1 /*-
2 * SPDX-License-Identifier: BSD-2-Clause
3 *
4 * Copyright (c) 2026 Gleb Smirnoff <glebius@FreeBSD.org>
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25 * SUCH DAMAGE.
26 */
27
28 #include <sys/ioctl.h>
29 #include <sys/socket.h>
30 #include <sys/sysctl.h>
31 #include <sys/mman.h>
32 #include <netinet/in.h>
33 #include <fcntl.h>
34 #include <stdlib.h>
35 #include <poll.h>
36 #include <pthread.h>
37
38 #include <openssl/ssl.h>
39 #include <openssl/err.h>
40 #include <openssl/bio.h>
41 #include <openssl/x509v3.h>
42
43 #include <atf-c.h>
44
45 #define FSIZE (size_t)(2 * 1024 * 1024)
46
47 struct ctx {
48 EVP_PKEY *pkey; /* Self-signed key ... */
49 X509 *cert; /* ... and certificate */
50 SSL_CTX *ctx; /* client context */
51 SSL *cln; /* client connection */
52 SSL *srv; /* server connection */
53 int cs; /* client socket */
54 int ss; /* server socket */
55 int fd; /* test file descriptor */
56 void *mfd; /* mapped contents of the test file */
57 uint16_t port; /* server listening port */
58 pthread_t thr; /* server thread */
59 off_t offset; /* SSL_sendfile offset */
60 size_t size; /* SSL_sendfile size */
61 bool nb; /* SSL_sendfile mode */
62 ossl_ssize_t sbytes; /* SSL_sendfile returned sbytes */
63 enum {
64 INIT,
65 READY,
66 RUNNING,
67 EXITING,
68 } state;
69 pthread_mutex_t mtx;
70 pthread_cond_t cv;
71 };
72
73 static void *server_thread(void *arg);
74
75 static void
common_init(struct ctx * c)76 common_init(struct ctx *c)
77 {
78 char hostname[sizeof("localhost:65536")];
79 char tempname[] = "/tmp/ssl_sendfile_test.XXXXXXXXXX";
80 X509_NAME *name;
81 X509_EXTENSION *ext;
82 SSL *ssl;
83 bool enable;
84 size_t len = sizeof(enable);
85
86 if (sysctlbyname("kern.ipc.tls.enable", &enable, &len, NULL, 0) == -1) {
87 if (errno == ENOENT)
88 atf_tc_skip("kernel does not have options KERN_TLS");
89 atf_libc_error(errno, "Failed to read kern.ipc.tls.enable");
90 }
91 if (!enable)
92 atf_tc_skip("kern.ipc.tls.enable is off");
93
94 c->state = INIT;
95
96 /*
97 * Generate self signed key & certificate.
98 */
99 SSL_library_init();
100 OpenSSL_add_all_algorithms();
101 SSL_load_error_strings();
102 ATF_REQUIRE(c->pkey = EVP_RSA_gen(2048));
103 ATF_REQUIRE(c->cert = X509_new());
104 ASN1_INTEGER_set(X509_get_serialNumber(c->cert), 1);
105 X509_set_version(c->cert, 2);
106 X509_gmtime_adj(X509_get_notBefore(c->cert), 0);
107 X509_gmtime_adj(X509_get_notAfter(c->cert), 60L*60*24*365);
108 X509_set_pubkey(c->cert, c->pkey);
109 name = X509_get_subject_name(c->cert);
110 X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,
111 (unsigned char *)"localhost", -1, -1, 0);
112 X509_set_issuer_name(c->cert, name);
113 ext = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints,
114 "critical,CA:FALSE");
115 X509_add_ext(c->cert, ext, -1);
116 X509_EXTENSION_free(ext);
117 ATF_REQUIRE(X509_sign(c->cert, c->pkey, EVP_sha256()) > 0);
118
119 /*
120 * Create random filled file with memory mapping.
