This commit was manufactured by cvs2git to create tag 'bluhm_20191119'.bluhm_20191119

author: cvs2svn <admin@example.com> 2019-11-19 19:57:05 +0000
committer: cvs2svn <admin@example.com> 2019-11-19 19:57:05 +0000
commit: e9f9eb6198f1757b7c0dfef043fadf1fa8243022 (patch)
tree: b5a648f6ccaf6c1cd9915ddb45503d1fccfeba0e /src/regress/lib/libtls/tls
parent: ab72e3a6f7e8d5c71bbba034410468781d5923b6 (diff)
download: openbsd-bluhm_20191119.tar.gz
openbsd-bluhm_20191119.tar.bz2
openbsd-bluhm_20191119.zip
2 files changed, 0 insertions, 469 deletions
diff --git a/src/regress/lib/libtls/tls/Makefile b/src/regress/lib/libtls/tls/Makefile
deleted file mode 100644
index 0fbd78481b..0000000000
--- a/src/regress/lib/libtls/tls/Makefile
+++ /dev/null
@@ -1,19 +0,0 @@
-# $OpenBSD: Makefile,v 1.2 2017/05/06 21:56:43 jsing Exp $
-PROG=   tlstest
-LDADD=  -lcrypto -lssl -ltls
-DPADD=  ${LIBCRYPTO} ${LIBSSL} ${LIBTLS}
-WARNINGS=       Yes
-CFLAGS+=        -Werror
-REGRESS_TARGETS= \
-        regress-tlstest
-regress-tlstest: ${PROG}
-        ./tlstest \
-            ${.CURDIR}/../../libssl/certs/ca.pem \
-            ${.CURDIR}/../../libssl/certs/server.pem \
-            ${.CURDIR}/../../libssl/certs/server.pem
-.include <bsd.regress.mk>
diff --git a/src/regress/lib/libtls/tls/tlstest.c b/src/regress/lib/libtls/tls/tlstest.c
deleted file mode 100644
index 8a4d5dbb38..0000000000
--- a/src/regress/lib/libtls/tls/tlstest.c
+++ /dev/null
@@ -1,450 +0,0 @@
-/* $OpenBSD: tlstest.c,v 1.10 2018/03/19 16:36:12 jsing Exp $ */
-/*
- * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-#include <sys/socket.h>
-#include <err.h>
-#include <fcntl.h>
-#include <stdio.h>
-#include <string.h>
-#include <unistd.h>
-#include <tls.h>
-#define CIRCULAR_BUFFER_SIZE 512
-unsigned char client_buffer[CIRCULAR_BUFFER_SIZE];
-unsigned char *client_readptr, *client_writeptr;
-unsigned char server_buffer[CIRCULAR_BUFFER_SIZE];
-unsigned char *server_readptr, *server_writeptr;
-char *cafile, *certfile, *keyfile;
-int debug = 0;
-static void
-circular_init(void)
-{
-        client_readptr = client_writeptr = client_buffer;
-        server_readptr = server_writeptr = server_buffer;
-}
-static ssize_t
-circular_read(char *name, unsigned char *buf, size_t bufsize,
-    unsigned char **readptr, unsigned char *writeptr,
-    unsigned char *outbuf, size_t outlen)
-{
-        unsigned char *nextptr = *readptr;
-        size_t n = 0;
-        while (n < outlen) {
-                if (nextptr == writeptr)
-                        break;
-                *outbuf++ = *nextptr++;
-                if ((size_t)(nextptr - buf) >= bufsize)
-                        nextptr = buf;
-                *readptr = nextptr;
-                n++;
-        }
-        if (debug && n > 0)
-                fprintf(stderr, "%s buffer: read %zi bytes\n", name, n);
-        return (n > 0 ? (ssize_t)n : TLS_WANT_POLLIN);
-}
-static ssize_t
-circular_write(char *name, unsigned char *buf, size_t bufsize,
-    unsigned char *readptr, unsigned char **writeptr,
-    const unsigned char *inbuf, size_t inlen)
-{
-        unsigned char *nextptr = *writeptr;
-        unsigned char *prevptr;
-        size_t n = 0;
-        while (n < inlen) {
-                prevptr = nextptr++;
-                if ((size_t)(nextptr - buf) >= bufsize)
-                        nextptr = buf;
-                if (nextptr == readptr)
-                        break;
-                *prevptr = *inbuf++;
-                *writeptr = nextptr;
-                n++;
-        }
