Remove SRP and Kerberos support from libssl. These are complex protocols

all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
author: tedu <> 2014-05-05 15:03:22 +0000
committer: tedu <> 2014-05-05 15:03:22 +0000
commit: 5b4326f23352be2e7084f2020795d8aa042c746f (patch)
tree: c342d9903092a19dfda173837629fd04c429eda9 /src/lib/libssl/src/ssl/ssltest.c
parent: 77dd1ca11ad22b323b27beea447edd1e35c3b24e (diff)
download: openbsd-5b4326f23352be2e7084f2020795d8aa042c746f.tar.gz
openbsd-5b4326f23352be2e7084f2020795d8aa042c746f.tar.bz2
openbsd-5b4326f23352be2e7084f2020795d8aa042c746f.zip
1 files changed, 0 insertions, 98 deletions
diff --git a/src/lib/libssl/src/ssl/ssltest.c b/src/lib/libssl/src/ssl/ssltest.c
index 1f5014baf3..879bf4b3ed 100644
--- a/src/lib/libssl/src/ssl/ssltest.c
+++ b/src/lib/libssl/src/ssl/ssltest.c
@@ -178,9 +178,6 @@
 #ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
 #endif
-#ifndef OPENSSL_NO_SRP
-#include <openssl/srp.h>
-#endif
 #include <openssl/bn.h>
 #define _XOPEN_SOURCE_EXTENDED  1
@@ -227,46 +224,6 @@ static unsigned int psk_server_callback(SSL *ssl, const char *identity,
    unsigned char *psk, unsigned int max_psk_len);
 #endif
-#ifndef OPENSSL_NO_SRP
-/* SRP client */
-/* This is a context that we pass to all callbacks */
-typedef struct srp_client_arg_st {
-        char *srppassin;
-        char *srplogin;
-} SRP_CLIENT_ARG;
-#define PWD_STRLEN 1024
-static char *
-ssl_give_srp_client_pwd_cb(SSL *s, void *arg)
-{
-        SRP_CLIENT_ARG *srp_client_arg = (SRP_CLIENT_ARG *)arg;
-        return BUF_strdup((char *)srp_client_arg->srppassin);
-}
-/* SRP server */
-/* This is a context that we pass to SRP server callbacks */
-typedef struct srp_server_arg_st {
-        char *expected_user;
-        char *pass;
-} SRP_SERVER_ARG;
-static int
-ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
-{
-        SRP_SERVER_ARG *p = (SRP_SERVER_ARG *) arg;
-        if (strcmp(p->expected_user, SSL_get_srp_username(s)) != 0) {
-                fprintf(stderr, "User %s doesn't exist\n", SSL_get_srp_username(s));
-                return SSL3_AL_FATAL;
-        }
-        if (SSL_set_srp_server_param_pw(s, p->expected_user, p->pass, "1024") < 0) {
-                *ad = SSL_AD_INTERNAL_ERROR;
-                return SSL3_AL_FATAL;
-        }
-        return SSL_ERROR_NONE;
-}
-#endif
 static BIO *bio_err = NULL;
 static BIO *bio_stdout = NULL;
@@ -311,10 +268,6 @@ sv_usage(void)
 #ifndef OPENSSL_NO_PSK
        fprintf(stderr, " -psk arg      - PSK in hex (without 0x)\n");
 #endif
-#ifndef OPENSSL_NO_SRP
-        fprintf(stderr, " -srpuser user  - SRP username to use\n");
-        fprintf(stderr, " -srppass arg   - password for 'user'\n");
-#endif
        fprintf(stderr, " -ssl3         - use SSLv3\n");
        fprintf(stderr, " -tls1         - use TLSv1\n");
        fprintf(stderr, " -CApath arg   - PEM format directory of CA's\n");
