The Tor Browser / file revision

 /*

  * Copyright (c) 2009-2012 Niels Provos and Nick Mathewson

  *

  * Redistribution and use in source and binary forms, with or without

  * modification, are permitted provided that the following conditions

  * are met:

  * 1. Redistributions of source code must retain the above copyright

  *    notice, this list of conditions and the following disclaimer.

  * 2. Redistributions in binary form must reproduce the above copyright

  *    notice, this list of conditions and the following disclaimer in the

  *    documentation and/or other materials provided with the distribution.

  * 3. The name of the author may not be used to endorse or promote products

  *    derived from this software without specific prior written permission.

  *

  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR

  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES

  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.

  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,

  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,

  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY

  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF

  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

  */

 #ifdef WIN32

 #include <winsock2.h>

 #include <windows.h>

 #endif

 #ifndef WIN32

 #include <sys/types.h>

 #include <sys/socket.h>

 #include <netinet/in.h>

 #endif

 #include "event2/util.h"

 #include "event2/event.h"

 #include "event2/bufferevent_ssl.h"

 #include "event2/buffer.h"

 #include "event2/listener.h"

 #include "regress.h"

 #include "tinytest.h"

 #include "tinytest_macros.h"

 #include <openssl/ssl.h>

 #include <openssl/bio.h>

 #include <openssl/err.h>

 #include <openssl/pem.h>

 #include <string.h>

 /* A short pre-generated key, to save the cost of doing an RSA key generation

  * step during the unit tests.  It's only 512 bits long, and it is published

  * in this file, so you would have to be very foolish to consider using it in

  * your own code. */

 static const char KEY[] =

     "-----BEGIN RSA PRIVATE KEY-----\n"

     "MIIBOgIBAAJBAKibTEzXjj+sqpipePX1lEk5BNFuL/dDBbw8QCXgaJWikOiKHeJq\n"

     "3FQ0OmCnmpkdsPFE4x3ojYmmdgE2i0dJwq0CAwEAAQJAZ08gpUS+qE1IClps/2gG\n"

     "AAer6Bc31K2AaiIQvCSQcH440cp062QtWMC3V5sEoWmdLsbAHFH26/9ZHn5zAflp\n"

     "gQIhANWOx/UYeR8HD0WREU5kcuSzgzNLwUErHLzxP7U6aojpAiEAyh2H35CjN/P7\n"

     "NhcZ4QYw3PeUWpqgJnaE/4i80BSYkSUCIQDLHFhLYLJZ80HwHTADif/ISn9/Ow6b\n"

     "p6BWh3DbMar/eQIgBPS6azH5vpp983KXkNv9AL4VZi9ac/b+BeINdzC6GP0CIDmB\n"

     "U6GFEQTZ3IfuiVabG5pummdC4DNbcdI+WKrSFNmQ\n"

     "-----END RSA PRIVATE KEY-----\n";

 static EVP_PKEY *

 getkey(void)

 {

 	EVP_PKEY *key;

 	BIO *bio;

 	/* new read-only BIO backed by KEY. */

 	bio = BIO_new_mem_buf((char*)KEY, -1);

 	tt_assert(bio);

 	key = PEM_read_bio_PrivateKey(bio,NULL,NULL,NULL);

 	BIO_free(bio);

 	tt_assert(key);

 	return key;

 end:

 	return NULL;

 }

 static X509 *

 getcert(void)

 {

 	/* Dummy code to make a quick-and-dirty valid certificate with

 	   OpenSSL.  Don't copy this code into your own program! It does a

 	   number of things in a stupid and insecure way. */

 	X509 *x509 = NULL;

 	X509_NAME *name = NULL;

 	EVP_PKEY *key = getkey();

 	int nid;

 	time_t now = time(NULL);

 	tt_assert(key);

 	x509 = X509_new();

 	tt_assert(x509);

 	tt_assert(0 != X509_set_version(x509, 2));

 	tt_assert(0 != ASN1_INTEGER_set(X509_get_serialNumber(x509),

 		(long)now));

 	name = X509_NAME_new();

 	tt_assert(name);

 	nid = OBJ_txt2nid("commonName");

 	tt_assert(NID_undef != nid);

 	tt_assert(0 != X509_NAME_add_entry_by_NID(

 		    name, nid, MBSTRING_ASC, (unsigned char*)"example.com",

 		    -1, -1, 0));

 	X509_set_subject_name(x509, name);

 	X509_set_issuer_name(x509, name);

 	X509_time_adj(X509_get_notBefore(x509), 0, &now);

 	now += 3600;

 	X509_time_adj(X509_get_notAfter(x509), 0, &now);

