Remove NPN test coverage.

2 files changed, 1 insertions, 129 deletions

diff --git a/regress/lib/libssl/ssl/ssltest.c b/regress/lib/libssl/ssl/ssltest.c
index 59a2bea81a1..7137d0c4076 100644
--- a/regress/lib/libssl/ssl/ssltest.c
+++ b/regress/lib/libssl/ssl/ssltest.c
@@ -199,87 +199,6 @@ static DH *get_dh1024dsa(void);
 static BIO *bio_err = NULL;
 static BIO *bio_stdout = NULL;
 
-/* Note that this code assumes that this is only a one element list: */
-static const char NEXT_PROTO_STRING[] = "\x09testproto";
-int npn_client = 0;
-int npn_server = 0;
-int npn_server_reject = 0;
-
-static int
-cb_client_npn(SSL *s, unsigned char **out, unsigned char *outlen,
-    const unsigned char *in, unsigned int inlen, void *arg)
-{
-	/*
-	 * This callback only returns the protocol string, rather than a length
-	 * prefixed set. We assume that NEXT_PROTO_STRING is a one element list
-	 * and remove the first byte to chop off the length prefix.
-	 */
-	*out = (unsigned char *)NEXT_PROTO_STRING + 1;
-	*outlen = sizeof(NEXT_PROTO_STRING) - 2;
-	return (SSL_TLSEXT_ERR_OK);
-}
-
-static int
-cb_server_npn(SSL *s, const unsigned char **data, unsigned int *len, void *arg)
-{
-	*data = (const unsigned char *)NEXT_PROTO_STRING;
-	*len = sizeof(NEXT_PROTO_STRING) - 1;
-	return (SSL_TLSEXT_ERR_OK);
-}
-
-static int
-cb_server_rejects_npn(SSL *s, const unsigned char **data, unsigned int *len,
-    void *arg)
-{
-	return (SSL_TLSEXT_ERR_NOACK);
-}
-
-static int
-verify_npn(SSL *client, SSL *server)
-{
-	const unsigned char *client_s;
-	unsigned int client_len;
-	const unsigned char *server_s;
-	unsigned int server_len;
-
-	SSL_get0_next_proto_negotiated(client, &client_s, &client_len);
-	SSL_get0_next_proto_negotiated(server, &server_s, &server_len);
-
-	if (client_len) {
-		BIO_printf(bio_stdout, "Client NPN: ");
-		BIO_write(bio_stdout, client_s, client_len);
-		BIO_printf(bio_stdout, "\n");
-	}
-
-	if (server_len) {
-		BIO_printf(bio_stdout, "Server NPN: ");
-		BIO_write(bio_stdout, server_s, server_len);
-		BIO_printf(bio_stdout, "\n");
-	}
-
-	/*
-	 * If an NPN string was returned, it must be the protocol that we
-	 * expected to negotiate.
-	 */
-	if (client_len && (client_len != sizeof(NEXT_PROTO_STRING) - 2 ||
-	    memcmp(client_s, NEXT_PROTO_STRING + 1, client_len)))
-		return (-1);
-	if (server_len && (server_len != sizeof(NEXT_PROTO_STRING) - 2 ||
-	    memcmp(server_s, NEXT_PROTO_STRING + 1, server_len)))
-		return (-1);
-
-	if (!npn_client && client_len)
-		return (-1);
-	if (!npn_server && server_len)
-		return (-1);
-	if (npn_server_reject && server_len)
-		return (-1);
-	if (npn_client && npn_server && (!client_len || !server_len))
-		return (-1);
-
-	return (0);
-}
-
 static const char *alpn_client;
 static const char *alpn_server;
 static const char *alpn_expected;
@@ -445,9 +364,6 @@ sv_usage(void)
 	               "                 Use \"openssl ecparam -list_curves\" for all names\n"  \
 	               "                 (default is sect163r2).\n");
 	fprintf(stderr, " -test_cipherlist - verifies the order of the ssl cipher lists\n");
-	fprintf(stderr, " -npn_client - have client side offer NPN\n");
-	fprintf(stderr, " -npn_server - have server side offer NPN\n");
-	fprintf(stderr, " -npn_server_reject - have server reject NPN\n");
 	fprintf(stderr, " -alpn_client <string> - have client side offer ALPN\n");
 	fprintf(stderr, " -alpn_server <string> - have server side offer ALPN\n");
 	fprintf(stderr, " -alpn_expected <string> - the ALPN protocol that should be negotiated\n");
@@ -687,15 +603,7 @@ main(int argc, char *argv[])
 			app_verify_arg.allow_proxy_certs = 1;
 		} else if (strcmp(*argv, "-test_cipherlist") == 0) {
 			test_cipherlist = 1;
-		}
-		else if (strcmp(*argv, "-npn_client") == 0) {
-			npn_client = 1;
-		} else if (strcmp(*argv, "-npn_server") == 0) {
-			npn_server = 1;
-		} else if (strcmp(*argv, "-npn_server_reject") == 0) {
-			npn_server_reject = 1;
-		}
-		else if (strcmp(*argv, "-alpn_client") == 0) {
+		} else if (strcmp(*argv, "-alpn_client") == 0) {
 			if (--argc < 1)
 				goto bad;
 			alpn_client = *(++argv);
@@ -856,22 +764,6 @@ bad:
 		    (void *)&session_id_context, sizeof(session_id_context));
 	}
 
