12b15cb3dSCy Schubert /* 22b15cb3dSCy Schubert * Copyright (c) 2009-2012 Niels Provos and Nick Mathewson 32b15cb3dSCy Schubert * 42b15cb3dSCy Schubert * Redistribution and use in source and binary forms, with or without 52b15cb3dSCy Schubert * modification, are permitted provided that the following conditions 62b15cb3dSCy Schubert * are met: 72b15cb3dSCy Schubert * 1. Redistributions of source code must retain the above copyright 82b15cb3dSCy Schubert * notice, this list of conditions and the following disclaimer. 92b15cb3dSCy Schubert * 2. Redistributions in binary form must reproduce the above copyright 102b15cb3dSCy Schubert * notice, this list of conditions and the following disclaimer in the 112b15cb3dSCy Schubert * documentation and/or other materials provided with the distribution. 122b15cb3dSCy Schubert * 3. The name of the author may not be used to endorse or promote products 132b15cb3dSCy Schubert * derived from this software without specific prior written permission. 142b15cb3dSCy Schubert * 152b15cb3dSCy Schubert * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 162b15cb3dSCy Schubert * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 172b15cb3dSCy Schubert * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 182b15cb3dSCy Schubert * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 192b15cb3dSCy Schubert * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 202b15cb3dSCy Schubert * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 212b15cb3dSCy Schubert * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 222b15cb3dSCy Schubert * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 232b15cb3dSCy Schubert * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 242b15cb3dSCy Schubert * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 252b15cb3dSCy Schubert */ 262b15cb3dSCy Schubert 272b15cb3dSCy Schubert // Get rid of OSX 10.7 and greater deprecation warnings. 282b15cb3dSCy Schubert #if defined(__APPLE__) && defined(__clang__) 292b15cb3dSCy Schubert #pragma clang diagnostic ignored "-Wdeprecated-declarations" 302b15cb3dSCy Schubert #endif 312b15cb3dSCy Schubert 322b15cb3dSCy Schubert #ifdef _WIN32 332b15cb3dSCy Schubert #include <winsock2.h> 342b15cb3dSCy Schubert #include <windows.h> 352b15cb3dSCy Schubert #endif 362b15cb3dSCy Schubert 372b15cb3dSCy Schubert #ifndef _WIN32 382b15cb3dSCy Schubert #include <sys/types.h> 392b15cb3dSCy Schubert #include <sys/socket.h> 402b15cb3dSCy Schubert #include <netinet/in.h> 412b15cb3dSCy Schubert #endif 422b15cb3dSCy Schubert 432b15cb3dSCy Schubert #include "event2/util.h" 442b15cb3dSCy Schubert #include "event2/event.h" 452b15cb3dSCy Schubert #include "event2/bufferevent_ssl.h" 462b15cb3dSCy Schubert #include "event2/buffer.h" 472b15cb3dSCy Schubert #include "event2/listener.h" 482b15cb3dSCy Schubert 492b15cb3dSCy Schubert #include "regress.h" 502b15cb3dSCy Schubert #include "tinytest.h" 512b15cb3dSCy Schubert #include "tinytest_macros.h" 522b15cb3dSCy Schubert 53*f0574f5cSXin LI #include <openssl/asn1.h> 542b15cb3dSCy Schubert #include <openssl/ssl.h> 552b15cb3dSCy Schubert #include <openssl/bio.h> 