Enclosed two patches for head and stable to remove unnecessary code
for srp and to add some comments to s_client.
- the callback to provide a user during client connect is
no longer necessary since rfc 5054 a connection attempt
with an srp cipher and no user is terminated when the
cipher is acceptable
- comments to indicate in s_client the (non-)usefulness of
th primalaty tests for non known group parameters.
diff -r -c5 openssl-1.0.1-stable-SNAP-20111211/apps/s_client.c openssl-1.0.1-stable-SNAP-20111211PS/apps/s_client.c
*** openssl-1.0.1-stable-SNAP-20111211/apps/s_client.c 2011-11-16 01:00:33.000000000 +0100
--- openssl-1.0.1-stable-SNAP-20111211PS/apps/s_client.c 2011-12-11 12:58:54.528530406 +0100
***************
*** 401,411 ****
int strength /* minimal size for N */ ;
} SRP_ARG;
#define SRP_NUMBER_ITERATIONS_FOR_PRIME 64
! static int SRP_Verify_N_and_g(BIGNUM *N, BIGNUM *g)
{
BN_CTX *bn_ctx = BN_CTX_new();
BIGNUM *p = BN_new();
BIGNUM *r = BN_new();
int ret =
--- 401,411 ----
int strength /* minimal size for N */ ;
} SRP_ARG;
#define SRP_NUMBER_ITERATIONS_FOR_PRIME 64
! static int srp_Verify_N_and_g(BIGNUM *N, BIGNUM *g)
{
BN_CTX *bn_ctx = BN_CTX_new();
BIGNUM *p = BN_new();
BIGNUM *r = BN_new();
int ret =
***************
*** 429,438 ****
--- 429,453 ----
if(bn_ctx)
BN_CTX_free(bn_ctx);
return ret;
}
+ /* This callback is used here for two purposes:
+ - extended debugging
+ - making some primality tests for unknown groups
+ The callback is only called for a non default group.
+
+ An application does not need the call back at all if
+ only the stanard groups are used. In real life situations,
+ client and server already share well known groups,
+ thus there is no need to verify them.
+ Furthermore, in case that a server actually proposes a group that
+ is not one of those defined in RFC 5054, it is more appropriate
+ to add the group to a static list and then compare since
+ primality tests are rather cpu consuming.
+ */
+
static int MS_CALLBACK ssl_srp_verify_param_cb(SSL *s, void *arg)
{
SRP_ARG *srp_arg = (SRP_ARG *)arg;
BIGNUM *N = NULL, *g = NULL;
if (!(N = SSL_get_srp_N(s)) || !(g = SSL_get_srp_g(s)))
***************
*** 451,465 ****
if (srp_arg->amp == 1)
{
if (srp_arg->debug)
BIO_printf(bio_err, "SRP param N and g are not known params, going to check deeper.\n");
! /* The srp_moregroups must be used with caution, testing primes costs time.
Implementors should rather add the value to the known ones.
The minimal size has already been tested.
*/
! if (BN_num_bits(g) <= BN_BITS && SRP_Verify_N_and_g(N,g))
return 1;
}
BIO_printf(bio_err, "SRP param N and g rejected.\n");
return 0;
}
--- 466,480 ----
if (srp_arg->amp == 1)
{
if (srp_arg->debug)
BIO_printf(bio_err, "SRP param N and g are not known params, going to check deeper.\n");
! /* The srp_moregroups is a real debugging feature.
Implementors should rather add the value to the known ones.
The minimal size has already been tested.
