586 type = (enum regress_openssl_type)data->setup_data;
588 SSL_use_certificate(ssl, the_cert);
589 SSL_use_PrivateKey(ssl, the_key);
591 bev = bufferevent_openssl_socket_new(
592 data->base, fd, ssl, BUFFEREVENT_SSL_ACCEPTING,
593 BEV_OPT_CLOSE_ON_FREE|BEV_OPT_DEFER_CALLBACKS);
596 bufferevent_setcb(bev, respond_to_number, NULL, eventcb,
597 (void*)(REGRESS_OPENSSL_SERVER));
599 if (type & REGRESS_OPENSSL_SLEEP) {
600 struct timeval when = { 1, 0 };
601 event_base_once(data->base, -1, EV_TIMEOUT,
602 acceptcb_deferred, bev, &when);
603 bufferevent_disable(bev, EV_READ|EV_WRITE);
605 bufferevent_enable(bev, EV_READ|EV_WRITE);
608 /* Only accept once, then disable ourself. */
609 evconnlistener_disable(listener);
622 bio_rwcount_new(BIO *b)
625 BIO_set_data(b, NULL);
629 bio_rwcount_free(BIO *b)
631 TT_BLATHER(("bio_rwcount_free: %p", b));
634 if (BIO_get_shutdown(b)) {
636 BIO_set_data(b, NULL);
641 bio_rwcount_read(BIO *b, char *out, int outlen)
643 struct rwcount *rw = BIO_get_data(b);
644 ev_ssize_t ret = recv(rw->fd, out, outlen, 0);
646 if (ret == -1 && EVUTIL_ERR_RW_RETRIABLE(EVUTIL_SOCKET_ERROR())) {
647 BIO_set_retry_read(b);
652 bio_rwcount_write(BIO *b, const char *in, int inlen)
654 struct rwcount *rw = BIO_get_data(b);
655 ev_ssize_t ret = send(rw->fd, in, inlen, 0);
657 if (ret == -1 && EVUTIL_ERR_RW_RETRIABLE(EVUTIL_SOCKET_ERROR())) {
658 BIO_set_retry_write(b);
663 bio_rwcount_ctrl(BIO *b, int cmd, long num, void *ptr)
665 struct rwcount *rw = BIO_get_data(b);
671 case BIO_CTRL_GET_CLOSE:
672 ret = BIO_get_shutdown(b);
674 case BIO_CTRL_SET_CLOSE:
675 BIO_set_shutdown(b, (int)num);
677 case BIO_CTRL_PENDING:
680 case BIO_CTRL_WPENDING:
691 bio_rwcount_puts(BIO *b, const char *s)
693 return bio_rwcount_write(b, s, strlen(s));
695 #define BIO_TYPE_LIBEVENT_RWCOUNT 0xff1
696 static BIO_METHOD *methods_rwcount;
701 if (methods_rwcount == NULL) {
702 methods_rwcount = BIO_meth_new(BIO_TYPE_LIBEVENT_RWCOUNT, "rwcount");
703 if (methods_rwcount == NULL)
705 BIO_meth_set_write(methods_rwcount, bio_rwcount_write);
706 BIO_meth_set_read(methods_rwcount, bio_rwcount_read);
707 BIO_meth_set_puts(methods_rwcount, bio_rwcount_puts);
708 BIO_meth_set_ctrl(methods_rwcount, bio_rwcount_ctrl);
709 BIO_meth_set_create(methods_rwcount, bio_rwcount_new);
710 BIO_meth_set_destroy(methods_rwcount, bio_rwcount_free);
712 return methods_rwcount;
715 BIO_new_rwcount(int close_flag)
718 if (!(result = BIO_new(BIO_s_rwcount())))
720 BIO_set_init(result, 1);
721 BIO_set_data(result, NULL);
722 BIO_set_shutdown(result, !!close_flag);
727 regress_bufferevent_openssl_connect(void *arg)
729 struct basic_test_data *data = arg;
731 struct event_base *base = data->base;
733 struct evconnlistener *listener;
734 struct bufferevent *bev;
735 struct sockaddr_in sin;
736 struct sockaddr_storage ss;
739 struct rwcount rw = { -1, 0, 0 };
740 enum regress_openssl_type type;
742 type = (enum regress_openssl_type)data->setup_data;
744 memset(&sin, 0, sizeof(sin));
745 sin.sin_family = AF_INET;
746 sin.sin_addr.s_addr = htonl(0x7f000001);
748 memset(&ss, 0, sizeof(ss));
751 listener = evconnlistener_new_bind(base, acceptcb, data,
752 LEV_OPT_CLOSE_ON_FREE|LEV_OPT_REUSEABLE,
753 -1, (struct sockaddr *)&sin, sizeof(sin));
756 tt_assert(evconnlistener_get_fd(listener) >= 0);
758 ssl = SSL_new(get_ssl_ctx());
761 bev = bufferevent_openssl_socket_new(