121 */
122 ATF_REQUIRE((c->fd = mkstemp(tempname)) > 0);
123 ATF_REQUIRE(unlink(tempname) == 0);
124 ATF_REQUIRE(ftruncate(c->fd, FSIZE) == 0);
125 ATF_REQUIRE((c->mfd = mmap(NULL, FSIZE, PROT_READ | PROT_WRITE,
126 MAP_SHARED, c->fd, 0)) != MAP_FAILED);
127 arc4random_buf(c->mfd, FSIZE);
128
129 ATF_REQUIRE(pthread_mutex_init(&c->mtx, NULL) == 0);
130 ATF_REQUIRE(pthread_cond_init(&c->cv, NULL) == 0);
131
132 /*
133 * Start server and wait for it to finish bind(2) + listen(2).
134 */
135 ATF_REQUIRE(pthread_mutex_lock(&c->mtx) == 0);
136 ATF_REQUIRE(pthread_create(&c->thr, NULL, server_thread, c) == 0);
137 if (c->state != READY)
138 ATF_REQUIRE(pthread_cond_wait(&c->cv, &c->mtx) == 0);
139 ATF_REQUIRE(c->state == READY);
140 ATF_REQUIRE(pthread_mutex_unlock(&c->mtx) == 0);
141
142 /*
143 * Connect client.
144 */
145 ATF_REQUIRE(c->ctx = SSL_CTX_new(TLS_client_method()));
146 ATF_REQUIRE(X509_STORE_add_cert(SSL_CTX_get_cert_store(c->ctx),
147 c->cert));
148 ATF_REQUIRE(ssl = c->cln = SSL_new(c->ctx));
149 ATF_REQUIRE((c->cs = socket(AF_INET, SOCK_STREAM, 0)) > 0);
150 ATF_REQUIRE(connect(c->cs, (struct sockaddr *)&(struct sockaddr_in)
151 { .sin_family = AF_INET, .sin_len = sizeof(struct sockaddr_in),
152 .sin_addr.s_addr = htonl(INADDR_LOOPBACK), .sin_port = c->port },
153 sizeof(struct sockaddr_in)) == 0);
154 ATF_REQUIRE(SSL_set_fd(ssl, c->cs) == 1);
155 ATF_REQUIRE(snprintf(hostname, sizeof(hostname), "localhost:%u",
156 ntohs(c->port)) >= (int)sizeof("localhost:0"));
157 ATF_REQUIRE(SSL_set_tlsext_host_name(ssl, hostname) == 1);
158 SSL_set_verify(ssl, SSL_VERIFY_PEER, NULL);
159 ATF_REQUIRE(SSL_connect(ssl) == 1);
160 SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
161 ATF_REQUIRE(fcntl(c->cs, F_SETFL, O_NONBLOCK) != -1);
162 }
163
164 static void
common_cleanup(struct ctx * c)165 common_cleanup(struct ctx *c)
166 {
167
168 ATF_REQUIRE(pthread_mutex_lock(&c->mtx) == 0);
169 c->state = EXITING;
170 ATF_REQUIRE(pthread_cond_signal(&c->cv) == 0);
171 ATF_REQUIRE(pthread_mutex_unlock(&c->mtx) == 0);
172 ATF_REQUIRE(pthread_join(c->thr, NULL) == 0);
173
174 ATF_REQUIRE(pthread_mutex_destroy(&c->mtx) == 0);
175 ATF_REQUIRE(pthread_cond_destroy(&c->cv) == 0);
176
177 SSL_free(c->cln);
178 SSL_CTX_free(c->ctx);
179 X509_free(c->cert);
180 EVP_PKEY_free(c->pkey);
181 }
182
183 static void *
server_thread(void * arg)184 server_thread(void *arg) {
185 struct ctx *c = arg;
186 SSL_CTX *srv;
187 SSL *ssl;
188 struct sockaddr_in sin = {
189 .sin_family = AF_INET,
190 .sin_len = sizeof(sin),
191 .sin_addr.s_addr = htonl(INADDR_LOOPBACK),
192 };
193 int s;
194