56*f0574f5cSXin LI #include <openssl/crypto.h> 572b15cb3dSCy Schubert #include <openssl/err.h> 582b15cb3dSCy Schubert #include <openssl/pem.h> 59*f0574f5cSXin LI #include <openssl/opensslv.h> 60*f0574f5cSXin LI #include <openssl/x509.h> 612b15cb3dSCy Schubert 622b15cb3dSCy Schubert #include <string.h> 632b15cb3dSCy Schubert 64*f0574f5cSXin LI #if OPENSSL_VERSION_NUMBER < 0x10100000L 65*f0574f5cSXin LI #define OpenSSL_version_num SSLeay 66*f0574f5cSXin LI #endif /* OPENSSL_VERSION_NUMBER */ 67*f0574f5cSXin LI 682b15cb3dSCy Schubert /* A short pre-generated key, to save the cost of doing an RSA key generation 692b15cb3dSCy Schubert * step during the unit tests. It's only 512 bits long, and it is published 702b15cb3dSCy Schubert * in this file, so you would have to be very foolish to consider using it in 712b15cb3dSCy Schubert * your own code. */ 722b15cb3dSCy Schubert static const char KEY[] = 732b15cb3dSCy Schubert "-----BEGIN RSA PRIVATE KEY-----\n" 742b15cb3dSCy Schubert "MIIBOgIBAAJBAKibTEzXjj+sqpipePX1lEk5BNFuL/dDBbw8QCXgaJWikOiKHeJq\n" 752b15cb3dSCy Schubert "3FQ0OmCnmpkdsPFE4x3ojYmmdgE2i0dJwq0CAwEAAQJAZ08gpUS+qE1IClps/2gG\n" 762b15cb3dSCy Schubert "AAer6Bc31K2AaiIQvCSQcH440cp062QtWMC3V5sEoWmdLsbAHFH26/9ZHn5zAflp\n" 772b15cb3dSCy Schubert "gQIhANWOx/UYeR8HD0WREU5kcuSzgzNLwUErHLzxP7U6aojpAiEAyh2H35CjN/P7\n" 782b15cb3dSCy Schubert "NhcZ4QYw3PeUWpqgJnaE/4i80BSYkSUCIQDLHFhLYLJZ80HwHTADif/ISn9/Ow6b\n" 792b15cb3dSCy Schubert "p6BWh3DbMar/eQIgBPS6azH5vpp983KXkNv9AL4VZi9ac/b+BeINdzC6GP0CIDmB\n" 802b15cb3dSCy Schubert "U6GFEQTZ3IfuiVabG5pummdC4DNbcdI+WKrSFNmQ\n" 812b15cb3dSCy Schubert "-----END RSA PRIVATE KEY-----\n"; 822b15cb3dSCy Schubert 832b15cb3dSCy Schubert static EVP_PKEY * 842b15cb3dSCy Schubert getkey(void) 852b15cb3dSCy Schubert { 862b15cb3dSCy Schubert EVP_PKEY *key; 872b15cb3dSCy Schubert BIO *bio; 882b15cb3dSCy Schubert 892b15cb3dSCy Schubert /* new read-only BIO backed by KEY. */ 902b15cb3dSCy Schubert bio = BIO_new_mem_buf((char*)KEY, -1); 912b15cb3dSCy Schubert tt_assert(bio); 922b15cb3dSCy Schubert 932b15cb3dSCy Schubert key = PEM_read_bio_PrivateKey(bio,NULL,NULL,NULL); 942b15cb3dSCy Schubert BIO_free(bio); 952b15cb3dSCy Schubert tt_assert(key); 962b15cb3dSCy Schubert 972b15cb3dSCy Schubert return key; 982b15cb3dSCy Schubert end: 992b15cb3dSCy Schubert return NULL; 1002b15cb3dSCy Schubert } 1012b15cb3dSCy Schubert 1022b15cb3dSCy Schubert static X509 * 1032b15cb3dSCy Schubert getcert(void) 1042b15cb3dSCy Schubert { 1052b15cb3dSCy Schubert /* Dummy code to make a quick-and-dirty valid certificate with 1062b15cb3dSCy Schubert OpenSSL. Don't copy this code into your own program! It does a 1072b15cb3dSCy Schubert number of things in a stupid and insecure way. */ 1082b15cb3dSCy Schubert X509 *x509 = NULL; 1092b15cb3dSCy Schubert X509_NAME *name = NULL; 1102b15cb3dSCy Schubert EVP_PKEY *key = getkey(); 1112b15cb3dSCy Schubert int nid; 1122b15cb3dSCy Schubert time_t now = time(NULL); 1132b15cb3dSCy Schubert 1142b15cb3dSCy Schubert tt_assert(key); 1152b15cb3dSCy Schubert 1162b15cb3dSCy Schubert x509 = X509_new(); 1172b15cb3dSCy Schubert tt_assert(x509); 