1 /*
2  * Copyright (c) 2009-2012 Niels Provos and Nick Mathewson
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  * 3. The name of the author may not be used to endorse or promote products
13  *    derived from this software without specific prior written permission.
14  *
15  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25  */
26 
27 // Get rid of OSX 10.7 and greater deprecation warnings.
28 #if defined(__APPLE__) && defined(__clang__)
29 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
30 #endif
31 
32 #ifdef _WIN32
33 #include <winsock2.h>
34 #include <windows.h>
35 #endif
36 
37 #include "util-internal.h"
38 
39 #ifndef _WIN32
40 #include <sys/types.h>
41 #include <sys/socket.h>
42 #include <netinet/in.h>
43 #endif
44 
45 #include "event2/util.h"
46 #include "event2/event.h"
47 #include "event2/bufferevent_ssl.h"
48 #include "event2/bufferevent_struct.h"
49 #include "event2/buffer.h"
50 #include "event2/listener.h"
51 
52 #include "regress.h"
53 #include "tinytest.h"
54 #include "tinytest_macros.h"
55 
56 #include <openssl/err.h>
57 #include <openssl/pem.h>
58 #include "openssl-compat.h"
59 
60 #include <string.h>
61 #ifdef _WIN32
62 #include <io.h>
63 #define read _read
64 #define write _write
65 #else
66 #include <unistd.h>
67 #endif
68 
69 /* A pre-generated key, to save the cost of doing an RSA key generation step
70  * during the unit tests. It is published in this file, so you would have to
71  * be very foolish to consider using it in your own code. */
72 static const char KEY[] =
73     "-----BEGIN RSA PRIVATE KEY-----\n"
74     "MIIEogIBAAKCAQEAtK07Ili0dkJb79m/sFmHoVJTWyLoveXex2yX/BtUzzcvZEOu\n"
75     "QLon/++5YOA48kzZm5K9mIwZkZhui1ZgJ5Bjq0LGAWTZGIn+NXjLFshPYvTKpOCW\n"
76     "uzL0Ir0LXMsBLYJQ5A4FomLNxs4I3H/dhDSGy/rSiJB1B4w2xNiwPK08/VL3zZqk\n"
77     "V+GsSvGIIkzhTMbqPJy9K8pqyjwOU2pgORS794yXciTGxWYjTDzJPgQ35YMDATaG\n"
78     "jr4HHo1zxU/Lj0pndSUK5rKLYxYQ3Uc8B3AVYDl9CP/GbOoQ4LBzS68JjcAUyp6i\n"
79     "6NfXlc2D9S9XgqVqwI+JqgJs0eW/+zPY2UEDWwIDAQABAoIBAD2HzV66FOM9YDAD\n"
80     "2RtGskEHV2nvLpIVadRCsFPkPvK+2X3s6rgSbbLkwh4y3lHuSCGKTNVZyQ9jeSos\n"
81     "xVxT+Q2HFQW+gYyw2gj91TQyDY8mzKhv8AVaqff2p5r3a7RC8CdqexK9UVUGL9Bg\n"
82     "H2F5vfpTtkVZ5PEoGDLblNFlMiMW/t1SobUeBVx+Msco/xqk9lFv1A9nnepGy0Gi\n"
83     "D+i6YNGTBsX22YhoCZl/ICxCL8lgqPei4FvBr9dBVh/jQgjuUBm2jz55p2r7+7Aw\n"
84     "khmXHReejoVokQ2+htgSgZNKlKuDy710ZpBqnDi8ynQi82Y2qCpyg/p/xcER54B6\n"
85     "hSftaiECgYEA2RkSoxU+nWk+BClQEUZRi88QK5W/M8oo1DvUs36hvPFkw3Jk/gz0\n"
86     "fgd5bnA+MXj0Fc0QHvbddPjIkyoI/evq9GPV+JYIuH5zabrlI3Jvya8q9QpAcEDO\n"
87     "KkL/O09qXVEW52S6l05nh4PLejyI7aTyTIN5nbVLac/+M8MY/qOjZksCgYEA1Q1o\n"
88     "L8kjSavU2xhQmSgZb9W62Do60sa3e73ljrDPoiyvbExldpSdziFYxHBD/Rep0ePf\n"
89     "eVSGS3VSwevt9/jSGo2Oa83TYYns9agBm03oR/Go/DukESdI792NsEM+PRFypVNy\n"
90     "AohWRLj0UU6DV+zLKp0VBavtx0ATeLFX0eN17TECgYBI2O/3Bz7uhQ0JSm+SjFz6\n"
91     "o+2SInp5P2G57aWu4VQWWY3tQ2p+EQzNaWam10UXRrXoxtmc+ktPX9e2AgnoYoyB\n"
92     "myqGcpnUhqHlnZAb999o9r1cYidDQ4uqhLauSTSwwXAFDzjJYsa8o03Y440y6QFh\n"
93     "CVD6yYXXqLJs3g96CqDexwKBgAHxq1+0QCQt8zVElYewO/svQhMzBNJjic0RQIT6\n"
94     "zAo4yij80XgxhvcYiszQEW6/xobpw2JCCS+rFGQ8mOFIXfJsFD6blDAxp/3d2JXo\n"
95     "MhRl+hrDGI4ng5zcsqxHEMxR2m/zwPiQ8eiSn3gWdVBaEsiCwmxY00ScKxFQ3PJH\n"
96     "Vw4hAoGAdZLd8KfjjG6lg7hfpVqavstqVi9LOgkHeCfdjn7JP+76kYrgLk/XdkrP\n"
97     "N/BHhtFVFjOi/mTQfQ5YfZImkm/1ePBy7437DT8BDkOxspa50kK4HPggHnU64h1w\n"
98     "lhdEOj7mAgHwGwwVZWOgs9Lq6vfztnSuhqjha1daESY6kDscPIQ=\n"
99     "-----END RSA PRIVATE KEY-----\n";
100 
101 EVP_PKEY *
ssl_getkey(void)102 ssl_getkey(void)
103 {
104 	EVP_PKEY *key;
105 	BIO *bio;
106 
107 	/* new read-only BIO backed by KEY. */
108 	bio = BIO_new_mem_buf((char*)KEY, -1);
109 	tt_assert(bio);
110 
111 	key = PEM_read_bio_PrivateKey(bio,NULL,NULL,NULL);
112 	BIO_free(bio);
113 	tt_assert(key);
114 
115 	return key;
116 end:
117 	return NULL;
118 }
119 
120 X509 *
