kc3-lang/libevent/test/regress_ssl.c

Branch : - branch - master - tag - release-1.1b release-1.4.0-beta release-1.4.1-beta release-1.4.10-stable release-1.4.11-stable release-1.4.12-stable release-1.4.13-stable release-1.4.14-stable release-1.4.14b-stable release-1.4.15-stable release-1.4.2-rc release-1.4.3-stable release-1.4.4-stable release-1.4.5-stable release-1.4.6 release-1.4.7-stable release-1.4.8-stable release-1.4.9-stable release-2.0.1-alpha release-2.0.10-stable release-2.0.11-stable release-2.0.12-stable release-2.0.13-stable release-2.0.14-stable release-2.0.15-stable release-2.0.16-stable release-2.0.17-stable release-2.0.18-stable release-2.0.19-stable release-2.0.20-stable release-2.0.21-stable release-2.0.22-stable release-2.0.23-beta release-2.0.3-alpha release-2.0.4-alpha release-2.0.5-beta release-2.0.6-rc release-2.0.7-rc release-2.0.8-rc release-2.0.9-rc release-2.1.1-alpha release-2.1.10-stable release-2.1.11-stable release-2.1.12-stable release-2.1.2-alpha release-2.1.3-alpha release-2.1.4-alpha release-2.1.5-beta release-2.1.6-beta release-2.1.7-rc release-2.1.8-stable release-2.1.9-beta release-2.2.1-alpha

• Show log

  Commit

• Author : Joakim Soderberg
  Date : 2013-12-17 14:32:07
  Hash : 0ef1d04e
  Message : Get rid of unknown pragma warnings.

• test/regress_ssl.c

• /*
   * Copyright (c) 2009-2012 Niels Provos and Nick Mathewson
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer.
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in the
   *    documentation and/or other materials provided with the distribution.
   * 3. The name of the author may not be used to endorse or promote products
   *    derived from this software without specific prior written permission.
   *
   * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
   * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
   * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
   * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
   * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
   * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
   * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
   * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
   * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
   */
  
  // Get rid of OSX 10.7 and greater deprecation warnings.
  #ifdef __clang__
  #pragma clang diagnostic ignored "-Wdeprecated-declarations"
  #endif
  
  #ifdef _WIN32
  #include <winsock2.h>
  #include <windows.h>
  #endif
  
  #ifndef _WIN32
  #include <sys/types.h>
  #include <sys/socket.h>
  #include <netinet/in.h>
  #endif
  
  #include "event2/util.h"
  #include "event2/event.h"
  #include "event2/bufferevent_ssl.h"
  #include "event2/buffer.h"
  #include "event2/listener.h"
  
  #include "regress.h"
  #include "tinytest.h"
  #include "tinytest_macros.h"
  
  #include <openssl/ssl.h>
  #include <openssl/bio.h>
  #include <openssl/err.h>
  #include <openssl/pem.h>
  
  #include <string.h>
  
  /* A short pre-generated key, to save the cost of doing an RSA key generation
   * step during the unit tests.  It's only 512 bits long, and it is published
   * in this file, so you would have to be very foolish to consider using it in
   * your own code. */
  static const char KEY[] =
      "-----BEGIN RSA PRIVATE KEY-----\n"
      "MIIBOgIBAAJBAKibTEzXjj+sqpipePX1lEk5BNFuL/dDBbw8QCXgaJWikOiKHeJq\n"
      "3FQ0OmCnmpkdsPFE4x3ojYmmdgE2i0dJwq0CAwEAAQJAZ08gpUS+qE1IClps/2gG\n"
      "AAer6Bc31K2AaiIQvCSQcH440cp062QtWMC3V5sEoWmdLsbAHFH26/9ZHn5zAflp\n"
      "gQIhANWOx/UYeR8HD0WREU5kcuSzgzNLwUErHLzxP7U6aojpAiEAyh2H35CjN/P7\n"
      "NhcZ4QYw3PeUWpqgJnaE/4i80BSYkSUCIQDLHFhLYLJZ80HwHTADif/ISn9/Ow6b\n"
      "p6BWh3DbMar/eQIgBPS6azH5vpp983KXkNv9AL4VZi9ac/b+BeINdzC6GP0CIDmB\n"
      "U6GFEQTZ3IfuiVabG5pummdC4DNbcdI+WKrSFNmQ\n"
      "-----END RSA PRIVATE KEY-----\n";
  
  static EVP_PKEY *
  getkey(void)
  {
  	EVP_PKEY *key;
  	BIO *bio;
  