@@ -484,12 +437,6 @@ main(int argc, char *argv[])
 #ifndef OPENSSL_NO_ECDH
        EC_KEY *ecdh = NULL;
 #endif
-#ifndef OPENSSL_NO_SRP
-        /* client */
-        SRP_CLIENT_ARG srp_client_arg = {NULL, NULL};
-        /* server */
-        SRP_SERVER_ARG srp_server_arg = {NULL, NULL};
-#endif
        int no_dhe = 0;
        int no_ecdhe = 0;
        int no_psk = 0;
@@ -577,19 +524,6 @@ main(int argc, char *argv[])
                        no_psk = 1;
 #endif
                }
-#ifndef OPENSSL_NO_SRP
-                else if (strcmp(*argv, "-srpuser") == 0) {
-                        if (--argc < 1)
-                                goto bad;
-                        srp_server_arg.expected_user = srp_client_arg.srplogin= *(++argv);
-                        tls1 = 1;
-                } else if (strcmp(*argv, "-srppass") == 0) {
-                        if (--argc < 1)
-                                goto bad;
-                        srp_server_arg.pass = srp_client_arg.srppassin= *(++argv);
-                        tls1 = 1;
-                }
-#endif
                else if (strcmp(*argv, "-ssl2") == 0)
                        ssl2 = 1;
                else if (strcmp(*argv, "-tls1") == 0)
@@ -895,42 +829,10 @@ bad:
                }
 #endif
        }
-#ifndef OPENSSL_NO_SRP
-        if (srp_client_arg.srplogin) {
-                if (!SSL_CTX_set_srp_username(c_ctx, srp_client_arg.srplogin)) {
-                        BIO_printf(bio_err, "Unable to set SRP username\n");
-                        goto end;
-                }
-                SSL_CTX_set_srp_cb_arg(c_ctx, &srp_client_arg);
-                SSL_CTX_set_srp_client_pwd_callback(c_ctx, ssl_give_srp_client_pwd_cb);
-                /*SSL_CTX_set_srp_strength(c_ctx, srp_client_arg.strength);*/
-        }
-        if (srp_server_arg.expected_user != NULL) {
-                SSL_CTX_set_verify(s_ctx, SSL_VERIFY_NONE, verify_callback);
-                SSL_CTX_set_srp_cb_arg(s_ctx, &srp_server_arg);
-                SSL_CTX_set_srp_username_callback(s_ctx, ssl_srp_server_param_cb);
-        }
-#endif
        c_ssl = SSL_new(c_ctx);
        s_ssl = SSL_new(s_ctx);
-#ifndef OPENSSL_NO_KRB5
-        if (c_ssl && c_ssl->kssl_ctx) {
-                char    localhost[MAXHOSTNAMELEN + 2];
-                if (gethostname(localhost, sizeof localhost - 1) == 0) {
-                        localhost[sizeof localhost - 1] = '\0';
-                        if (strlen(localhost) == sizeof localhost - 1) {
-                                BIO_printf(bio_err, "localhost name too long\n");
-                                goto end;
-                        }
-                        kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER,
-                        localhost);
-                }
-        }
-#endif    /* OPENSSL_NO_KRB5  */
        for (i = 0; i < number; i++) {
                if (!reuse)