*/
! if (BN_num_bits(g) <= BN_BITS && srp_Verify_N_and_g(N,g))
return 1;
}
BIO_printf(bio_err, "SRP param N and g rejected.\n");
return 0;
}
***************
*** 484,499 ****
*(pass+l)= '\0';
return pass;
}
- static char * MS_CALLBACK missing_srp_username_callback(SSL *s, void *arg)
- {
- SRP_ARG *srp_arg = (SRP_ARG *)arg;
- return BUF_strdup(srp_arg->srplogin);
- }
-
#endif
char *srtp_profiles = NULL;
# ifndef OPENSSL_NO_NEXTPROTONEG
/* This the context that we pass to next_proto_cb */
--- 499,508 ----
***************
*** 1180,1192 ****
SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);
}
#ifndef OPENSSL_NO_SRP
if (srp_arg.srplogin)
{
! if (srp_lateuser)
! SSL_CTX_set_srp_missing_srp_username_callback(ctx,missing_srp_username_callback);
! else if (!SSL_CTX_set_srp_username(ctx, srp_arg.srplogin))
{
BIO_printf(bio_err,"Unable to set SRP username\n");
goto end;
}
srp_arg.msg = c_msg;
--- 1189,1199 ----
SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);
}
#ifndef OPENSSL_NO_SRP
if (srp_arg.srplogin)
{
! if (!srp_lateuser && !SSL_CTX_set_srp_username(ctx, srp_arg.srplogin))
{
BIO_printf(bio_err,"Unable to set SRP username\n");
goto end;
}
srp_arg.msg = c_msg;
Only in openssl-1.0.1-stable-SNAP-20111211PS/apps: s_client.c.orig
Only in openssl-1.0.1-stable-SNAP-20111211PS/apps: s_client.c.rej
diff -r -c5 openssl-1.0.1-stable-SNAP-20111211/crypto/symhacks.h openssl-1.0.1-stable-SNAP-20111211PS/crypto/symhacks.h
*** openssl-1.0.1-stable-SNAP-20111211/crypto/symhacks.h 2011-03-19 13:00:18.000000000 +0100
--- openssl-1.0.1-stable-SNAP-20111211PS/crypto/symhacks.h 2011-12-11 11:14:08.688822302 +0100
***************
*** 190,202 ****
#define SSL_CTX_set_srp_client_pwd_callback SSL_CTX_set_srp_client_pwd_cb
#undef SSL_CTX_set_srp_verify_param_callback
#define SSL_CTX_set_srp_verify_param_callback SSL_CTX_set_srp_vfy_param_cb
#undef SSL_CTX_set_srp_username_callback
#define SSL_CTX_set_srp_username_callback SSL_CTX_set_srp_un_cb
- #undef SSL_CTX_set_srp_missing_srp_username_callback
- #define SSL_CTX_set_srp_missing_srp_username_callback \
- SSL_CTX_set_srp_miss_srp_un_cb
/* Hack some long ENGINE names */
#undef ENGINE_get_default_BN_mod_exp_crt
#define ENGINE_get_default_BN_mod_exp_crt ENGINE_get_def_BN_mod_exp_crt
#undef ENGINE_set_default_BN_mod_exp_crt
--- 190,199 ----
Only in openssl-1.0.1-stable-SNAP-20111211PS/crypto: symhacks.h.orig
diff -r -c5 openssl-1.0.1-stable-SNAP-20111211/ssl/s3_lib.c openssl-1.0.1-stable-SNAP-20111211PS/ssl/s3_lib.c
*** openssl-1.0.1-stable-SNAP-20111211/ssl/s3_lib.c 2011-11-16 01:00:35.000000000 +0100
--- openssl-1.0.1-stable-SNAP-20111211PS/ssl/s3_lib.c 2011-12-11 11:14:08.692822328 +0100
***************
*** 3672,3685 ****
break;
case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
ctx->srp_ctx.srp_Mask|=SSL_kSRP;
ctx->srp_ctx.SRP_give_srp_client_pwd_callback=(char *(*)(SSL *,void *))fp;
break;
- case SSL_CTRL_SET_TLS_EXT_SRP_MISSING_CLIENT_USERNAME_CB:
- ctx->srp_ctx.srp_Mask|=SSL_kSRP;
- ctx->srp_ctx.SRP_TLS_ext_missing_srp_client_username_callback=(char *(*)(SSL *,void *))fp;
- break;
#endif
#endif
default:
return(0);
}
--- 3672,3681 ----
Only in openssl-1.0.1-stable-SNAP-20111211PS/ssl: s3_lib.c.orig
diff -r -c5 openssl-1.0.1-stable-SNAP-20111211/ssl/ssl.h openssl-1.0.1-stable-SNAP-20111211PS/ssl/ssl.h
*** openssl-1.0.1-stable-SNAP-20111211/ssl/ssl.h 2011-12-02 18:00:25.000000000 +0100
--- openssl-1.0.1-stable-SNAP-20111211PS/ssl/ssl.h 2011-12-11 11:14:08.696822358 +0100
***************
*** 690,701 ****
int (*TLS_ext_srp_username_callback)(SSL *, int *, void *);
/* set SRP N/g param callback for verification */
int (*SRP_verify_param_callback)(SSL *, void *);
/* set SRP client passwd callback */