  	/* new read-only BIO backed by KEY. */
  	bio = BIO_new_mem_buf((char*)KEY, -1);
  	tt_assert(bio);
  
  	key = PEM_read_bio_PrivateKey(bio,NULL,NULL,NULL);
  	BIO_free(bio);
  	tt_assert(key);
  
  	return key;
  end:
  	return NULL;
  }
  
  static X509 *
  getcert(void)
  {
  	/* Dummy code to make a quick-and-dirty valid certificate with
  	   OpenSSL.  Don't copy this code into your own program! It does a
  	   number of things in a stupid and insecure way. */
  	X509 *x509 = NULL;
  	X509_NAME *name = NULL;
  	EVP_PKEY *key = getkey();
  	int nid;
  	time_t now = time(NULL);
  
  	tt_assert(key);
  
  	x509 = X509_new();
  	tt_assert(x509);
  	tt_assert(0 != X509_set_version(x509, 2));
  	tt_assert(0 != ASN1_INTEGER_set(X509_get_serialNumber(x509),
  		(long)now));
  
  	name = X509_NAME_new();
  	tt_assert(name);
  	nid = OBJ_txt2nid("commonName");
  	tt_assert(NID_undef != nid);
  	tt_assert(0 != X509_NAME_add_entry_by_NID(
  		    name, nid, MBSTRING_ASC, (unsigned char*)"example.com",
  		    -1, -1, 0));
  
  	X509_set_subject_name(x509, name);
  	X509_set_issuer_name(x509, name);
  
  	X509_time_adj(X509_get_notBefore(x509), 0, &now);
  	now += 3600;
  	X509_time_adj(X509_get_notAfter(x509), 0, &now);
  	X509_set_pubkey(x509, key);
  	tt_assert(0 != X509_sign(x509, key, EVP_sha1()));
  
  	return x509;
  end:
  	X509_free(x509);
  	return NULL;
  }
  
  static int disable_tls_11_and_12 = 0;
  static SSL_CTX *the_ssl_ctx = NULL;
  
  static SSL_CTX *
  get_ssl_ctx(void)
  {
  	if (the_ssl_ctx)
  		return the_ssl_ctx;
  	the_ssl_ctx = SSL_CTX_new(SSLv23_method());
  	if (!the_ssl_ctx)
  		return NULL;
  	if (disable_tls_11_and_12) {
  #ifdef SSL_OP_NO_TLSv1_2
  		SSL_CTX_set_options(the_ssl_ctx, SSL_OP_NO_TLSv1_2);
  #endif
  #ifdef SSL_OP_NO_TLSv1_1
  		SSL_CTX_set_options(the_ssl_ctx, SSL_OP_NO_TLSv1_1);
  #endif
  	}
  	return the_ssl_ctx;
  }
  
  static void
  init_ssl(void)
  {
  	SSL_library_init();
  	ERR_load_crypto_strings();
  	SSL_load_error_strings();
  	OpenSSL_add_all_algorithms();
  	if (SSLeay() != OPENSSL_VERSION_NUMBER) {
  		TT_DECLARE("WARN", ("Version mismatch for openssl: compiled with %lx but running with %lx", (unsigned long)OPENSSL_VERSION_NUMBER, (unsigned long) SSLeay()));
  	}
  }
  
