azat · October 3, 2018 22:10
diff --git a/ssl-echoserver.c b/ssl-echoserver.c
 // https://github.com/libevent/libevent/issues/690
 // https://gist.github.com/nacl/cfcc35714c33b31e5a129f5e6500c577
 // openssl s_client -connect 127.1:9999 < /dev/zero | pv
 // ncat 127.1 9999 < /dev/zero | pv
 // gcc -g3 ssl-echoserver.c -lssl -lcrypto -L/src/le/libevent/.cmake-debug/lib -levent_core -levent_openssl -o ssl-echoserver

 /*
  Copyright (C) 2018 Akamai Technologies
  Copyright 2009-2012 Nick Mathewson

  Redistribution and use in source and binary forms, with or without
  modification, are permitted provided that the following conditions are met:

  - Redistributions of source code must retain the above copyright notice, this
    list of conditions and the following disclaimer.

  - Redistributions in binary form must reproduce the above copyright notice,
    this list of conditions and the following disclaimer in the documentation
    and/or other materials provided with the distribution.

  - Neither the names of the copyright owners nor the names of its contributors
    may be used to endorse or promote products derived from this software
    without specific prior written permission.

  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
  FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
  SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
  CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
  OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

 // This heavily based on the SSL echo server example provided here:
 //
 //   http://www.wangafu.net/~nickm/libevent-book/Ref6a_advanced_bufferevents.html

 // Compile with:
 //
 //   cc ssl-echoserver.c -levent -levent_openssl -lssl -lcrypto -o ssl-echoserver
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <sys/socket.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>

 #include <openssl/ssl.h>
 #include <openssl/err.h>
 #include <openssl/rand.h>

 #include <event.h>
 #include <event2/listener.h>
 #include <event2/bufferevent_ssl.h>

 #define WATERMARK (2<<20)
 #define BUFFER (1<<10)

 static void
 ssl_readcb(struct bufferevent * bev, void * arg)
 {
    struct evbuffer *in = bufferevent_get_input(bev);
    
 #if 0
    printf("in: %zu\n", evbuffer_get_length(in));
 #endif

 #if 0
    // Trigger the problem with watermarks
    if (evbuffer_get_length(in) <= WATERMARK) {
      return;
    }
 #endif

    // XXX: Artifically create buffer backlogging that will cause the program to
    // hang.  If the buffer size is less than or equal to than 1024 (as it is
    // here), events will get stuck and never fire again due to an iussue with
    // watermark handling.
    uint8_t rd_buf[BUFFER];
    uint8_t *buf_start = rd_buf;
    size_t bytes_read, bytes_remaining = sizeof(rd_buf);
  
    while((bytes_read = bufferevent_read(bev, rd_buf, bytes_remaining)) > 0) {
      bytes_remaining -= bytes_read;
      buf_start = buf_start + bytes_read;
    }
    size_t actual_bufsz = sizeof(rd_buf) - bytes_remaining;

    
    //printf("Received %zu bytes\n", evbuffer_get_length(in));
    //printf("----- data ----\n");
    //printf("%.*s\n", (int)evbuffer_get_length(in), evbuffer_pullup(in, -1));

    bufferevent_write(bev, rd_buf, actual_bufsz);
 }

 static void
 ssl_evcb(struct bufferevent *bev, short events, void *ctx)
 {
    // This is a callback that handles "events" on our connections, most notably
    // various classes of failures.
    if (events & BEV_EVENT_CONNECTED) {
        evutil_socket_t fd = bufferevent_getfd(bev);
        fprintf(stderr, "FD %d: Connected.\n", fd);
    }
  
    if (events & BEV_EVENT_ERROR) {
        char errbuf[256];
    
        ERR_error_string_n(bufferevent_get_openssl_error(bev), errbuf, sizeof(errbuf));
    
        fprintf(stderr, "Error from TLS bufferevent: %s\n", errbuf);
    }
  
    if (events & (BEV_EVENT_EOF | BEV_EVENT_ERROR)) {
        evutil_socket_t fd = bufferevent_getfd(bev);
        fprintf(stderr, "FD %d: Closing connection\n", fd);
        bufferevent_free(bev);
    }
 }

 static void
 ssl_acceptcb(struct evconnlistener *serv, int sock, struct sockaddr *sa,
             int sa_len, void *arg)
 {
    struct event_base *evbase;
    struct bufferevent *bev;
    SSL_CTX *server_ctx;
    SSL *client_ctx;

    server_ctx = (SSL_CTX *)arg;
    client_ctx = SSL_new(server_ctx);
    evbase = evconnlistener_get_base(serv);