763 BUFFEREVENT_SSL_CONNECTING,
764 BEV_OPT_CLOSE_ON_FREE|BEV_OPT_DEFER_CALLBACKS);
767 bufferevent_setcb(bev, respond_to_number, free_on_cb, eventcb,
768 (void*)(REGRESS_OPENSSL_CLIENT));
770 tt_assert(getsockname(evconnlistener_get_fd(listener),
771 (struct sockaddr*)&ss, &slen) == 0);
772 tt_assert(slen == sizeof(struct sockaddr_in));
773 tt_int_op(((struct sockaddr*)&ss)->sa_family, ==, AF_INET);
776 bufferevent_socket_connect(bev, (struct sockaddr*)&ss, slen));
777 /* Possible only when we have fd, since be_openssl can and will overwrite
778 * bio otherwise before */
779 if (type & REGRESS_OPENSSL_SLEEP) {
782 rw.fd = bufferevent_getfd(bev);
783 bio = BIO_new_rwcount(0);
785 BIO_set_data(bio, &rw);
786 SSL_set_bio(ssl, bio, bio);
788 evbuffer_add_printf(bufferevent_get_output(bev), "1\n");
789 bufferevent_enable(bev, EV_READ|EV_WRITE);
791 event_base_dispatch(base);
793 tt_int_op(rw.read, <=, 100);
794 tt_int_op(rw.write, <=, 100);
796 evconnlistener_free(listener);
803 struct evbuffer *data;
808 struct bufferevent *bev;
809 struct wm_context *neighbour;
812 wm_transfer(struct bufferevent *bev, void *arg)
814 struct wm_context *ctx = arg;
815 struct evbuffer *in = bufferevent_get_input(bev);
816 struct evbuffer *out = bufferevent_get_output(bev);
817 size_t len = evbuffer_get_length(in);
818 size_t drain = len < ctx->to_read ? len : ctx->to_read;
820 if (ctx->get >= ctx->limit) {
821 TT_BLATHER(("wm_transfer-%s(%p): break",
822 ctx->server ? "server" : "client", bev));
823 bufferevent_setcb(bev, NULL, NULL, NULL, NULL);
824 bufferevent_disable(bev, EV_READ);
825 if (ctx->neighbour->get >= ctx->neighbour->limit) {
826 event_base_loopbreak(bufferevent_get_base(bev));
830 evbuffer_drain(in, drain);
833 TT_BLATHER(("wm_transfer-%s(%p): "
834 "in: " EV_SIZE_FMT ", "
835 "out: " EV_SIZE_FMT ", "
836 "got: " EV_SIZE_FMT "",
837 ctx->server ? "server" : "client", bev,
838 evbuffer_get_length(in),
839 evbuffer_get_length(out),
842 evbuffer_add_buffer_reference(out, ctx->data);
845 wm_eventcb(struct bufferevent *bev, short what, void *arg)
847 struct wm_context *ctx = arg;
848 TT_BLATHER(("wm_eventcb-%s(%p): %i",
849 ctx->server ? "server" : "client", bev, what));
850 if (what & BEV_EVENT_CONNECTED) {
856 wm_acceptcb(struct evconnlistener *listener, evutil_socket_t fd,
857 struct sockaddr *addr, int socklen, void *arg)
859 struct wm_context *ctx = arg;
860 struct bufferevent *bev;
861 struct event_base *base = evconnlistener_get_base(listener);
862 SSL *ssl = SSL_new(get_ssl_ctx());
864 SSL_use_certificate(ssl, the_cert);
865 SSL_use_PrivateKey(ssl, the_key);
867 bev = bufferevent_openssl_socket_new(
868 base, fd, ssl, BUFFEREVENT_SSL_ACCEPTING, ctx->flags);
870 TT_BLATHER(("wm_transfer-%s(%p): accept",
871 ctx->server ? "server" : "client", bev));
873 bufferevent_setwatermark(bev, EV_READ, 0, ctx->wm_high);
874 bufferevent_setcb(bev, wm_transfer, NULL, wm_eventcb, ctx);
875 bufferevent_enable(bev, EV_READ|EV_WRITE);
878 /* Only accept once, then disable ourself. */
879 evconnlistener_disable(listener);
882 regress_bufferevent_openssl_wm(void *arg)
884 struct basic_test_data *data = arg;
885 struct event_base *base = data->base;
887 struct evconnlistener *listener;
888 struct bufferevent *bev;
889 struct sockaddr_in sin;
890 struct sockaddr_storage ss;
891 enum regress_openssl_type type =
892 (enum regress_openssl_type)data->setup_data;