ssl_getcert(EVP_PKEY * key)121 ssl_getcert(EVP_PKEY *key)
122 {
123 	/* Dummy code to make a quick-and-dirty valid certificate with
124 	   OpenSSL.  Don't copy this code into your own program! It does a
125 	   number of things in a stupid and insecure way. */
126 	X509 *x509 = NULL;
127 	X509_NAME *name = NULL;
128 	int nid;
129 	time_t now = time(NULL);
130 
131 	tt_assert(key);
132 
133 	x509 = X509_new();
134 	tt_assert(x509);
135 	tt_assert(0 != X509_set_version(x509, 2));
136 	tt_assert(0 != ASN1_INTEGER_set(X509_get_serialNumber(x509),
137 		(long)now));
138 
139 	name = X509_NAME_new();
140 	tt_assert(name);
141 	nid = OBJ_txt2nid("commonName");
142 	tt_assert(NID_undef != nid);
143 	tt_assert(0 != X509_NAME_add_entry_by_NID(
144 		    name, nid, MBSTRING_ASC, (unsigned char*)"example.com",
145 		    -1, -1, 0));
146 
147 	X509_set_subject_name(x509, name);
148 	X509_set_issuer_name(x509, name);
149 	X509_NAME_free(name);
150 
151 	X509_time_adj(X509_getm_notBefore(x509), 0, &now);
152 	now += 3600;
153 	X509_time_adj(X509_getm_notAfter(x509), 0, &now);
154 	X509_set_pubkey(x509, key);
155 	tt_assert(0 != X509_sign(x509, key, EVP_sha1()));
156 
157 	return x509;
158 end:
159 	X509_free(x509);
160 	X509_NAME_free(name);
161 	return NULL;
162 }
163 
164 static int disable_tls_11_and_12 = 0;
165 static SSL_CTX *the_ssl_ctx = NULL;
166 
167 SSL_CTX *
get_ssl_ctx(void)168 get_ssl_ctx(void)
169 {
170 	if (the_ssl_ctx)
171 		return the_ssl_ctx;
172 	the_ssl_ctx = SSL_CTX_new(SSLv23_method());
173 	if (!the_ssl_ctx)
174 		return NULL;
175 	if (disable_tls_11_and_12) {
176 #ifdef SSL_OP_NO_TLSv1_2
177 		SSL_CTX_set_options(the_ssl_ctx, SSL_OP_NO_TLSv1_2);
178 #endif
179 #ifdef SSL_OP_NO_TLSv1_1
180 		SSL_CTX_set_options(the_ssl_ctx, SSL_OP_NO_TLSv1_1);
181 #endif
182 	}
183 	return the_ssl_ctx;
184 }
185 
186 static int test_is_done;
187 static int n_connected;
188 static int got_close;
189 static int got_error;
190 static int got_timeout;
191 static int renegotiate_at = -1;
192 static int stop_when_connected;
193 static int pending_connect_events;
194 static struct event_base *exit_base;
195 static X509 *the_cert;
196 EVP_PKEY *the_key;
197 
198 void
init_ssl(void)199 init_ssl(void)
200 {
201 #if (OPENSSL_VERSION_NUMBER < 0x10100000L) || \
202 	(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L)
203 	SSL_library_init();
204 	ERR_load_crypto_strings();
205 	SSL_load_error_strings();
206 	OpenSSL_add_all_algorithms();
207 	if (SSLeay() != OPENSSL_VERSION_NUMBER) {
208 		TT_DECLARE("WARN",
209 			("Version mismatch for openssl: compiled with %lx but running with %lx",
210 			(unsigned long)OPENSSL_VERSION_NUMBER, (unsigned long)SSLeay()));
211 	}
212 #endif
213 }
214 
215 static void *
ssl_test_setup(const struct testcase_t * testcase)216 ssl_test_setup(const struct testcase_t *testcase)
217 {
218 	init_ssl();
219 
220 	the_key = ssl_getkey();
221 	EVUTIL_ASSERT(the_key);
222 
223 	the_cert = ssl_getcert(the_key);
224 	EVUTIL_ASSERT(the_cert);
225 
226 	disable_tls_11_and_12 = 0;
227 
228 	return basic_test_setup(testcase);
229 }
230 static int
ssl_test_cleanup(const struct testcase_t * testcase,void * ptr)231 ssl_test_cleanup(const struct testcase_t *testcase, void *ptr)
232 {
233 	int ret = basic_test_cleanup(testcase, ptr);
234 	if (!ret) {
235 		return ret;
236 	}
237 
238 	test_is_done = 0;
239 	n_connected = 0;
240 	got_close = 0;
241 	got_error = 0;
242 	got_timeout = 0;
243 	renegotiate_at = -1;
244 	stop_when_connected = 0;
245 	pending_connect_events = 0;
246 	exit_base = NULL;
247 
248 	X509_free(the_cert);
249 	EVP_PKEY_free(the_key);
250 
251 	SSL_CTX_free(the_ssl_ctx);
252 	the_ssl_ctx = NULL;
253 
254 	return 1;
255 }
256 const struct testcase_setup_t ssl_setup = {
257 	ssl_test_setup, ssl_test_cleanup
258 };
259 
260 
261 /* ====================
262    Here's a simple test: we read a number from the input, increment it, and
263    reply, until we get to 1001.
