diff options
| author | jsing <> | 2014-07-11 10:45:17 +0000 |
|---|---|---|
| committer | jsing <> | 2014-07-11 10:45:17 +0000 |
| commit | 877dbf1b7978a1fd42bbdc7324c6ee582be13d98 (patch) | |
| tree | d92585a0d7ce27e68929a796cc8bbca0f17b4f3d | |
| parent | ab863cf376f94f7ff9d586936ffa7ed36dbf6d01 (diff) | |
| download | openbsd-877dbf1b7978a1fd42bbdc7324c6ee582be13d98.tar.gz openbsd-877dbf1b7978a1fd42bbdc7324c6ee582be13d98.tar.bz2 openbsd-877dbf1b7978a1fd42bbdc7324c6ee582be13d98.zip | |
Remove PSK from the ssl regress.
| -rw-r--r-- | src/regress/lib/libssl/ssl/ssltest.c | 119 | ||||
| -rw-r--r-- | src/regress/lib/libssl/ssl/testssl | 16 |
2 files changed, 1 insertions, 134 deletions
diff --git a/src/regress/lib/libssl/ssl/ssltest.c b/src/regress/lib/libssl/ssl/ssltest.c index adb9e0647b..90d9e7f6ae 100644 --- a/src/regress/lib/libssl/ssl/ssltest.c +++ b/src/regress/lib/libssl/ssl/ssltest.c | |||
| @@ -209,29 +209,12 @@ static DH *get_dh1024(void); | |||
| 209 | static DH *get_dh1024dsa(void); | 209 | static DH *get_dh1024dsa(void); |
| 210 | #endif | 210 | #endif |
| 211 | 211 | ||
| 212 | |||
| 213 | static char *psk_key = NULL; /* by default PSK is not used */ | ||
| 214 | #ifndef OPENSSL_NO_PSK | ||
| 215 | static unsigned int psk_client_callback(SSL *ssl, const char *hint, | ||
| 216 | char *identity, unsigned int max_identity_len, unsigned char *psk, | ||
| 217 | unsigned int max_psk_len); | ||
| 218 | static unsigned int psk_server_callback(SSL *ssl, const char *identity, | ||
| 219 | unsigned char *psk, unsigned int max_psk_len); | ||
| 220 | #endif | ||
| 221 | |||
| 222 | |||
| 223 | static BIO *bio_err = NULL; | 212 | static BIO *bio_err = NULL; |
| 224 | static BIO *bio_stdout = NULL; | 213 | static BIO *bio_stdout = NULL; |
| 225 | 214 | ||
| 226 | static char *cipher = NULL; | 215 | static char *cipher = NULL; |
| 227 | static int verbose = 0; | 216 | static int verbose = 0; |
| 228 | static int debug = 0; | 217 | static int debug = 0; |
| 229 | #if 0 | ||
| 230 | /* Not used yet. */ | ||
| 231 | #ifdef FIONBIO | ||
| 232 | static int s_nbio = 0; | ||
| 233 | #endif | ||
| 234 | #endif | ||
| 235 | 218 | ||
| 236 | int doit_biopair(SSL *s_ssl, SSL *c_ssl, long bytes, clock_t *s_time, clock_t *c_time); | 219 | int doit_biopair(SSL *s_ssl, SSL *c_ssl, long bytes, clock_t *s_time, clock_t *c_time); |
| 237 | int doit(SSL *s_ssl, SSL *c_ssl, long bytes); | 220 | int doit(SSL *s_ssl, SSL *c_ssl, long bytes); |
| @@ -260,9 +243,6 @@ sv_usage(void) | |||
| 260 | #ifndef OPENSSL_NO_ECDH | 243 | #ifndef OPENSSL_NO_ECDH |
| 261 | fprintf(stderr, " -no_ecdhe - disable ECDHE\n"); | 244 | fprintf(stderr, " -no_ecdhe - disable ECDHE\n"); |
| 262 | #endif | 245 | #endif |
| 263 | #ifndef OPENSSL_NO_PSK | ||
| 264 | fprintf(stderr, " -psk arg - PSK in hex (without 0x)\n"); | ||
| 265 | #endif | ||
| 266 | fprintf(stderr, " -dtls1 - use DTLSv1\n"); | 246 | fprintf(stderr, " -dtls1 - use DTLSv1\n"); |
| 267 | fprintf(stderr, " -ssl3 - use SSLv3\n"); | 247 | fprintf(stderr, " -ssl3 - use SSLv3\n"); |
| 268 | fprintf(stderr, " -tls1 - use TLSv1\n"); | 248 | fprintf(stderr, " -tls1 - use TLSv1\n"); |
| @@ -408,7 +388,6 @@ main(int argc, char *argv[]) | |||