893 int bev_flags = BEV_OPT_CLOSE_ON_FREE;
896 struct wm_context client, server;
898 size_t payload_len = 1<<10;
899 size_t wm_high = 5<<10;
901 memset(&sin, 0, sizeof(sin));
902 sin.sin_family = AF_INET;
903 sin.sin_addr.s_addr = htonl(0x7f000001);
905 memset(&ss, 0, sizeof(ss));
908 if (type & REGRESS_DEFERRED_CALLBACKS)
909 bev_flags |= BEV_OPT_DEFER_CALLBACKS;
911 memset(&client, 0, sizeof(client));
912 memset(&server, 0, sizeof(server));
915 client.flags = server.flags = bev_flags;
916 client.data = evbuffer_new();
917 server.data = evbuffer_new();
918 payload = calloc(1, payload_len);
919 memset(payload, 'A', payload_len);
920 evbuffer_add(server.data, payload, payload_len);
921 evbuffer_add(client.data, payload, payload_len);
922 client.wm_high = server.wm_high = wm_high;
923 client.limit = server.limit = wm_high<<3;
924 client.to_read = server.to_read = payload_len>>1;
926 TT_BLATHER(("openssl_wm: "
927 "payload_len = " EV_SIZE_FMT ", "
928 "wm_high = " EV_SIZE_FMT ", "
929 "limit = " EV_SIZE_FMT ", "
930 "to_read: " EV_SIZE_FMT "",
936 listener = evconnlistener_new_bind(base, wm_acceptcb, &server,
937 LEV_OPT_CLOSE_ON_FREE|LEV_OPT_REUSEABLE,
938 -1, (struct sockaddr *)&sin, sizeof(sin));
941 tt_assert(evconnlistener_get_fd(listener) >= 0);
943 ssl = SSL_new(get_ssl_ctx());
946 if (type & REGRESS_OPENSSL_FILTER) {
947 bev = bufferevent_socket_new(data->base, -1, client.flags);
949 bev = bufferevent_openssl_filter_new(
950 base, bev, ssl, BUFFEREVENT_SSL_CONNECTING, client.flags);
952 bev = bufferevent_openssl_socket_new(
954 BUFFEREVENT_SSL_CONNECTING,
960 server.neighbour = &client;
961 client.neighbour = &server;
963 bufferevent_setwatermark(bev, EV_READ, 0, client.wm_high);
964 bufferevent_setcb(bev, wm_transfer, NULL, wm_eventcb, &client);
966 tt_assert(getsockname(evconnlistener_get_fd(listener),
967 (struct sockaddr*)&ss, &slen) == 0);
969 tt_assert(!bufferevent_socket_connect(bev, (struct sockaddr*)&ss, slen));
970 tt_assert(!evbuffer_add_buffer_reference(bufferevent_get_output(bev), client.data));
971 tt_assert(!bufferevent_enable(bev, EV_READ|EV_WRITE));
973 event_base_dispatch(base);
975 tt_int_op(client.get, ==, client.limit);
976 tt_int_op(server.get, ==, server.limit);
979 evbuffer_free(client.data);
980 evbuffer_free(server.data);
981 evconnlistener_free(listener);
982 bufferevent_free(client.bev);
983 bufferevent_free(server.bev);
986 struct testcase_t ssl_testcases[] = {
987 #define T(a) ((void *)(a))
988 { "bufferevent_socketpair", regress_bufferevent_openssl,
989 TT_ISOLATED, &ssl_setup, T(REGRESS_OPENSSL_SOCKETPAIR) },
990 { "bufferevent_socketpair_write_after_connect", regress_bufferevent_openssl,
991 TT_ISOLATED, &ssl_setup,
992 T(REGRESS_OPENSSL_SOCKETPAIR|REGRESS_OPENSSL_CLIENT_WRITE) },
993 { "bufferevent_filter", regress_bufferevent_openssl,
994 TT_ISOLATED, &ssl_setup, T(REGRESS_OPENSSL_FILTER) },
995 { "bufferevent_filter_write_after_connect", regress_bufferevent_openssl,
996 TT_ISOLATED, &ssl_setup,
997 T(REGRESS_OPENSSL_FILTER|REGRESS_OPENSSL_CLIENT_WRITE) },
998 { "bufferevent_renegotiate_socketpair", regress_bufferevent_openssl,
999 TT_ISOLATED, &ssl_setup,
1000 T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_RENEGOTIATE) },
1001 { "bufferevent_renegotiate_filter", regress_bufferevent_openssl,
1002 TT_ISOLATED, &ssl_setup,
1003 T(REGRESS_OPENSSL_FILTER | REGRESS_OPENSSL_RENEGOTIATE) },