264 */
265 
266 enum regress_openssl_type
267 {
268 	REGRESS_OPENSSL_SOCKETPAIR = 1,
269 	REGRESS_OPENSSL_FILTER = 2,
270 	REGRESS_OPENSSL_RENEGOTIATE = 4,
271 	REGRESS_OPENSSL_OPEN = 8,
272 	REGRESS_OPENSSL_DIRTY_SHUTDOWN = 16,
273 	REGRESS_OPENSSL_FD = 32,
274 
275 	REGRESS_OPENSSL_CLIENT = 64,
276 	REGRESS_OPENSSL_SERVER = 128,
277 
278 	REGRESS_OPENSSL_FREED = 256,
279 	REGRESS_OPENSSL_TIMEOUT = 512,
280 	REGRESS_OPENSSL_SLEEP = 1024,
281 
282 	REGRESS_OPENSSL_CLIENT_WRITE = 2048,
283 
284 	REGRESS_DEFERRED_CALLBACKS = 4096,
285 };
286 
287 static void
bufferevent_openssl_check_fd(struct bufferevent * bev,int filter)288 bufferevent_openssl_check_fd(struct bufferevent *bev, int filter)
289 {
290 	tt_fd_op(bufferevent_getfd(bev), !=, EVUTIL_INVALID_SOCKET);
291 	tt_fd_op(bufferevent_setfd(bev, EVUTIL_INVALID_SOCKET), ==, 0);
292 	if (filter) {
293 		tt_fd_op(bufferevent_getfd(bev), !=, EVUTIL_INVALID_SOCKET);
294 	} else {
295 		tt_fd_op(bufferevent_getfd(bev), ==, EVUTIL_INVALID_SOCKET);
296 	}
297 
298 end:
299 	;
300 }
301 static void
bufferevent_openssl_check_freed(struct bufferevent * bev)302 bufferevent_openssl_check_freed(struct bufferevent *bev)
303 {
304 	tt_int_op(event_pending(&bev->ev_read, EVLIST_ALL, NULL), ==, 0);
305 	tt_int_op(event_pending(&bev->ev_write, EVLIST_ALL, NULL), ==, 0);
306 
307 end:
308 	;
309 }
310 
311 static void
free_on_cb(struct bufferevent * bev,void * ctx)312 free_on_cb(struct bufferevent *bev, void *ctx)
313 {
314 	TT_BLATHER(("free_on_cb: %p", bev));
315 	bufferevent_free(bev);
316 }
317 
318 static void
respond_to_number(struct bufferevent * bev,void * ctx)319 respond_to_number(struct bufferevent *bev, void *ctx)
320 {
321 	struct evbuffer *b = bufferevent_get_input(bev);
322 	char *line;
323 	int n;
324 
325 	enum regress_openssl_type type;
326 	type = (enum regress_openssl_type)ctx;
327 
328 	line = evbuffer_readln(b, NULL, EVBUFFER_EOL_LF);
329 	if (! line)
330 		return;
331 	n = atoi(line);
332 	if (n <= 0)
333 		TT_FAIL(("Bad number: %s", line));
334 	free(line);
335 	TT_BLATHER(("The number was %d", n));
336 	if (n == 1001) {
337 		++test_is_done;
338 		bufferevent_free(bev); /* Should trigger close on other side. */
339 		return;
340 	}
341 	if ((type & REGRESS_OPENSSL_CLIENT) && n == renegotiate_at) {
342 		SSL_renegotiate(bufferevent_openssl_get_ssl(bev));
343 	}
344 	++n;
345 	evbuffer_add_printf(bufferevent_get_output(bev),
346 	    "%d\n", n);
347 	TT_BLATHER(("Done reading; now writing."));
348 	bufferevent_enable(bev, EV_WRITE);
349 	bufferevent_disable(bev, EV_READ);
350 }
351 
352 static void
done_writing_cb(struct bufferevent * bev,void * ctx)353 done_writing_cb(struct bufferevent *bev, void *ctx)
354 {
355 	struct evbuffer *b = bufferevent_get_output(bev);
356 	if (evbuffer_get_length(b))
357 		return;
358 	TT_BLATHER(("Done writing."));
359 	bufferevent_disable(bev, EV_WRITE);
360 	bufferevent_enable(bev, EV_READ);
361 }
362 
363 static void
eventcb(struct bufferevent * bev,short what,void * ctx)364 eventcb(struct bufferevent *bev, short what, void *ctx)
365 {
366 	X509 *peer_cert = NULL;
367 	enum regress_openssl_type type;
368 
369 	type = (enum regress_openssl_type)ctx;
370 
371 	TT_BLATHER(("Got event %d", (int)what));
372 	if (what & BEV_EVENT_CONNECTED) {
373 		SSL *ssl;
374 		++n_connected;
375 		ssl = bufferevent_openssl_get_ssl(bev);
376 		tt_assert(ssl);
377 		peer_cert = SSL_get_peer_certificate(ssl);
378 		if (type & REGRESS_OPENSSL_SERVER) {
379 			tt_assert(peer_cert == NULL);
380 		} else {
381 			tt_assert(peer_cert != NULL);
382 		}
383 		if (stop_when_connected) {
384 			if (--pending_connect_events == 0)
385 				event_base_loopexit(exit_base, NULL);
386 		}
387 
388 		if ((type & REGRESS_OPENSSL_CLIENT_WRITE) && (type & REGRESS_OPENSSL_CLIENT))
389 			evbuffer_add_printf(bufferevent_get_output(bev), "1\n");
390 	} else if (what & BEV_EVENT_EOF) {
391 		TT_BLATHER(("Got a good EOF"));
392 		++got_close;
393 		if (type & REGRESS_OPENSSL_FD) {
394 			bufferevent_openssl_check_fd(bev, type & REGRESS_OPENSSL_FILTER);
395 		}
396 		if (type & REGRESS_OPENSSL_FREED) {
397 			bufferevent_openssl_check_freed(bev);
398 		}
399 		bufferevent_free(bev);
400 	} else if (what & BEV_EVENT_ERROR) {
401 		TT_BLATHER(("Got an error."));
402 		++got_error;
403 		if (type & REGRESS_OPENSSL_FD) {
404 			bufferevent_openssl_check_fd(bev, type & REGRESS_OPENSSL_FILTER);
405 		}
406 		if (type & REGRESS_OPENSSL_FREED) {
407 			bufferevent_openssl_check_freed(bev);
408 		}
409 		bufferevent_free(bev);
410 	} else if (what & BEV_EVENT_TIMEOUT) {
411 		TT_BLATHER(("Got timeout."));
412 		++got_timeout;
413 		if (type & REGRESS_OPENSSL_FD) {