char *(*SRP_give_srp_client_pwd_callback)(SSL *, void *);
- /* set SRP client username callback */
- char *(*SRP_TLS_ext_missing_srp_client_username_callback)(SSL *, void *);
char *login;
BIGNUM *N,*g,*s,*B,*A;
BIGNUM *a,*b,*v;
char *info;
--- 690,699 ----
***************
*** 1571,1585 ****
#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72
#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75
#define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76
#define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77
! #define SSL_CTRL_SET_TLS_EXT_SRP_MISSING_CLIENT_USERNAME_CB 78
! #define SSL_CTRL_SET_SRP_ARG 79
! #define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 80
! #define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 81
! #define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 82
#endif
#define DTLS_CTRL_GET_TIMEOUT 73
#define DTLS_CTRL_HANDLE_TIMEOUT 74
#define DTLS_CTRL_LISTEN 75
--- 1569,1583 ----
#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72
#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75
#define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76
#define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77
!
! #define SSL_CTRL_SET_SRP_ARG 78
! #define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79
! #define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80
! #define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81
#endif
#define DTLS_CTRL_GET_TIMEOUT 73
#define DTLS_CTRL_HANDLE_TIMEOUT 74
#define DTLS_CTRL_LISTEN 75
diff -r -c5 openssl-1.0.1-stable-SNAP-20111211/ssl/ssltest.c openssl-1.0.1-stable-SNAP-20111211PS/ssl/ssltest.c
*** openssl-1.0.1-stable-SNAP-20111211/ssl/ssltest.c 2011-06-06 14:00:19.000000000 +0200
--- openssl-1.0.1-stable-SNAP-20111211PS/ssl/ssltest.c 2011-12-11 11:14:08.700822391 +0100
***************
*** 264,279 ****
{
SRP_CLIENT_ARG *srp_client_arg = (SRP_CLIENT_ARG *)arg;
return BUF_strdup((char *)srp_client_arg->srppassin);
}
- static char * MS_CALLBACK missing_srp_username_callback(SSL *s, void *arg)
- {
- SRP_CLIENT_ARG *srp_client_arg = (SRP_CLIENT_ARG *)arg;
- return BUF_strdup(srp_client_arg->srplogin);
- }
-
/* SRP server */
/* This is a context that we pass to SRP server callbacks */
typedef struct srp_server_arg_st
{
char *expected_user;
--- 264,273 ----
***************
*** 535,545 ****
#ifndef OPENSSL_NO_ECDH
EC_KEY *ecdh = NULL;
#endif
#ifndef OPENSSL_NO_SRP
/* client */
- int srp_lateuser = 0;
SRP_CLIENT_ARG srp_client_arg = {NULL,NULL};
/* server */
SRP_SERVER_ARG srp_server_arg = {NULL,NULL};
#endif
int no_dhe = 0;
--- 529,538 ----
***************
*** 1051,1063 ****
#endif
}
#ifndef OPENSSL_NO_SRP
if (srp_client_arg.srplogin)
{
! if (srp_lateuser)
! SSL_CTX_set_srp_missing_srp_username_callback(c_ctx,missing_srp_username_callback);
! else if (!SSL_CTX_set_srp_username(c_ctx, srp_client_arg.srplogin))
{
BIO_printf(bio_err,"Unable to set SRP username\n");
goto end;
}
SSL_CTX_set_srp_cb_arg(c_ctx,&srp_client_arg);
--- 1044,1054 ----
#endif
}
#ifndef OPENSSL_NO_SRP
if (srp_client_arg.srplogin)
{
! if (!SSL_CTX_set_srp_username(c_ctx, srp_client_arg.srplogin))
{
BIO_printf(bio_err,"Unable to set SRP username\n");
goto end;
}
SSL_CTX_set_srp_cb_arg(c_ctx,&srp_client_arg);
diff -r -c5 openssl-1.0.1-stable-SNAP-20111211/ssl/tls_srp.c openssl-1.0.1-stable-SNAP-20111211PS/ssl/tls_srp.c
*** openssl-1.0.1-stable-SNAP-20111211/ssl/tls_srp.c 2011-12-11 13:51:41.665775046 +0100
--- openssl-1.0.1-stable-SNAP-20111211PS/ssl/tls_srp.c 2011-12-11 11:14:08.700822391 +0100
***************
*** 2,12 ****
/* Written by Christophe Renou ([email protected]) with
* the precious help of Peter Sylvester ([email protected])
* for the EdelKey project and contributed to the OpenSSL project 2004.