-        if (debug && n > 0)
-                fprintf(stderr, "%s buffer: wrote %zi bytes\n", name, n);
-        return (n > 0 ? (ssize_t)n : TLS_WANT_POLLOUT);
-}
-static ssize_t
-client_read(struct tls *ctx, void *buf, size_t buflen, void *cb_arg)
-{
-        return circular_read("client", client_buffer, sizeof(client_buffer),
-            &client_readptr, client_writeptr, buf, buflen);
-}
-static ssize_t
-client_write(struct tls *ctx, const void *buf, size_t buflen, void *cb_arg)
-{
-        return circular_write("server", server_buffer, sizeof(server_buffer),
-            server_readptr, &server_writeptr, buf, buflen);
-}
-static ssize_t
-server_read(struct tls *ctx, void *buf, size_t buflen, void *cb_arg)
-{
-        return circular_read("server", server_buffer, sizeof(server_buffer),
-            &server_readptr, server_writeptr, buf, buflen);
-}
-static ssize_t
-server_write(struct tls *ctx, const void *buf, size_t buflen, void *cb_arg)
-{
-        return circular_write("client", client_buffer, sizeof(client_buffer),
-            client_readptr, &client_writeptr, buf, buflen);
-}
-static int
-do_tls_handshake(char *name, struct tls *ctx)
-{
-        int rv;
-        rv = tls_handshake(ctx);
-        if (rv == 0)
-                return (1);
-        if (rv == TLS_WANT_POLLIN || rv == TLS_WANT_POLLOUT)
-                return (0);
-        errx(1, "%s handshake failed: %s", name, tls_error(ctx));
-}
-static int
-do_tls_close(char *name, struct tls *ctx)
-{
-        int rv;
-        rv = tls_close(ctx);
-        if (rv == 0)
-                return (1);
-        if (rv == TLS_WANT_POLLIN || rv == TLS_WANT_POLLOUT)
-                return (0);
-        errx(1, "%s close failed: %s", name, tls_error(ctx));
-}
-static int
-do_client_server_handshake(char *desc, struct tls *client,
-    struct tls *server_cctx)
-{
-        int i, client_done, server_done;
-        i = client_done = server_done = 0;
-        do {
-                if (client_done == 0)
-                        client_done = do_tls_handshake("client", client);
-                if (server_done == 0)
-                        server_done = do_tls_handshake("server", server_cctx);
-        } while (i++ < 100 && (client_done == 0 || server_done == 0));
-        if (client_done == 0 || server_done == 0) {
-                printf("FAIL: %s TLS handshake did not complete\n", desc);
-                return (1);
-        }
-        return (0);
-}
-static int
-do_client_server_close(char *desc, struct tls *client, struct tls *server_cctx)
-{
-        int i, client_done, server_done;
-        i = client_done = server_done = 0;
-        do {
-                if (client_done == 0)
-                        client_done = do_tls_close("client", client);
-                if (server_done == 0)
-                        server_done = do_tls_close("server", server_cctx);
-        } while (i++ < 100 && (client_done == 0 || server_done == 0));
-        if (client_done == 0 || server_done == 0) {
-                printf("FAIL: %s TLS close did not complete\n", desc);
-                return (1);
-        }
-        return (0);
-}
-static int
-do_client_server_test(char *desc, struct tls *client, struct tls *server_cctx)
-{
-        if (do_client_server_handshake(desc, client, server_cctx) != 0)
-                return (1);
-        printf("INFO: %s TLS handshake completed successfully\n", desc);
-        /* XXX - Do some reads and writes... */
-        if (do_client_server_close(desc, client, server_cctx) != 0)
-                return (1);