414 			bufferevent_openssl_check_fd(bev, type & REGRESS_OPENSSL_FILTER);
415 		}
416 		if (type & REGRESS_OPENSSL_FREED) {
417 			bufferevent_openssl_check_freed(bev);
418 		}
419 		bufferevent_free(bev);
420 	}
421 
422 end:
423 	if (peer_cert)
424 		X509_free(peer_cert);
425 }
426 
427 static void
open_ssl_bufevs(struct bufferevent ** bev1_out,struct bufferevent ** bev2_out,struct event_base * base,int is_open,int flags,SSL * ssl1,SSL * ssl2,evutil_socket_t * fd_pair,struct bufferevent ** underlying_pair,enum regress_openssl_type type)428 open_ssl_bufevs(struct bufferevent **bev1_out, struct bufferevent **bev2_out,
429     struct event_base *base, int is_open, int flags, SSL *ssl1, SSL *ssl2,
430     evutil_socket_t *fd_pair, struct bufferevent **underlying_pair,
431     enum regress_openssl_type type)
432 {
433 	int state1 = is_open ? BUFFEREVENT_SSL_OPEN :BUFFEREVENT_SSL_CONNECTING;
434 	int state2 = is_open ? BUFFEREVENT_SSL_OPEN :BUFFEREVENT_SSL_ACCEPTING;
435 	int dirty_shutdown = type & REGRESS_OPENSSL_DIRTY_SHUTDOWN;
436 	if (fd_pair) {
437 		*bev1_out = bufferevent_openssl_socket_new(
438 			base, fd_pair[0], ssl1, state1, flags);
439 		*bev2_out = bufferevent_openssl_socket_new(
440 			base, fd_pair[1], ssl2, state2, flags);
441 	} else {
442 		*bev1_out = bufferevent_openssl_filter_new(
443 			base, underlying_pair[0], ssl1, state1, flags);
444 		*bev2_out = bufferevent_openssl_filter_new(
445 			base, underlying_pair[1], ssl2, state2, flags);
446 
447 	}
448 	bufferevent_setcb(*bev1_out, respond_to_number, done_writing_cb,
449 	    eventcb, (void*)(REGRESS_OPENSSL_CLIENT | (long)type));
450 	bufferevent_setcb(*bev2_out, respond_to_number, done_writing_cb,
451 	    eventcb, (void*)(REGRESS_OPENSSL_SERVER | (long)type));
452 
453 	bufferevent_openssl_set_allow_dirty_shutdown(*bev1_out, dirty_shutdown);
454 	bufferevent_openssl_set_allow_dirty_shutdown(*bev2_out, dirty_shutdown);
455 }
456 
457 static void
regress_bufferevent_openssl(void * arg)458 regress_bufferevent_openssl(void *arg)
459 {
460 	struct basic_test_data *data = arg;
461 
462 	struct bufferevent *bev1, *bev2;
463 	SSL *ssl1, *ssl2;
464 	int flags = BEV_OPT_DEFER_CALLBACKS;
465 	struct bufferevent *bev_ll[2] = { NULL, NULL };
466 	evutil_socket_t *fd_pair = NULL;
467 
468 	enum regress_openssl_type type;
469 	type = (enum regress_openssl_type)data->setup_data;
470 
471 	if (type & REGRESS_OPENSSL_RENEGOTIATE) {
472 		if (OPENSSL_VERSION_NUMBER >= 0x10001000 &&
473 		    OPENSSL_VERSION_NUMBER <  0x1000104f) {
474 			/* 1.0.1 up to 1.0.1c has a bug where TLS1.1 and 1.2
475 			 * can't renegotiate with themselves. Disable. */
476 			disable_tls_11_and_12 = 1;
477 		}
478 		renegotiate_at = 600;
479 	}
480 
481 	ssl1 = SSL_new(get_ssl_ctx());
482 	ssl2 = SSL_new(get_ssl_ctx());
483 
484 	SSL_use_certificate(ssl2, the_cert);
485 	SSL_use_PrivateKey(ssl2, the_key);
486 
487 	if (!(type & REGRESS_OPENSSL_OPEN))
488 		flags |= BEV_OPT_CLOSE_ON_FREE;
489 
490 	if (!(type & REGRESS_OPENSSL_FILTER)) {
491 		tt_assert(type & REGRESS_OPENSSL_SOCKETPAIR);
492 		fd_pair = data->pair;
493 	} else {
494 		bev_ll[0] = bufferevent_socket_new(data->base, data->pair[0],
495 		    BEV_OPT_CLOSE_ON_FREE);
496 		bev_ll[1] = bufferevent_socket_new(data->base, data->pair[1],
497 		    BEV_OPT_CLOSE_ON_FREE);
498 	}
499 
500 	open_ssl_bufevs(&bev1, &bev2, data->base, 0, flags, ssl1, ssl2,
501 	    fd_pair, bev_ll, type);
502 
503 	if (!(type & REGRESS_OPENSSL_FILTER)) {
504 		tt_fd_op(bufferevent_getfd(bev1), ==, data->pair[0]);
505 	} else {
506 		tt_ptr_op(bufferevent_get_underlying(bev1), ==, bev_ll[0]);
507 	}
508 
509 	if (type & REGRESS_OPENSSL_OPEN) {
510 		pending_connect_events = 2;
511 		stop_when_connected = 1;
512 		exit_base = data->base;
513 		event_base_dispatch(data->base);
514 		/* Okay, now the renegotiation is done.  Make new
515 		 * bufferevents to test opening in BUFFEREVENT_SSL_OPEN */
516 		flags |= BEV_OPT_CLOSE_ON_FREE;
517 		bufferevent_free(bev1);
518 		bufferevent_free(bev2);
519 		bev1 = bev2 = NULL;
520 		open_ssl_bufevs(&bev1, &bev2, data->base, 1, flags, ssl1, ssl2,
521 		    fd_pair, bev_ll, type);
522 	}
523 
524 	if (!(type & REGRESS_OPENSSL_TIMEOUT)) {
525 		bufferevent_enable(bev1, EV_READ|EV_WRITE);
526 		bufferevent_enable(bev2, EV_READ|EV_WRITE);
527 
528 		if (!(type & REGRESS_OPENSSL_CLIENT_WRITE))
529 			evbuffer_add_printf(bufferevent_get_output(bev1), "1\n");
530 
531 		event_base_dispatch(data->base);
532 
533 		tt_assert(test_is_done == 1);
534 		tt_assert(n_connected == 2);
535 
536 		/* We don't handle shutdown properly yet */
537 		if (type & REGRESS_OPENSSL_DIRTY_SHUTDOWN) {