  /* ====================
     Here's a simple test: we read a number from the input, increment it, and
     reply, until we get to 1001.
  */
  
  static int test_is_done = 0;
  static int n_connected = 0;
  static int got_close = 0;
  static int got_error = 0;
  static int renegotiate_at = -1;
  static int stop_when_connected = 0;
  static int pending_connect_events = 0;
  static struct event_base *exit_base = NULL;
  
  static void
  respond_to_number(struct bufferevent *bev, void *ctx)
  {
  	struct evbuffer *b = bufferevent_get_input(bev);
  	char *line;
  	int n;
  	line = evbuffer_readln(b, NULL, EVBUFFER_EOL_LF);
  	if (! line)
  		return;
  	n = atoi(line);
  	if (n <= 0)
  		TT_FAIL(("Bad number: %s", line));
  	TT_BLATHER(("The number was %d", n));
  	if (n == 1001) {
  		++test_is_done;
  		bufferevent_free(bev); /* Should trigger close on other side. */
  		return;
  	}
  	if (!strcmp(ctx, "client") && n == renegotiate_at) {
  		SSL_renegotiate(bufferevent_openssl_get_ssl(bev));
  	}
  	++n;
  	evbuffer_add_printf(bufferevent_get_output(bev),
  	    "%d\n", n);
  	TT_BLATHER(("Done reading; now writing."));
  	bufferevent_enable(bev, EV_WRITE);
  	bufferevent_disable(bev, EV_READ);
  }
  
  static void
  done_writing_cb(struct bufferevent *bev, void *ctx)
  {
  	struct evbuffer *b = bufferevent_get_output(bev);
  	if (evbuffer_get_length(b))
  		return;
  	TT_BLATHER(("Done writing."));
  	bufferevent_disable(bev, EV_WRITE);
  	bufferevent_enable(bev, EV_READ);
  }
  
  static void
  eventcb(struct bufferevent *bev, short what, void *ctx)
  {
  	TT_BLATHER(("Got event %d", (int)what));
  	if (what & BEV_EVENT_CONNECTED) {
  		SSL *ssl;
  		X509 *peer_cert;
  		++n_connected;
  		ssl = bufferevent_openssl_get_ssl(bev);
  		tt_assert(ssl);
  		peer_cert = SSL_get_peer_certificate(ssl);
  		if (0==strcmp(ctx, "server")) {
  			tt_assert(peer_cert == NULL);
  		} else {
  			tt_assert(peer_cert != NULL);
  		}
  		if (stop_when_connected) {
  			if (--pending_connect_events == 0)
  				event_base_loopexit(exit_base, NULL);
  		}
  	} else if (what & BEV_EVENT_EOF) {
  		TT_BLATHER(("Got a good EOF"));
  		++got_close;
  		bufferevent_free(bev);
  	} else if (what & BEV_EVENT_ERROR) {
  		TT_BLATHER(("Got an error."));
  		++got_error;
  		bufferevent_free(bev);
  	}
  end:
  	;
  }
  
  static void
  open_ssl_bufevs(struct bufferevent **bev1_out, struct bufferevent **bev2_out,
      struct event_base *base, int is_open, int flags, SSL *ssl1, SSL *ssl2,
      evutil_socket_t *fd_pair, struct bufferevent **underlying_pair)
  {
  	int state1 = is_open ? BUFFEREVENT_SSL_OPEN :BUFFEREVENT_SSL_CONNECTING;
  	int state2 = is_open ? BUFFEREVENT_SSL_OPEN :BUFFEREVENT_SSL_ACCEPTING;
  	if (fd_pair) {
  		*bev1_out = bufferevent_openssl_socket_new(
  			base, fd_pair[0], ssl1, state1, flags);
  		*bev2_out = bufferevent_openssl_socket_new(
  			base, fd_pair[1], ssl2, state2, flags);
  	} else {
  		*bev1_out = bufferevent_openssl_filter_new(
  			base, underlying_pair[0], ssl1, state1, flags);
  		*bev2_out = bufferevent_openssl_filter_new(
  			base, underlying_pair[1], ssl2, state2, flags);
  