*/
/* ====================================================================
! * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
--- 2,12 ----
/* Written by Christophe Renou ([email protected]) with
* the precious help of Peter Sylvester ([email protected])
* for the EdelKey project and contributed to the OpenSSL project 2004.
*/
/* ====================================================================
! * Copyright (c) 2004-2011 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
***************
*** 78,88 ****
BN_free(ctx->srp_ctx.v);
ctx->srp_ctx.TLS_ext_srp_username_callback = NULL;
ctx->srp_ctx.SRP_cb_arg = NULL;
ctx->srp_ctx.SRP_verify_param_callback = NULL;
ctx->srp_ctx.SRP_give_srp_client_pwd_callback = NULL;
- ctx->srp_ctx.SRP_TLS_ext_missing_srp_client_username_callback = NULL;
ctx->srp_ctx.N = NULL;
ctx->srp_ctx.g = NULL;
ctx->srp_ctx.s = NULL;
ctx->srp_ctx.B = NULL;
ctx->srp_ctx.A = NULL;
--- 78,87 ----
***************
*** 111,121 ****
BN_free(s->srp_ctx.v);
s->srp_ctx.TLS_ext_srp_username_callback = NULL;
s->srp_ctx.SRP_cb_arg = NULL;
s->srp_ctx.SRP_verify_param_callback = NULL;
s->srp_ctx.SRP_give_srp_client_pwd_callback = NULL;
- s->srp_ctx.SRP_TLS_ext_missing_srp_client_username_callback = NULL;
s->srp_ctx.N = NULL;
s->srp_ctx.g = NULL;
s->srp_ctx.s = NULL;
s->srp_ctx.B = NULL;
s->srp_ctx.A = NULL;
--- 110,119 ----
***************
*** 140,150 ****
s->srp_ctx.TLS_ext_srp_username_callback = ctx->srp_ctx.TLS_ext_srp_username_callback;
/* set SRP N/g param callback for verification */
s->srp_ctx.SRP_verify_param_callback = ctx->srp_ctx.SRP_verify_param_callback;
/* set SRP client passwd callback */
s->srp_ctx.SRP_give_srp_client_pwd_callback = ctx->srp_ctx.SRP_give_srp_client_pwd_callback;
- s->srp_ctx.SRP_TLS_ext_missing_srp_client_username_callback = ctx->srp_ctx.SRP_TLS_ext_missing_srp_client_username_callback;
s->srp_ctx.N = NULL;
s->srp_ctx.g = NULL;
s->srp_ctx.s = NULL;
s->srp_ctx.B = NULL;
--- 138,147 ----
***************
*** 208,218 ****
ctx->srp_ctx.TLS_ext_srp_username_callback = NULL;
/* set SRP N/g param callback for verification */
ctx->srp_ctx.SRP_verify_param_callback = NULL;
/* set SRP client passwd callback */
ctx->srp_ctx.SRP_give_srp_client_pwd_callback = NULL;
- ctx->srp_ctx.SRP_TLS_ext_missing_srp_client_username_callback = NULL;
ctx->srp_ctx.N = NULL;
ctx->srp_ctx.g = NULL;
ctx->srp_ctx.s = NULL;
ctx->srp_ctx.B = NULL;
--- 205,214 ----