-        printf("INFO: %s TLS close completed successfully\n", desc);
-        return (0);
-}
-static int
-test_tls_cbs(struct tls *client, struct tls *server)
-{
-        struct tls *server_cctx;
-        int failure;
-        circular_init();
-        if (tls_accept_cbs(server, &server_cctx, server_read, server_write,
-            NULL) == -1)
-                errx(1, "failed to accept: %s", tls_error(server));
-        if (tls_connect_cbs(client, client_read, client_write, NULL,
-            "test") == -1)
-                errx(1, "failed to connect: %s", tls_error(client));
-        failure = do_client_server_test("callback", client, server_cctx);
-        tls_free(server_cctx);
-        return (failure);
-}
-static int
-test_tls_fds(struct tls *client, struct tls *server)
-{
-        struct tls *server_cctx;
-        int cfds[2], sfds[2];
-        int failure;
-        if (pipe2(cfds, O_NONBLOCK) == -1)
-                err(1, "failed to create pipe");
-        if (pipe2(sfds, O_NONBLOCK) == -1)
-                err(1, "failed to create pipe");
-        if (tls_accept_fds(server, &server_cctx, sfds[0], cfds[1]) == -1)
-                errx(1, "failed to accept: %s", tls_error(server));
-        if (tls_connect_fds(client, cfds[0], sfds[1], "test") == -1)
-                errx(1, "failed to connect: %s", tls_error(client));
-        failure = do_client_server_test("file descriptor", client, server_cctx);
-        tls_free(server_cctx);
-        close(cfds[0]);
-        close(cfds[1]);
-        close(sfds[0]);
-        close(sfds[1]);
-        return (failure);
-}
-static int
-test_tls_socket(struct tls *client, struct tls *server)
-{
-        struct tls *server_cctx;
-        int failure;
-        int sv[2];
-        if (socketpair(AF_UNIX, SOCK_STREAM | SOCK_NONBLOCK, PF_UNSPEC,
-            sv) == -1)
-                err(1, "failed to create socketpair");
-        if (tls_accept_socket(server, &server_cctx, sv[0]) == -1)
-                errx(1, "failed to accept: %s", tls_error(server));
-        if (tls_connect_socket(client, sv[1], "test") == -1)
-                errx(1, "failed to connect: %s", tls_error(client));
-        failure = do_client_server_test("socket", client, server_cctx);
-        tls_free(server_cctx);
-        close(sv[0]);
-        close(sv[1]);
-        return (failure);
-}
-static int
-do_tls_tests(void)
-{
-        struct tls_config *client_cfg, *server_cfg;
-        struct tls *client, *server;
-        int failure = 0;
-        if ((client = tls_client()) == NULL)
-                errx(1, "failed to create tls client");
-        if ((client_cfg = tls_config_new()) == NULL)
-                errx(1, "failed to create tls client config");
-        tls_config_insecure_noverifyname(client_cfg);
-        if (tls_config_set_ca_file(client_cfg, cafile) == -1)
-                errx(1, "failed to set ca: %s", tls_config_error(client_cfg));
-        if ((server = tls_server()) == NULL)
-                errx(1, "failed to create tls server");
-        if ((server_cfg = tls_config_new()) == NULL)
-                errx(1, "failed to create tls server config");
-        if (tls_config_set_keypair_file(server_cfg, certfile, keyfile) == -1)
-                errx(1, "failed to set keypair: %s",
-                    tls_config_error(server_cfg));
-        tls_reset(client);
-        if (tls_configure(client, client_cfg) == -1)
-                errx(1, "failed to configure client: %s", tls_error(client));
-        tls_reset(server);
-        if (tls_configure(server, server_cfg) == -1)
