search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
MiniDLNA update: 1.0.19.1 to 1.0.20
[tomato.git] / release / src / router / libevent / test / regress_ssl.c
blobe16bf8b3160ec45652c978542c7309c606c48bb8
1 /*
2 * Copyright (c) 2009-2010 Niels Provos and Nick Mathewson
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 * 3. The name of the author may not be used to endorse or promote products
13 * derived from this software without specific prior written permission.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 */
26
27 #ifdef WIN32
28 #include <winsock2.h>
29 #include <windows.h>
30 #endif
31
32 #ifndef WIN32
33 #include <sys/socket.h>
34 #include <netinet/in.h>
35 #endif
36
37 #include "event2/util.h"
38 #include "event2/event.h"
39 #include "event2/bufferevent_ssl.h"
40 #include "event2/buffer.h"
41 #include "event2/listener.h"
42
43 #include "regress.h"
44 #include "tinytest.h"
45 #include "tinytest_macros.h"
46
47 #include <openssl/ssl.h>
48 #include <openssl/bio.h>
49 #include <openssl/err.h>
50 #include <openssl/pem.h>
51
52 #include <string.h>
53
54 /* A short pre-generated key, to save the cost of doing an RSA key generation
55 * step during the unit tests. It's only 512 bits long, and it is published
56 * in this file, so you would have to be very foolish to consider using it in
57 * your own code. */
58 static const char KEY[] =
59 "-----BEGIN RSA PRIVATE KEY-----\n"
60 "MIIBOgIBAAJBAKibTEzXjj+sqpipePX1lEk5BNFuL/dDBbw8QCXgaJWikOiKHeJq\n"
61 "3FQ0OmCnmpkdsPFE4x3ojYmmdgE2i0dJwq0CAwEAAQJAZ08gpUS+qE1IClps/2gG\n"
62 "AAer6Bc31K2AaiIQvCSQcH440cp062QtWMC3V5sEoWmdLsbAHFH26/9ZHn5zAflp\n"
63 "gQIhANWOx/UYeR8HD0WREU5kcuSzgzNLwUErHLzxP7U6aojpAiEAyh2H35CjN/P7\n"
64 "NhcZ4QYw3PeUWpqgJnaE/4i80BSYkSUCIQDLHFhLYLJZ80HwHTADif/ISn9/Ow6b\n"
65 "p6BWh3DbMar/eQIgBPS6azH5vpp983KXkNv9AL4VZi9ac/b+BeINdzC6GP0CIDmB\n"
66 "U6GFEQTZ3IfuiVabG5pummdC4DNbcdI+WKrSFNmQ\n"
67 "-----END RSA PRIVATE KEY-----\n";
68
69 static EVP_PKEY *
70 getkey(void)
71 {
72 EVP_PKEY *key;
73 BIO *bio;
74
75 /* new read-only BIO backed by KEY. */
76 bio = BIO_new_mem_buf((char*)KEY, -1);
77 tt_assert(bio);
78
79 key = PEM_read_bio_PrivateKey(bio,NULL,NULL,NULL);
80 BIO_free(bio);
81 tt_assert(key);
82
83 return key;
84 end:
85 return NULL;
86 }
87
88 static X509 *
89 getcert(void)
90 {
91 /* Dummy code to make a quick-and-dirty valid certificate with
92 OpenSSL. Don't copy this code into your own program! It does a
93 number of things in a stupid and insecure way. */
94 X509 *x509 = NULL;
95 X509_NAME *name = NULL;
96 EVP_PKEY *key = getkey();
97 int nid;
98 time_t now = time(NULL);
99
100 tt_assert(key);
101
102 x509 = X509_new();
103 tt_assert(x509);
104 tt_assert(0 != X509_set_version(x509, 2));
105 tt_assert(0 != ASN1_INTEGER_set(X509_get_serialNumber(x509),
106 (long)now));
107
108 name = X509_NAME_new();
109 tt_assert(name);
110 tt_assert(NID_undef != (nid = OBJ_txt2nid("commonName")));
111 tt_assert(0 != X509_NAME_add_entry_by_NID(
112 name, nid, MBSTRING_ASC, (unsigned char*)"example.com",
113 -1, -1, 0));
114
115 X509_set_subject_name(x509, name);
116 X509_set_issuer_name(x509, name);
117
118 X509_time_adj(X509_get_notBefore(x509), 0, &now);
119 now += 3600;
120 X509_time_adj(X509_get_notAfter(x509), 0, &now);
121 X509_set_pubkey(x509, key);
122 tt_assert(0 != X509_sign(x509, key, EVP_sha1()));
123
124 return x509;
125 end:
126 X509_free(x509);
127 return NULL;
128 }
129
130 static SSL_CTX *the_ssl_ctx = NULL;
131
132 static SSL_CTX *
133 get_ssl_ctx(void)
134 {
135 if (the_ssl_ctx)
136 return the_ssl_ctx;
137 return (the_ssl_ctx = SSL_CTX_new(SSLv23_method()));
138 }
139
140 static void
141 init_ssl(void)
142 {
143 SSL_library_init();
144 ERR_load_crypto_strings();
145 SSL_load_error_strings();
146 OpenSSL_add_all_algorithms();
147 }
148
149 /* ====================
150 Here's a simple test: we read a number from the input, increment it, and
151 reply, until we get to 1001.