 	X509_set_pubkey(x509, key);

 	tt_assert(0 != X509_sign(x509, key, EVP_sha1()));

 	return x509;

 end:

 	X509_free(x509);

 	return NULL;

 }

 static int disable_tls_11_and_12 = 0;

 static SSL_CTX *the_ssl_ctx = NULL;

 static SSL_CTX *

 get_ssl_ctx(void)

 {

 	if (the_ssl_ctx)

 		return the_ssl_ctx;

 	the_ssl_ctx = SSL_CTX_new(SSLv23_method());

 	if (!the_ssl_ctx)

 		return NULL;

 	if (disable_tls_11_and_12) {

 #ifdef SSL_OP_NO_TLSv1_2

 		SSL_CTX_set_options(the_ssl_ctx, SSL_OP_NO_TLSv1_2);

 #endif

 #ifdef SSL_OP_NO_TLSv1_1

 		SSL_CTX_set_options(the_ssl_ctx, SSL_OP_NO_TLSv1_1);

 #endif

 	}

 	return the_ssl_ctx;

 }

 static void

 init_ssl(void)

 {

 	SSL_library_init();

 	ERR_load_crypto_strings();

 	SSL_load_error_strings();

 	OpenSSL_add_all_algorithms();

 	if (SSLeay() != OPENSSL_VERSION_NUMBER) {

 		TT_DECLARE("WARN", ("Version mismatch for openssl: compiled with %lx but running with %lx", (unsigned long)OPENSSL_VERSION_NUMBER, (unsigned long)SSLeay()));

 	}

 }

 /* ====================

    Here's a simple test: we read a number from the input, increment it, and

    reply, until we get to 1001.

 */

 static int test_is_done = 0;

 static int n_connected = 0;

 static int got_close = 0;

 static int got_error = 0;

 static int renegotiate_at = -1;

 static int stop_when_connected = 0;

 static int pending_connect_events = 0;

 static struct event_base *exit_base = NULL;

 static void

 respond_to_number(struct bufferevent *bev, void *ctx)

 {

 	struct evbuffer *b = bufferevent_get_input(bev);

 	char *line;

 	int n;

 	line = evbuffer_readln(b, NULL, EVBUFFER_EOL_LF);

 	if (! line)

 		return;

 	n = atoi(line);

 	if (n <= 0)

 		TT_FAIL(("Bad number: %s", line));

 	TT_BLATHER(("The number was %d", n));

 	if (n == 1001) {

 		++test_is_done;

 		bufferevent_free(bev); /* Should trigger close on other side. */

 		return;

 	}

 	if (!strcmp(ctx, "client") && n == renegotiate_at) {

 		SSL_renegotiate(bufferevent_openssl_get_ssl(bev));

 	}

 	++n;

 	evbuffer_add_printf(bufferevent_get_output(bev),

 	    "%d\n", n);

 	TT_BLATHER(("Done reading; now writing."));

 	bufferevent_enable(bev, EV_WRITE);

 	bufferevent_disable(bev, EV_READ);

 }

 static void

 done_writing_cb(struct bufferevent *bev, void *ctx)

 {

 	struct evbuffer *b = bufferevent_get_output(bev);

 	if (evbuffer_get_length(b))

 		return;

 	TT_BLATHER(("Done writing."));

 	bufferevent_disable(bev, EV_WRITE);

 	bufferevent_enable(bev, EV_READ);

 }

 static void

 eventcb(struct bufferevent *bev, short what, void *ctx)

 {

 	TT_BLATHER(("Got event %d", (int)what));

 	if (what & BEV_EVENT_CONNECTED) {

 		SSL *ssl;

 		X509 *peer_cert;

 		++n_connected;

 		ssl = bufferevent_openssl_get_ssl(bev);

 		tt_assert(ssl);

 		peer_cert = SSL_get_peer_certificate(ssl);

 		if (0==strcmp(ctx, "server")) {

 			tt_assert(peer_cert == NULL);

 		} else {

 			tt_assert(peer_cert != NULL);

 		}

 		if (stop_when_connected) {

 			if (--pending_connect_events == 0)

 				event_base_loopexit(exit_base, NULL);

 		}

 	} else if (what & BEV_EVENT_EOF) {

 		TT_BLATHER(("Got a good EOF"));

 		++got_close;

 		bufferevent_free(bev);

 	} else if (what & BEV_EVENT_ERROR) {

 		TT_BLATHER(("Got an error."));

 		++got_error;

 		bufferevent_free(bev);

 	}

 end:

 	;