-                errx(1, "failed to configure server: %s", tls_error(server));
-        failure |= test_tls_cbs(client, server);
-        tls_reset(client);
-        if (tls_configure(client, client_cfg) == -1)
-                errx(1, "failed to configure client: %s", tls_error(client));
-        tls_reset(server);
-        if (tls_configure(server, server_cfg) == -1)
-                errx(1, "failed to configure server: %s", tls_error(server));
-        failure |= test_tls_fds(client, server);
-        tls_reset(client);
-        if (tls_configure(client, client_cfg) == -1)
-                errx(1, "failed to configure client: %s", tls_error(client));
-        tls_reset(server);
-        if (tls_configure(server, server_cfg) == -1)
-                errx(1, "failed to configure server: %s", tls_error(server));
-        tls_config_free(client_cfg);
-        tls_config_free(server_cfg);
-        failure |= test_tls_socket(client, server);
-        tls_free(client);
-        tls_free(server);
-        return (failure);
-}
-static int
-do_tls_ordering_tests(void)
-{
-        struct tls *client = NULL, *server = NULL, *server_cctx = NULL;
-        struct tls_config *client_cfg, *server_cfg;
-        int failure = 0;
-        circular_init();
-        if ((client = tls_client()) == NULL)
-                errx(1, "failed to create tls client");
-        if ((client_cfg = tls_config_new()) == NULL)
-                errx(1, "failed to create tls client config");
-        tls_config_insecure_noverifyname(client_cfg);
-        if (tls_config_set_ca_file(client_cfg, cafile) == -1)
-                errx(1, "failed to set ca: %s", tls_config_error(client_cfg));
-        if ((server = tls_server()) == NULL)
-                errx(1, "failed to create tls server");
-        if ((server_cfg = tls_config_new()) == NULL)
-                errx(1, "failed to create tls server config");
-        if (tls_config_set_keypair_file(server_cfg, certfile, keyfile) == -1)
-                errx(1, "failed to set keypair: %s",
-                    tls_config_error(server_cfg));
-        if (tls_configure(client, client_cfg) == -1)
-                errx(1, "failed to configure client: %s", tls_error(client));
-        if (tls_configure(server, server_cfg) == -1)
-                errx(1, "failed to configure server: %s", tls_error(server));
-        tls_config_free(client_cfg);
-        tls_config_free(server_cfg);
-        if (tls_handshake(client) != -1) {
-                printf("FAIL: TLS handshake succeeded on unconnnected "
-                    "client context\n");
-                failure = 1;
-                goto done;
-        }
-        if (tls_accept_cbs(server, &server_cctx, server_read, server_write,
-            NULL) == -1)
-                errx(1, "failed to accept: %s", tls_error(server));
-        if (tls_connect_cbs(client, client_read, client_write, NULL,
-            "test") == -1)
-                errx(1, "failed to connect: %s", tls_error(client));
-        if (do_client_server_handshake("ordering", client, server_cctx) != 0) {
-                failure = 1;
-                goto done;
-        }
-        if (tls_handshake(client) != -1) {
-                printf("FAIL: TLS handshake succeeded twice\n");
-                failure = 1;
-                goto done;
-        }
-        if (tls_handshake(server_cctx) != -1) {
-                printf("FAIL: TLS handshake succeeded twice\n");
-                failure = 1;
-                goto done;
-        }