  	}
  	bufferevent_setcb(*bev1_out, respond_to_number, done_writing_cb,
  	    eventcb, (void*)"client");
  	bufferevent_setcb(*bev2_out, respond_to_number, done_writing_cb,
  	    eventcb, (void*)"server");
  }
  
  static void
  regress_bufferevent_openssl(void *arg)
  {
  	struct basic_test_data *data = arg;
  
  	struct bufferevent *bev1, *bev2;
  	SSL *ssl1, *ssl2;
  	X509 *cert = getcert();
  	EVP_PKEY *key = getkey();
  	const int start_open = strstr((char*)data->setup_data, "open")!=NULL;
  	const int filter = strstr((char*)data->setup_data, "filter")!=NULL;
  	int flags = BEV_OPT_DEFER_CALLBACKS;
  	struct bufferevent *bev_ll[2] = { NULL, NULL };
  	evutil_socket_t *fd_pair = NULL;
  
  	tt_assert(cert);
  	tt_assert(key);
  
  	init_ssl();
  
  	if (strstr((char*)data->setup_data, "renegotiate")) {
  		if (SSLeay() >= 0x10001000 &&
  		    SSLeay() <  0x1000104f) {
  			/* 1.0.1 up to 1.0.1c has a bug where TLS1.1 and 1.2
  			 * can't renegotiate with themselves. Disable. */
  			disable_tls_11_and_12 = 1;
  		}
  		renegotiate_at = 600;
  	}
  
  	ssl1 = SSL_new(get_ssl_ctx());
  	ssl2 = SSL_new(get_ssl_ctx());
  
  	SSL_use_certificate(ssl2, cert);
  	SSL_use_PrivateKey(ssl2, key);
  
  	if (! start_open)
  		flags |= BEV_OPT_CLOSE_ON_FREE;
  
  	if (!filter) {
  		tt_assert(strstr((char*)data->setup_data, "socketpair"));
  		fd_pair = data->pair;
  	} else {
  		bev_ll[0] = bufferevent_socket_new(data->base, data->pair[0],
  		    BEV_OPT_CLOSE_ON_FREE);
  		bev_ll[1] = bufferevent_socket_new(data->base, data->pair[1],
  		    BEV_OPT_CLOSE_ON_FREE);
  	}
  
  	open_ssl_bufevs(&bev1, &bev2, data->base, 0, flags, ssl1, ssl2,
  	    fd_pair, bev_ll);
  
  	if (!filter) {
  		tt_int_op(bufferevent_getfd(bev1), ==, data->pair[0]);
  	} else {
  		tt_ptr_op(bufferevent_get_underlying(bev1), ==, bev_ll[0]);
  	}
  
  	if (start_open) {
  		pending_connect_events = 2;
  		stop_when_connected = 1;
  		exit_base = data->base;
  		event_base_dispatch(data->base);
  		/* Okay, now the renegotiation is done.  Make new
  		 * bufferevents to test opening in BUFFEREVENT_SSL_OPEN */
  		flags |= BEV_OPT_CLOSE_ON_FREE;
  		bufferevent_free(bev1);
  		bufferevent_free(bev2);
  		bev1 = bev2 = NULL;
  		open_ssl_bufevs(&bev1, &bev2, data->base, 1, flags, ssl1, ssl2,
  		    fd_pair, bev_ll);
  	}
  
  	bufferevent_enable(bev1, EV_READ|EV_WRITE);
  	bufferevent_enable(bev2, EV_READ|EV_WRITE);
  
  	evbuffer_add_printf(bufferevent_get_output(bev1), "1\n");
  
  	event_base_dispatch(data->base);
  
  	tt_assert(test_is_done == 1);
  	tt_assert(n_connected == 2);
  
  	/* We don't handle shutdown properly yet.
  	   tt_int_op(got_close, ==, 1);
  	   tt_int_op(got_error, ==, 0);
  	*/
  end:
  	return;
  }
  
  static void
  acceptcb(struct evconnlistener *listener, evutil_socket_t fd,
      struct sockaddr *addr, int socklen, void *arg)
  {
  	struct basic_test_data *data = arg;
  	struct bufferevent *bev;
  	SSL *ssl = SSL_new(get_ssl_ctx());
  
