Remove NPN test coverage.

author: jsing <> 2017-08-12 21:05:06 +0000
committer: jsing <> 2017-08-12 21:05:06 +0000
commit: aa07f6851bbcb6c8ad4d78c02d2b5814864eaac1 (patch)
tree: f078d672e19e7b9561bd25f00a984f5db2b36ab5
parent: 5378b10f3fbd644d16966a5c43da9325d98d8c64 (diff)
download: openbsd-aa07f6851bbcb6c8ad4d78c02d2b5814864eaac1.tar.gz
openbsd-aa07f6851bbcb6c8ad4d78c02d2b5814864eaac1.tar.bz2
openbsd-aa07f6851bbcb6c8ad4d78c02d2b5814864eaac1.zip
2 files changed, 1 insertions, 129 deletions
diff --git a/src/regress/lib/libssl/ssl/ssltest.c b/src/regress/lib/libssl/ssl/ssltest.c
index 59a2bea81a..7137d0c407 100644
--- a/src/regress/lib/libssl/ssl/ssltest.c
+++ b/src/regress/lib/libssl/ssl/ssltest.c
@@ -199,87 +199,6 @@ static DH *get_dh1024dsa(void);
 static BIO *bio_err = NULL;
 static BIO *bio_stdout = NULL;
-/* Note that this code assumes that this is only a one element list: */
-static const char NEXT_PROTO_STRING[] = "\x09testproto";
-int npn_client = 0;
-int npn_server = 0;
-int npn_server_reject = 0;
-static int
-cb_client_npn(SSL *s, unsigned char **out, unsigned char *outlen,
-    const unsigned char *in, unsigned int inlen, void *arg)
-{
-        /*
-         * This callback only returns the protocol string, rather than a length
-         * prefixed set. We assume that NEXT_PROTO_STRING is a one element list
-         * and remove the first byte to chop off the length prefix.
-         */
-        *out = (unsigned char *)NEXT_PROTO_STRING + 1;
-        *outlen = sizeof(NEXT_PROTO_STRING) - 2;
-        return (SSL_TLSEXT_ERR_OK);
-}
-static int
-cb_server_npn(SSL *s, const unsigned char **data, unsigned int *len, void *arg)
-{
-        *data = (const unsigned char *)NEXT_PROTO_STRING;
-        *len = sizeof(NEXT_PROTO_STRING) - 1;
-        return (SSL_TLSEXT_ERR_OK);
-}
-static int
-cb_server_rejects_npn(SSL *s, const unsigned char **data, unsigned int *len,
-    void *arg)
-{
-        return (SSL_TLSEXT_ERR_NOACK);
-}
-static int
-verify_npn(SSL *client, SSL *server)
-{
-        const unsigned char *client_s;
-        unsigned int client_len;
-        const unsigned char *server_s;
-        unsigned int server_len;
-        SSL_get0_next_proto_negotiated(client, &client_s, &client_len);
-        SSL_get0_next_proto_negotiated(server, &server_s, &server_len);
-        if (client_len) {
-                BIO_printf(bio_stdout, "Client NPN: ");
-                BIO_write(bio_stdout, client_s, client_len);
-                BIO_printf(bio_stdout, "\n");
-        }
-        if (server_len) {
-                BIO_printf(bio_stdout, "Server NPN: ");
-                BIO_write(bio_stdout, server_s, server_len);
-                BIO_printf(bio_stdout, "\n");
-        }
-        /*
-         * If an NPN string was returned, it must be the protocol that we
-         * expected to negotiate.