-        if (do_client_server_close("ordering", client, server_cctx) != 0) {
-                failure = 1;
-                goto done;
-        }
- done:
-        tls_free(client);
-        tls_free(server);
-        tls_free(server_cctx);
-        return (failure);
-}
-int
-main(int argc, char **argv)
-{
-        int failure = 0;
-        if (argc != 4) {
-                fprintf(stderr, "usage: %s cafile certfile keyfile\n",
-                    argv[0]);
-                return (1);
-        }
-        cafile = argv[1];
-        certfile = argv[2];
-        keyfile = argv[3];
-        failure |= do_tls_tests();
-        failure |= do_tls_ordering_tests();
-        return (failure);
-}
author	cvs2svn <admin@example.com>	2019-11-19 19:57:05 +0000
committer	cvs2svn <admin@example.com>	2019-11-19 19:57:05 +0000
commit	e9f9eb6198f1757b7c0dfef043fadf1fa8243022 (patch)
tree	b5a648f6ccaf6c1cd9915ddb45503d1fccfeba0e /src/regress/lib/libtls/tls
parent	ab72e3a6f7e8d5c71bbba034410468781d5923b6 (diff)
download	openbsd-bluhm_20191119.tar.gz openbsd-bluhm_20191119.tar.bz2 openbsd-bluhm_20191119.zip

diff --git a/src/regress/lib/libtls/tls/Makefile b/src/regress/lib/libtls/tls/Makefile deleted file mode 100644 index 0fbd78481b..0000000000 --- a/src/regress/lib/libtls/tls/Makefile +++ /dev/null
@@ -1,19 +0,0 @@
1	# $OpenBSD: Makefile,v 1.2 2017/05/06 21:56:43 jsing Exp $
2
3	PROG= tlstest
4	LDADD= -lcrypto -lssl -ltls
5	DPADD= ${LIBCRYPTO} ${LIBSSL} ${LIBTLS}
6
7	WARNINGS= Yes
8	CFLAGS+= -Werror
9
10	REGRESS_TARGETS= \
11	regress-tlstest
12
13	regress-tlstest: ${PROG}
14	./tlstest \
15	${.CURDIR}/../../libssl/certs/ca.pem \
16	${.CURDIR}/../../libssl/certs/server.pem \
17	${.CURDIR}/../../libssl/certs/server.pem
18
19	.include <bsd.regress.mk>


diff --git a/src/regress/lib/libtls/tls/tlstest.c b/src/regress/lib/libtls/tls/tlstest.c deleted file mode 100644 index 8a4d5dbb38..0000000000 --- a/src/regress/lib/libtls/tls/tlstest.c +++ /dev/null
@@ -1,450 +0,0 @@
1	/* $OpenBSD: tlstest.c,v 1.10 2018/03/19 16:36:12 jsing Exp $ */
2	/*
3	* Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
4	*
5	* Permission to use, copy, modify, and distribute this software for any
6	* purpose with or without fee is hereby granted, provided that the above
7	* copyright notice and this permission notice appear in all copies.
8	*
9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16	*/
17
18	#include <sys/socket.h>
19
20	#include <err.h>
21	#include <fcntl.h>
22	#include <stdio.h>
23	#include <string.h>
24	#include <unistd.h>
25
26	#include <tls.h>
27
28	#define CIRCULAR_BUFFER_SIZE 512
29
30	unsigned char client_buffer[CIRCULAR_BUFFER_SIZE];
31	unsigned char client_readptr, client_writeptr;
32
33	unsigned char server_buffer[CIRCULAR_BUFFER_SIZE];
34	unsigned char server_readptr, server_writeptr;
35
36	char cafile, certfile, *keyfile;
37
38	int debug = 0;
39
40	static void
41	circular_init(void)
42	{
43	client_readptr = client_writeptr = client_buffer;
44	server_readptr = server_writeptr = server_buffer;
45	}
46
47	static ssize_t
48	circular_read(char name, unsigned char buf, size_t bufsize,
49	unsigned char *readptr, unsigned char writeptr,
50	unsigned char *outbuf, size_t outlen)
51	{
52	unsigned char nextptr = readptr;
53	size_t n = 0;
54
55	while (n < outlen) {
56	if (nextptr == writeptr)
57	break;
58	outbuf++ = nextptr++;
59	if ((size_t)(nextptr - buf) >= bufsize)
60	nextptr = buf;
61	*readptr = nextptr;
62	n++;
63	}
64
65	if (debug && n > 0)
66	fprintf(stderr, "%s buffer: read %zi bytes\n", name, n);
