Remove PSK from the ssl regress.

2 files changed, 1 insertions, 134 deletions

diff --git a/regress/lib/libssl/ssl/ssltest.c b/regress/lib/libssl/ssl/ssltest.c
index adb9e0647b3..90d9e7f6ae9 100644
--- a/regress/lib/libssl/ssl/ssltest.c
+++ b/regress/lib/libssl/ssl/ssltest.c
@@ -209,29 +209,12 @@ static DH *get_dh1024(void);
 static DH *get_dh1024dsa(void);
 #endif
 
-
-static char *psk_key = NULL; /* by default PSK is not used */
-#ifndef OPENSSL_NO_PSK
-static unsigned int psk_client_callback(SSL *ssl, const char *hint,
-    char *identity, unsigned int max_identity_len, unsigned char *psk,
-    unsigned int max_psk_len);
-static unsigned int psk_server_callback(SSL *ssl, const char *identity,
-    unsigned char *psk, unsigned int max_psk_len);
-#endif
-
-
 static BIO *bio_err = NULL;
 static BIO *bio_stdout = NULL;
 
 static char *cipher = NULL;
 static int verbose = 0;
 static int debug = 0;
-#if 0
-/* Not used yet. */
-#ifdef FIONBIO
-static int s_nbio = 0;
-#endif
-#endif
 
 int doit_biopair(SSL *s_ssl, SSL *c_ssl, long bytes, clock_t *s_time, clock_t *c_time);
 int doit(SSL *s_ssl, SSL *c_ssl, long bytes);
@@ -260,9 +243,6 @@ sv_usage(void)
 #ifndef OPENSSL_NO_ECDH
 	fprintf(stderr, " -no_ecdhe     - disable ECDHE\n");
 #endif
-#ifndef OPENSSL_NO_PSK
-	fprintf(stderr, " -psk arg      - PSK in hex (without 0x)\n");
-#endif
 	fprintf(stderr, " -dtls1        - use DTLSv1\n");
 	fprintf(stderr, " -ssl3         - use SSLv3\n");
 	fprintf(stderr, " -tls1         - use TLSv1\n");
@@ -408,7 +388,6 @@ main(int argc, char *argv[])
 #endif
 	int no_dhe = 0;
 	int no_ecdhe = 0;
-	int no_psk = 0;
 	int print_time = 0;
 	clock_t s_time = 0, c_time = 0;
 	int test_cipherlist = 0;
@@ -465,19 +444,7 @@ main(int argc, char *argv[])
 			no_dhe = 1;
 		else if (strcmp(*argv, "-no_ecdhe") == 0)
 			no_ecdhe = 1;
-		else if (strcmp(*argv, "-psk") == 0) {
-			if (--argc < 1)
-				goto bad;
-			psk_key=*(++argv);
-#ifndef OPENSSL_NO_PSK
-			if (strspn(psk_key, "abcdefABCDEF1234567890") != strlen(psk_key)) {
-				BIO_printf(bio_err, "Not a hex number '%s'\n", *argv);
-				goto bad;
-			}
-#else
-			no_psk = 1;
-#endif
-		} else if (strcmp(*argv, "-dtls1") == 0)
+		else if (strcmp(*argv, "-dtls1") == 0)
 			dtls1 = 1;
 		else if (strcmp(*argv, "-ssl2") == 0)
 			ssl2 = 1;
@@ -721,32 +688,9 @@ bad:
 		SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context, sizeof session_id_context);
 	}
 