152 */
153
154 static int test_is_done = 0;
155 static int n_connected = 0;
156 static int got_close = 0;
157 static int got_error = 0;
158 static int renegotiate_at = -1;
159 static int stop_when_connected = 0;
160 static int pending_connect_events = 0;
161 static struct event_base *exit_base = NULL;
162
163 static void
164 respond_to_number(struct bufferevent *bev, void *ctx)
165 {
166 struct evbuffer *b = bufferevent_get_input(bev);
167 char *line;
168 int n;
169 line = evbuffer_readln(b, NULL, EVBUFFER_EOL_LF);
170 if (! line)
171 return;
172 n = atoi(line);
173 if (n <= 0)
174 TT_FAIL(("Bad number: %s", line));
175 TT_BLATHER(("The number was %d", n));
176 if (n == 1001) {
177 ++test_is_done;
178 bufferevent_free(bev); /* Should trigger close on other side. */
179 return;
180 }
181 if (!strcmp(ctx, "client") && n == renegotiate_at) {
182 SSL_renegotiate(bufferevent_openssl_get_ssl(bev));
183 }
184 ++n;
185 evbuffer_add_printf(bufferevent_get_output(bev),
186 "%d\n", n);
187 TT_BLATHER(("Done reading; now writing."));
188 bufferevent_enable(bev, EV_WRITE);
189 bufferevent_disable(bev, EV_READ);
190 }
191
192 static void
193 done_writing_cb(struct bufferevent *bev, void *ctx)
194 {
195 struct evbuffer *b = bufferevent_get_output(bev);
196 if (evbuffer_get_length(b))
197 return;
198 TT_BLATHER(("Done writing."));
199 bufferevent_disable(bev, EV_WRITE);
200 bufferevent_enable(bev, EV_READ);
201 }
202
203 static void
204 eventcb(struct bufferevent *bev, short what, void *ctx)
205 {
206 TT_BLATHER(("Got event %d", (int)what));
207 if (what & BEV_EVENT_CONNECTED) {
208 SSL *ssl;
209 X509 *peer_cert;
210 ++n_connected;
211 ssl = bufferevent_openssl_get_ssl(bev);
212 tt_assert(ssl);
213 peer_cert = SSL_get_peer_certificate(ssl);
214 if (0==strcmp(ctx, "server")) {
215 tt_assert(peer_cert == NULL);
216 } else {
217 tt_assert(peer_cert != NULL);
218 }
219 if (stop_when_connected) {
220 if (--pending_connect_events == 0)
221 event_base_loopexit(exit_base, NULL);
222 }
223 } else if (what & BEV_EVENT_EOF) {
224 TT_BLATHER(("Got a good EOF"));
225 ++got_close;
226 bufferevent_free(bev);
227 } else if (what & BEV_EVENT_ERROR) {
228 TT_BLATHER(("Got an error."));
229 ++got_error;
230 bufferevent_free(bev);
231 }
232 end:
233 ;
234 }
235
236 static void
237 open_ssl_bufevs(struct bufferevent **bev1_out, struct bufferevent **bev2_out,
238 struct event_base *base, int is_open, int flags, SSL *ssl1, SSL *ssl2,
239 int *fd_pair, struct bufferevent **underlying_pair)
240 {
241 int state1 = is_open ? BUFFEREVENT_SSL_OPEN :BUFFEREVENT_SSL_CONNECTING;
242 int state2 = is_open ? BUFFEREVENT_SSL_OPEN :BUFFEREVENT_SSL_ACCEPTING;
243 if (fd_pair) {
244 *bev1_out = bufferevent_openssl_socket_new(
245 base, fd_pair[0], ssl1, state1, flags);