67
68	return (n > 0 ? (ssize_t)n : TLS_WANT_POLLIN);
69	}
70
71	static ssize_t
72	circular_write(char name, unsigned char buf, size_t bufsize,
73	unsigned char readptr, unsigned char *writeptr,
74	const unsigned char *inbuf, size_t inlen)
75	{
76	unsigned char nextptr = writeptr;
77	unsigned char *prevptr;
78	size_t n = 0;
79
80	while (n < inlen) {
81	prevptr = nextptr++;
82	if ((size_t)(nextptr - buf) >= bufsize)
83	nextptr = buf;
84	if (nextptr == readptr)
85	break;
86	prevptr = inbuf++;
87	*writeptr = nextptr;
88	n++;
89	}
90
91	if (debug && n > 0)
92	fprintf(stderr, "%s buffer: wrote %zi bytes\n", name, n);
93
94	return (n > 0 ? (ssize_t)n : TLS_WANT_POLLOUT);
95	}
96
97	static ssize_t
98	client_read(struct tls ctx, void buf, size_t buflen, void *cb_arg)
99	{
100	return circular_read("client", client_buffer, sizeof(client_buffer),
101	&client_readptr, client_writeptr, buf, buflen);
102	}
103
104	static ssize_t
105	client_write(struct tls ctx, const void buf, size_t buflen, void *cb_arg)
106	{
107	return circular_write("server", server_buffer, sizeof(server_buffer),
108	server_readptr, &server_writeptr, buf, buflen);
109	}
110
111	static ssize_t
112	server_read(struct tls ctx, void buf, size_t buflen, void *cb_arg)
113	{
114	return circular_read("server", server_buffer, sizeof(server_buffer),
115	&server_readptr, server_writeptr, buf, buflen);
116	}
117
118	static ssize_t
119	server_write(struct tls ctx, const void buf, size_t buflen, void *cb_arg)
120	{
121	return circular_write("client", client_buffer, sizeof(client_buffer),
122	client_readptr, &client_writeptr, buf, buflen);
123	}
124
125	static int
126	do_tls_handshake(char name, struct tls ctx)
127	{
128	int rv;
129
130	rv = tls_handshake(ctx);
131	if (rv == 0)
132	return (1);
133	if (rv == TLS_WANT_POLLIN \|\| rv == TLS_WANT_POLLOUT)
134	return (0);
135
136	errx(1, "%s handshake failed: %s", name, tls_error(ctx));
137	}
138
139	static int
140	do_tls_close(char name, struct tls ctx)
141	{
142	int rv;
143
144	rv = tls_close(ctx);
145	if (rv == 0)
146	return (1);
147	if (rv == TLS_WANT_POLLIN \|\| rv == TLS_WANT_POLLOUT)
148	return (0);
149
150	errx(1, "%s close failed: %s", name, tls_error(ctx));
151	}
152
153	static int
154	do_client_server_handshake(char desc, struct tls client,
155	struct tls *server_cctx)
156	{
157	int i, client_done, server_done;
158
159	i = client_done = server_done = 0;
160	do {
161	if (client_done == 0)
162	client_done = do_tls_handshake("client", client);
163	if (server_done == 0)
164	server_done = do_tls_handshake("server", server_cctx);
165	} while (i++ < 100 && (client_done == 0 \|\| server_done == 0));
166
167	if (client_done == 0 \|\| server_done == 0) {
168	printf("FAIL: %s TLS handshake did not complete\n", desc);
169	return (1);
170	}
171
172	return (0);
173	}
174
175	static int
176	do_client_server_close(char desc, struct tls client, struct tls *server_cctx)
177	{
178	int i, client_done, server_done;
179
180	i = client_done = server_done = 0;
181	do {
182	if (client_done == 0)
183	client_done = do_tls_close("client", client);
184	if (server_done == 0)
185	server_done = do_tls_close("server", server_cctx);
186	} while (i++ < 100 && (client_done == 0 \|\| server_done == 0));
187
188	if (client_done == 0 \|\| server_done == 0) {
189	printf("FAIL: %s TLS close did not complete\n", desc);
190	return (1);
191	}
192
193	return (0);
194	}
195
196	static int
197	do_client_server_test(char desc, struct tls client, struct tls *server_cctx)
198	{
199	if (do_client_server_handshake(desc, client, server_cctx) != 0)