***************
*** 434,453 ****
return s->srp_ctx.SRP_verify_param_callback(s,s->srp_ctx.SRP_cb_arg);
return 1;
}
- int SRP_have_to_put_srp_username(SSL *s)
- {
- if (s->srp_ctx.SRP_TLS_ext_missing_srp_client_username_callback == NULL)
- return 0;
- if ((s->srp_ctx.login = s->srp_ctx.SRP_TLS_ext_missing_srp_client_username_callback(s,s->srp_ctx.SRP_cb_arg)) == NULL)
- return 0;
- s->srp_ctx.srp_Mask|=SSL_kSRP;
- return 1;
- }
-
BIGNUM *SSL_get_srp_g(SSL *s)
{
if (s->srp_ctx.g != NULL)
return s->srp_ctx.g;
return s->ctx->srp_ctx.g;
--- 430,439 ----
***************
*** 515,527 ****
{
return tls1_ctx_callback_ctrl(ctx,SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB,
(void (*)(void))cb);
}
- int SSL_CTX_set_srp_missing_srp_username_callback(SSL_CTX *ctx,
- char *(*cb)(SSL *,void *))
- {
- return tls1_ctx_callback_ctrl(ctx,
- SSL_CTRL_SET_TLS_EXT_SRP_MISSING_CLIENT_USERNAME_CB,
- (void (*)(void))cb);
- }
#endif
--- 501,506 ----
diff -r -c openssl-SNAP-20111211/apps/s_client.c openssl-SNAP-20111211PS/apps/s_client.c
*** openssl-SNAP-20111211/apps/s_client.c 2011-11-16 01:00:04.000000000 +0100
--- openssl-SNAP-20111211PS/apps/s_client.c 2011-12-11 15:48:26.300444811 +0100
***************
*** 403,420 ****
#define SRP_NUMBER_ITERATIONS_FOR_PRIME 64
! static int SRP_Verify_N_and_g(const BIGNUM *N, const BIGNUM *g)
{
BN_CTX *bn_ctx = BN_CTX_new();
BIGNUM *p = BN_new();
BIGNUM *r = BN_new();
int ret =
g != NULL && N != NULL && bn_ctx != NULL && BN_is_odd(N) &&
! BN_is_prime_ex(N,SRP_NUMBER_ITERATIONS_FOR_PRIME,bn_ctx,NULL) &&
p != NULL && BN_rshift1(p, N) &&
/* p = (N-1)/2 */
! BN_is_prime_ex(p,SRP_NUMBER_ITERATIONS_FOR_PRIME,bn_ctx,NULL) &&
r != NULL &&
/* verify g^((N-1)/2) == -1 (mod N) */
--- 403,420 ----
#define SRP_NUMBER_ITERATIONS_FOR_PRIME 64
! static int srp_Verify_N_and_g(const BIGNUM *N, const BIGNUM *g)
{
BN_CTX *bn_ctx = BN_CTX_new();
BIGNUM *p = BN_new();
BIGNUM *r = BN_new();
int ret =
g != NULL && N != NULL && bn_ctx != NULL && BN_is_odd(N) &&
! BN_is_prime_ex(N, SRP_NUMBER_ITERATIONS_FOR_PRIME, bn_ctx, NULL) &&
p != NULL && BN_rshift1(p, N) &&
/* p = (N-1)/2 */
! BN_is_prime_ex(p, SRP_NUMBER_ITERATIONS_FOR_PRIME, bn_ctx, NULL) &&
r != NULL &&
/* verify g^((N-1)/2) == -1 (mod N) */
***************
*** 431,436 ****
--- 431,451 ----
return ret;
}
+ /* This callback is used here for two purposes:
+ - extended debugging
+ - making some primality tests for unknown groups
+ The callback is only called for a non default group.