 #if 0
    bev = bufferevent_socket_new(evbase, sock, 
                                         BEV_OPT_CLOSE_ON_FREE);
 #else
    bev = bufferevent_openssl_socket_new(evbase, sock, client_ctx,
                                         BUFFEREVENT_SSL_ACCEPTING,
                                         BEV_OPT_CLOSE_ON_FREE);
 #endif

    
    bufferevent_setcb(bev, ssl_readcb, NULL, ssl_evcb, NULL);
    
    // XXX: Set the watermark that triggers the problem
    bufferevent_setwatermark(bev,
                             EV_READ,
                             0,
                             WATERMARK);
    
    bufferevent_enable(bev, EV_READ|EV_WRITE);
 }

 static SSL_CTX *
 evssl_init(void)
 {
    SSL_CTX  *server_ctx;
    server_ctx = SSL_CTX_new(SSLv23_method());
    if (! SSL_CTX_use_certificate_chain_file(server_ctx, "server.pem") ||
        ! SSL_CTX_use_PrivateKey_file(server_ctx, "server.key", SSL_FILETYPE_PEM)) {
        puts("Couldn't read 'pkey' or 'cert' file.  To generate a key\n"
           "and self-signed certificate, run:\n"
           "  openssl genrsa -out server.key 2048\n"
           "  openssl req -new -key server.key -out server.req\n"
           "  openssl x509 -req -days 365 -in server.req -signkey server.key -out server.pem");
        return NULL;
    }
    return server_ctx;
 }

 int
 main(int argc, char **argv)
 {
    SSL_CTX *ctx;
    struct evconnlistener *listener;
    struct event_base *evbase;
    struct sockaddr_in sin;

    memset(&sin, 0, sizeof(sin));
    sin.sin_family = AF_INET;
    sin.sin_port = htons(9999);
    sin.sin_addr.s_addr = htonl(0x7f000001); /* 127.0.0.1 */

    ctx = evssl_init();
    if (ctx == NULL)
        return 1;
    evbase = event_base_new();
    listener = evconnlistener_new_bind(
                         evbase, ssl_acceptcb, (void *)ctx,
                         LEV_OPT_CLOSE_ON_FREE | LEV_OPT_REUSEABLE, -1,
                         (struct sockaddr *)&sin, sizeof(sin));

    event_base_loop(evbase, 0);

    evconnlistener_free(listener);
    SSL_CTX_free(ctx);

    return 0;
 }
	// https://github.com/libevent/libevent/issues/690
	// https://gist.github.com/nacl/cfcc35714c33b31e5a129f5e6500c577
	// openssl s_client -connect 127.1:9999 < /dev/zero \| pv
	// ncat 127.1 9999 < /dev/zero \| pv
	// gcc -g3 ssl-echoserver.c -lssl -lcrypto -L/src/le/libevent/.cmake-debug/lib -levent_core -levent_openssl -o ssl-echoserver

	/*
	Copyright (C) 2018 Akamai Technologies
	Copyright 2009-2012 Nick Mathewson

	Redistribution and use in source and binary forms, with or without
	modification, are permitted provided that the following conditions are met:

	- Redistributions of source code must retain the above copyright notice, this
	list of conditions and the following disclaimer.

	- Redistributions in binary form must reproduce the above copyright notice,
	this list of conditions and the following disclaimer in the documentation
	and/or other materials provided with the distribution.

	- Neither the names of the copyright owners nor the names of its contributors
	may be used to endorse or promote products derived from this software
	without specific prior written permission.

	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
	AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
	DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
	FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
	SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
	CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
	OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
	OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	*/

	// This heavily based on the SSL echo server example provided here:
	//
	// http://www.wangafu.net/~nickm/libevent-book/Ref6a_advanced_bufferevents.html

	// Compile with:
	//
	// cc ssl-echoserver.c -levent -levent_openssl -lssl -lcrypto -o ssl-echoserver
	#include <stdio.h>
	#include <stdlib.h>
	#include <string.h>
	#include <sys/socket.h>
	#include <netinet/in.h>
	#include <arpa/inet.h>

	#include <openssl/ssl.h>
	#include <openssl/err.h>
	#include <openssl/rand.h>

	#include <event.h>
	#include <event2/listener.h>
	#include <event2/bufferevent_ssl.h>

	#define WATERMARK (2<<20)
	#define BUFFER (1<<10)

	static void
	ssl_readcb(struct bufferevent * bev, void * arg)
	{
	struct evbuffer *in = bufferevent_get_input(bev);

	#if 0
	printf("in: %zu\n", evbuffer_get_length(in));
	#endif

	#if 0
	// Trigger the problem with watermarks
	if (evbuffer_get_length(in) <= WATERMARK) {
	return;
	}
	#endif

