Remove PSK from the ssl regress.

author: jsing <> 2014-07-11 10:45:17 +0000
committer: jsing <> 2014-07-11 10:45:17 +0000
commit: 8b5f82e7321e0a687676af525e7afe4e5b56af9c (patch)
tree: d92585a0d7ce27e68929a796cc8bbca0f17b4f3d
parent: 66d0ff62fdd99d195677430d488c48cc20306840 (diff)
download: openbsd-8b5f82e7321e0a687676af525e7afe4e5b56af9c.tar.gz
openbsd-8b5f82e7321e0a687676af525e7afe4e5b56af9c.tar.bz2
openbsd-8b5f82e7321e0a687676af525e7afe4e5b56af9c.zip
2 files changed, 1 insertions, 134 deletions
diff --git a/src/regress/lib/libssl/ssl/ssltest.c b/src/regress/lib/libssl/ssl/ssltest.c
index adb9e0647b..90d9e7f6ae 100644
--- a/src/regress/lib/libssl/ssl/ssltest.c
+++ b/src/regress/lib/libssl/ssl/ssltest.c
@@ -209,29 +209,12 @@ static DH *get_dh1024(void);
 static DH *get_dh1024dsa(void);
 #endif
-static char *psk_key = NULL; /* by default PSK is not used */
-#ifndef OPENSSL_NO_PSK
-static unsigned int psk_client_callback(SSL *ssl, const char *hint,
-    char *identity, unsigned int max_identity_len, unsigned char *psk,
-    unsigned int max_psk_len);
-static unsigned int psk_server_callback(SSL *ssl, const char *identity,
-    unsigned char *psk, unsigned int max_psk_len);
-#endif
 static BIO *bio_err = NULL;
 static BIO *bio_stdout = NULL;
 static char *cipher = NULL;
 static int verbose = 0;
 static int debug = 0;
-#if 0
-/* Not used yet. */
-#ifdef FIONBIO
-static int s_nbio = 0;
-#endif
-#endif
 int doit_biopair(SSL *s_ssl, SSL *c_ssl, long bytes, clock_t *s_time, clock_t *c_time);
 int doit(SSL *s_ssl, SSL *c_ssl, long bytes);
@@ -260,9 +243,6 @@ sv_usage(void)
 #ifndef OPENSSL_NO_ECDH
        fprintf(stderr, " -no_ecdhe     - disable ECDHE\n");
 #endif
-#ifndef OPENSSL_NO_PSK
-        fprintf(stderr, " -psk arg      - PSK in hex (without 0x)\n");
-#endif
        fprintf(stderr, " -dtls1        - use DTLSv1\n");
        fprintf(stderr, " -ssl3         - use SSLv3\n");
        fprintf(stderr, " -tls1         - use TLSv1\n");
@@ -408,7 +388,6 @@ main(int argc, char *argv[])
 #endif
        int no_dhe = 0;
        int no_ecdhe = 0;
-        int no_psk = 0;
        int print_time = 0;
        clock_t s_time = 0, c_time = 0;
        int test_cipherlist = 0;
@@ -465,19 +444,7 @@ main(int argc, char *argv[])
                        no_dhe = 1;
                else if (strcmp(*argv, "-no_ecdhe") == 0)
                        no_ecdhe = 1;
-                else if (strcmp(*argv, "-psk") == 0) {
+                else if (strcmp(*argv, "-dtls1") == 0)
-                        if (--argc < 1)
-                                goto bad;
-                        psk_key=*(++argv);
-#ifndef OPENSSL_NO_PSK
-                        if (strspn(psk_key, "abcdefABCDEF1234567890") != strlen(psk_key)) {
-                                BIO_printf(bio_err, "Not a hex number '%s'\n", *argv);
-                                goto bad;
-                        }
-#else
-                        no_psk = 1;
-#endif
-                } else if (strcmp(*argv, "-dtls1") == 0)
                        dtls1 = 1;
                else if (strcmp(*argv, "-ssl2") == 0)
                        ssl2 = 1;
@@ -721,32 +688,9 @@ bad:
                SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context, sizeof session_id_context);
        }
-        /* Use PSK only if PSK key is given */
-        if (psk_key != NULL) {
-                /* no_psk is used to avoid putting psk command to openssl tool */
-                if (no_psk) {
-                        /* if PSK is not compiled in and psk key is
-                         * given, do nothing and exit successfully */
-                        ret = 0;
-                        goto end;
-                }