 }

 static void

 open_ssl_bufevs(struct bufferevent **bev1_out, struct bufferevent **bev2_out,

     struct event_base *base, int is_open, int flags, SSL *ssl1, SSL *ssl2,

     evutil_socket_t *fd_pair, struct bufferevent **underlying_pair)

 {

 	int state1 = is_open ? BUFFEREVENT_SSL_OPEN :BUFFEREVENT_SSL_CONNECTING;

 	int state2 = is_open ? BUFFEREVENT_SSL_OPEN :BUFFEREVENT_SSL_ACCEPTING;

 	if (fd_pair) {

 		*bev1_out = bufferevent_openssl_socket_new(

 			base, fd_pair[0], ssl1, state1, flags);

 		*bev2_out = bufferevent_openssl_socket_new(

 			base, fd_pair[1], ssl2, state2, flags);

 	} else {

 		*bev1_out = bufferevent_openssl_filter_new(

 			base, underlying_pair[0], ssl1, state1, flags);

 		*bev2_out = bufferevent_openssl_filter_new(

 			base, underlying_pair[1], ssl2, state2, flags);

 	}

 	bufferevent_setcb(*bev1_out, respond_to_number, done_writing_cb,

 	    eventcb, (void*)"client");

 	bufferevent_setcb(*bev2_out, respond_to_number, done_writing_cb,

 	    eventcb, (void*)"server");

 }

 static void

 regress_bufferevent_openssl(void *arg)

 {

 	struct basic_test_data *data = arg;

 	struct bufferevent *bev1, *bev2;

 	SSL *ssl1, *ssl2;

 	X509 *cert = getcert();

 	EVP_PKEY *key = getkey();

 	const int start_open = strstr((char*)data->setup_data, "open")!=NULL;

 	const int filter = strstr((char*)data->setup_data, "filter")!=NULL;

 	int flags = BEV_OPT_DEFER_CALLBACKS;

 	struct bufferevent *bev_ll[2] = { NULL, NULL };

 	evutil_socket_t *fd_pair = NULL;

 	tt_assert(cert);

 	tt_assert(key);

 	init_ssl();

 	if (strstr((char*)data->setup_data, "renegotiate")) {

 		if (SSLeay() >= 0x10001000 &&

 		    SSLeay() <  0x1000104f) {

 			/* 1.0.1 up to 1.0.1c has a bug where TLS1.1 and 1.2

 			 * can't renegotiate with themselves. Disable. */

 			disable_tls_11_and_12 = 1;

 		}

 		renegotiate_at = 600;

 	}

 	ssl1 = SSL_new(get_ssl_ctx());

 	ssl2 = SSL_new(get_ssl_ctx());

 	SSL_use_certificate(ssl2, cert);

 	SSL_use_PrivateKey(ssl2, key);

 	if (! start_open)

 		flags |= BEV_OPT_CLOSE_ON_FREE;

 	if (!filter) {

 		tt_assert(strstr((char*)data->setup_data, "socketpair"));

 		fd_pair = data->pair;

 	} else {

 		bev_ll[0] = bufferevent_socket_new(data->base, data->pair[0],

 		    BEV_OPT_CLOSE_ON_FREE);

 		bev_ll[1] = bufferevent_socket_new(data->base, data->pair[1],

 		    BEV_OPT_CLOSE_ON_FREE);

 	}

 	open_ssl_bufevs(&bev1, &bev2, data->base, 0, flags, ssl1, ssl2,

 	    fd_pair, bev_ll);

 	if (!filter) {

 		tt_int_op(bufferevent_getfd(bev1), ==, data->pair[0]);

 	} else {

 		tt_ptr_op(bufferevent_get_underlying(bev1), ==, bev_ll[0]);

 	}

 	if (start_open) {

 		pending_connect_events = 2;

 		stop_when_connected = 1;

 		exit_base = data->base;

 		event_base_dispatch(data->base);

 		/* Okay, now the renegotiation is done.  Make new

 		 * bufferevents to test opening in BUFFEREVENT_SSL_OPEN */

 		flags |= BEV_OPT_CLOSE_ON_FREE;

 		bufferevent_free(bev1);

 		bufferevent_free(bev2);

 		bev1 = bev2 = NULL;

 		open_ssl_bufevs(&bev1, &bev2, data->base, 1, flags, ssl1, ssl2,

 		    fd_pair, bev_ll);

 	}

 	bufferevent_enable(bev1, EV_READ|EV_WRITE);

 	bufferevent_enable(bev2, EV_READ|EV_WRITE);

 	evbuffer_add_printf(bufferevent_get_output(bev1), "1\n");

 	event_base_dispatch(data->base);

 	tt_assert(test_is_done == 1);

 	tt_assert(n_connected == 2);