| 408 | #endif | 388 | #endif |
| 409 | int no_dhe = 0; | 389 | int no_dhe = 0; |
| 410 | int no_ecdhe = 0; | 390 | int no_ecdhe = 0; |
| 411 | int no_psk = 0; | ||
| 412 | int print_time = 0; | 391 | int print_time = 0; |
| 413 | clock_t s_time = 0, c_time = 0; | 392 | clock_t s_time = 0, c_time = 0; |
| 414 | int test_cipherlist = 0; | 393 | int test_cipherlist = 0; |
| @@ -465,19 +444,7 @@ main(int argc, char *argv[]) | |||
| 465 | no_dhe = 1; | 444 | no_dhe = 1; |
| 466 | else if (strcmp(*argv, "-no_ecdhe") == 0) | 445 | else if (strcmp(*argv, "-no_ecdhe") == 0) |
| 467 | no_ecdhe = 1; | 446 | no_ecdhe = 1; |
| 468 | else if (strcmp(*argv, "-psk") == 0) { | 447 | else if (strcmp(*argv, "-dtls1") == 0) |
| 469 | if (--argc < 1) | ||
| 470 | goto bad; | ||
| 471 | psk_key=*(++argv); | ||
| 472 | #ifndef OPENSSL_NO_PSK | ||
| 473 | if (strspn(psk_key, "abcdefABCDEF1234567890") != strlen(psk_key)) { | ||
| 474 | BIO_printf(bio_err, "Not a hex number '%s'\n", *argv); | ||
| 475 | goto bad; | ||
| 476 | } | ||
| 477 | #else | ||
| 478 | no_psk = 1; | ||
| 479 | #endif | ||
| 480 | } else if (strcmp(*argv, "-dtls1") == 0) | ||
| 481 | dtls1 = 1; | 448 | dtls1 = 1; |
| 482 | else if (strcmp(*argv, "-ssl2") == 0) | 449 | else if (strcmp(*argv, "-ssl2") == 0) |
| 483 | ssl2 = 1; | 450 | ssl2 = 1; |
| @@ -721,32 +688,9 @@ bad: | |||
| 721 | SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context, sizeof session_id_context); | 688 | SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context, sizeof session_id_context); |
| 722 | } | 689 | } |
| 723 | 690 | ||
| 724 | /* Use PSK only if PSK key is given */ | ||
| 725 | if (psk_key != NULL) { | ||
| 726 | /* no_psk is used to avoid putting psk command to openssl tool */ | ||
| 727 | if (no_psk) { | ||
| 728 | /* if PSK is not compiled in and psk key is | ||
| 729 | * given, do nothing and exit successfully */ | ||
| 730 | ret = 0; | ||
| 731 | goto end; | ||
| 732 | } | ||
| 733 | #ifndef OPENSSL_NO_PSK | ||
| 734 | SSL_CTX_set_psk_client_callback(c_ctx, psk_client_callback); | ||
| 735 | SSL_CTX_set_psk_server_callback(s_ctx, psk_server_callback); | ||
| 736 | if (debug) | ||
| 737 | BIO_printf(bio_err, "setting PSK identity hint to s_ctx\n"); | ||
| 738 | if (!SSL_CTX_use_psk_identity_hint(s_ctx, "ctx server identity_hint")) { | ||
| 739 | BIO_printf(bio_err, "error setting PSK identity hint to s_ctx\n"); | ||
| 740 | ERR_print_errors(bio_err); | ||
| 741 | goto end; | ||
| 742 | } | ||
| 743 | #endif | ||
| 744 | } | ||
| 745 | |||
| 746 | c_ssl = SSL_new(c_ctx); | 691 | c_ssl = SSL_new(c_ctx); |
| 747 | s_ssl = SSL_new(s_ctx); | 692 | s_ssl = SSL_new(s_ctx); |
| 748 | 693 | ||
| 749 | |||
| 750 | for (i = 0; i < number; i++) { | 694 | for (i = 0; i < number; i++) { |
| 751 | if (!reuse) | 695 | if (!reuse) |
| 752 | SSL_set_session(c_ssl, NULL); | 696 | SSL_set_session(c_ssl, NULL); |
| @@ -2027,67 +1971,6 @@ get_dh1024dsa() | |||
| 2027 | } | 1971 | } |
| 2028 | #endif | 1972 | #endif |
| 2029 | 1973 | ||
| 2030 | #ifndef OPENSSL_NO_PSK | ||
| 2031 | /* convert the PSK key (psk_key) in ascii to binary (psk) */ | ||
| 2032 | static int | ||
| 2033 | psk_key2bn(const char *pskkey, unsigned char *psk, unsigned int max_psk_len) | ||