246 *bev2_out = bufferevent_openssl_socket_new(
247 base, fd_pair[1], ssl2, state2, flags);
248 } else {
249 *bev1_out = bufferevent_openssl_filter_new(
250 base, underlying_pair[0], ssl1, state1, flags);
251 *bev2_out = bufferevent_openssl_filter_new(
252 base, underlying_pair[1], ssl2, state2, flags);
253
254 }
255 bufferevent_setcb(*bev1_out, respond_to_number, done_writing_cb,
256 eventcb, (void*)"client");
257 bufferevent_setcb(*bev2_out, respond_to_number, done_writing_cb,
258 eventcb, (void*)"server");
259 }
260
261 static void
262 regress_bufferevent_openssl(void *arg)
263 {
264 struct basic_test_data *data = arg;
265
266 struct bufferevent *bev1, *bev2;
267 SSL *ssl1, *ssl2;
268 X509 *cert = getcert();
269 EVP_PKEY *key = getkey();
270 const int start_open = strstr((char*)data->setup_data, "open")!=NULL;
271 const int filter = strstr((char*)data->setup_data, "filter")!=NULL;
272 int flags = BEV_OPT_DEFER_CALLBACKS;
273 struct bufferevent *bev_ll[2] = { NULL, NULL };
274 int *fd_pair = NULL;
275
276 tt_assert(cert);
277 tt_assert(key);
278
279 init_ssl();
280
281 ssl1 = SSL_new(get_ssl_ctx());
282 ssl2 = SSL_new(get_ssl_ctx());
283
284 SSL_use_certificate(ssl2, cert);
285 SSL_use_PrivateKey(ssl2, key);
286
287 if (! start_open)
288 flags |= BEV_OPT_CLOSE_ON_FREE;
289
290 if (strstr((char*)data->setup_data, "renegotiate"))
291 renegotiate_at = 600;
292
293 if (!filter) {
294 tt_assert(strstr((char*)data->setup_data, "socketpair"));
295 fd_pair = data->pair;
296 } else {
297 bev_ll[0] = bufferevent_socket_new(data->base, data->pair[0],
298 BEV_OPT_CLOSE_ON_FREE);
299 bev_ll[1] = bufferevent_socket_new(data->base, data->pair[1],
300 BEV_OPT_CLOSE_ON_FREE);
301 }
302
303 open_ssl_bufevs(&bev1, &bev2, data->base, 0, flags, ssl1, ssl2,
304 fd_pair, bev_ll);
305
306 if (!filter) {
307 tt_int_op(bufferevent_getfd(bev1), ==, data->pair[0]);
308 } else {
309 tt_ptr_op(bufferevent_get_underlying(bev1), ==, bev_ll[0]);
310 }
311
312 if (start_open) {
313 pending_connect_events = 2;
314 stop_when_connected = 1;
315 exit_base = data->base;
316 event_base_dispatch(data->base);
317 /* Okay, now the renegotiation is done. Make new
318 * bufferevents to test opening in BUFFEREVENT_SSL_OPEN */
319 flags |= BEV_OPT_CLOSE_ON_FREE;
320 bufferevent_free(bev1);
321 bufferevent_free(bev2);
322 bev1 = bev2 = NULL;
323 open_ssl_bufevs(&bev1, &bev2, data->base, 1, flags, ssl1, ssl2,
324 fd_pair, bev_ll);
325 }
326
327 bufferevent_enable(bev1, EV_READ|EV_WRITE);
328 bufferevent_enable(bev2, EV_READ|EV_WRITE);
329
330 evbuffer_add_printf(bufferevent_get_output(bev1), "1\n");
331
332 event_base_dispatch(data->base);
333
334 tt_assert(test_is_done == 1);
335 tt_assert(n_connected == 2);
336
337 /* We don't handle shutdown properly yet.
