From 8b5f82e7321e0a687676af525e7afe4e5b56af9c Mon Sep 17 00:00:00 2001 From: jsing <> Date: Fri, 11 Jul 2014 10:45:17 +0000 Subject: Remove PSK from the ssl regress. --- src/regress/lib/libssl/ssl/ssltest.c | 119 +---------------------------------- src/regress/lib/libssl/ssl/testssl | 16 ----- 2 files changed, 1 insertion(+), 134 deletions(-) diff --git a/src/regress/lib/libssl/ssl/ssltest.c b/src/regress/lib/libssl/ssl/ssltest.c index adb9e0647b..90d9e7f6ae 100644 --- a/src/regress/lib/libssl/ssl/ssltest.c +++ b/src/regress/lib/libssl/ssl/ssltest.c @@ -209,29 +209,12 @@ static DH *get_dh1024(void); static DH *get_dh1024dsa(void); #endif - -static char *psk_key = NULL; /* by default PSK is not used */ -#ifndef OPENSSL_NO_PSK -static unsigned int psk_client_callback(SSL *ssl, const char *hint, - char *identity, unsigned int max_identity_len, unsigned char *psk, - unsigned int max_psk_len); -static unsigned int psk_server_callback(SSL *ssl, const char *identity, - unsigned char *psk, unsigned int max_psk_len); -#endif - - static BIO *bio_err = NULL; static BIO *bio_stdout = NULL; static char *cipher = NULL; static int verbose = 0; static int debug = 0; -#if 0 -/* Not used yet. */ -#ifdef FIONBIO -static int s_nbio = 0; -#endif -#endif int doit_biopair(SSL *s_ssl, SSL *c_ssl, long bytes, clock_t *s_time, clock_t *c_time); int doit(SSL *s_ssl, SSL *c_ssl, long bytes); @@ -259,9 +242,6 @@ sv_usage(void) #endif #ifndef OPENSSL_NO_ECDH fprintf(stderr, " -no_ecdhe - disable ECDHE\n"); -#endif -#ifndef OPENSSL_NO_PSK - fprintf(stderr, " -psk arg - PSK in hex (without 0x)\n"); #endif fprintf(stderr, " -dtls1 - use DTLSv1\n"); fprintf(stderr, " -ssl3 - use SSLv3\n"); @@ -408,7 +388,6 @@ main(int argc, char *argv[]) #endif int no_dhe = 0; int no_ecdhe = 0; - int no_psk = 0; int print_time = 0; clock_t s_time = 0, c_time = 0; int test_cipherlist = 0; @@ -465,19 +444,7 @@ main(int argc, char *argv[]) no_dhe = 1; else if (strcmp(*argv, "-no_ecdhe") == 0) no_ecdhe = 1; - else if (strcmp(*argv, "-psk") == 0) { - if (--argc < 1) - goto bad; - psk_key=*(++argv); -#ifndef OPENSSL_NO_PSK - if (strspn(psk_key, "abcdefABCDEF1234567890") != strlen(psk_key)) { - BIO_printf(bio_err, "Not a hex number '%s'\n", *argv); - goto bad; - } -#else - no_psk = 1; -#endif - } else if (strcmp(*argv, "-dtls1") == 0) + else if (strcmp(*argv, "-dtls1") == 0) dtls1 = 1; else if (strcmp(*argv, "-ssl2") == 0) ssl2 = 1; @@ -721,32 +688,9 @@ bad: SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context, sizeof session_id_context); } - /* Use PSK only if PSK key is given */ - if (psk_key != NULL) { - /* no_psk is used to avoid putting psk command to openssl tool */ - if (no_psk) { - /* if PSK is not compiled in and psk key is - * given, do nothing and exit successfully */ - ret = 0; - goto end; - } -#ifndef OPENSSL_NO_PSK - SSL_CTX_set_psk_client_callback(c_ctx, psk_client_callback); - SSL_CTX_set_psk_server_callback(s_ctx, psk_server_callback); - if (debug) - BIO_printf(bio_err, "setting PSK identity hint to s_ctx\n"); - if (!SSL_CTX_use_psk_identity_hint(s_ctx, "ctx server identity_hint")) { - BIO_printf(bio_err, "error setting PSK identity hint to s_ctx\n"); - ERR_print_errors(bio_err); - goto end; - } -#endif - } - c_ssl = SSL_new(c_ctx); s_ssl = SSL_new(s_ctx); - for (i = 0; i < number; i++) { if (!reuse) SSL_set_session(c_ssl, NULL); @@ -2027,67 +1971,6 @@ get_dh1024dsa() } #endif -#ifndef OPENSSL_NO_PSK -/* convert the PSK key (psk_key) in ascii to binary (psk) */ -static int -psk_key2bn(const char *pskkey, unsigned char *psk, unsigned int max_psk_len) -{ - int ret; - BIGNUM *bn = NULL; - - ret = BN_hex2bn(&bn, pskkey); - if (!ret) { - BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n", pskkey); - if (bn) - BN_free(bn); - return 0; - } - if (BN_num_bytes(bn) > (int)max_psk_len) { - BIO_printf(bio_err, "psk buffer of callback is too small (%d) for key (%d)\n", - max_psk_len, BN_num_bytes(bn)); - BN_free(bn); - return 0; - } - ret = BN_bn2bin(bn, psk); - BN_free(bn); - return ret; -} - -static unsigned int -psk_client_callback(SSL *ssl, const char *hint, char *identity, - unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len) -{ - int ret; - unsigned int psk_len = 0; - - ret = snprintf(identity, max_identity_len, "Client_identity"); - if (ret == -1 || (unsigned int)ret >= max_identity_len) - goto out_err; - if (debug) - fprintf(stderr, "client: created identity '%s' len=%d\n", identity, ret); - ret = psk_key2bn(psk_key, psk, max_psk_len); - if (ret < 0) - goto out_err; - psk_len = ret; -out_err: - return psk_len; -} - -static unsigned int -psk_server_callback(SSL *ssl, const char *identity, unsigned char *psk, - unsigned int max_psk_len) -{ - unsigned int psk_len = 0; - - if (strcmp(identity, "Client_identity") != 0) { - BIO_printf(bio_err, "server: PSK error: client identity not found\n"); - return 0; - } - psk_len = psk_key2bn(psk_key, psk, max_psk_len); - return psk_len; -} -#endif - static int do_test_cipherlist(void) { diff --git a/src/regress/lib/libssl/ssl/testssl b/src/regress/lib/libssl/ssl/testssl index 80f3a1c511..a4fa4112df 100644 --- a/src/regress/lib/libssl/ssl/testssl +++ b/src/regress/lib/libssl/ssl/testssl @@ -142,22 +142,6 @@ fi # fi #fi -echo test tls1 with PSK -$ssltest -tls1 -cipher PSK -psk abc123 $extra || exit 1 - -echo test tls1 with PSK via BIO pair -$ssltest -bio_pair -tls1 -cipher PSK -psk abc123 $extra || exit 1 - -if openssl no-srp; then - echo skipping SRP tests -else - echo test tls1 with SRP - $ssltest -tls1 -cipher SRP -srpuser test -srppass abc123 - - echo test tls1 with SRP via BIO pair - $ssltest -bio_pair -tls1 -cipher SRP -srpuser test -srppass abc123 -fi - # # DTLS # -- cgit v1.2.3-55-g6feb