200	return (1);
201
202	printf("INFO: %s TLS handshake completed successfully\n", desc);
203
204	/* XXX - Do some reads and writes... */
205
206	if (do_client_server_close(desc, client, server_cctx) != 0)
207	return (1);
208
209	printf("INFO: %s TLS close completed successfully\n", desc);
210
211	return (0);
212	}
213
214	static int
215	test_tls_cbs(struct tls client, struct tls server)
216	{
217	struct tls *server_cctx;
218	int failure;
219
220	circular_init();
221
222	if (tls_accept_cbs(server, &server_cctx, server_read, server_write,
223	NULL) == -1)
224	errx(1, "failed to accept: %s", tls_error(server));
225
226	if (tls_connect_cbs(client, client_read, client_write, NULL,
227	"test") == -1)
228	errx(1, "failed to connect: %s", tls_error(client));
229
230	failure = do_client_server_test("callback", client, server_cctx);
231
232	tls_free(server_cctx);
233
234	return (failure);
235	}
236
237	static int
238	test_tls_fds(struct tls client, struct tls server)
239	{
240	struct tls *server_cctx;
241	int cfds[2], sfds[2];
242	int failure;
243
244	if (pipe2(cfds, O_NONBLOCK) == -1)
245	err(1, "failed to create pipe");
246	if (pipe2(sfds, O_NONBLOCK) == -1)
247	err(1, "failed to create pipe");
248
249	if (tls_accept_fds(server, &server_cctx, sfds[0], cfds[1]) == -1)
250	errx(1, "failed to accept: %s", tls_error(server));
251
252	if (tls_connect_fds(client, cfds[0], sfds[1], "test") == -1)
253	errx(1, "failed to connect: %s", tls_error(client));
254
255	failure = do_client_server_test("file descriptor", client, server_cctx);
256
257	tls_free(server_cctx);
258
259	close(cfds[0]);
260	close(cfds[1]);
261	close(sfds[0]);
262	close(sfds[1]);
263
264	return (failure);
265	}
266
267	static int
268	test_tls_socket(struct tls client, struct tls server)
269	{
270	struct tls *server_cctx;
271	int failure;
272	int sv[2];
273
274	if (socketpair(AF_UNIX, SOCK_STREAM \| SOCK_NONBLOCK, PF_UNSPEC,
275	sv) == -1)
276	err(1, "failed to create socketpair");
277
278	if (tls_accept_socket(server, &server_cctx, sv[0]) == -1)
279	errx(1, "failed to accept: %s", tls_error(server));
280
281	if (tls_connect_socket(client, sv[1], "test") == -1)
282	errx(1, "failed to connect: %s", tls_error(client));
283
284	failure = do_client_server_test("socket", client, server_cctx);
285
286	tls_free(server_cctx);
287
288	close(sv[0]);
289	close(sv[1]);
290
291	return (failure);
292	}
293
294	static int
295	do_tls_tests(void)
296	{
297	struct tls_config client_cfg, server_cfg;
298	struct tls client, server;
299	int failure = 0;
300
301	if ((client = tls_client()) == NULL)
302	errx(1, "failed to create tls client");
303	if ((client_cfg = tls_config_new()) == NULL)
304	errx(1, "failed to create tls client config");
305	tls_config_insecure_noverifyname(client_cfg);
306	if (tls_config_set_ca_file(client_cfg, cafile) == -1)
307	errx(1, "failed to set ca: %s", tls_config_error(client_cfg));
308
309	if ((server = tls_server()) == NULL)
310	errx(1, "failed to create tls server");
311	if ((server_cfg = tls_config_new()) == NULL)
312	errx(1, "failed to create tls server config");
313	if (tls_config_set_keypair_file(server_cfg, certfile, keyfile) == -1)
314	errx(1, "failed to set keypair: %s",
315	tls_config_error(server_cfg));
316
317	tls_reset(client);
318	if (tls_configure(client, client_cfg) == -1)
319	errx(1, "failed to configure client: %s", tls_error(client));
320	tls_reset(server);
321	if (tls_configure(server, server_cfg) == -1)
322	errx(1, "failed to configure server: %s", tls_error(server));
323