538 			tt_int_op(got_close, ==, 1);
539 			tt_int_op(got_error, ==, 0);
540 		} else {
541 			tt_int_op(got_error, ==, 1);
542 		}
543 		tt_int_op(got_timeout, ==, 0);
544 	} else {
545 		struct timeval t = { 2, 0 };
546 
547 		bufferevent_enable(bev1, EV_READ|EV_WRITE);
548 		bufferevent_disable(bev2, EV_READ|EV_WRITE);
549 
550 		bufferevent_set_timeouts(bev1, &t, &t);
551 
552 		if (!(type & REGRESS_OPENSSL_CLIENT_WRITE))
553 			evbuffer_add_printf(bufferevent_get_output(bev1), "1\n");
554 
555 		event_base_dispatch(data->base);
556 
557 		tt_assert(test_is_done == 0);
558 		tt_assert(n_connected == 0);
559 
560 		tt_int_op(got_close, ==, 0);
561 		tt_int_op(got_error, ==, 0);
562 		tt_int_op(got_timeout, ==, 1);
563 
564 		bufferevent_free(bev2);
565 	}
566 
567 end:
568 	return;
569 }
570 
571 static void
acceptcb_deferred(evutil_socket_t fd,short events,void * arg)572 acceptcb_deferred(evutil_socket_t fd, short events, void *arg)
573 {
574 	struct bufferevent *bev = arg;
575 	bufferevent_enable(bev, EV_READ|EV_WRITE);
576 }
577 static void
acceptcb(struct evconnlistener * listener,evutil_socket_t fd,struct sockaddr * addr,int socklen,void * arg)578 acceptcb(struct evconnlistener *listener, evutil_socket_t fd,
579     struct sockaddr *addr, int socklen, void *arg)
580 {
581 	struct basic_test_data *data = arg;
582 	struct bufferevent *bev;
583 	enum regress_openssl_type type;
584 	SSL *ssl = SSL_new(get_ssl_ctx());
585 
586 	type = (enum regress_openssl_type)data->setup_data;
587 
588 	SSL_use_certificate(ssl, the_cert);
589 	SSL_use_PrivateKey(ssl, the_key);
590 
591 	bev = bufferevent_openssl_socket_new(
592 		data->base, fd, ssl, BUFFEREVENT_SSL_ACCEPTING,
593 		BEV_OPT_CLOSE_ON_FREE|BEV_OPT_DEFER_CALLBACKS);
594 	tt_assert(bev);
595 
596 	bufferevent_setcb(bev, respond_to_number, NULL, eventcb,
597 	    (void*)(REGRESS_OPENSSL_SERVER));
598 
599 	if (type & REGRESS_OPENSSL_SLEEP) {
600 		struct timeval when = { 1, 0 };
601 		event_base_once(data->base, -1, EV_TIMEOUT,
602 		    acceptcb_deferred, bev, &when);
603 		bufferevent_disable(bev, EV_READ|EV_WRITE);
604 	} else {
605 		bufferevent_enable(bev, EV_READ|EV_WRITE);
606 	}
607 
608 	/* Only accept once, then disable ourself. */
609 	evconnlistener_disable(listener);
610 
611 end:
612 	;
613 }
614 
615 struct rwcount
616 {
617 	evutil_socket_t fd;
618 	size_t read;
619 	size_t write;
620 };
621 static int
bio_rwcount_new(BIO * b)622 bio_rwcount_new(BIO *b)
623 {
624 	BIO_set_init(b, 0);
625 	BIO_set_data(b, NULL);
626 	return 1;
627 }
628 static int
bio_rwcount_free(BIO * b)629 bio_rwcount_free(BIO *b)
630 {
631 	TT_BLATHER(("bio_rwcount_free: %p", b));
632 	if (!b)
633 		return 0;
634 	if (BIO_get_shutdown(b)) {
635 		BIO_set_init(b, 0);
636 		BIO_set_data(b, NULL);
637 	}
638 	return 1;
639 }
640 static int
bio_rwcount_read(BIO * b,char * out,int outlen)641 bio_rwcount_read(BIO *b, char *out, int outlen)
642 {
643 	struct rwcount *rw = BIO_get_data(b);
644 	ev_ssize_t ret = recv(rw->fd, out, outlen, 0);
645 	++rw->read;
646 	if (ret == -1 && EVUTIL_ERR_RW_RETRIABLE(EVUTIL_SOCKET_ERROR())) {
647 		BIO_set_retry_read(b);
648 	}
649 	return ret;
650 }
651 static int
bio_rwcount_write(BIO * b,const char * in,int inlen)652 bio_rwcount_write(BIO *b, const char *in, int inlen)
653 {
654 	struct rwcount *rw = BIO_get_data(b);
655 	ev_ssize_t ret = send(rw->fd, in, inlen, 0);
656 	++rw->write;
657 	if (ret == -1 && EVUTIL_ERR_RW_RETRIABLE(EVUTIL_SOCKET_ERROR())) {
658 		BIO_set_retry_write(b);
659 	}
660 	return ret;
661 }
662 static long
bio_rwcount_ctrl(BIO * b,int cmd,long num,void * ptr)663 bio_rwcount_ctrl(BIO *b, int cmd, long num, void *ptr)
664 {
665 	struct rwcount *rw = BIO_get_data(b);
666 	long ret = 0;
667 	switch (cmd) {
668 	case BIO_C_GET_FD:
669 		ret = rw->fd;
670 		break;
671 	case BIO_CTRL_GET_CLOSE:
672 		ret = BIO_get_shutdown(b);
673 		break;
674 	case BIO_CTRL_SET_CLOSE:
675 		BIO_set_shutdown(b, (int)num);
676 		break;
677 	case BIO_CTRL_PENDING:
678 		ret = 0;
679 		break;
680 	case BIO_CTRL_WPENDING:
681 		ret = 0;
682 		break;
683 	case BIO_CTRL_DUP:
684 	case BIO_CTRL_FLUSH:
685 		ret = 1;
686 		break;
687 	}
688 	return ret;
689 }
690 static int
bio_rwcount_puts(BIO * b,const char * s)691 bio_rwcount_puts(BIO *b, const char *s)
692 {
693 	return bio_rwcount_write(b, s, strlen(s));
694 }
695 #define BIO_TYPE_LIBEVENT_RWCOUNT 0xff1
696 static BIO_METHOD *methods_rwcount;
697 
698 static BIO_METHOD *
BIO_s_rwcount(void)699 BIO_s_rwcount(void)
700 {
701 	if (methods_rwcount == NULL) {
702 		methods_rwcount = BIO_meth_new(BIO_TYPE_LIBEVENT_RWCOUNT, "rwcount");
703 		if (methods_rwcount == NULL)