-         */
-        if (client_len && (client_len != sizeof(NEXT_PROTO_STRING) - 2 ||
-            memcmp(client_s, NEXT_PROTO_STRING + 1, client_len)))
-                return (-1);
-        if (server_len && (server_len != sizeof(NEXT_PROTO_STRING) - 2 ||
-            memcmp(server_s, NEXT_PROTO_STRING + 1, server_len)))
-                return (-1);
-        if (!npn_client && client_len)
-                return (-1);
-        if (!npn_server && server_len)
-                return (-1);
-        if (npn_server_reject && server_len)
-                return (-1);
-        if (npn_client && npn_server && (!client_len || !server_len))
-                return (-1);
-        return (0);
-}
 static const char *alpn_client;
 static const char *alpn_server;
 static const char *alpn_expected;
@@ -445,9 +364,6 @@ sv_usage(void)
                       "                 Use \"openssl ecparam -list_curves\" for all names\n"  \
                       "                 (default is sect163r2).\n");
        fprintf(stderr, " -test_cipherlist - verifies the order of the ssl cipher lists\n");
-        fprintf(stderr, " -npn_client - have client side offer NPN\n");
-        fprintf(stderr, " -npn_server - have server side offer NPN\n");
-        fprintf(stderr, " -npn_server_reject - have server reject NPN\n");
        fprintf(stderr, " -alpn_client <string> - have client side offer ALPN\n");
        fprintf(stderr, " -alpn_server <string> - have server side offer ALPN\n");
        fprintf(stderr, " -alpn_expected <string> - the ALPN protocol that should be negotiated\n");
@@ -687,15 +603,7 @@ main(int argc, char *argv[])
                        app_verify_arg.allow_proxy_certs = 1;
                } else if (strcmp(*argv, "-test_cipherlist") == 0) {
                        test_cipherlist = 1;
-                }
+                } else if (strcmp(*argv, "-alpn_client") == 0) {
-                else if (strcmp(*argv, "-npn_client") == 0) {
-                        npn_client = 1;
-                } else if (strcmp(*argv, "-npn_server") == 0) {
-                        npn_server = 1;
-                } else if (strcmp(*argv, "-npn_server_reject") == 0) {
-                        npn_server_reject = 1;
-                }
-                else if (strcmp(*argv, "-alpn_client") == 0) {
                        if (--argc < 1)
                                goto bad;
                        alpn_client = *(++argv);
@@ -856,22 +764,6 @@ bad:
                    (void *)&session_id_context, sizeof(session_id_context));
        }
-        if (npn_client)
-                SSL_CTX_set_next_proto_select_cb(c_ctx, cb_client_npn, NULL);
-        if (npn_server) {
-                if (npn_server_reject) {
-                        BIO_printf(bio_err, "Can't have both -npn_server and "
-                            "-npn_server_reject\n");
-                        goto end;
-                }
-                SSL_CTX_set_next_protos_advertised_cb(s_ctx,
-                    cb_server_npn, NULL);
-        }
-        if (npn_server_reject) {
-                SSL_CTX_set_next_protos_advertised_cb(s_ctx,
-                    cb_server_rejects_npn, NULL);
-        }
        if (alpn_server != NULL)
                SSL_CTX_set_alpn_select_cb(s_ctx, cb_server_alpn, NULL);
@@ -1275,10 +1167,6 @@ doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, clock_t *s_time,
        if (verbose)
                print_details(c_ssl, "DONE via BIO pair: ");
-        if (verify_npn(c_ssl, s_ssl) < 0) {
-                ret = 1;
-                goto err;
-        }
        if (verify_alpn(c_ssl, s_ssl) < 0) {
                ret = 1;
                goto err;
@@ -1522,10 +1410,6 @@ doit(SSL *s_ssl, SSL *c_ssl, long count)
        if (verbose)
                print_details(c_ssl, "DONE: ");
-        if (verify_npn(c_ssl, s_ssl) < 0) {
-                ret = 1;
-                goto err;
-        }
        if (verify_alpn(c_ssl, s_ssl) < 0) {
                ret = 1;
                goto err;
diff --git a/src/regress/lib/libssl/ssl/testssl b/src/regress/lib/libssl/ssl/testssl
index f156001456..3563d13607 100644
--- a/src/regress/lib/libssl/ssl/testssl
+++ b/src/regress/lib/libssl/ssl/testssl
@@ -119,18 +119,6 @@ for protocol in SSLv3; do
 done
 #
-# Next Protocol Negotiation tests
-#
-echo "Testing NPN..."