author	tedu <>	2014-05-05 15:03:22 +0000
committer	tedu <>	2014-05-05 15:03:22 +0000
commit	5b4326f23352be2e7084f2020795d8aa042c746f (patch)
tree	c342d9903092a19dfda173837629fd04c429eda9 /src/lib/libssl/src/ssl/ssltest.c
parent	77dd1ca11ad22b323b27beea447edd1e35c3b24e (diff)
download	openbsd-5b4326f23352be2e7084f2020795d8aa042c746f.tar.gz openbsd-5b4326f23352be2e7084f2020795d8aa042c746f.tar.bz2 openbsd-5b4326f23352be2e7084f2020795d8aa042c746f.zip

diff --git a/src/lib/libssl/src/ssl/ssltest.c b/src/lib/libssl/src/ssl/ssltest.c index 1f5014baf3..879bf4b3ed 100644 --- a/src/lib/libssl/src/ssl/ssltest.c +++ b/src/lib/libssl/src/ssl/ssltest.c
@@ -178,9 +178,6 @@
178	#ifndef OPENSSL_NO_DH	178	#ifndef OPENSSL_NO_DH
179	#include <openssl/dh.h>	179	#include <openssl/dh.h>
180	#endif	180	#endif
181	#ifndef OPENSSL_NO_SRP
182	#include <openssl/srp.h>
183	#endif
184	#include <openssl/bn.h>	181	#include <openssl/bn.h>
185		182
186	#define _XOPEN_SOURCE_EXTENDED 1	183	#define _XOPEN_SOURCE_EXTENDED 1
@@ -227,46 +224,6 @@ static unsigned int psk_server_callback(SSL ssl, const char identity,
227	unsigned char *psk, unsigned int max_psk_len);	224	unsigned char *psk, unsigned int max_psk_len);
228	#endif	225	#endif
229		226
230	#ifndef OPENSSL_NO_SRP
231	/* SRP client */
232	/* This is a context that we pass to all callbacks */
233	typedef struct srp_client_arg_st {
234	char *srppassin;
235	char *srplogin;
236	} SRP_CLIENT_ARG;
237
238	#define PWD_STRLEN 1024
239
240	static char *
241	ssl_give_srp_client_pwd_cb(SSL s, void arg)
242	{
243	SRP_CLIENT_ARG srp_client_arg = (SRP_CLIENT_ARG )arg;
244	return BUF_strdup((char *)srp_client_arg->srppassin);
245	}
246
247	/* SRP server */
248	/* This is a context that we pass to SRP server callbacks */
249	typedef struct srp_server_arg_st {
250	char *expected_user;
251	char *pass;
252	} SRP_SERVER_ARG;
253
254	static int
255	ssl_srp_server_param_cb(SSL s, int ad, void *arg)
256	{
257	SRP_SERVER_ARG p = (SRP_SERVER_ARG ) arg;
258
259	if (strcmp(p->expected_user, SSL_get_srp_username(s)) != 0) {
260	fprintf(stderr, "User %s doesn't exist\n", SSL_get_srp_username(s));
261	return SSL3_AL_FATAL;
262	}
263	if (SSL_set_srp_server_param_pw(s, p->expected_user, p->pass, "1024") < 0) {
264	*ad = SSL_AD_INTERNAL_ERROR;
265	return SSL3_AL_FATAL;
266	}
267	return SSL_ERROR_NONE;
268	}
269	#endif
270		227
271	static BIO *bio_err = NULL;	228	static BIO *bio_err = NULL;
272	static BIO *bio_stdout = NULL;	229	static BIO *bio_stdout = NULL;
@@ -311,10 +268,6 @@ sv_usage(void)
311	#ifndef OPENSSL_NO_PSK	268	#ifndef OPENSSL_NO_PSK
312	fprintf(stderr, " -psk arg - PSK in hex (without 0x)\n");	269	fprintf(stderr, " -psk arg - PSK in hex (without 0x)\n");
313	#endif	270	#endif
314	#ifndef OPENSSL_NO_SRP
315	fprintf(stderr, " -srpuser user - SRP username to use\n");
316	fprintf(stderr, " -srppass arg - password for 'user'\n");
317	#endif