-#ifndef OPENSSL_NO_PSK
-                SSL_CTX_set_psk_client_callback(c_ctx, psk_client_callback);
-                SSL_CTX_set_psk_server_callback(s_ctx, psk_server_callback);
-                if (debug)
-                        BIO_printf(bio_err, "setting PSK identity hint to s_ctx\n");
-                if (!SSL_CTX_use_psk_identity_hint(s_ctx, "ctx server identity_hint")) {
-                        BIO_printf(bio_err, "error setting PSK identity hint to s_ctx\n");
-                        ERR_print_errors(bio_err);
-                        goto end;
-                }
-#endif
-        }
        c_ssl = SSL_new(c_ctx);
        s_ssl = SSL_new(s_ctx);
        for (i = 0; i < number; i++) {
                if (!reuse)
                        SSL_set_session(c_ssl, NULL);
@@ -2027,67 +1971,6 @@ get_dh1024dsa()
 }
 #endif
-#ifndef OPENSSL_NO_PSK
-/* convert the PSK key (psk_key) in ascii to binary (psk) */
-static int
-psk_key2bn(const char *pskkey, unsigned char *psk, unsigned int max_psk_len)
-{
-        int ret;
-        BIGNUM *bn = NULL;
-        ret = BN_hex2bn(&bn, pskkey);
-        if (!ret) {
-                BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n", pskkey);
-                if (bn)
-                        BN_free(bn);
-                return 0;
-        }
-        if (BN_num_bytes(bn) > (int)max_psk_len) {
-                BIO_printf(bio_err, "psk buffer of callback is too small (%d) for key (%d)\n",
-                max_psk_len, BN_num_bytes(bn));
-                BN_free(bn);
-                return 0;
-        }
-        ret = BN_bn2bin(bn, psk);
-        BN_free(bn);
-        return ret;
-}
-static unsigned int
-psk_client_callback(SSL *ssl, const char *hint, char *identity,
-    unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len)
-{
-        int ret;
-        unsigned int psk_len = 0;
-        ret = snprintf(identity, max_identity_len, "Client_identity");
-        if (ret == -1 || (unsigned int)ret >= max_identity_len)
-                goto out_err;
-        if (debug)
-                fprintf(stderr, "client: created identity '%s' len=%d\n", identity, ret);
-        ret = psk_key2bn(psk_key, psk, max_psk_len);
-        if (ret < 0)
-                goto out_err;
-        psk_len = ret;
-out_err:
-        return psk_len;
-}
-static unsigned int
-psk_server_callback(SSL *ssl, const char *identity, unsigned char *psk,
-    unsigned int max_psk_len)
-{
-        unsigned int psk_len = 0;
-        if (strcmp(identity, "Client_identity") != 0) {
-                BIO_printf(bio_err, "server: PSK error: client identity not found\n");
-                return 0;
-        }
-        psk_len = psk_key2bn(psk_key, psk, max_psk_len);
-        return psk_len;
-}
-#endif
 static int
 do_test_cipherlist(void)
 {
diff --git a/src/regress/lib/libssl/ssl/testssl b/src/regress/lib/libssl/ssl/testssl
index 80f3a1c511..a4fa4112df 100644
--- a/src/regress/lib/libssl/ssl/testssl
+++ b/src/regress/lib/libssl/ssl/testssl
@@ -142,22 +142,6 @@ fi
 #  fi
 #fi
-echo test tls1 with PSK
-$ssltest -tls1 -cipher PSK -psk abc123 $extra || exit 1
-echo test tls1 with PSK via BIO pair
-$ssltest -bio_pair -tls1 -cipher PSK -psk abc123 $extra || exit 1
-if openssl no-srp; then
-  echo skipping SRP tests
-else
-  echo test tls1 with SRP
-  $ssltest -tls1 -cipher SRP -srpuser test -srppass abc123
-  echo test tls1 with SRP via BIO pair
-  $ssltest -bio_pair -tls1 -cipher SRP -srpuser test -srppass abc123
-fi
 #
 # DTLS
 #
author	jsing <>	2014-07-11 10:45:17 +0000
committer	jsing <>	2014-07-11 10:45:17 +0000
commit	8b5f82e7321e0a687676af525e7afe4e5b56af9c (patch)
tree	d92585a0d7ce27e68929a796cc8bbca0f17b4f3d
parent	66d0ff62fdd99d195677430d488c48cc20306840 (diff)