195 ATF_REQUIRE(srv = SSL_CTX_new(TLS_server_method()));
196 ATF_REQUIRE(SSL_CTX_set_options(srv, SSL_OP_ENABLE_KTLS) &
197 SSL_OP_ENABLE_KTLS);
198 SSL_CTX_use_PrivateKey(srv, c->pkey);
199 SSL_CTX_use_certificate(srv, c->cert);
200 ATF_REQUIRE((s = socket(AF_INET, SOCK_STREAM, 0)) > 0);
201 ATF_REQUIRE(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &(socklen_t){1},
202 sizeof(int)) == 0);
203 ATF_REQUIRE(bind(s, (struct sockaddr *)&sin, sizeof(sin)) == 0);
204 ATF_REQUIRE(getsockname(s, (struct sockaddr *)&sin,
205 &(socklen_t){ sizeof(sin) }) == 0);
206 ATF_REQUIRE(listen(s, -1) == 0);
207
208 ATF_REQUIRE(pthread_mutex_lock(&c->mtx) == 0);
209 c->port = sin.sin_port;
210 c->state = READY;
211 ATF_REQUIRE(pthread_cond_signal(&c->cv) == 0);
212 ATF_REQUIRE(pthread_mutex_unlock(&c->mtx) == 0);
213
214 ATF_REQUIRE((c->ss = accept(s, NULL, NULL)) > 0);
215 ssl = c->srv = SSL_new(srv);
216 SSL_set_fd(ssl, c->ss);
217 SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
218 ATF_REQUIRE(SSL_accept(ssl) > 0);
219
220 ATF_REQUIRE(pthread_mutex_lock(&c->mtx) == 0);
221 while (c->state != EXITING) {
222 if (c->state == RUNNING) {
223 ATF_REQUIRE(fcntl(c->ss, F_SETFL,
224 c->nb ? O_NONBLOCK : 0) != -1);
225 c->sbytes = SSL_sendfile(ssl, c->fd, c->offset,
226 c->size, 0);
227 c->state = READY;
228 }
229 ATF_REQUIRE(c->state == READY);
230 ATF_REQUIRE(pthread_cond_signal(&c->cv) == 0);
231 ATF_REQUIRE(pthread_cond_wait(&c->cv, &c->mtx) == 0);
232 }
233 ATF_REQUIRE(pthread_mutex_unlock(&c->mtx) == 0);
234
235 SSL_shutdown(ssl);
236 SSL_free(ssl);
237 close(c->ss);
238 SSL_CTX_free(srv);
239 close(s);
240
241 return (NULL);
242 }
243
244 static void
sendme_locked(struct ctx * c,off_t offset,size_t size,bool nb)245 sendme_locked(struct ctx *c, off_t offset, size_t size, bool nb)
246 {
247 ATF_REQUIRE(c->state == READY);
248 c->state = RUNNING;
249 c->offset = offset;
250 c->size = size;
251 c->nb = nb;
252 ATF_REQUIRE(pthread_cond_signal(&c->cv) == 0);
253 }
254
255 static void
sendme_locked_wait(struct ctx * c,off_t offset,size_t size,bool nb)256 sendme_locked_wait(struct ctx *c, off_t offset, size_t size, bool nb)
257 {
258 sendme_locked(c, offset, size, nb);
259 while (c->state != READY)
260 ATF_REQUIRE(pthread_cond_wait(&c->cv, &c->mtx) == 0);
261 }
262
263 static void
sendme(struct ctx * c,off_t offset,size_t size,bool nb)264 sendme(struct ctx *c, off_t offset, size_t size, bool nb)
265 {
266 ATF_REQUIRE(pthread_mutex_lock(&c->mtx) == 0);
267 sendme_locked(c, offset, size, nb);
268 ATF_REQUIRE(pthread_mutex_unlock(&c->mtx) == 0);
269 }
270
271 /*
272 * Block until non-blocking socket has at least a byte.