704 			return NULL;
705 		BIO_meth_set_write(methods_rwcount, bio_rwcount_write);
706 		BIO_meth_set_read(methods_rwcount, bio_rwcount_read);
707 		BIO_meth_set_puts(methods_rwcount, bio_rwcount_puts);
708 		BIO_meth_set_ctrl(methods_rwcount, bio_rwcount_ctrl);
709 		BIO_meth_set_create(methods_rwcount, bio_rwcount_new);
710 		BIO_meth_set_destroy(methods_rwcount, bio_rwcount_free);
711 	}
712 	return methods_rwcount;
713 }
714 static BIO *
BIO_new_rwcount(int close_flag)715 BIO_new_rwcount(int close_flag)
716 {
717 	BIO *result;
718 	if (!(result = BIO_new(BIO_s_rwcount())))
719 		return NULL;
720 	BIO_set_init(result, 1);
721 	BIO_set_data(result,  NULL);
722 	BIO_set_shutdown(result, !!close_flag);
723 	return result;
724 }
725 
726 static void
regress_bufferevent_openssl_connect(void * arg)727 regress_bufferevent_openssl_connect(void *arg)
728 {
729 	struct basic_test_data *data = arg;
730 
731 	struct event_base *base = data->base;
732 
733 	struct evconnlistener *listener;
734 	struct bufferevent *bev;
735 	struct sockaddr_in sin;
736 	struct sockaddr_storage ss;
737 	ev_socklen_t slen;
738 	SSL *ssl;
739 	struct rwcount rw = { -1, 0, 0 };
740 	enum regress_openssl_type type;
741 
742 	type = (enum regress_openssl_type)data->setup_data;
743 
744 	memset(&sin, 0, sizeof(sin));
745 	sin.sin_family = AF_INET;
746 	sin.sin_addr.s_addr = htonl(0x7f000001);
747 
748 	memset(&ss, 0, sizeof(ss));
749 	slen = sizeof(ss);
750 
751 	listener = evconnlistener_new_bind(base, acceptcb, data,
752 	    LEV_OPT_CLOSE_ON_FREE|LEV_OPT_REUSEABLE,
753 	    -1, (struct sockaddr *)&sin, sizeof(sin));
754 
755 	tt_assert(listener);
756 	tt_assert(evconnlistener_get_fd(listener) >= 0);
757 
758 	ssl = SSL_new(get_ssl_ctx());
759 	tt_assert(ssl);
760 
761 	bev = bufferevent_openssl_socket_new(
762 		data->base, -1, ssl,
763 		BUFFEREVENT_SSL_CONNECTING,
764 		BEV_OPT_CLOSE_ON_FREE|BEV_OPT_DEFER_CALLBACKS);
765 	tt_assert(bev);
766 
767 	bufferevent_setcb(bev, respond_to_number, free_on_cb, eventcb,
768 	    (void*)(REGRESS_OPENSSL_CLIENT));
769 
770 	tt_assert(getsockname(evconnlistener_get_fd(listener),
771 		(struct sockaddr*)&ss, &slen) == 0);
772 	tt_assert(slen == sizeof(struct sockaddr_in));
773 	tt_int_op(((struct sockaddr*)&ss)->sa_family, ==, AF_INET);
774 
775 	tt_assert(0 ==
776 	    bufferevent_socket_connect(bev, (struct sockaddr*)&ss, slen));
777 	/* Possible only when we have fd, since be_openssl can and will overwrite
778 	 * bio otherwise before */
779 	if (type & REGRESS_OPENSSL_SLEEP) {
780 		BIO *bio;
781 
782 		rw.fd = bufferevent_getfd(bev);
783 		bio = BIO_new_rwcount(0);
784 		tt_assert(bio);
785 		BIO_set_data(bio, &rw);
786 		SSL_set_bio(ssl, bio, bio);
787 	}
788 	evbuffer_add_printf(bufferevent_get_output(bev), "1\n");
789 	bufferevent_enable(bev, EV_READ|EV_WRITE);
790 
791 	event_base_dispatch(base);
792 
793 	tt_int_op(rw.read, <=, 100);
794 	tt_int_op(rw.write, <=, 100);
795 end:
796 	evconnlistener_free(listener);
797 }
798 
799 struct wm_context
800 {
801 	int server;
802 	int flags;
803 	struct evbuffer *data;
804 	size_t to_read;
805 	size_t wm_high;
806 	size_t limit;
807 	size_t get;
808 	struct bufferevent *bev;
809 	struct wm_context *neighbour;
810 };
811 static void
wm_transfer(struct bufferevent * bev,void * arg)812 wm_transfer(struct bufferevent *bev, void *arg)
813 {
814 	struct wm_context *ctx = arg;
815 	struct evbuffer *in  = bufferevent_get_input(bev);
816 	struct evbuffer *out = bufferevent_get_output(bev);
817 	size_t len = evbuffer_get_length(in);
818 	size_t drain = len < ctx->to_read ? len : ctx->to_read;
819 
820 	if (ctx->get >= ctx->limit) {
821 		TT_BLATHER(("wm_transfer-%s(%p): break",
822 			ctx->server ? "server" : "client", bev));
823 		bufferevent_setcb(bev, NULL, NULL, NULL, NULL);
824 		bufferevent_disable(bev, EV_READ);
825 		if (ctx->neighbour->get >= ctx->neighbour->limit) {
826 			event_base_loopbreak(bufferevent_get_base(bev));
827 		}
828 	} else {
829 		ctx->get += drain;
830 		evbuffer_drain(in, drain);
831 	}
832 
833 	TT_BLATHER(("wm_transfer-%s(%p): "
834 		"in: " EV_SIZE_FMT ", "
835 		"out: " EV_SIZE_FMT ", "
836 		"got: " EV_SIZE_FMT "",
837 		ctx->server ? "server" : "client", bev,
838 		evbuffer_get_length(in),
839 		evbuffer_get_length(out),
840 		ctx->get));
841 
842 	evbuffer_add_buffer_reference(out, ctx->data);
843 }
844 static void
wm_eventcb(struct bufferevent * bev,short what,void * arg)845 wm_eventcb(struct bufferevent *bev, short what, void *arg)
846 {
847 	struct wm_context *ctx = arg;
848 	TT_BLATHER(("wm_eventcb-%s(%p): %i",
849 		ctx->server ? "server" : "client", bev, what));
850 	if (what & BEV_EVENT_CONNECTED) {