-$ssltest -bio_pair -tls1 -npn_client || exit 1
-$ssltest -bio_pair -tls1 -npn_server || exit 1
-$ssltest -bio_pair -tls1 -npn_server_reject || exit 1
-$ssltest -bio_pair -tls1 -npn_client -npn_server_reject || exit 1
-$ssltest -bio_pair -tls1 -npn_client -npn_server || exit 1
-$ssltest -bio_pair -tls1 -npn_client -npn_server -num 2 || exit 1
-$ssltest -bio_pair -tls1 -npn_client -npn_server -num 2 -reuse || exit 1
-#
 # ALPN tests
 #
 echo "Testing ALPN..."
author	jsing <>	2017-08-12 21:05:06 +0000
committer	jsing <>	2017-08-12 21:05:06 +0000
commit	aa07f6851bbcb6c8ad4d78c02d2b5814864eaac1 (patch)
tree	f078d672e19e7b9561bd25f00a984f5db2b36ab5
parent	5378b10f3fbd644d16966a5c43da9325d98d8c64 (diff)
download	openbsd-aa07f6851bbcb6c8ad4d78c02d2b5814864eaac1.tar.gz openbsd-aa07f6851bbcb6c8ad4d78c02d2b5814864eaac1.tar.bz2 openbsd-aa07f6851bbcb6c8ad4d78c02d2b5814864eaac1.zip

diff --git a/src/regress/lib/libssl/ssl/ssltest.c b/src/regress/lib/libssl/ssl/ssltest.c index 59a2bea81a..7137d0c407 100644 --- a/src/regress/lib/libssl/ssl/ssltest.c +++ b/src/regress/lib/libssl/ssl/ssltest.c
@@ -199,87 +199,6 @@ static DH *get_dh1024dsa(void);
199	static BIO *bio_err = NULL;	199	static BIO *bio_err = NULL;
200	static BIO *bio_stdout = NULL;	200	static BIO *bio_stdout = NULL;
201		201
202	/* Note that this code assumes that this is only a one element list: */
203	static const char NEXT_PROTO_STRING[] = "\x09testproto";
204	int npn_client = 0;
205	int npn_server = 0;
206	int npn_server_reject = 0;
207
208	static int
209	cb_client_npn(SSL s, unsigned char out, unsigned char outlen,
210	const unsigned char in, unsigned int inlen, void arg)
211	{
212	/*
213	* This callback only returns the protocol string, rather than a length
214	* prefixed set. We assume that NEXT_PROTO_STRING is a one element list
215	* and remove the first byte to chop off the length prefix.
216	*/
217	out = (unsigned char )NEXT_PROTO_STRING + 1;
218	*outlen = sizeof(NEXT_PROTO_STRING) - 2;
219	return (SSL_TLSEXT_ERR_OK);
220	}
221
222	static int
223	cb_server_npn(SSL s, const unsigned char data, unsigned int len, void *arg)
224	{
225	data = (const unsigned char )NEXT_PROTO_STRING;
226	*len = sizeof(NEXT_PROTO_STRING) - 1;
227	return (SSL_TLSEXT_ERR_OK);
228	}
229
230	static int
231	cb_server_rejects_npn(SSL s, const unsigned char data, unsigned int len,
232	void *arg)
233	{
234	return (SSL_TLSEXT_ERR_NOACK);
235	}
236
237	static int
238	verify_npn(SSL client, SSL server)
239	{
240	const unsigned char *client_s;
241	unsigned int client_len;
242	const unsigned char *server_s;
243	unsigned int server_len;
244
245	SSL_get0_next_proto_negotiated(client, &client_s, &client_len);
246	SSL_get0_next_proto_negotiated(server, &server_s, &server_len);
247
248	if (client_len) {
249	BIO_printf(bio_stdout, "Client NPN: ");
250	BIO_write(bio_stdout, client_s, client_len);
251	BIO_printf(bio_stdout, "\n");
252	}
253
254	if (server_len) {
255	BIO_printf(bio_stdout, "Server NPN: ");
256	BIO_write(bio_stdout, server_s, server_len);
257	BIO_printf(bio_stdout, "\n");
258	}
259
260	/*
261	* If an NPN string was returned, it must be the protocol that we
262	* expected to negotiate.