273 */
274 static int
SSL_read_b(SSL * ssl,void * buf,int size)275 SSL_read_b(SSL *ssl, void *buf, int size)
276 {
277 int rv, fd;
278
279 ATF_REQUIRE((fd = SSL_get_fd(ssl)) > 0);
280 while ((rv = SSL_read(ssl, buf, size)) <= 0 &&
281 SSL_get_error(ssl, rv) == SSL_ERROR_WANT_READ)
282 ATF_REQUIRE(poll(&(struct pollfd){ .fd = fd, .events = POLLIN },
283 1, INFTIM) == 1);
284
285 return (rv);
286 }
287
288 static void
require_sbytes(struct ctx * c,ssize_t expect)289 require_sbytes(struct ctx *c, ssize_t expect)
290 {
291 ATF_REQUIRE(pthread_mutex_lock(&c->mtx) == 0);
292 ATF_REQUIRE(c->sbytes == expect);
293 ATF_REQUIRE(pthread_mutex_unlock(&c->mtx) == 0);
294 }
295
296 ATF_TC_WITHOUT_HEAD(basic);
ATF_TC_BODY(basic,tc)297 ATF_TC_BODY(basic, tc)
298 {
299 struct ctx c;
300 char buf[64];
301 size_t nread;
302 int n;
303
304 common_init(&c);
305
306 sendme(&c, 0, 0, false);
307 nread = 0;
308 while (nread < FSIZE && (n = SSL_read_b(c.cln, buf, sizeof(buf))) > 0) {
309 ATF_REQUIRE(memcmp((char *)c.mfd + nread, buf, n) == 0);
310 nread += n;
311 }
312 ATF_REQUIRE(nread == FSIZE);
313 require_sbytes(&c, FSIZE);
314
315 common_cleanup(&c);
316 }
317
318 ATF_TC_WITHOUT_HEAD(random);
ATF_TC_BODY(random,tc)319 ATF_TC_BODY(random, tc)
320 {
321 struct ctx c;
322 #define RSIZE (256*1024)
323
324 common_init(&c);
325
326 for (u_int i = 0; i < 10; i++) {
327 char buf[RSIZE];
328 off_t offset;
329 size_t size, n, nread, expect;
330
331 offset = arc4random() % FSIZE;
332 size = arc4random() % RSIZE;
333 sendme(&c, offset, size, false);
334 expect = offset + size < FSIZE ? size : FSIZE - offset;
335 nread = 0;
336 while (nread < expect &&
337 (n = SSL_read_b(c.cln, buf, sizeof(buf))) > 0) {
338 ATF_REQUIRE(memcmp((char *)c.mfd + offset + nread, buf,
339 n) == 0);
340 nread += n;
341 }
342 ATF_REQUIRE(nread == expect);
343 require_sbytes(&c, (ssize_t)expect);
344 }
345
346 common_cleanup(&c);
347 }
348
349 /* Truncate the file while sendfile(2) is working on it. */
350 ATF_TC_WITHOUT_HEAD(truncate);
ATF_TC_BODY(truncate,tc)351 ATF_TC_BODY(truncate, tc)
352 {
353 struct ctx c;
354 char buf[128 * 1024];
355 size_t nread;
356 int n;
357 #define TRUNC (FSIZE - 1024)
358
359 common_init(&c);
360
361 ATF_REQUIRE(setsockopt(c.ss, SOL_SOCKET, SO_SNDBUF, &(int){FSIZE / 16},
362 sizeof(int)) == 0);
363 ATF_REQUIRE(setsockopt(c.cs, SOL_SOCKET, SO_RCVBUF, &(int){FSIZE / 16},
364 sizeof(int)) == 0);
365
366 sendme(&c, 0, 0, false);
367 /* Make sure sender is waiting on the socket buffer. */