  	SSL_use_certificate(ssl, getcert());
  	SSL_use_PrivateKey(ssl, getkey());
  
  	bev = bufferevent_openssl_socket_new(
  		data->base,
  		fd,
  		ssl,
  		BUFFEREVENT_SSL_ACCEPTING,
  		BEV_OPT_CLOSE_ON_FREE|BEV_OPT_DEFER_CALLBACKS);
  
  	bufferevent_setcb(bev, respond_to_number, NULL, eventcb,
  	    (void*)"server");
  
  	bufferevent_enable(bev, EV_READ|EV_WRITE);
  
  	/* Only accept once, then disable ourself. */
  	evconnlistener_disable(listener);
  }
  
  static void
  regress_bufferevent_openssl_connect(void *arg)
  {
  	struct basic_test_data *data = arg;
  
  	struct event_base *base = data->base;
  
  	struct evconnlistener *listener;
  	struct bufferevent *bev;
  	struct sockaddr_in sin;
  	struct sockaddr_storage ss;
  	ev_socklen_t slen;
  
  	init_ssl();
  
  	memset(&sin, 0, sizeof(sin));
  	sin.sin_family = AF_INET;
  	sin.sin_addr.s_addr = htonl(0x7f000001);
  
  	memset(&ss, 0, sizeof(ss));
  	slen = sizeof(ss);
  
  	listener = evconnlistener_new_bind(base, acceptcb, data,
  	    LEV_OPT_CLOSE_ON_FREE|LEV_OPT_REUSEABLE,
  	    -1, (struct sockaddr *)&sin, sizeof(sin));
  
  	tt_assert(listener);
  	tt_assert(evconnlistener_get_fd(listener) >= 0);
  
  	bev = bufferevent_openssl_socket_new(
  		data->base, -1, SSL_new(get_ssl_ctx()),
  		BUFFEREVENT_SSL_CONNECTING,
  		BEV_OPT_CLOSE_ON_FREE|BEV_OPT_DEFER_CALLBACKS);
  	tt_assert(bev);
  
  	bufferevent_setcb(bev, respond_to_number, NULL, eventcb,
  	    (void*)"client");
  
  	tt_assert(getsockname(evconnlistener_get_fd(listener),
  		(struct sockaddr*)&ss, &slen) == 0);
  	tt_assert(slen == sizeof(struct sockaddr_in));
  	tt_int_op(((struct sockaddr*)&ss)->sa_family, ==, AF_INET);
  	tt_int_op(((struct sockaddr*)&ss)->sa_family, ==, AF_INET);
  
  	tt_assert(0 ==
  	    bufferevent_socket_connect(bev, (struct sockaddr*)&ss, slen));
  	evbuffer_add_printf(bufferevent_get_output(bev), "1\n");
  	bufferevent_enable(bev, EV_READ|EV_WRITE);
  
  	event_base_dispatch(base);
  end:
  	;
  }
  
  struct testcase_t ssl_testcases[] = {
  
  	{ "bufferevent_socketpair", regress_bufferevent_openssl, TT_ISOLATED,
  	  &basic_setup, (void*)"socketpair" },
  	{ "bufferevent_filter", regress_bufferevent_openssl,
  	  TT_ISOLATED,
  	  &basic_setup, (void*)"filter" },
  	{ "bufferevent_renegotiate_socketpair", regress_bufferevent_openssl,
  	  TT_ISOLATED,
  	  &basic_setup, (void*)"socketpair renegotiate" },
  	{ "bufferevent_renegotiate_filter", regress_bufferevent_openssl,
  	  TT_ISOLATED,
  	  &basic_setup, (void*)"filter renegotiate" },
  	{ "bufferevent_socketpair_startopen", regress_bufferevent_openssl,
  	  TT_ISOLATED, &basic_setup, (void*)"socketpair open" },
  	{ "bufferevent_filter_startopen", regress_bufferevent_openssl,
  	  TT_ISOLATED, &basic_setup, (void*)"filter open" },
  
  	{ "bufferevent_connect", regress_bufferevent_openssl_connect,
  	  TT_FORK|TT_NEED_BASE, &basic_setup, NULL },
  
  	END_OF_TESTCASES,
  };