-	/* Use PSK only if PSK key is given */
-	if (psk_key != NULL) {
-		/* no_psk is used to avoid putting psk command to openssl tool */
-		if (no_psk) {
-			/* if PSK is not compiled in and psk key is
-			 * given, do nothing and exit successfully */
-			ret = 0;
-			goto end;
-		}
-#ifndef OPENSSL_NO_PSK
-		SSL_CTX_set_psk_client_callback(c_ctx, psk_client_callback);
-		SSL_CTX_set_psk_server_callback(s_ctx, psk_server_callback);
-		if (debug)
-			BIO_printf(bio_err, "setting PSK identity hint to s_ctx\n");
-		if (!SSL_CTX_use_psk_identity_hint(s_ctx, "ctx server identity_hint")) {
-			BIO_printf(bio_err, "error setting PSK identity hint to s_ctx\n");
-			ERR_print_errors(bio_err);
-			goto end;
-		}
-#endif
-	}
-
 	c_ssl = SSL_new(c_ctx);
 	s_ssl = SSL_new(s_ctx);
 
-
 	for (i = 0; i < number; i++) {
 		if (!reuse)
 			SSL_set_session(c_ssl, NULL);
@@ -2027,67 +1971,6 @@ get_dh1024dsa()
 }
 #endif
 
-#ifndef OPENSSL_NO_PSK
-/* convert the PSK key (psk_key) in ascii to binary (psk) */
-static int
-psk_key2bn(const char *pskkey, unsigned char *psk, unsigned int max_psk_len)
-{
-	int ret;
-	BIGNUM *bn = NULL;
-
-	ret = BN_hex2bn(&bn, pskkey);
-	if (!ret) {
-		BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n", pskkey);
-		if (bn)
-			BN_free(bn);
-		return 0;
-	}
-	if (BN_num_bytes(bn) > (int)max_psk_len) {
-		BIO_printf(bio_err, "psk buffer of callback is too small (%d) for key (%d)\n",
-		max_psk_len, BN_num_bytes(bn));
-		BN_free(bn);
-		return 0;
-	}
-	ret = BN_bn2bin(bn, psk);
-	BN_free(bn);
-	return ret;
-}
-
-static unsigned int
-psk_client_callback(SSL *ssl, const char *hint, char *identity,
-    unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len)
-{
-	int ret;
-	unsigned int psk_len = 0;
-
-	ret = snprintf(identity, max_identity_len, "Client_identity");
-	if (ret == -1 || (unsigned int)ret >= max_identity_len)
-		goto out_err;
-	if (debug)
-		fprintf(stderr, "client: created identity '%s' len=%d\n", identity, ret);
-	ret = psk_key2bn(psk_key, psk, max_psk_len);
-	if (ret < 0)
-		goto out_err;
-	psk_len = ret;
-out_err:
-	return psk_len;
-}
-
-static unsigned int
-psk_server_callback(SSL *ssl, const char *identity, unsigned char *psk,
-    unsigned int max_psk_len)
-{
-	unsigned int psk_len = 0;
-
-	if (strcmp(identity, "Client_identity") != 0) {
-		BIO_printf(bio_err, "server: PSK error: client identity not found\n");
-		return 0;
-	}
-	psk_len = psk_key2bn(psk_key, psk, max_psk_len);
-	return psk_len;
-}
-#endif
-
 static int
 do_test_cipherlist(void)
 {
diff --git a/regress/lib/libssl/ssl/testssl b/regress/lib/libssl/ssl/testssl
index 80f3a1c511c..a4fa4112dfd 100644
--- a/regress/lib/libssl/ssl/testssl
+++ b/regress/lib/libssl/ssl/testssl
@@ -142,22 +142,6 @@ fi
 #  fi
 #fi
 
-echo test tls1 with PSK
-$ssltest -tls1 -cipher PSK -psk abc123 $extra || exit 1
-
-echo test tls1 with PSK via BIO pair
-$ssltest -bio_pair -tls1 -cipher PSK -psk abc123 $extra || exit 1
-
-if openssl no-srp; then
-  echo skipping SRP tests
-else
-  echo test tls1 with SRP
-  $ssltest -tls1 -cipher SRP -srpuser test -srppass abc123
-
-  echo test tls1 with SRP via BIO pair
-  $ssltest -bio_pair -tls1 -cipher SRP -srpuser test -srppass abc123
-fi
-
 #
 # DTLS
 #