1182b15cb3dSCy Schubert tt_assert(0 != X509_set_version(x509, 2)); 1192b15cb3dSCy Schubert tt_assert(0 != ASN1_INTEGER_set(X509_get_serialNumber(x509), 1202b15cb3dSCy Schubert (long)now)); 1212b15cb3dSCy Schubert 1222b15cb3dSCy Schubert name = X509_NAME_new(); 1232b15cb3dSCy Schubert tt_assert(name); 1242b15cb3dSCy Schubert nid = OBJ_txt2nid("commonName"); 1252b15cb3dSCy Schubert tt_assert(NID_undef != nid); 1262b15cb3dSCy Schubert tt_assert(0 != X509_NAME_add_entry_by_NID( 1272b15cb3dSCy Schubert name, nid, MBSTRING_ASC, (unsigned char*)"example.com", 1282b15cb3dSCy Schubert -1, -1, 0)); 1292b15cb3dSCy Schubert 1302b15cb3dSCy Schubert X509_set_subject_name(x509, name); 1312b15cb3dSCy Schubert X509_set_issuer_name(x509, name); 1322b15cb3dSCy Schubert 133*f0574f5cSXin LI #if OPENSSL_VERSION_NUMBER < 0x10100000L 1342b15cb3dSCy Schubert X509_time_adj(X509_get_notBefore(x509), 0, &now); 1352b15cb3dSCy Schubert now += 3600; 1362b15cb3dSCy Schubert X509_time_adj(X509_get_notAfter(x509), 0, &now); 137*f0574f5cSXin LI #else /* OPENSSL_VERSION_NUMBER >= 0x10100000L */ 138*f0574f5cSXin LI X509_time_adj(X509_getm_notBefore(x509), 0, &now); 139*f0574f5cSXin LI now += 3600; 140*f0574f5cSXin LI X509_time_adj(X509_getm_notAfter(x509), 0, &now); 141*f0574f5cSXin LI #endif /* OPENSSL_VERSION_NUMBER */ 1422b15cb3dSCy Schubert X509_set_pubkey(x509, key); 1432b15cb3dSCy Schubert tt_assert(0 != X509_sign(x509, key, EVP_sha1())); 1442b15cb3dSCy Schubert 1452b15cb3dSCy Schubert return x509; 1462b15cb3dSCy Schubert end: 1472b15cb3dSCy Schubert X509_free(x509); 1482b15cb3dSCy Schubert return NULL; 1492b15cb3dSCy Schubert } 1502b15cb3dSCy Schubert 1512b15cb3dSCy Schubert static int disable_tls_11_and_12 = 0; 1522b15cb3dSCy Schubert static SSL_CTX *the_ssl_ctx = NULL; 1532b15cb3dSCy Schubert 1542b15cb3dSCy Schubert static SSL_CTX * 1552b15cb3dSCy Schubert get_ssl_ctx(void) 1562b15cb3dSCy Schubert { 1572b15cb3dSCy Schubert if (the_ssl_ctx) 1582b15cb3dSCy Schubert return the_ssl_ctx; 1592b15cb3dSCy Schubert the_ssl_ctx = SSL_CTX_new(SSLv23_method()); 1602b15cb3dSCy Schubert if (!the_ssl_ctx) 1612b15cb3dSCy Schubert return NULL; 1622b15cb3dSCy Schubert if (disable_tls_11_and_12) { 1632b15cb3dSCy Schubert #ifdef SSL_OP_NO_TLSv1_2 1642b15cb3dSCy Schubert SSL_CTX_set_options(the_ssl_ctx, SSL_OP_NO_TLSv1_2); 1652b15cb3dSCy Schubert #endif 1662b15cb3dSCy Schubert #ifdef SSL_OP_NO_TLSv1_1 1672b15cb3dSCy Schubert SSL_CTX_set_options(the_ssl_ctx, SSL_OP_NO_TLSv1_1); 1682b15cb3dSCy Schubert #endif 1692b15cb3dSCy Schubert } 1702b15cb3dSCy Schubert return the_ssl_ctx; 1712b15cb3dSCy Schubert } 1722b15cb3dSCy Schubert 1732b15cb3dSCy Schubert static void 1742b15cb3dSCy Schubert init_ssl(void) 1752b15cb3dSCy Schubert { 1762b15cb3dSCy Schubert SSL_library_init(); 1772b15cb3dSCy Schubert ERR_load_crypto_strings(); 1782b15cb3dSCy Schubert SSL_load_error_strings(); 1792b15cb3dSCy Schubert OpenSSL_add_all_algorithms(); 180*f0574f5cSXin LI if (OpenSSL_version_num() != OPENSSL_VERSION_NUMBER) { 181*f0574f5cSXin LI TT_DECLARE("WARN", ("Version mismatch for openssl: compiled with %lx but running with %lx", (unsigned long)OPENSSL_VERSION_NUMBER, (unsigned long) OpenSSL_version_num())); 1822b15cb3dSCy Schubert } 1832b15cb3dSCy Schubert } 1842b15cb3dSCy Schubert 1852b15cb3dSCy Schubert /* ==================== 1862b15cb3dSCy Schubert Here's a simple test: we read a number from the input, increment it, and 1872b15cb3dSCy Schubert reply, until we get to 1001. 