 	/* We don't handle shutdown properly yet.

 	   tt_int_op(got_close, ==, 1);

 	   tt_int_op(got_error, ==, 0);

 	*/

 end:

 	return;

 }

 static void

 acceptcb(struct evconnlistener *listener, evutil_socket_t fd,

     struct sockaddr *addr, int socklen, void *arg)

 {

 	struct basic_test_data *data = arg;

 	struct bufferevent *bev;

 	SSL *ssl = SSL_new(get_ssl_ctx());

 	SSL_use_certificate(ssl, getcert());

 	SSL_use_PrivateKey(ssl, getkey());

 	bev = bufferevent_openssl_socket_new(

 		data->base,

 		fd,

 		ssl,

 		BUFFEREVENT_SSL_ACCEPTING,

 		BEV_OPT_CLOSE_ON_FREE|BEV_OPT_DEFER_CALLBACKS);

 	bufferevent_setcb(bev, respond_to_number, NULL, eventcb,

 	    (void*)"server");

 	bufferevent_enable(bev, EV_READ|EV_WRITE);

 	/* Only accept once, then disable ourself. */

 	evconnlistener_disable(listener);

 }

 static void

 regress_bufferevent_openssl_connect(void *arg)

 {

 	struct basic_test_data *data = arg;

 	struct event_base *base = data->base;

 	struct evconnlistener *listener;

 	struct bufferevent *bev;

 	struct sockaddr_in sin;

 	struct sockaddr_storage ss;

 	ev_socklen_t slen;

 	init_ssl();

 	memset(&sin, 0, sizeof(sin));

 	sin.sin_family = AF_INET;

 	sin.sin_addr.s_addr = htonl(0x7f000001);

 	memset(&ss, 0, sizeof(ss));

 	slen = sizeof(ss);

 	listener = evconnlistener_new_bind(base, acceptcb, data,

 	    LEV_OPT_CLOSE_ON_FREE|LEV_OPT_REUSEABLE,

 	    -1, (struct sockaddr *)&sin, sizeof(sin));

 	tt_assert(listener);

 	tt_assert(evconnlistener_get_fd(listener) >= 0);

 	bev = bufferevent_openssl_socket_new(

 		data->base, -1, SSL_new(get_ssl_ctx()),

 		BUFFEREVENT_SSL_CONNECTING,

 		BEV_OPT_CLOSE_ON_FREE|BEV_OPT_DEFER_CALLBACKS);

 	tt_assert(bev);

 	bufferevent_setcb(bev, respond_to_number, NULL, eventcb,

 	    (void*)"client");

 	tt_assert(getsockname(evconnlistener_get_fd(listener),

 		(struct sockaddr*)&ss, &slen) == 0);

 	tt_assert(slen == sizeof(struct sockaddr_in));

 	tt_int_op(((struct sockaddr*)&ss)->sa_family, ==, AF_INET);

 	tt_int_op(((struct sockaddr*)&ss)->sa_family, ==, AF_INET);

 	tt_assert(0 ==

 	    bufferevent_socket_connect(bev, (struct sockaddr*)&ss, slen));

 	evbuffer_add_printf(bufferevent_get_output(bev), "1\n");

 	bufferevent_enable(bev, EV_READ|EV_WRITE);

 	event_base_dispatch(base);

 end:

 	;

 }

 struct testcase_t ssl_testcases[] = {

 	{ "bufferevent_socketpair", regress_bufferevent_openssl, TT_ISOLATED,

 	  &basic_setup, (void*)"socketpair" },

 	{ "bufferevent_filter", regress_bufferevent_openssl,

 	  TT_ISOLATED,

 	  &basic_setup, (void*)"filter" },

 	{ "bufferevent_renegotiate_socketpair", regress_bufferevent_openssl,

 	  TT_ISOLATED,

 	  &basic_setup, (void*)"socketpair renegotiate" },

 	{ "bufferevent_renegotiate_filter", regress_bufferevent_openssl,

 	  TT_ISOLATED,

 	  &basic_setup, (void*)"filter renegotiate" },

 	{ "bufferevent_socketpair_startopen", regress_bufferevent_openssl,

 	  TT_ISOLATED, &basic_setup, (void*)"socketpair open" },

 	{ "bufferevent_filter_startopen", regress_bufferevent_openssl,

 	  TT_ISOLATED, &basic_setup, (void*)"filter open" },

 	{ "bufferevent_connect", regress_bufferevent_openssl_connect,

 	  TT_FORK|TT_NEED_BASE, &basic_setup, NULL },

 	END_OF_TESTCASES,

 };