-	if (npn_client)
-		SSL_CTX_set_next_proto_select_cb(c_ctx, cb_client_npn, NULL);
-	if (npn_server) {
-		if (npn_server_reject) {
-			BIO_printf(bio_err, "Can't have both -npn_server and "
-			    "-npn_server_reject\n");
-			goto end;
-		}
-		SSL_CTX_set_next_protos_advertised_cb(s_ctx,
-		    cb_server_npn, NULL);
-	}
-	if (npn_server_reject) {
-		SSL_CTX_set_next_protos_advertised_cb(s_ctx,
-		    cb_server_rejects_npn, NULL);
-	}
-
 	if (alpn_server != NULL)
 		SSL_CTX_set_alpn_select_cb(s_ctx, cb_server_alpn, NULL);
 
@@ -1275,10 +1167,6 @@ doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, clock_t *s_time,
 	if (verbose)
 		print_details(c_ssl, "DONE via BIO pair: ");
 
-	if (verify_npn(c_ssl, s_ssl) < 0) {
-		ret = 1;
-		goto err;
-	}
 	if (verify_alpn(c_ssl, s_ssl) < 0) {
 		ret = 1;
 		goto err;
@@ -1522,10 +1410,6 @@ doit(SSL *s_ssl, SSL *c_ssl, long count)
 	if (verbose)
 		print_details(c_ssl, "DONE: ");
 
-	if (verify_npn(c_ssl, s_ssl) < 0) {
-		ret = 1;
-		goto err;
-	}
 	if (verify_alpn(c_ssl, s_ssl) < 0) {
 		ret = 1;
 		goto err;
diff --git a/regress/lib/libssl/ssl/testssl b/regress/lib/libssl/ssl/testssl
index f156001456e..3563d13607e 100644
--- a/regress/lib/libssl/ssl/testssl
+++ b/regress/lib/libssl/ssl/testssl
@@ -119,18 +119,6 @@ for protocol in SSLv3; do
 done
 
 #
-# Next Protocol Negotiation tests
-#
-echo "Testing NPN..."
-$ssltest -bio_pair -tls1 -npn_client || exit 1
-$ssltest -bio_pair -tls1 -npn_server || exit 1
-$ssltest -bio_pair -tls1 -npn_server_reject || exit 1
-$ssltest -bio_pair -tls1 -npn_client -npn_server_reject || exit 1
-$ssltest -bio_pair -tls1 -npn_client -npn_server || exit 1
-$ssltest -bio_pair -tls1 -npn_client -npn_server -num 2 || exit 1
-$ssltest -bio_pair -tls1 -npn_client -npn_server -num 2 -reuse || exit 1
-
-#
 # ALPN tests
 #
 echo "Testing ALPN..."