368 while (poll(&(struct pollfd){ .fd = c.ss, .events = POLLOUT }, 1, 1)
369 != 0)
370 ;
371 ATF_REQUIRE(ftruncate(c.fd, TRUNC) == 0);
372 nread = 0;
373 while (nread < TRUNC && (n = SSL_read_b(c.cln, buf, sizeof(buf))) > 0) {
374 ATF_REQUIRE(memcmp((char *)c.mfd + nread, buf, n) == 0);
375 nread += n;
376 }
377 ATF_REQUIRE(nread == TRUNC);
378 require_sbytes(&c, TRUNC);
379
380 common_cleanup(&c);
381 }
382
383 /* Grow the file while sendfile(2) is working on it. */
384 ATF_TC_WITHOUT_HEAD(grow);
ATF_TC_BODY(grow,tc)385 ATF_TC_BODY(grow, tc)
386 {
387 struct ctx c;
388 char buf[128 * 1024];
389 size_t nread;
390 void *map;
391 int n;
392 #define GROW (FSIZE/2)
393
394 common_init(&c);
395
396 ATF_REQUIRE(setsockopt(c.ss, SOL_SOCKET, SO_SNDBUF, &(int){FSIZE / 16},
397 sizeof(int)) == 0);
398 ATF_REQUIRE(setsockopt(c.cs, SOL_SOCKET, SO_RCVBUF, &(int){FSIZE / 16},
399 sizeof(int)) == 0);
400
401 sendme(&c, 0, 0, false);
402 /* Make sure sender is waiting on the socket buffer. */
403 while (poll(&(struct pollfd){ .fd = c.ss, .events = POLLOUT }, 1, 1)
404 != 0)
405 ;
406 /* Grow the file and create second map. */
407 ATF_REQUIRE(ftruncate(c.fd, FSIZE + GROW) == 0);
408 ATF_REQUIRE((map = mmap(NULL, GROW, PROT_READ | PROT_WRITE,
409 MAP_SHARED, c.fd, FSIZE)) != MAP_FAILED);
410 arc4random_buf(map, GROW);
411
412 /* Read out original part. */
413 nread = 0;
414 while (nread < FSIZE && (n = SSL_read_b(c.cln, buf,
415 FSIZE - nread > sizeof(buf) ? sizeof(buf) : FSIZE - nread)) > 0) {
416 ATF_REQUIRE(memcmp((char *)c.mfd + nread, buf, n) == 0);
417 nread += n;
418 }
419 ATF_REQUIRE(nread == FSIZE);
420 /* Read out grown part. */
421 nread = 0;
422 while (nread < GROW && (n = SSL_read_b(c.cln, buf, sizeof(buf))) > 0) {
423 ATF_REQUIRE(memcmp((char *)map + nread, buf, n) == 0);
424 nread += n;
425 }
426 ATF_REQUIRE(nread == GROW);
427 require_sbytes(&c, FSIZE + GROW);
428
429 common_cleanup(&c);
430 }
431
432 ATF_TC_WITHOUT_HEAD(offset_beyond_eof);
ATF_TC_BODY(offset_beyond_eof,tc)433 ATF_TC_BODY(offset_beyond_eof, tc)
434 {
435 struct ctx c;
436
437 common_init(&c);
438
439 c.sbytes = -1;
440 sendme(&c, FSIZE + 1, 0, false);
441 ATF_REQUIRE(pthread_mutex_lock(&c.mtx) == 0);
442 while (c.state != READY)
443 ATF_REQUIRE(pthread_cond_wait(&c.cv, &c.mtx) == 0);
444 ATF_REQUIRE(c.sbytes == 0);
445 ATF_REQUIRE(pthread_mutex_unlock(&c.mtx) == 0);
446
447 common_cleanup(&c);
448 }
449
450 /*
451 * Prove that we can differentiate a short write due to EAGAIN from one due to
452 * end of file.