	// XXX: Artifically create buffer backlogging that will cause the program to
	// hang. If the buffer size is less than or equal to than 1024 (as it is
	// here), events will get stuck and never fire again due to an iussue with
	// watermark handling.
	uint8_t rd_buf[BUFFER];
	uint8_t *buf_start = rd_buf;
	size_t bytes_read, bytes_remaining = sizeof(rd_buf);

	while((bytes_read = bufferevent_read(bev, rd_buf, bytes_remaining)) > 0) {
	bytes_remaining -= bytes_read;
	buf_start = buf_start + bytes_read;
	}
	size_t actual_bufsz = sizeof(rd_buf) - bytes_remaining;


	//printf("Received %zu bytes\n", evbuffer_get_length(in));
	//printf("----- data ----\n");
	//printf("%.*s\n", (int)evbuffer_get_length(in), evbuffer_pullup(in, -1));

	bufferevent_write(bev, rd_buf, actual_bufsz);
	}

	static void
	ssl_evcb(struct bufferevent bev, short events, void ctx)
	{
	// This is a callback that handles "events" on our connections, most notably
	// various classes of failures.
	if (events & BEV_EVENT_CONNECTED) {
	evutil_socket_t fd = bufferevent_getfd(bev);
	fprintf(stderr, "FD %d: Connected.\n", fd);
	}

	if (events & BEV_EVENT_ERROR) {
	char errbuf[256];

	ERR_error_string_n(bufferevent_get_openssl_error(bev), errbuf, sizeof(errbuf));

	fprintf(stderr, "Error from TLS bufferevent: %s\n", errbuf);
	}

	if (events & (BEV_EVENT_EOF \| BEV_EVENT_ERROR)) {
	evutil_socket_t fd = bufferevent_getfd(bev);
	fprintf(stderr, "FD %d: Closing connection\n", fd);
	bufferevent_free(bev);
	}
	}

	static void
	ssl_acceptcb(struct evconnlistener serv, int sock, struct sockaddr sa,
	int sa_len, void *arg)
	{
	struct event_base *evbase;
	struct bufferevent *bev;
	SSL_CTX *server_ctx;
	SSL *client_ctx;

	server_ctx = (SSL_CTX *)arg;
	client_ctx = SSL_new(server_ctx);
	evbase = evconnlistener_get_base(serv);

	#if 0
	bev = bufferevent_socket_new(evbase, sock,
	BEV_OPT_CLOSE_ON_FREE);
	#else
	bev = bufferevent_openssl_socket_new(evbase, sock, client_ctx,
	BUFFEREVENT_SSL_ACCEPTING,
	BEV_OPT_CLOSE_ON_FREE);
	#endif


	bufferevent_setcb(bev, ssl_readcb, NULL, ssl_evcb, NULL);

	// XXX: Set the watermark that triggers the problem
	bufferevent_setwatermark(bev,
	EV_READ,
	0,
	WATERMARK);

	bufferevent_enable(bev, EV_READ\|EV_WRITE);
	}

	static SSL_CTX *
	evssl_init(void)
	{
	SSL_CTX *server_ctx;
	server_ctx = SSL_CTX_new(SSLv23_method());
	if (! SSL_CTX_use_certificate_chain_file(server_ctx, "server.pem") \|\|
	! SSL_CTX_use_PrivateKey_file(server_ctx, "server.key", SSL_FILETYPE_PEM)) {
	puts("Couldn't read 'pkey' or 'cert' file. To generate a key\n"
	"and self-signed certificate, run:\n"
	" openssl genrsa -out server.key 2048\n"
	" openssl req -new -key server.key -out server.req\n"
	" openssl x509 -req -days 365 -in server.req -signkey server.key -out server.pem");
	return NULL;
	}
	return server_ctx;
	}

	int
	main(int argc, char **argv)
	{
	SSL_CTX *ctx;
	struct evconnlistener *listener;
	struct event_base *evbase;
	struct sockaddr_in sin;

	memset(&sin, 0, sizeof(sin));
	sin.sin_family = AF_INET;
	sin.sin_port = htons(9999);
	sin.sin_addr.s_addr = htonl(0x7f000001); /* 127.0.0.1 */

	ctx = evssl_init();
	if (ctx == NULL)
	return 1;
	evbase = event_base_new();
	listener = evconnlistener_new_bind(
	evbase, ssl_acceptcb, (void *)ctx,
	LEV_OPT_CLOSE_ON_FREE \| LEV_OPT_REUSEABLE, -1,
	(struct sockaddr *)&sin, sizeof(sin));

	event_base_loop(evbase, 0);

	evconnlistener_free(listener);
	SSL_CTX_free(ctx);

	return 0;
	}