318	fprintf(stderr, " -ssl3 - use SSLv3\n");	271	fprintf(stderr, " -ssl3 - use SSLv3\n");
319	fprintf(stderr, " -tls1 - use TLSv1\n");	272	fprintf(stderr, " -tls1 - use TLSv1\n");
320	fprintf(stderr, " -CApath arg - PEM format directory of CA's\n");	273	fprintf(stderr, " -CApath arg - PEM format directory of CA's\n");
@@ -484,12 +437,6 @@ main(int argc, char *argv[])
484	#ifndef OPENSSL_NO_ECDH	437	#ifndef OPENSSL_NO_ECDH
485	EC_KEY *ecdh = NULL;	438	EC_KEY *ecdh = NULL;
486	#endif	439	#endif
487	#ifndef OPENSSL_NO_SRP
488	/* client */
489	SRP_CLIENT_ARG srp_client_arg = {NULL, NULL};
490	/* server */
491	SRP_SERVER_ARG srp_server_arg = {NULL, NULL};
492	#endif
493	int no_dhe = 0;	440	int no_dhe = 0;
494	int no_ecdhe = 0;	441	int no_ecdhe = 0;
495	int no_psk = 0;	442	int no_psk = 0;
@@ -577,19 +524,6 @@ main(int argc, char *argv[])
577	no_psk = 1;	524	no_psk = 1;
578	#endif	525	#endif
579	}	526	}
580	#ifndef OPENSSL_NO_SRP
581	else if (strcmp(*argv, "-srpuser") == 0) {
582	if (--argc < 1)
583	goto bad;
584	srp_server_arg.expected_user = srp_client_arg.srplogin= *(++argv);
585	tls1 = 1;
586	} else if (strcmp(*argv, "-srppass") == 0) {
587	if (--argc < 1)
588	goto bad;
589	srp_server_arg.pass = srp_client_arg.srppassin= *(++argv);
590	tls1 = 1;
591	}
592	#endif
593	else if (strcmp(*argv, "-ssl2") == 0)	527	else if (strcmp(*argv, "-ssl2") == 0)
594	ssl2 = 1;	528	ssl2 = 1;
595	else if (strcmp(*argv, "-tls1") == 0)	529	else if (strcmp(*argv, "-tls1") == 0)
@@ -895,42 +829,10 @@ bad:
895	}	829	}
896	#endif	830	#endif
897	}	831	}
898	#ifndef OPENSSL_NO_SRP
899	if (srp_client_arg.srplogin) {
900	if (!SSL_CTX_set_srp_username(c_ctx, srp_client_arg.srplogin)) {
901	BIO_printf(bio_err, "Unable to set SRP username\n");
902	goto end;
903	}
904	SSL_CTX_set_srp_cb_arg(c_ctx, &srp_client_arg);
905	SSL_CTX_set_srp_client_pwd_callback(c_ctx, ssl_give_srp_client_pwd_cb);
906	/SSL_CTX_set_srp_strength(c_ctx, srp_client_arg.strength);/
907	}
908
909	if (srp_server_arg.expected_user != NULL) {
910	SSL_CTX_set_verify(s_ctx, SSL_VERIFY_NONE, verify_callback);
911	SSL_CTX_set_srp_cb_arg(s_ctx, &srp_server_arg);
912	SSL_CTX_set_srp_username_callback(s_ctx, ssl_srp_server_param_cb);
913	}
914	#endif
915		832
916	c_ssl = SSL_new(c_ctx);	833	c_ssl = SSL_new(c_ctx);
917	s_ssl = SSL_new(s_ctx);	834	s_ssl = SSL_new(s_ctx);
918		835
919	#ifndef OPENSSL_NO_KRB5
920	if (c_ssl && c_ssl->kssl_ctx) {
921	char localhost[MAXHOSTNAMELEN + 2];
922
923	if (gethostname(localhost, sizeof localhost - 1) == 0) {
924	localhost[sizeof localhost - 1] = '\0';
925	if (strlen(localhost) == sizeof localhost - 1) {
926	BIO_printf(bio_err, "localhost name too long\n");
927	goto end;
928	}
929	kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER,
930	localhost);
931	}
932	}
933	#endif /* OPENSSL_NO_KRB5 */
934		836
935	for (i = 0; i < number; i++) {	837	for (i = 0; i < number; i++) {
936	if (!reuse)	838	if (!reuse)