338 tt_int_op(got_close, ==, 1);
339 tt_int_op(got_error, ==, 0);
340 */
341 end:
342 return;
343 }
344
345 static void
346 acceptcb(struct evconnlistener *listener, evutil_socket_t fd,
347 struct sockaddr *addr, int socklen, void *arg)
348 {
349 struct basic_test_data *data = arg;
350 struct bufferevent *bev;
351 SSL *ssl = SSL_new(get_ssl_ctx());
352
353 SSL_use_certificate(ssl, getcert());
354 SSL_use_PrivateKey(ssl, getkey());
355
356 bev = bufferevent_openssl_socket_new(
357 data->base,
358 fd,
359 ssl,
360 BUFFEREVENT_SSL_ACCEPTING,
361 BEV_OPT_CLOSE_ON_FREE|BEV_OPT_DEFER_CALLBACKS);
362
363 bufferevent_setcb(bev, respond_to_number, NULL, eventcb,
364 (void*)"server");
365
366 bufferevent_enable(bev, EV_READ|EV_WRITE);
367
368 /* Only accept once, then disable ourself. */
369 evconnlistener_disable(listener);
370 }
371
372 static void
373 regress_bufferevent_openssl_connect(void *arg)
374 {
375 struct basic_test_data *data = arg;
376
377 struct event_base *base = data->base;
378
379 struct evconnlistener *listener;
380 struct bufferevent *bev;
381 struct sockaddr_in sin;
382 struct sockaddr_storage ss;
383 ev_socklen_t slen;
384
385 init_ssl();
386
387 memset(&sin, 0, sizeof(sin));
388 sin.sin_family = AF_INET;
389 sin.sin_addr.s_addr = htonl(0x7f000001);
390
391 memset(&ss, 0, sizeof(ss));
392 slen = sizeof(ss);
393
394 listener = evconnlistener_new_bind(base, acceptcb, data,
395 LEV_OPT_CLOSE_ON_FREE|LEV_OPT_REUSEABLE,
396 -1, (struct sockaddr *)&sin, sizeof(sin));
397
398 tt_assert(listener);
399 tt_assert(evconnlistener_get_fd(listener) >= 0);
400
401 bev = bufferevent_openssl_socket_new(
402 data->base, -1, SSL_new(get_ssl_ctx()),
403 BUFFEREVENT_SSL_CONNECTING,
404 BEV_OPT_CLOSE_ON_FREE|BEV_OPT_DEFER_CALLBACKS);
405 tt_assert(bev);
406
407 bufferevent_setcb(bev, respond_to_number, NULL, eventcb,
408 (void*)"client");
409
410 tt_assert(getsockname(evconnlistener_get_fd(listener),
411 (struct sockaddr*)&ss, &slen) == 0);
412 tt_assert(slen == sizeof(struct sockaddr_in));
413 tt_int_op(((struct sockaddr*)&ss)->sa_family, ==, AF_INET);
414 tt_int_op(((struct sockaddr*)&ss)->sa_family, ==, AF_INET);
415
416 tt_assert(0 ==
417 bufferevent_socket_connect(bev, (struct sockaddr*)&ss, slen));
418 evbuffer_add_printf(bufferevent_get_output(bev), "1\n");
419 bufferevent_enable(bev, EV_READ|EV_WRITE);
420
421 event_base_dispatch(base);
422 end:
423 ;
424 }
425
426 struct testcase_t ssl_testcases[] = {
427
428 { "bufferevent_socketpair", regress_bufferevent_openssl, TT_ISOLATED,
429 &basic_setup, (void*)"socketpair" },
430 { "bufferevent_filter", regress_bufferevent_openssl,
431 TT_ISOLATED,
432 &basic_setup, (void*)"filter" },
433 { "bufferevent_renegotiate_socketpair", regress_bufferevent_openssl,
434 TT_ISOLATED,
435 &basic_setup, (void*)"socketpair renegotiate" },
436 { "bufferevent_renegotiate_filter", regress_bufferevent_openssl,
437 TT_ISOLATED,
438 &basic_setup, (void*)"filter renegotiate" },
439 { "bufferevent_socketpair_startopen", regress_bufferevent_openssl,
440 TT_ISOLATED, &basic_setup, (void*)"socketpair open" },
441 { "bufferevent_filter_startopen", regress_bufferevent_openssl,
442 TT_ISOLATED, &basic_setup, (void*)"filter open" },
443
444 { "bufferevent_connect", regress_bufferevent_openssl_connect,
445 TT_FORK|TT_NEED_BASE, &basic_setup, NULL },
446
447 END_OF_TESTCASES,
448 };
Tomato firmware and modifications.