+
+ An application does not need the call back at all if
+ only the stanard groups are used. In real life situations,
+ client and server already share well known groups,
+ thus there is no need to verify them.
+ Furthermore, in case that a server actually proposes a group that
+ is not one of those defined in RFC 5054, it is more appropriate
+ to add the group to a static list and then compare since
+ primality tests are rather cpu consuming.
+ */
+
static int MS_CALLBACK ssl_srp_verify_param_cb(SSL *s, void *arg)
{
SRP_ARG *srp_arg = (SRP_ARG *)arg;
***************
*** 453,463 ****
if (srp_arg->debug)
BIO_printf(bio_err, "SRP param N and g are not known params, going to check deeper.\n");
! /* The srp_moregroups must be used with caution, testing primes costs time.
Implementors should rather add the value to the known ones.
The minimal size has already been tested.
*/
! if (BN_num_bits(g) <= BN_BITS && SRP_Verify_N_and_g(N,g))
return 1;
}
BIO_printf(bio_err, "SRP param N and g rejected.\n");
--- 468,478 ----
if (srp_arg->debug)
BIO_printf(bio_err, "SRP param N and g are not known params, going to check deeper.\n");
! /* The srp_moregroups is a real debugging feature.
Implementors should rather add the value to the known ones.
The minimal size has already been tested.
*/
! if (BN_num_bits(g) <= BN_BITS && srp_Verify_N_and_g(N,g))
return 1;
}
BIO_printf(bio_err, "SRP param N and g rejected.\n");
***************
*** 486,497 ****
return pass;
}
- static char * MS_CALLBACK missing_srp_username_callback(SSL *s, void *arg)
- {
- SRP_ARG *srp_arg = (SRP_ARG *)arg;
- return BUF_strdup(srp_arg->srplogin);
- }
-
#endif
char *srtp_profiles = NULL;
--- 501,506 ----
***************
*** 1182,1190 ****
#ifndef OPENSSL_NO_SRP
if (srp_arg.srplogin)
{
! if (srp_lateuser)
! SSL_CTX_set_srp_missing_srp_username_callback(ctx,missing_srp_username_callback);
! else if (!SSL_CTX_set_srp_username(ctx, srp_arg.srplogin))
{
BIO_printf(bio_err,"Unable to set SRP username\n");
goto end;
--- 1191,1197 ----
#ifndef OPENSSL_NO_SRP
if (srp_arg.srplogin)
{
! if (!srp_lateuser && !SSL_CTX_set_srp_username(ctx, srp_arg.srplogin))
{
BIO_printf(bio_err,"Unable to set SRP username\n");
goto end;
diff -r -c openssl-SNAP-20111211/crypto/symhacks.h openssl-SNAP-20111211PS/crypto/symhacks.h
*** openssl-SNAP-20111211/crypto/symhacks.h 2011-03-20 12:00:02.000000000 +0100
--- openssl-SNAP-20111211PS/crypto/symhacks.h 2011-12-11 15:41:56.461039291 +0100
***************
*** 202,210 ****
#define SSL_CTX_set_srp_verify_param_callback SSL_CTX_set_srp_vfy_param_cb
#undef SSL_CTX_set_srp_username_callback
#define SSL_CTX_set_srp_username_callback SSL_CTX_set_srp_un_cb
- #undef SSL_CTX_set_srp_missing_srp_username_callback
- #define SSL_CTX_set_srp_missing_srp_username_callback \
- SSL_CTX_set_srp_miss_srp_un_cb
/* Hack some long ENGINE names */
#undef ENGINE_get_default_BN_mod_exp_crt
--- 202,207 ----
diff -r -c openssl-SNAP-20111211/ssl/s3_lib.c openssl-SNAP-20111211PS/ssl/s3_lib.c
*** openssl-SNAP-20111211/ssl/s3_lib.c 2011-11-16 01:00:16.000000000 +0100
--- openssl-SNAP-20111211PS/ssl/s3_lib.c 2011-12-11 15:43:46.521997594 +0100
***************
*** 3679,3688 ****
ctx->srp_ctx.srp_Mask|=SSL_kSRP;
ctx->srp_ctx.SRP_give_srp_client_pwd_callback=(char *(*)(SSL *,void *))fp;
break;
- case SSL_CTRL_SET_TLS_EXT_SRP_MISSING_CLIENT_USERNAME_CB:
- ctx->srp_ctx.srp_Mask|=SSL_kSRP;
- ctx->srp_ctx.SRP_TLS_ext_missing_srp_client_username_callback=(char *(*)(SSL *,void *))fp;