download	openbsd-8b5f82e7321e0a687676af525e7afe4e5b56af9c.tar.gz openbsd-8b5f82e7321e0a687676af525e7afe4e5b56af9c.tar.bz2 openbsd-8b5f82e7321e0a687676af525e7afe4e5b56af9c.zip

diff --git a/src/regress/lib/libssl/ssl/ssltest.c b/src/regress/lib/libssl/ssl/ssltest.c index adb9e0647b..90d9e7f6ae 100644 --- a/src/regress/lib/libssl/ssl/ssltest.c +++ b/src/regress/lib/libssl/ssl/ssltest.c
@@ -209,29 +209,12 @@ static DH *get_dh1024(void);
209	static DH *get_dh1024dsa(void);	209	static DH *get_dh1024dsa(void);
210	#endif	210	#endif
211		211
212
213	static char psk_key = NULL; / by default PSK is not used */
214	#ifndef OPENSSL_NO_PSK
215	static unsigned int psk_client_callback(SSL ssl, const char hint,
216	char identity, unsigned int max_identity_len, unsigned char psk,
217	unsigned int max_psk_len);
218	static unsigned int psk_server_callback(SSL ssl, const char identity,
219	unsigned char *psk, unsigned int max_psk_len);
220	#endif
221
222
223	static BIO *bio_err = NULL;	212	static BIO *bio_err = NULL;
224	static BIO *bio_stdout = NULL;	213	static BIO *bio_stdout = NULL;
225		214
226	static char *cipher = NULL;	215	static char *cipher = NULL;
227	static int verbose = 0;	216	static int verbose = 0;
228	static int debug = 0;	217	static int debug = 0;
229	#if 0
230	/* Not used yet. */
231	#ifdef FIONBIO
232	static int s_nbio = 0;
233	#endif
234	#endif
235		218
236	int doit_biopair(SSL s_ssl, SSL c_ssl, long bytes, clock_t s_time, clock_t c_time);	219	int doit_biopair(SSL s_ssl, SSL c_ssl, long bytes, clock_t s_time, clock_t c_time);
237	int doit(SSL s_ssl, SSL c_ssl, long bytes);	220	int doit(SSL s_ssl, SSL c_ssl, long bytes);
@@ -260,9 +243,6 @@ sv_usage(void)
260	#ifndef OPENSSL_NO_ECDH	243	#ifndef OPENSSL_NO_ECDH
261	fprintf(stderr, " -no_ecdhe - disable ECDHE\n");	244	fprintf(stderr, " -no_ecdhe - disable ECDHE\n");
262	#endif	245	#endif
263	#ifndef OPENSSL_NO_PSK
264	fprintf(stderr, " -psk arg - PSK in hex (without 0x)\n");
265	#endif
266	fprintf(stderr, " -dtls1 - use DTLSv1\n");	246	fprintf(stderr, " -dtls1 - use DTLSv1\n");
267	fprintf(stderr, " -ssl3 - use SSLv3\n");	247	fprintf(stderr, " -ssl3 - use SSLv3\n");
268	fprintf(stderr, " -tls1 - use TLSv1\n");	248	fprintf(stderr, " -tls1 - use TLSv1\n");
@@ -408,7 +388,6 @@ main(int argc, char *argv[])
408	#endif	388	#endif
409	int no_dhe = 0;	389	int no_dhe = 0;
410	int no_ecdhe = 0;	390	int no_ecdhe = 0;
411	int no_psk = 0;
412	int print_time = 0;	391	int print_time = 0;
413	clock_t s_time = 0, c_time = 0;	392	clock_t s_time = 0, c_time = 0;
414	int test_cipherlist = 0;	393	int test_cipherlist = 0;
@@ -465,19 +444,7 @@ main(int argc, char *argv[])
465	no_dhe = 1;	444	no_dhe = 1;
466	else if (strcmp(*argv, "-no_ecdhe") == 0)	445	else if (strcmp(*argv, "-no_ecdhe") == 0)
467	no_ecdhe = 1;	446	no_ecdhe = 1;
468	else if (strcmp(*argv, "-psk") == 0) {	447	else if (strcmp(*argv, "-dtls1") == 0)
469	if (--argc < 1)
470	goto bad;
471	psk_key=*(++argv);
472	#ifndef OPENSSL_NO_PSK
473	if (strspn(psk_key, "abcdefABCDEF1234567890") != strlen(psk_key)) {
474	BIO_printf(bio_err, "Not a hex number '%s'\n", *argv);
475	goto bad;
476	}
477	#else
478	no_psk = 1;
479	#endif
480	} else if (strcmp(*argv, "-dtls1") == 0)
481	dtls1 = 1;	448	dtls1 = 1;
482	else if (strcmp(*argv, "-ssl2") == 0)	449	else if (strcmp(*argv, "-ssl2") == 0)
483	ssl2 = 1;	450	ssl2 = 1;
@@ -721,32 +688,9 @@ bad:
721	SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context, sizeof session_id_context);	688	SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context, sizeof session_id_context);
722	}	689	}
723		690
724	/* Use PSK only if PSK key is given */
725	if (psk_key != NULL) {