263	*/
264	if (client_len && (client_len != sizeof(NEXT_PROTO_STRING) - 2 \|\|
265	memcmp(client_s, NEXT_PROTO_STRING + 1, client_len)))
266	return (-1);
267	if (server_len && (server_len != sizeof(NEXT_PROTO_STRING) - 2 \|\|
268	memcmp(server_s, NEXT_PROTO_STRING + 1, server_len)))
269	return (-1);
270
271	if (!npn_client && client_len)
272	return (-1);
273	if (!npn_server && server_len)
274	return (-1);
275	if (npn_server_reject && server_len)
276	return (-1);
277	if (npn_client && npn_server && (!client_len \|\| !server_len))
278	return (-1);
279
280	return (0);
281	}
282
283	static const char *alpn_client;	202	static const char *alpn_client;
284	static const char *alpn_server;	203	static const char *alpn_server;
285	static const char *alpn_expected;	204	static const char *alpn_expected;
@@ -445,9 +364,6 @@ sv_usage(void)
445	" Use \"openssl ecparam -list_curves\" for all names\n" \	364	" Use \"openssl ecparam -list_curves\" for all names\n" \
446	" (default is sect163r2).\n");	365	" (default is sect163r2).\n");
447	fprintf(stderr, " -test_cipherlist - verifies the order of the ssl cipher lists\n");	366	fprintf(stderr, " -test_cipherlist - verifies the order of the ssl cipher lists\n");
448	fprintf(stderr, " -npn_client - have client side offer NPN\n");
449	fprintf(stderr, " -npn_server - have server side offer NPN\n");
450	fprintf(stderr, " -npn_server_reject - have server reject NPN\n");
451	fprintf(stderr, " -alpn_client <string> - have client side offer ALPN\n");	367	fprintf(stderr, " -alpn_client <string> - have client side offer ALPN\n");
452	fprintf(stderr, " -alpn_server <string> - have server side offer ALPN\n");	368	fprintf(stderr, " -alpn_server <string> - have server side offer ALPN\n");
453	fprintf(stderr, " -alpn_expected <string> - the ALPN protocol that should be negotiated\n");	369	fprintf(stderr, " -alpn_expected <string> - the ALPN protocol that should be negotiated\n");
@@ -687,15 +603,7 @@ main(int argc, char *argv[])
687	app_verify_arg.allow_proxy_certs = 1;	603	app_verify_arg.allow_proxy_certs = 1;
688	} else if (strcmp(*argv, "-test_cipherlist") == 0) {	604	} else if (strcmp(*argv, "-test_cipherlist") == 0) {
689	test_cipherlist = 1;	605	test_cipherlist = 1;
690	}	606	} else if (strcmp(*argv, "-alpn_client") == 0) {
691	else if (strcmp(*argv, "-npn_client") == 0) {
692	npn_client = 1;
693	} else if (strcmp(*argv, "-npn_server") == 0) {
694	npn_server = 1;
695	} else if (strcmp(*argv, "-npn_server_reject") == 0) {
696	npn_server_reject = 1;
697	}
698	else if (strcmp(*argv, "-alpn_client") == 0) {
699	if (--argc < 1)	607	if (--argc < 1)
700	goto bad;	608	goto bad;