- break;
#endif
#endif
case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
--- 3679,3684 ----
diff -r -c openssl-SNAP-20111211/ssl/ssl.h openssl-SNAP-20111211PS/ssl/ssl.h
*** openssl-SNAP-20111211/ssl/ssl.h 2011-11-25 02:00:10.000000000 +0100
--- openssl-SNAP-20111211PS/ssl/ssl.h 2011-12-11 15:41:56.469038915 +0100
***************
*** 695,702 ****
int (*SRP_verify_param_callback)(SSL *, void *);
/* set SRP client passwd callback */
char *(*SRP_give_srp_client_pwd_callback)(SSL *, void *);
- /* set SRP client username callback */
- char *(*SRP_TLS_ext_missing_srp_client_username_callback)(SSL *, void *);
char *login;
BIGNUM *N,*g,*s,*B,*A;
--- 695,700 ----
***************
*** 1581,1591 ****
#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75
#define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76
#define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77
! #define SSL_CTRL_SET_TLS_EXT_SRP_MISSING_CLIENT_USERNAME_CB 78
! #define SSL_CTRL_SET_SRP_ARG 79
! #define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 80
! #define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 81
! #define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 82
#endif
#define DTLS_CTRL_GET_TIMEOUT 73
--- 1579,1589 ----
#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75
#define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76
#define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77
!
! #define SSL_CTRL_SET_SRP_ARG 78
! #define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79
! #define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80
! #define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81
#endif
#define DTLS_CTRL_GET_TIMEOUT 73
diff -r -c openssl-SNAP-20111211/ssl/ssltest.c openssl-SNAP-20111211PS/ssl/ssltest.c
*** openssl-SNAP-20111211/ssl/ssltest.c 2011-05-19 21:00:06.000000000 +0200
--- openssl-SNAP-20111211PS/ssl/ssltest.c 2011-12-11 15:41:56.469038915 +0100
***************
*** 266,277 ****
return BUF_strdup((char *)srp_client_arg->srppassin);
}
- static char * MS_CALLBACK missing_srp_username_callback(SSL *s, void *arg)
- {
- SRP_CLIENT_ARG *srp_client_arg = (SRP_CLIENT_ARG *)arg;
- return BUF_strdup(srp_client_arg->srplogin);
- }
-
/* SRP server */
/* This is a context that we pass to SRP server callbacks */
typedef struct srp_server_arg_st
--- 266,271 ----
***************
*** 617,623 ****
#endif
#ifndef OPENSSL_NO_SRP
/* client */
- int srp_lateuser = 0;
SRP_CLIENT_ARG srp_client_arg = {NULL,NULL};
/* server */
SRP_SERVER_ARG srp_server_arg = {NULL,NULL};
--- 611,616 ----
***************
*** 1147,1155 ****
#ifndef OPENSSL_NO_SRP
if (srp_client_arg.srplogin)
{
! if (srp_lateuser)
! SSL_CTX_set_srp_missing_srp_username_callback(c_ctx,missing_srp_username_callback);
! else if (!SSL_CTX_set_srp_username(c_ctx, srp_client_arg.srplogin))
{
BIO_printf(bio_err,"Unable to set SRP username\n");
goto end;
--- 1140,1146 ----
#ifndef OPENSSL_NO_SRP
if (srp_client_arg.srplogin)
{
! if (!SSL_CTX_set_srp_username(c_ctx, srp_client_arg.srplogin))
{
BIO_printf(bio_err,"Unable to set SRP username\n");
goto end;
diff -r -c openssl-SNAP-20111211/ssl/tls_srp.c openssl-SNAP-20111211PS/ssl/tls_srp.c
*** openssl-SNAP-20111211/ssl/tls_srp.c 2011-11-25 02:00:10.000000000 +0100
--- openssl-SNAP-20111211PS/ssl/tls_srp.c 2011-12-11 15:41:56.469038915 +0100
***************
*** 4,10 ****
* for the EdelKey project and contributed to the OpenSSL project 2004.