1004 { "bufferevent_socketpair_startopen", regress_bufferevent_openssl,
1005 TT_ISOLATED, &ssl_setup,
1006 T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_OPEN) },
1007 { "bufferevent_filter_startopen", regress_bufferevent_openssl,
1008 TT_ISOLATED, &ssl_setup,
1009 T(REGRESS_OPENSSL_FILTER | REGRESS_OPENSSL_OPEN) },
1011 { "bufferevent_socketpair_dirty_shutdown", regress_bufferevent_openssl,
1012 TT_ISOLATED, &ssl_setup,
1013 T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_DIRTY_SHUTDOWN) },
1014 { "bufferevent_filter_dirty_shutdown", regress_bufferevent_openssl,
1015 TT_ISOLATED, &ssl_setup,
1016 T(REGRESS_OPENSSL_FILTER | REGRESS_OPENSSL_DIRTY_SHUTDOWN) },
1017 { "bufferevent_renegotiate_socketpair_dirty_shutdown",
1018 regress_bufferevent_openssl,
1021 T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_RENEGOTIATE | REGRESS_OPENSSL_DIRTY_SHUTDOWN) },
1022 { "bufferevent_renegotiate_filter_dirty_shutdown",
1023 regress_bufferevent_openssl,
1026 T(REGRESS_OPENSSL_FILTER | REGRESS_OPENSSL_RENEGOTIATE | REGRESS_OPENSSL_DIRTY_SHUTDOWN) },
1027 { "bufferevent_socketpair_startopen_dirty_shutdown",
1028 regress_bufferevent_openssl,
1029 TT_ISOLATED, &ssl_setup,
1030 T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_OPEN | REGRESS_OPENSSL_DIRTY_SHUTDOWN) },
1031 { "bufferevent_filter_startopen_dirty_shutdown",
1032 regress_bufferevent_openssl,
1033 TT_ISOLATED, &ssl_setup,
1034 T(REGRESS_OPENSSL_FILTER | REGRESS_OPENSSL_OPEN | REGRESS_OPENSSL_DIRTY_SHUTDOWN) },
1036 { "bufferevent_socketpair_fd", regress_bufferevent_openssl,
1037 TT_ISOLATED, &ssl_setup,
1038 T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_FD) },
1039 { "bufferevent_socketpair_freed", regress_bufferevent_openssl,
1040 TT_ISOLATED, &ssl_setup,
1041 T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_FREED) },
1042 { "bufferevent_socketpair_freed_fd", regress_bufferevent_openssl,
1043 TT_ISOLATED, &ssl_setup,
1044 T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_FREED | REGRESS_OPENSSL_FD) },
1045 { "bufferevent_filter_freed_fd", regress_bufferevent_openssl,
1046 TT_ISOLATED, &ssl_setup,
1047 T(REGRESS_OPENSSL_FILTER | REGRESS_OPENSSL_FREED | REGRESS_OPENSSL_FD) },
1049 { "bufferevent_socketpair_timeout", regress_bufferevent_openssl,
1050 TT_ISOLATED, &ssl_setup,
1051 T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_TIMEOUT) },
1052 { "bufferevent_socketpair_timeout_freed_fd", regress_bufferevent_openssl,
1053 TT_ISOLATED, &ssl_setup,
1054 T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_TIMEOUT | REGRESS_OPENSSL_FREED | REGRESS_OPENSSL_FD) },
1056 { "bufferevent_connect", regress_bufferevent_openssl_connect,
1057 TT_FORK|TT_NEED_BASE, &ssl_setup, NULL },
1058 { "bufferevent_connect_sleep", regress_bufferevent_openssl_connect,
1059 TT_FORK|TT_NEED_BASE, &ssl_setup, T(REGRESS_OPENSSL_SLEEP) },
1061 { "bufferevent_wm", regress_bufferevent_openssl_wm,
1062 TT_FORK|TT_NEED_BASE, &ssl_setup, NULL },
1063 { "bufferevent_wm_filter", regress_bufferevent_openssl_wm,
1064 TT_FORK|TT_NEED_BASE, &ssl_setup, T(REGRESS_OPENSSL_FILTER) },
1065 { "bufferevent_wm_defer", regress_bufferevent_openssl_wm,
1066 TT_FORK|TT_NEED_BASE, &ssl_setup, T(REGRESS_DEFERRED_CALLBACKS) },
1067 { "bufferevent_wm_filter_defer", regress_bufferevent_openssl_wm,
1068 TT_FORK|TT_NEED_BASE, &ssl_setup, T(REGRESS_OPENSSL_FILTER|REGRESS_DEFERRED_CALLBACKS) },