1882b15cb3dSCy Schubert */ 1892b15cb3dSCy Schubert 1902b15cb3dSCy Schubert static int test_is_done = 0; 1912b15cb3dSCy Schubert static int n_connected = 0; 1922b15cb3dSCy Schubert static int got_close = 0; 1932b15cb3dSCy Schubert static int got_error = 0; 1942b15cb3dSCy Schubert static int renegotiate_at = -1; 1952b15cb3dSCy Schubert static int stop_when_connected = 0; 1962b15cb3dSCy Schubert static int pending_connect_events = 0; 1972b15cb3dSCy Schubert static struct event_base *exit_base = NULL; 1982b15cb3dSCy Schubert 1992b15cb3dSCy Schubert static void 2002b15cb3dSCy Schubert respond_to_number(struct bufferevent *bev, void *ctx) 2012b15cb3dSCy Schubert { 2022b15cb3dSCy Schubert struct evbuffer *b = bufferevent_get_input(bev); 2032b15cb3dSCy Schubert char *line; 2042b15cb3dSCy Schubert int n; 2052b15cb3dSCy Schubert line = evbuffer_readln(b, NULL, EVBUFFER_EOL_LF); 2062b15cb3dSCy Schubert if (! line) 2072b15cb3dSCy Schubert return; 2082b15cb3dSCy Schubert n = atoi(line); 2092b15cb3dSCy Schubert if (n <= 0) 2102b15cb3dSCy Schubert TT_FAIL(("Bad number: %s", line)); 211a25439b6SCy Schubert free(line); 2122b15cb3dSCy Schubert TT_BLATHER(("The number was %d", n)); 2132b15cb3dSCy Schubert if (n == 1001) { 2142b15cb3dSCy Schubert ++test_is_done; 2152b15cb3dSCy Schubert bufferevent_free(bev); /* Should trigger close on other side. */ 2162b15cb3dSCy Schubert return; 2172b15cb3dSCy Schubert } 2182b15cb3dSCy Schubert if (!strcmp(ctx, "client") && n == renegotiate_at) { 2192b15cb3dSCy Schubert SSL_renegotiate(bufferevent_openssl_get_ssl(bev)); 2202b15cb3dSCy Schubert } 2212b15cb3dSCy Schubert ++n; 2222b15cb3dSCy Schubert evbuffer_add_printf(bufferevent_get_output(bev), 2232b15cb3dSCy Schubert "%d\n", n); 2242b15cb3dSCy Schubert TT_BLATHER(("Done reading; now writing.")); 2252b15cb3dSCy Schubert bufferevent_enable(bev, EV_WRITE); 2262b15cb3dSCy Schubert bufferevent_disable(bev, EV_READ); 2272b15cb3dSCy Schubert } 2282b15cb3dSCy Schubert 2292b15cb3dSCy Schubert static void 2302b15cb3dSCy Schubert done_writing_cb(struct bufferevent *bev, void *ctx) 2312b15cb3dSCy Schubert { 2322b15cb3dSCy Schubert struct evbuffer *b = bufferevent_get_output(bev); 2332b15cb3dSCy Schubert if (evbuffer_get_length(b)) 2342b15cb3dSCy Schubert return; 2352b15cb3dSCy Schubert TT_BLATHER(("Done writing.")); 2362b15cb3dSCy Schubert bufferevent_disable(bev, EV_WRITE); 2372b15cb3dSCy Schubert bufferevent_enable(bev, EV_READ); 2382b15cb3dSCy Schubert } 2392b15cb3dSCy Schubert 2402b15cb3dSCy Schubert static void 2412b15cb3dSCy Schubert eventcb(struct bufferevent *bev, short what, void *ctx) 2422b15cb3dSCy Schubert { 2432b15cb3dSCy Schubert TT_BLATHER(("Got event %d", (int)what)); 2442b15cb3dSCy Schubert if (what & BEV_EVENT_CONNECTED) { 2452b15cb3dSCy Schubert SSL *ssl; 2462b15cb3dSCy Schubert X509 *peer_cert; 2472b15cb3dSCy Schubert ++n_connected; 2482b15cb3dSCy Schubert ssl = bufferevent_openssl_get_ssl(bev); 2492b15cb3dSCy Schubert tt_assert(ssl); 2502b15cb3dSCy Schubert peer_cert = SSL_get_peer_certificate(ssl); 2512b15cb3dSCy Schubert if (0==strcmp(ctx, "server")) { 2522b15cb3dSCy Schubert tt_assert(peer_cert == NULL); 2532b15cb3dSCy Schubert } else { 2542b15cb3dSCy Schubert tt_assert(peer_cert != NULL); 2552b15cb3dSCy Schubert } 2562b15cb3dSCy Schubert if (stop_when_connected) { 2572b15cb3dSCy Schubert if (--pending_connect_events == 0) 2582b15cb3dSCy Schubert event_base_loopexit(exit_base, NULL); 2592b15cb3dSCy Schubert } 2602b15cb3dSCy Schubert } else if (what & BEV_EVENT_EOF) { 2612b15cb3dSCy Schubert TT_BLATHER(("Got a good EOF")); 2622b15cb3dSCy Schubert ++got_close; 2632b15cb3dSCy Schubert bufferevent_free(bev); 2642b15cb3dSCy Schubert } else if (what & BEV_EVENT_ERROR) { 2652b15cb3dSCy Schubert TT_BLATHER(("Got an error.")); 2662b15cb3dSCy Schubert ++got_error; 2672b15cb3dSCy Schubert bufferevent_free(bev); 2682b15cb3dSCy Schubert } 2692b15cb3dSCy Schubert end: 2702b15cb3dSCy Schubert ; 2712b15cb3dSCy Schubert } 2722b15cb3dSCy Schubert 2732b15cb3dSCy Schubert static void 2742b15cb3dSCy Schubert open_ssl_bufevs(struct bufferevent **bev1_out, struct bufferevent **bev2_out, 2752b15cb3dSCy Schubert struct event_base *base, int is_open, int flags, SSL *ssl1, SSL *ssl2, 2762b15cb3dSCy Schubert evutil_socket_t *fd_pair, struct bufferevent **underlying_pair) 2772b15cb3dSCy Schubert { 2782b15cb3dSCy Schubert int state1 = is_open ? BUFFEREVENT_SSL_OPEN :BUFFEREVENT_SSL_CONNECTING; 2792b15cb3dSCy Schubert int state2 = is_open ? BUFFEREVENT_SSL_OPEN :BUFFEREVENT_SSL_ACCEPTING; 2802b15cb3dSCy Schubert if (fd_pair) { 2812b15cb3dSCy Schubert *bev1_out = bufferevent_openssl_socket_new( 2822b15cb3dSCy Schubert base, fd_pair[0], ssl1, state1, flags); 2832b15cb3dSCy Schubert *bev2_out = bufferevent_openssl_socket_new( 2842b15cb3dSCy Schubert base, fd_pair[1], ssl2, state2, flags); 2852b15cb3dSCy Schubert } else { 2862b15cb3dSCy Schubert *bev1_out = bufferevent_openssl_filter_new( 2872b15cb3dSCy Schubert base, underlying_pair[0], ssl1, state1, flags); 2882b15cb3dSCy Schubert *bev2_out = bufferevent_openssl_filter_new( 2892b15cb3dSCy Schubert base, underlying_pair[1], ssl2, state2, flags); 2902b15cb3dSCy Schubert 2912b15cb3dSCy Schubert } 2922b15cb3dSCy Schubert bufferevent_setcb(*bev1_out, respond_to_number, done_writing_cb, 2932b15cb3dSCy Schubert eventcb, (void*)"client"); 2942b15cb3dSCy Schubert bufferevent_setcb(*bev2_out, respond_to_number, done_writing_cb, 2952b15cb3dSCy Schubert eventcb, (void*)"server"); 2962b15cb3dSCy Schubert } 2972b15cb3dSCy Schubert 2982b15cb3dSCy Schubert static void 2992b15cb3dSCy Schubert regress_bufferevent_openssl(void *arg) 3002b15cb3dSCy Schubert { 3012b15cb3dSCy Schubert struct basic_test_data *data = arg; 3022b15cb3dSCy Schubert 3032b15cb3dSCy Schubert struct bufferevent *bev1, *bev2; 3042b15cb3dSCy Schubert SSL *ssl1, *ssl2; 3052b15cb3dSCy Schubert X509 *cert = getcert(); 3062b15cb3dSCy Schubert EVP_PKEY *key = getkey(); 3072b15cb3dSCy Schubert const int start_open = strstr((char*)data->setup_data, "open")!