851 	} else {
852 		ctx->get = 0;
853 	}
854 }
855 static void
wm_acceptcb(struct evconnlistener * listener,evutil_socket_t fd,struct sockaddr * addr,int socklen,void * arg)856 wm_acceptcb(struct evconnlistener *listener, evutil_socket_t fd,
857     struct sockaddr *addr, int socklen, void *arg)
858 {
859 	struct wm_context *ctx = arg;
860 	struct bufferevent *bev;
861 	struct event_base *base = evconnlistener_get_base(listener);
862 	SSL *ssl = SSL_new(get_ssl_ctx());
863 
864 	SSL_use_certificate(ssl, the_cert);
865 	SSL_use_PrivateKey(ssl, the_key);
866 
867 	bev = bufferevent_openssl_socket_new(
868 		base, fd, ssl, BUFFEREVENT_SSL_ACCEPTING, ctx->flags);
869 
870 	TT_BLATHER(("wm_transfer-%s(%p): accept",
871 		ctx->server ? "server" : "client", bev));
872 
873 	bufferevent_setwatermark(bev, EV_READ, 0, ctx->wm_high);
874 	bufferevent_setcb(bev, wm_transfer, NULL, wm_eventcb, ctx);
875 	bufferevent_enable(bev, EV_READ|EV_WRITE);
876 	ctx->bev = bev;
877 
878 	/* Only accept once, then disable ourself. */
879 	evconnlistener_disable(listener);
880 }
881 static void
regress_bufferevent_openssl_wm(void * arg)882 regress_bufferevent_openssl_wm(void *arg)
883 {
884 	struct basic_test_data *data = arg;
885 	struct event_base *base = data->base;
886 
887 	struct evconnlistener *listener;
888 	struct bufferevent *bev;
889 	struct sockaddr_in sin;
890 	struct sockaddr_storage ss;
891 	enum regress_openssl_type type =
892 		(enum regress_openssl_type)data->setup_data;
893 	int bev_flags = BEV_OPT_CLOSE_ON_FREE;
894 	ev_socklen_t slen;
895 	SSL *ssl;
896 	struct wm_context client, server;
897 	char *payload;
898 	size_t payload_len = 1<<10;
899 	size_t wm_high = 5<<10;
900 
901 	memset(&sin, 0, sizeof(sin));
902 	sin.sin_family = AF_INET;
903 	sin.sin_addr.s_addr = htonl(0x7f000001);
904 
905 	memset(&ss, 0, sizeof(ss));
906 	slen = sizeof(ss);
907 
908 	if (type & REGRESS_DEFERRED_CALLBACKS)
909 		bev_flags |= BEV_OPT_DEFER_CALLBACKS;
910 
911 	memset(&client, 0, sizeof(client));
912 	memset(&server, 0, sizeof(server));
913 	client.server = 0;
914 	server.server = 1;
915 	client.flags = server.flags = bev_flags;
916 	client.data = evbuffer_new();
917 	server.data = evbuffer_new();
918 	payload = calloc(1, payload_len);
919 	memset(payload, 'A', payload_len);
920 	evbuffer_add(server.data, payload, payload_len);
921 	evbuffer_add(client.data, payload, payload_len);
922 	client.wm_high = server.wm_high = wm_high;
923 	client.limit = server.limit = wm_high<<3;
924 	client.to_read = server.to_read = payload_len>>1;
925 
926 	TT_BLATHER(("openssl_wm: "
927 		"payload_len = " EV_SIZE_FMT ", "
928 		"wm_high = " EV_SIZE_FMT ", "
929 		"limit = " EV_SIZE_FMT ", "
930 		"to_read: " EV_SIZE_FMT "",
931 		payload_len,
932 		wm_high,
933 		server.limit,
934 		server.to_read));
935 
936 	listener = evconnlistener_new_bind(base, wm_acceptcb, &server,
937 	    LEV_OPT_CLOSE_ON_FREE|LEV_OPT_REUSEABLE,
938 	    -1, (struct sockaddr *)&sin, sizeof(sin));
939 
940 	tt_assert(listener);
941 	tt_assert(evconnlistener_get_fd(listener) >= 0);
942 
943 	ssl = SSL_new(get_ssl_ctx());
944 	tt_assert(ssl);
945 
946 	if (type & REGRESS_OPENSSL_FILTER) {
947 		bev = bufferevent_socket_new(data->base, -1, client.flags);
948 		tt_assert(bev);
949 		bev = bufferevent_openssl_filter_new(
950 			base, bev, ssl, BUFFEREVENT_SSL_CONNECTING, client.flags);
951 	} else {
952 		bev = bufferevent_openssl_socket_new(
953 			data->base, -1, ssl,
954 			BUFFEREVENT_SSL_CONNECTING,
955 			client.flags);
956 	}
957 	tt_assert(bev);
958 	client.bev = bev;
959 
960 	server.neighbour = &client;
961 	client.neighbour = &server;
962 
963 	bufferevent_setwatermark(bev, EV_READ, 0, client.wm_high);
964 	bufferevent_setcb(bev, wm_transfer, NULL, wm_eventcb, &client);
965 
966 	tt_assert(getsockname(evconnlistener_get_fd(listener),
967 		(struct sockaddr*)&ss, &slen) == 0);
968 
969 	tt_assert(!bufferevent_socket_connect(bev, (struct sockaddr*)&ss, slen));
970 	tt_assert(!evbuffer_add_buffer_reference(bufferevent_get_output(bev), client.data));
971 	tt_assert(!bufferevent_enable(bev, EV_READ|EV_WRITE));
972 
973 	event_base_dispatch(base);
974 
975 	tt_int_op(client.get, ==, client.limit);
976 	tt_int_op(server.get, ==, server.limit);
977 
978 end:
979 	free(payload);
980 	evbuffer_free(client.data);
981 	evbuffer_free(server.data);
982 	evconnlistener_free(listener);
983 	bufferevent_free(client.bev);
984 	bufferevent_free(server.bev);
985 
986 	/* XXX: by some reason otherise there is a leak */
987 	if (!(type & REGRESS_OPENSSL_FILTER))
988 		event_base_loop(base, EVLOOP_ONCE);
989 }
990 
991 struct testcase_t ssl_testcases[] = {