*/
/* ====================================================================
! * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
--- 4,10 ----
* for the EdelKey project and contributed to the OpenSSL project 2004.
*/
/* ====================================================================
! * Copyright (c) 2004-2011 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
***************
*** 82,88 ****
ctx->srp_ctx.SRP_cb_arg = NULL;
ctx->srp_ctx.SRP_verify_param_callback = NULL;
ctx->srp_ctx.SRP_give_srp_client_pwd_callback = NULL;
- ctx->srp_ctx.SRP_TLS_ext_missing_srp_client_username_callback = NULL;
ctx->srp_ctx.N = NULL;
ctx->srp_ctx.g = NULL;
ctx->srp_ctx.s = NULL;
--- 82,87 ----
***************
*** 115,121 ****
s->srp_ctx.SRP_cb_arg = NULL;
s->srp_ctx.SRP_verify_param_callback = NULL;
s->srp_ctx.SRP_give_srp_client_pwd_callback = NULL;
- s->srp_ctx.SRP_TLS_ext_missing_srp_client_username_callback = NULL;
s->srp_ctx.N = NULL;
s->srp_ctx.g = NULL;
s->srp_ctx.s = NULL;
--- 114,119 ----
***************
*** 144,150 ****
s->srp_ctx.SRP_verify_param_callback = ctx->srp_ctx.SRP_verify_param_callback;
/* set SRP client passwd callback */
s->srp_ctx.SRP_give_srp_client_pwd_callback = ctx->srp_ctx.SRP_give_srp_client_pwd_callback;
- s->srp_ctx.SRP_TLS_ext_missing_srp_client_username_callback = ctx->srp_ctx.SRP_TLS_ext_missing_srp_client_username_callback;
s->srp_ctx.N = NULL;
s->srp_ctx.g = NULL;
--- 142,147 ----
***************
*** 212,218 ****
ctx->srp_ctx.SRP_verify_param_callback = NULL;
/* set SRP client passwd callback */
ctx->srp_ctx.SRP_give_srp_client_pwd_callback = NULL;
- ctx->srp_ctx.SRP_TLS_ext_missing_srp_client_username_callback = NULL;
ctx->srp_ctx.N = NULL;
ctx->srp_ctx.g = NULL;
--- 209,214 ----
***************
*** 440,455 ****
return 1;
}
- int SRP_have_to_put_srp_username(SSL *s)
- {
- if (s->srp_ctx.SRP_TLS_ext_missing_srp_client_username_callback == NULL)
- return 0;
- if ((s->srp_ctx.login = s->srp_ctx.SRP_TLS_ext_missing_srp_client_username_callback(s,s->srp_ctx.SRP_cb_arg)) == NULL)
- return 0;
- s->srp_ctx.srp_Mask|=SSL_kSRP;
- return 1;
- }
-
BIGNUM *SSL_get_srp_g(SSL *s)
{
if (s->srp_ctx.g != NULL)
--- 436,441 ----
***************
*** 521,531 ****
(void (*)(void))cb);
}
- int SSL_CTX_set_srp_missing_srp_username_callback(SSL_CTX *ctx,
- char *(*cb)(SSL *,void *))
- {
- return tls1_ctx_callback_ctrl(ctx,
- SSL_CTRL_SET_TLS_EXT_SRP_MISSING_CLIENT_USERNAME_CB,
- (void (*)(void))cb);
- }
#endif
--- 507,510 ----