=NULL; 3082b15cb3dSCy Schubert const int filter = strstr((char*)data->setup_data, "filter")!=NULL; 3092b15cb3dSCy Schubert int flags = BEV_OPT_DEFER_CALLBACKS; 3102b15cb3dSCy Schubert struct bufferevent *bev_ll[2] = { NULL, NULL }; 3112b15cb3dSCy Schubert evutil_socket_t *fd_pair = NULL; 3122b15cb3dSCy Schubert 3132b15cb3dSCy Schubert tt_assert(cert); 3142b15cb3dSCy Schubert tt_assert(key); 3152b15cb3dSCy Schubert 3162b15cb3dSCy Schubert init_ssl(); 3172b15cb3dSCy Schubert 3182b15cb3dSCy Schubert if (strstr((char*)data->setup_data, "renegotiate")) { 319*f0574f5cSXin LI if (OpenSSL_version_num() >= 0x10001000 && 320*f0574f5cSXin LI OpenSSL_version_num() < 0x1000104f) { 3212b15cb3dSCy Schubert /* 1.0.1 up to 1.0.1c has a bug where TLS1.1 and 1.2 3222b15cb3dSCy Schubert * can't renegotiate with themselves. Disable. */ 3232b15cb3dSCy Schubert disable_tls_11_and_12 = 1; 3242b15cb3dSCy Schubert } 3252b15cb3dSCy Schubert renegotiate_at = 600; 3262b15cb3dSCy Schubert } 3272b15cb3dSCy Schubert 3282b15cb3dSCy Schubert ssl1 = SSL_new(get_ssl_ctx()); 3292b15cb3dSCy Schubert ssl2 = SSL_new(get_ssl_ctx()); 3302b15cb3dSCy Schubert 3312b15cb3dSCy Schubert SSL_use_certificate(ssl2, cert); 3322b15cb3dSCy Schubert SSL_use_PrivateKey(ssl2, key); 3332b15cb3dSCy Schubert 3342b15cb3dSCy Schubert if (! start_open) 3352b15cb3dSCy Schubert flags |= BEV_OPT_CLOSE_ON_FREE; 3362b15cb3dSCy Schubert 3372b15cb3dSCy Schubert if (!filter) { 3382b15cb3dSCy Schubert tt_assert(strstr((char*)data->setup_data, "socketpair")); 3392b15cb3dSCy Schubert fd_pair = data->pair; 3402b15cb3dSCy Schubert } else { 3412b15cb3dSCy Schubert bev_ll[0] = bufferevent_socket_new(data->base, data->pair[0], 3422b15cb3dSCy Schubert BEV_OPT_CLOSE_ON_FREE); 3432b15cb3dSCy Schubert bev_ll[1] = bufferevent_socket_new(data->base, data->pair[1], 3442b15cb3dSCy Schubert BEV_OPT_CLOSE_ON_FREE); 3452b15cb3dSCy Schubert } 3462b15cb3dSCy Schubert 3472b15cb3dSCy Schubert open_ssl_bufevs(&bev1, &bev2, data->base, 0, flags, ssl1, ssl2, 3482b15cb3dSCy Schubert fd_pair, bev_ll); 3492b15cb3dSCy Schubert 3502b15cb3dSCy Schubert if (!filter) { 3512b15cb3dSCy Schubert tt_int_op(bufferevent_getfd(bev1), ==, data->pair[0]); 3522b15cb3dSCy Schubert } else { 3532b15cb3dSCy Schubert tt_ptr_op(bufferevent_get_underlying(bev1), ==, bev_ll[0]); 3542b15cb3dSCy Schubert } 3552b15cb3dSCy Schubert 3562b15cb3dSCy Schubert if (start_open) { 3572b15cb3dSCy Schubert pending_connect_events = 2; 3582b15cb3dSCy Schubert stop_when_connected = 1; 3592b15cb3dSCy Schubert exit_base = data->base; 3602b15cb3dSCy Schubert event_base_dispatch(data->base); 3612b15cb3dSCy Schubert /* Okay, now the renegotiation is done. Make new 3622b15cb3dSCy Schubert * bufferevents to test opening in BUFFEREVENT_SSL_OPEN */ 3632b15cb3dSCy Schubert flags |= BEV_OPT_CLOSE_ON_FREE; 3642b15cb3dSCy Schubert bufferevent_free(bev1); 3652b15cb3dSCy Schubert bufferevent_free(bev2); 3662b15cb3dSCy Schubert bev1 = bev2 = NULL; 3672b15cb3dSCy Schubert open_ssl_bufevs(&bev1, &bev2, data->base, 