992 #define T(a) ((void *)(a))
993 	{ "bufferevent_socketpair", regress_bufferevent_openssl,
994 	  TT_ISOLATED, &ssl_setup, T(REGRESS_OPENSSL_SOCKETPAIR) },
995 	{ "bufferevent_socketpair_write_after_connect", regress_bufferevent_openssl,
996 	  TT_ISOLATED, &ssl_setup,
997 	  T(REGRESS_OPENSSL_SOCKETPAIR|REGRESS_OPENSSL_CLIENT_WRITE) },
998 	{ "bufferevent_filter", regress_bufferevent_openssl,
999 	  TT_ISOLATED, &ssl_setup, T(REGRESS_OPENSSL_FILTER) },
1000 	{ "bufferevent_filter_write_after_connect", regress_bufferevent_openssl,
1001 	  TT_ISOLATED, &ssl_setup,
1002 	  T(REGRESS_OPENSSL_FILTER|REGRESS_OPENSSL_CLIENT_WRITE) },
1003 	{ "bufferevent_renegotiate_socketpair", regress_bufferevent_openssl,
1004 	  TT_ISOLATED, &ssl_setup,
1005 	  T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_RENEGOTIATE) },
1006 	{ "bufferevent_renegotiate_filter", regress_bufferevent_openssl,
1007 	  TT_ISOLATED, &ssl_setup,
1008 	  T(REGRESS_OPENSSL_FILTER | REGRESS_OPENSSL_RENEGOTIATE) },
1009 	{ "bufferevent_socketpair_startopen", regress_bufferevent_openssl,
1010 	  TT_ISOLATED, &ssl_setup,
1011 	  T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_OPEN) },
1012 	{ "bufferevent_filter_startopen", regress_bufferevent_openssl,
1013 	  TT_ISOLATED, &ssl_setup,
1014 	  T(REGRESS_OPENSSL_FILTER | REGRESS_OPENSSL_OPEN) },
1015 
1016 	{ "bufferevent_socketpair_dirty_shutdown", regress_bufferevent_openssl,
1017 	  TT_ISOLATED, &ssl_setup,
1018 	  T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_DIRTY_SHUTDOWN) },
1019 	{ "bufferevent_filter_dirty_shutdown", regress_bufferevent_openssl,
1020 	  TT_ISOLATED, &ssl_setup,
1021 	  T(REGRESS_OPENSSL_FILTER | REGRESS_OPENSSL_DIRTY_SHUTDOWN) },
1022 	{ "bufferevent_renegotiate_socketpair_dirty_shutdown",
1023 	  regress_bufferevent_openssl,
1024 	  TT_ISOLATED,
1025 	  &ssl_setup,
1026 	  T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_RENEGOTIATE | REGRESS_OPENSSL_DIRTY_SHUTDOWN) },
1027 	{ "bufferevent_renegotiate_filter_dirty_shutdown",
1028 	  regress_bufferevent_openssl,
1029 	  TT_ISOLATED,
1030 	  &ssl_setup,
1031 	  T(REGRESS_OPENSSL_FILTER | REGRESS_OPENSSL_RENEGOTIATE | REGRESS_OPENSSL_DIRTY_SHUTDOWN) },
1032 	{ "bufferevent_socketpair_startopen_dirty_shutdown",
1033 	  regress_bufferevent_openssl,
1034 	  TT_ISOLATED, &ssl_setup,
1035 	  T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_OPEN | REGRESS_OPENSSL_DIRTY_SHUTDOWN) },
1036 	{ "bufferevent_filter_startopen_dirty_shutdown",
1037 	  regress_bufferevent_openssl,
1038 	  TT_ISOLATED, &ssl_setup,
1039 	  T(REGRESS_OPENSSL_FILTER | REGRESS_OPENSSL_OPEN | REGRESS_OPENSSL_DIRTY_SHUTDOWN) },
1040 
1041 	{ "bufferevent_socketpair_fd", regress_bufferevent_openssl,
1042 	  TT_ISOLATED, &ssl_setup,
1043 	  T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_FD) },
1044 	{ "bufferevent_socketpair_freed", regress_bufferevent_openssl,
1045 	  TT_ISOLATED, &ssl_setup,
1046 	  T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_FREED) },
1047 	{ "bufferevent_socketpair_freed_fd", regress_bufferevent_openssl,
1048 	  TT_ISOLATED, &ssl_setup,
1049 	  T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_FREED | REGRESS_OPENSSL_FD) },
1050 	{ "bufferevent_filter_freed_fd", regress_bufferevent_openssl,
1051 	  TT_ISOLATED, &ssl_setup,
1052 	  T(REGRESS_OPENSSL_FILTER | REGRESS_OPENSSL_FREED | REGRESS_OPENSSL_FD) },
1053 
1054 	{ "bufferevent_socketpair_timeout", regress_bufferevent_openssl,
1055 	  TT_ISOLATED, &ssl_setup,
1056 	  T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_TIMEOUT) },
1057 	{ "bufferevent_socketpair_timeout_freed_fd", regress_bufferevent_openssl,
1058 	  TT_ISOLATED, &ssl_setup,
1059 	  T(REGRESS_OPENSSL_SOCKETPAIR | REGRESS_OPENSSL_TIMEOUT | REGRESS_OPENSSL_FREED | REGRESS_OPENSSL_FD) },
1060 
1061 	{ "bufferevent_connect", regress_bufferevent_openssl_connect,
1062 	  TT_FORK|TT_NEED_BASE, &ssl_setup, NULL },
1063 	{ "bufferevent_connect_sleep", regress_bufferevent_openssl_connect,
1064 	  TT_FORK|TT_NEED_BASE, &ssl_setup, T(REGRESS_OPENSSL_SLEEP) },
1065 
1066 	{ "bufferevent_wm", regress_bufferevent_openssl_wm,
1067 	  TT_FORK|TT_NEED_BASE, &ssl_setup, NULL },
1068 	{ "bufferevent_wm_filter", regress_bufferevent_openssl_wm,
1069 	  TT_FORK|TT_NEED_BASE, &ssl_setup, T(REGRESS_OPENSSL_FILTER) },
1070 	{ "bufferevent_wm_defer", regress_bufferevent_openssl_wm,
1071 	  TT_FORK|TT_NEED_BASE, &ssl_setup, T(REGRESS_DEFERRED_CALLBACKS) },
1072 	{ "bufferevent_wm_filter_defer", regress_bufferevent_openssl_wm,
1073 	  TT_FORK|TT_NEED_BASE, &ssl_setup, T(REGRESS_OPENSSL_FILTER|REGRESS_DEFERRED_CALLBACKS) },
1074 
1075 #undef T
1076 
1077 	END_OF_TESTCASES,
1078 };
1079