| 2034 | { | ||
| 2035 | int ret; | ||
| 2036 | BIGNUM *bn = NULL; | ||
| 2037 | |||
| 2038 | ret = BN_hex2bn(&bn, pskkey); | ||
| 2039 | if (!ret) { | ||
| 2040 | BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n", pskkey); | ||
| 2041 | if (bn) | ||
| 2042 | BN_free(bn); | ||
| 2043 | return 0; | ||
| 2044 | } | ||
| 2045 | if (BN_num_bytes(bn) > (int)max_psk_len) { | ||
| 2046 | BIO_printf(bio_err, "psk buffer of callback is too small (%d) for key (%d)\n", | ||
| 2047 | max_psk_len, BN_num_bytes(bn)); | ||
| 2048 | BN_free(bn); | ||
| 2049 | return 0; | ||
| 2050 | } | ||
| 2051 | ret = BN_bn2bin(bn, psk); | ||
| 2052 | BN_free(bn); | ||
| 2053 | return ret; | ||
| 2054 | } | ||
| 2055 | |||
| 2056 | static unsigned int | ||
| 2057 | psk_client_callback(SSL *ssl, const char *hint, char *identity, | ||
| 2058 | unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len) | ||
| 2059 | { | ||
| 2060 | int ret; | ||
| 2061 | unsigned int psk_len = 0; | ||
| 2062 | |||
| 2063 | ret = snprintf(identity, max_identity_len, "Client_identity"); | ||
| 2064 | if (ret == -1 || (unsigned int)ret >= max_identity_len) | ||
| 2065 | goto out_err; | ||
| 2066 | if (debug) | ||
| 2067 | fprintf(stderr, "client: created identity '%s' len=%d\n", identity, ret); | ||
| 2068 | ret = psk_key2bn(psk_key, psk, max_psk_len); | ||
| 2069 | if (ret < 0) | ||
| 2070 | goto out_err; | ||
| 2071 | psk_len = ret; | ||
| 2072 | out_err: | ||
| 2073 | return psk_len; | ||
| 2074 | } | ||
| 2075 | |||
| 2076 | static unsigned int | ||
| 2077 | psk_server_callback(SSL *ssl, const char *identity, unsigned char *psk, | ||
| 2078 | unsigned int max_psk_len) | ||
| 2079 | { | ||
| 2080 | unsigned int psk_len = 0; | ||
| 2081 | |||
| 2082 | if (strcmp(identity, "Client_identity") != 0) { | ||
| 2083 | BIO_printf(bio_err, "server: PSK error: client identity not found\n"); | ||
| 2084 | return 0; | ||
| 2085 | } | ||
| 2086 | psk_len = psk_key2bn(psk_key, psk, max_psk_len); | ||
| 2087 | return psk_len; | ||
| 2088 | } | ||
| 2089 | #endif | ||
| 2090 | |||
| 2091 | static int | 1974 | static int |
| 2092 | do_test_cipherlist(void) | 1975 | do_test_cipherlist(void) |
| 2093 | { | 1976 | { |
diff --git a/src/regress/lib/libssl/ssl/testssl b/src/regress/lib/libssl/ssl/testssl index 80f3a1c511..a4fa4112df 100644 --- a/src/regress/lib/libssl/ssl/testssl +++ b/src/regress/lib/libssl/ssl/testssl | |||
| @@ -142,22 +142,6 @@ fi | |||
| 142 | # fi | 142 | # fi |
| 143 | #fi | 143 | #fi |
| 144 | 144 | ||
| 145 | echo test tls1 with PSK | ||
| 146 | $ssltest -tls1 -cipher PSK -psk abc123 $extra || exit 1 | ||
| 147 | |||
| 148 | echo test tls1 with PSK via BIO pair | ||
| 149 | $ssltest -bio_pair -tls1 -cipher PSK -psk abc123 $extra || exit 1 | ||
| 150 | |||
| 151 | if openssl no-srp; then | ||
| 152 | echo skipping SRP tests | ||
| 153 | else | ||
| 154 | echo test tls1 with SRP | ||
| 155 | $ssltest -tls1 -cipher SRP -srpuser test -srppass abc123 | ||
| 156 | |||
| 157 | echo test tls1 with SRP via BIO pair | ||
| 158 | $ssltest -bio_pair -tls1 -cipher SRP -srpuser test -srppass abc123 | ||
| 159 | fi | ||
| 160 | |||
| 161 | # | 145 | # |
| 162 | # DTLS | 146 | # DTLS |
| 163 | # | 147 | # |