1, flags, ssl1, ssl2, 3682b15cb3dSCy Schubert fd_pair, bev_ll); 3692b15cb3dSCy Schubert } 3702b15cb3dSCy Schubert 3712b15cb3dSCy Schubert bufferevent_enable(bev1, EV_READ|EV_WRITE); 3722b15cb3dSCy Schubert bufferevent_enable(bev2, EV_READ|EV_WRITE); 3732b15cb3dSCy Schubert 3742b15cb3dSCy Schubert evbuffer_add_printf(bufferevent_get_output(bev1), "1\n"); 3752b15cb3dSCy Schubert 3762b15cb3dSCy Schubert event_base_dispatch(data->base); 3772b15cb3dSCy Schubert 3782b15cb3dSCy Schubert tt_assert(test_is_done == 1); 3792b15cb3dSCy Schubert tt_assert(n_connected == 2); 3802b15cb3dSCy Schubert 3812b15cb3dSCy Schubert /* We don't handle shutdown properly yet. 3822b15cb3dSCy Schubert tt_int_op(got_close, ==, 1); 3832b15cb3dSCy Schubert tt_int_op(got_error, ==, 0); 3842b15cb3dSCy Schubert */ 3852b15cb3dSCy Schubert end: 3862b15cb3dSCy Schubert return; 3872b15cb3dSCy Schubert } 3882b15cb3dSCy Schubert 3892b15cb3dSCy Schubert static void 3902b15cb3dSCy Schubert acceptcb(struct evconnlistener *listener, evutil_socket_t fd, 3912b15cb3dSCy Schubert struct sockaddr *addr, int socklen, void *arg) 3922b15cb3dSCy Schubert { 3932b15cb3dSCy Schubert struct basic_test_data *data = arg; 3942b15cb3dSCy Schubert struct bufferevent *bev; 3952b15cb3dSCy Schubert SSL *ssl = SSL_new(get_ssl_ctx()); 3962b15cb3dSCy Schubert 3972b15cb3dSCy Schubert SSL_use_certificate(ssl, getcert()); 3982b15cb3dSCy Schubert SSL_use_PrivateKey(ssl, getkey()); 3992b15cb3dSCy Schubert 4002b15cb3dSCy Schubert bev = bufferevent_openssl_socket_new( 4012b15cb3dSCy Schubert data->base, 4022b15cb3dSCy Schubert fd, 4032b15cb3dSCy Schubert ssl, 4042b15cb3dSCy Schubert BUFFEREVENT_SSL_ACCEPTING, 4052b15cb3dSCy Schubert BEV_OPT_CLOSE_ON_FREE|BEV_OPT_DEFER_CALLBACKS); 4062b15cb3dSCy Schubert 4072b15cb3dSCy Schubert bufferevent_setcb(bev, respond_to_number, NULL, eventcb, 4082b15cb3dSCy Schubert (void*)"server"); 4092b15cb3dSCy Schubert 4102b15cb3dSCy Schubert bufferevent_enable(bev, EV_READ|EV_WRITE); 4112b15cb3dSCy Schubert 4122b15cb3dSCy Schubert /* Only accept once, then disable ourself. */ 4132b15cb3dSCy Schubert evconnlistener_disable(listener); 4142b15cb3dSCy Schubert } 4152b15cb3dSCy Schubert 4162b15cb3dSCy Schubert static void 4172b15cb3dSCy Schubert regress_bufferevent_openssl_connect(void *arg) 4182b15cb3dSCy Schubert { 4192b15cb3dSCy Schubert struct basic_test_data *data = arg; 4202b15cb3dSCy Schubert 4212b15cb3dSCy Schubert struct event_base *base = data->base; 4222b15cb3dSCy Schubert 4232b15cb3dSCy Schubert struct evconnlistener *listener; 4242b15cb3dSCy Schubert struct bufferevent *bev; 4252b15cb3dSCy Schubert struct sockaddr_in sin; 4262b15cb3dSCy Schubert struct sockaddr_storage ss; 4272b15cb3dSCy Schubert ev_socklen_t slen; 4282b15cb3dSCy Schubert 4292b15cb3dSCy Schubert init_ssl(); 4302b15cb3dSCy Schubert 4312b15cb3dSCy Schubert memset(&sin, 0, sizeof(sin)); 4322b15cb3dSCy Schubert sin.sin_family = AF_INET; 4332b15cb3dSCy Schubert sin.sin_addr.s_addr = htonl(0x7f000001); 4342b15cb3dSCy Schubert 4352b15cb3dSCy Schubert memset(&ss, 0, sizeof(ss)); 4362b15cb3dSCy Schubert slen = sizeof(ss); 4372b15cb3dSCy