726	/* no_psk is used to avoid putting psk command to openssl tool */
727	if (no_psk) {
728	/* if PSK is not compiled in and psk key is
729	* given, do nothing and exit successfully */
730	ret = 0;
731	goto end;
732	}
733	#ifndef OPENSSL_NO_PSK
734	SSL_CTX_set_psk_client_callback(c_ctx, psk_client_callback);
735	SSL_CTX_set_psk_server_callback(s_ctx, psk_server_callback);
736	if (debug)
737	BIO_printf(bio_err, "setting PSK identity hint to s_ctx\n");
738	if (!SSL_CTX_use_psk_identity_hint(s_ctx, "ctx server identity_hint")) {
739	BIO_printf(bio_err, "error setting PSK identity hint to s_ctx\n");
740	ERR_print_errors(bio_err);
741	goto end;
742	}
743	#endif
744	}
745
746	c_ssl = SSL_new(c_ctx);	691	c_ssl = SSL_new(c_ctx);
747	s_ssl = SSL_new(s_ctx);	692	s_ssl = SSL_new(s_ctx);
748		693
749
750	for (i = 0; i < number; i++) {	694	for (i = 0; i < number; i++) {
751	if (!reuse)	695	if (!reuse)
752	SSL_set_session(c_ssl, NULL);	696	SSL_set_session(c_ssl, NULL);
@@ -2027,67 +1971,6 @@ get_dh1024dsa()
2027	}	1971	}
2028	#endif	1972	#endif
2029		1973
2030	#ifndef OPENSSL_NO_PSK
2031	/* convert the PSK key (psk_key) in ascii to binary (psk) */
2032	static int
2033	psk_key2bn(const char pskkey, unsigned char psk, unsigned int max_psk_len)
2034	{
2035	int ret;
2036	BIGNUM *bn = NULL;
2037
2038	ret = BN_hex2bn(&bn, pskkey);
2039	if (!ret) {
2040	BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n", pskkey);
2041	if (bn)
2042	BN_free(bn);
2043	return 0;
2044	}
2045	if (BN_num_bytes(bn) > (int)max_psk_len) {
2046	BIO_printf(bio_err, "psk buffer of callback is too small (%d) for key (%d)\n",
2047	max_psk_len, BN_num_bytes(bn));
2048	BN_free(bn);
2049	return 0;
2050	}
2051	ret = BN_bn2bin(bn, psk);
2052	BN_free(bn);
2053	return ret;
2054	}
2055
2056	static unsigned int
2057	psk_client_callback(SSL ssl, const char hint, char *identity,
2058	unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len)
2059	{
2060	int ret;
2061	unsigned int psk_len = 0;
2062
2063	ret = snprintf(identity, max_identity_len, "Client_identity");
2064	if (ret == -1 \|\| (unsigned int)ret >= max_identity_len)
2065	goto out_err;
2066	if (debug)
2067	fprintf(stderr, "client: created identity '%s' len=%d\n", identity, ret);
2068	ret = psk_key2bn(psk_key, psk, max_psk_len);
2069	if (ret < 0)
2070	goto out_err;
2071	psk_len = ret;
2072	out_err:
2073	return psk_len;
2074	}
2075
2076	static unsigned int
2077	psk_server_callback(SSL ssl, const char identity, unsigned char *psk,
2078	unsigned int max_psk_len)
2079	{
2080	unsigned int psk_len = 0;
2081
2082	if (strcmp(identity, "Client_identity") != 0) {
2083	BIO_printf(bio_err, "server: PSK error: client identity not found\n");
2084	return 0;
2085	}
2086	psk_len = psk_key2bn(psk_key, psk, max_psk_len);
2087	return psk_len;
2088	}
2089	#endif
2090
2091	static int	1974	static int
2092	do_test_cipherlist(void)	1975	do_test_cipherlist(void)
2093	{	1976	{


diff --git a/src/regress/lib/libssl/ssl/testssl b/src/regress/lib/libssl/ssl/testssl index 80f3a1c511..a4fa4112df 100644 --- a/src/regress/lib/libssl/ssl/testssl +++ b/src/regress/lib/libssl/ssl/testssl
@@ -142,22 +142,6 @@ fi
142	# fi	142	# fi
143	#fi	143	#fi
144		144
145	echo test tls1 with PSK
146	$ssltest -tls1 -cipher PSK -psk abc123 $extra \|\| exit 1
147
148	echo test tls1 with PSK via BIO pair
149	$ssltest -bio_pair -tls1 -cipher PSK -psk abc123 $extra \|\| exit 1
150
151	if openssl no-srp; then
152	echo skipping SRP tests
153	else
154	echo test tls1 with SRP
155	$ssltest -tls1 -cipher SRP -srpuser test -srppass abc123
156
157	echo test tls1 with SRP via BIO pair
158	$ssltest -bio_pair -tls1 -cipher SRP -srpuser test -srppass abc123
159	fi
160
161	#	145	#
162	# DTLS	146	# DTLS
163	#	147	#