324	failure \|= test_tls_cbs(client, server);
325
326	tls_reset(client);
327	if (tls_configure(client, client_cfg) == -1)
328	errx(1, "failed to configure client: %s", tls_error(client));
329	tls_reset(server);
330	if (tls_configure(server, server_cfg) == -1)
331	errx(1, "failed to configure server: %s", tls_error(server));
332
333	failure \|= test_tls_fds(client, server);
334
335	tls_reset(client);
336	if (tls_configure(client, client_cfg) == -1)
337	errx(1, "failed to configure client: %s", tls_error(client));
338	tls_reset(server);
339	if (tls_configure(server, server_cfg) == -1)
340	errx(1, "failed to configure server: %s", tls_error(server));
341
342	tls_config_free(client_cfg);
343	tls_config_free(server_cfg);
344
345	failure \|= test_tls_socket(client, server);
346
347	tls_free(client);
348	tls_free(server);
349
350	return (failure);
351	}
352
353	static int
354	do_tls_ordering_tests(void)
355	{
356	struct tls client = NULL, server = NULL, *server_cctx = NULL;
357	struct tls_config client_cfg, server_cfg;
358	int failure = 0;
359
360	circular_init();
361
362	if ((client = tls_client()) == NULL)
363	errx(1, "failed to create tls client");
364	if ((client_cfg = tls_config_new()) == NULL)
365	errx(1, "failed to create tls client config");
366	tls_config_insecure_noverifyname(client_cfg);
367	if (tls_config_set_ca_file(client_cfg, cafile) == -1)
368	errx(1, "failed to set ca: %s", tls_config_error(client_cfg));
369
370	if ((server = tls_server()) == NULL)
371	errx(1, "failed to create tls server");
372	if ((server_cfg = tls_config_new()) == NULL)
373	errx(1, "failed to create tls server config");
374	if (tls_config_set_keypair_file(server_cfg, certfile, keyfile) == -1)
375	errx(1, "failed to set keypair: %s",
376	tls_config_error(server_cfg));
377
378	if (tls_configure(client, client_cfg) == -1)
379	errx(1, "failed to configure client: %s", tls_error(client));
380	if (tls_configure(server, server_cfg) == -1)
381	errx(1, "failed to configure server: %s", tls_error(server));
382
383	tls_config_free(client_cfg);
384	tls_config_free(server_cfg);
385
386	if (tls_handshake(client) != -1) {
387	printf("FAIL: TLS handshake succeeded on unconnnected "
388	"client context\n");
389	failure = 1;
390	goto done;
391	}
392
393	if (tls_accept_cbs(server, &server_cctx, server_read, server_write,
394	NULL) == -1)
395	errx(1, "failed to accept: %s", tls_error(server));
396
397	if (tls_connect_cbs(client, client_read, client_write, NULL,
398	"test") == -1)
399	errx(1, "failed to connect: %s", tls_error(client));
400
401	if (do_client_server_handshake("ordering", client, server_cctx) != 0) {
402	failure = 1;
403	goto done;
404	}
405
406	if (tls_handshake(client) != -1) {
407	printf("FAIL: TLS handshake succeeded twice\n");
408	failure = 1;
409	goto done;
410	}
411
412	if (tls_handshake(server_cctx) != -1) {
413	printf("FAIL: TLS handshake succeeded twice\n");
414	failure = 1;
415	goto done;
416	}
417
418	if (do_client_server_close("ordering", client, server_cctx) != 0) {
419	failure = 1;
420	goto done;
421	}
422
423	done:
424	tls_free(client);
425	tls_free(server);
426	tls_free(server_cctx);
427
428	return (failure);
429	}
430
431	int
432	main(int argc, char **argv)
433	{
434	int failure = 0;
435
436	if (argc != 4) {
437	fprintf(stderr, "usage: %s cafile certfile keyfile\n",
438	argv[0]);
439	return (1);
440	}
441
442	cafile = argv[1];
443	certfile = argv[2];
444	keyfile = argv[3];
445
446	failure \|= do_tls_tests();
447	failure \|= do_tls_ordering_tests();
448
449	return (failure);
450	}