Schubert 4382b15cb3dSCy Schubert listener = evconnlistener_new_bind(base, acceptcb, data, 4392b15cb3dSCy Schubert LEV_OPT_CLOSE_ON_FREE|LEV_OPT_REUSEABLE, 4402b15cb3dSCy Schubert -1, (struct sockaddr *)&sin, sizeof(sin)); 4412b15cb3dSCy Schubert 4422b15cb3dSCy Schubert tt_assert(listener); 4432b15cb3dSCy Schubert tt_assert(evconnlistener_get_fd(listener) >= 0); 4442b15cb3dSCy Schubert 4452b15cb3dSCy Schubert bev = bufferevent_openssl_socket_new( 4462b15cb3dSCy Schubert data->base, -1, SSL_new(get_ssl_ctx()), 4472b15cb3dSCy Schubert BUFFEREVENT_SSL_CONNECTING, 4482b15cb3dSCy Schubert BEV_OPT_CLOSE_ON_FREE|BEV_OPT_DEFER_CALLBACKS); 4492b15cb3dSCy Schubert tt_assert(bev); 4502b15cb3dSCy Schubert 4512b15cb3dSCy Schubert bufferevent_setcb(bev, respond_to_number, NULL, eventcb, 4522b15cb3dSCy Schubert (void*)"client"); 4532b15cb3dSCy Schubert 4542b15cb3dSCy Schubert tt_assert(getsockname(evconnlistener_get_fd(listener), 4552b15cb3dSCy Schubert (struct sockaddr*)&ss, &slen) == 0); 4562b15cb3dSCy Schubert tt_assert(slen == sizeof(struct sockaddr_in)); 4572b15cb3dSCy Schubert tt_int_op(((struct sockaddr*)&ss)->sa_family, ==, AF_INET); 4582b15cb3dSCy Schubert tt_int_op(((struct sockaddr*)&ss)->sa_family, ==, AF_INET); 4592b15cb3dSCy Schubert 4602b15cb3dSCy Schubert tt_assert(0 == 4612b15cb3dSCy Schubert bufferevent_socket_connect(bev, (struct sockaddr*)&ss, slen)); 4622b15cb3dSCy Schubert evbuffer_add_printf(bufferevent_get_output(bev), "1\n"); 4632b15cb3dSCy Schubert bufferevent_enable(bev, EV_READ|EV_WRITE); 4642b15cb3dSCy Schubert 4652b15cb3dSCy Schubert event_base_dispatch(base); 4662b15cb3dSCy Schubert end: 4672b15cb3dSCy Schubert ; 4682b15cb3dSCy Schubert } 4692b15cb3dSCy Schubert 4702b15cb3dSCy Schubert struct testcase_t ssl_testcases[] = { 4712b15cb3dSCy Schubert 4722b15cb3dSCy Schubert { "bufferevent_socketpair", regress_bufferevent_openssl, TT_ISOLATED, 4732b15cb3dSCy Schubert &basic_setup, (void*)"socketpair" }, 4742b15cb3dSCy Schubert { "bufferevent_filter", regress_bufferevent_openssl, 4752b15cb3dSCy Schubert TT_ISOLATED, 4762b15cb3dSCy Schubert &basic_setup, (void*)"filter" }, 4772b15cb3dSCy Schubert { "bufferevent_renegotiate_socketpair", regress_bufferevent_openssl, 4782b15cb3dSCy Schubert TT_ISOLATED, 4792b15cb3dSCy Schubert &basic_setup, (void*)"socketpair renegotiate" }, 4802b15cb3dSCy Schubert { "bufferevent_renegotiate_filter", regress_bufferevent_openssl, 4812b15cb3dSCy Schubert TT_ISOLATED, 4822b15cb3dSCy Schubert &basic_setup, (void*)"filter renegotiate" }, 4832b15cb3dSCy Schubert { "bufferevent_socketpair_startopen", regress_bufferevent_openssl, 4842b15cb3dSCy Schubert TT_ISOLATED, &basic_setup, (void*)"socketpair open" }, 4852b15cb3dSCy Schubert { "bufferevent_filter_startopen", regress_bufferevent_openssl, 4862b15cb3dSCy Schubert TT_ISOLATED, &basic_setup, (void*)"filter open" }, 4872b15cb3dSCy Schubert 4882b15cb3dSCy Schubert { "bufferevent_connect", regress_bufferevent_openssl_connect, 4892b15cb3dSCy Schubert TT_FORK|TT_NEED_BASE, &basic_setup, NULL }, 4902b15cb3dSCy Schubert 4912b15cb3dSCy Schubert END_OF_TESTCASES, 4922b15cb3dSCy Schubert }; 493