701	alpn_client = *(++argv);	609	alpn_client = *(++argv);
@@ -856,22 +764,6 @@ bad:
856	(void *)&session_id_context, sizeof(session_id_context));	764	(void *)&session_id_context, sizeof(session_id_context));
857	}	765	}
858		766
859	if (npn_client)
860	SSL_CTX_set_next_proto_select_cb(c_ctx, cb_client_npn, NULL);
861	if (npn_server) {
862	if (npn_server_reject) {
863	BIO_printf(bio_err, "Can't have both -npn_server and "
864	"-npn_server_reject\n");
865	goto end;
866	}
867	SSL_CTX_set_next_protos_advertised_cb(s_ctx,
868	cb_server_npn, NULL);
869	}
870	if (npn_server_reject) {
871	SSL_CTX_set_next_protos_advertised_cb(s_ctx,
872	cb_server_rejects_npn, NULL);
873	}
874
875	if (alpn_server != NULL)	767	if (alpn_server != NULL)
876	SSL_CTX_set_alpn_select_cb(s_ctx, cb_server_alpn, NULL);	768	SSL_CTX_set_alpn_select_cb(s_ctx, cb_server_alpn, NULL);
877		769
@@ -1275,10 +1167,6 @@ doit_biopair(SSL s_ssl, SSL c_ssl, long count, clock_t *s_time,
1275	if (verbose)	1167	if (verbose)
1276	print_details(c_ssl, "DONE via BIO pair: ");	1168	print_details(c_ssl, "DONE via BIO pair: ");
1277		1169
1278	if (verify_npn(c_ssl, s_ssl) < 0) {
1279	ret = 1;
1280	goto err;
1281	}
1282	if (verify_alpn(c_ssl, s_ssl) < 0) {	1170	if (verify_alpn(c_ssl, s_ssl) < 0) {
1283	ret = 1;	1171	ret = 1;
1284	goto err;	1172	goto err;
@@ -1522,10 +1410,6 @@ doit(SSL s_ssl, SSL c_ssl, long count)
1522	if (verbose)	1410	if (verbose)
1523	print_details(c_ssl, "DONE: ");	1411	print_details(c_ssl, "DONE: ");
1524		1412
1525	if (verify_npn(c_ssl, s_ssl) < 0) {
1526	ret = 1;
1527	goto err;
1528	}
1529	if (verify_alpn(c_ssl, s_ssl) < 0) {	1413	if (verify_alpn(c_ssl, s_ssl) < 0) {
1530	ret = 1;	1414	ret = 1;
1531	goto err;	1415	goto err;


diff --git a/src/regress/lib/libssl/ssl/testssl b/src/regress/lib/libssl/ssl/testssl index f156001456..3563d13607 100644 --- a/src/regress/lib/libssl/ssl/testssl +++ b/src/regress/lib/libssl/ssl/testssl
@@ -119,18 +119,6 @@ for protocol in SSLv3; do
119	done	119	done
120		120
121	#	121	#
122	# Next Protocol Negotiation tests
123	#
124	echo "Testing NPN..."
125	$ssltest -bio_pair -tls1 -npn_client \|\| exit 1
126	$ssltest -bio_pair -tls1 -npn_server \|\| exit 1
127	$ssltest -bio_pair -tls1 -npn_server_reject \|\| exit 1
128	$ssltest -bio_pair -tls1 -npn_client -npn_server_reject \|\| exit 1
129	$ssltest -bio_pair -tls1 -npn_client -npn_server \|\| exit 1
130	$ssltest -bio_pair -tls1 -npn_client -npn_server -num 2 \|\| exit 1
131	$ssltest -bio_pair -tls1 -npn_client -npn_server -num 2 -reuse \|\| exit 1
132
133	#
134	# ALPN tests	122	# ALPN tests
135	#	123	#
136	echo "Testing ALPN..."	124	echo "Testing ALPN..."