453 */
454 ATF_TC_WITHOUT_HEAD(eagain_vs_eof);
ATF_TC_BODY(eagain_vs_eof,tc)455 ATF_TC_BODY(eagain_vs_eof, tc)
456 {
457 struct ctx c;
458 char buf[16 * 1024];
459 ssize_t nread;
460 int n;
461
462 common_init(&c);
463
464 /*
465 * Exercise short write due to no buffer space on non-blocking
466 * socket. Internall sendfile(2) returns -1 and errno == EAGAIN.
467 */
468 ATF_REQUIRE(pthread_mutex_lock(&c.mtx) == 0);
469 sendme_locked_wait(&c, 0, FSIZE, true);
470 ATF_REQUIRE(c.sbytes > 0);
471 ATF_REQUIRE(SSL_get_error(c.srv, c.sbytes) == 0);
472 #if 0 /* see https://github.com/openssl/openssl/issues/29742 */
473 ATF_REQUIRE(BIO_should_retry(SSL_get_wbio(c.srv)));
474 #endif
475
476 /*
477 * Exercise second attempt on already full buffer.
478 */
479 sendme_locked_wait(&c, 0, FSIZE, true);
480 ATF_REQUIRE(c.sbytes == -1);
481 ATF_REQUIRE(SSL_get_error(c.srv, c.sbytes) == SSL_ERROR_WANT_WRITE);
482 ATF_REQUIRE(BIO_should_retry(SSL_get_wbio(c.srv)));
483
484 /* Clear the buffer. */
485 nread = 0;
486 while (nread < c.sbytes &&
487 (n = SSL_read_b(c.cln, buf, sizeof(buf))) > 0) {
488 ATF_REQUIRE(memcmp((char *)c.mfd + nread, buf, n) == 0);
489 nread += n;
490 }
491
492 /*
493 * Exercise zero length write: offset == file size.
494 *
495 * SSL_ERROR_SYSCALL seems a strange error code, as the syscall did not
496 * fail, and errno is clear, because a request to send 0 bytes is
497 * legitimate one. This test just documents the existing behavior
498 * rather than asserts that this is a correct behavior.
499 */
500 sendme_locked_wait(&c, FSIZE, 0, true);
501 ATF_REQUIRE(c.sbytes == 0);
502 ATF_REQUIRE(SSL_get_error(c.srv, c.sbytes) == SSL_ERROR_SYSCALL);
503 #if 0 /* see https://github.com/openssl/openssl/issues/29742 */
504 ATF_REQUIRE(!BIO_should_retry(SSL_get_wbio(c.srv)));
505 #endif
506
507 /*
508 * Exercise short write due to end of file.
509 */
510 sendme_locked_wait(&c, FSIZE - 100, 0, true);
511 ATF_REQUIRE(c.sbytes == 100);
512 ATF_REQUIRE(SSL_get_error(c.srv, c.sbytes) == 0);
513 #if 0 /* see https://github.com/openssl/openssl/issues/29742 */
514 ATF_REQUIRE(!BIO_should_retry(SSL_get_wbio(c.srv)));
515 #endif
516
517 ATF_REQUIRE(pthread_mutex_unlock(&c.mtx) == 0);
518
519 common_cleanup(&c);
520 }
521
ATF_TP_ADD_TCS(tp)522 ATF_TP_ADD_TCS(tp)
523 {
524 ATF_TP_ADD_TC(tp, basic);
525 ATF_TP_ADD_TC(tp, random);
526 ATF_TP_ADD_TC(tp, truncate);
527 ATF_TP_ADD_TC(tp, grow);
528 ATF_TP_ADD_TC(tp, offset_beyond_eof);
529 ATF_TP_ADD_TC(tp, eagain_vs_eof);
530
531 return atf_no_error();
532 }
533