add back SRP. i was being too greedy.

author: tedu <> 2014-04-16 20:39:09 +0000
committer: tedu <> 2014-04-16 20:39:09 +0000
commit: e7892d59587f55067ca2e2bc6fa26cf4bcd6c084 (patch)
tree: 761d3461cd8f278c74120d2836c29dd21dc95be6 /src/lib/libssl/src/ssl/ssltest.c
parent: 750d86a4fc04f53024575d65269281ea6c4e450c (diff)
download: openbsd-e7892d59587f55067ca2e2bc6fa26cf4bcd6c084.tar.gz
openbsd-e7892d59587f55067ca2e2bc6fa26cf4bcd6c084.tar.bz2
openbsd-e7892d59587f55067ca2e2bc6fa26cf4bcd6c084.zip
1 files changed, 83 insertions, 0 deletions
diff --git a/src/lib/libssl/src/ssl/ssltest.c b/src/lib/libssl/src/ssl/ssltest.c
index 1d43f5a0e8..771c50a3e1 100644
--- a/src/lib/libssl/src/ssl/ssltest.c
+++ b/src/lib/libssl/src/ssl/ssltest.c
@@ -182,6 +182,9 @@
 #ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
 #endif
+#ifndef OPENSSL_NO_SRP
+#include <openssl/srp.h>
+#endif
 #include <openssl/bn.h>
 #define _XOPEN_SOURCE_EXTENDED  1 /* Or gethostname won't be declared properly
@@ -231,6 +234,46 @@ static unsigned int psk_server_callback(SSL *ssl, const char *identity,
    unsigned char *psk, unsigned int max_psk_len);
 #endif
+#ifndef OPENSSL_NO_SRP
+/* SRP client */
+/* This is a context that we pass to all callbacks */
+typedef struct srp_client_arg_st {
+        char *srppassin;
+        char *srplogin;
+} SRP_CLIENT_ARG;
+#define PWD_STRLEN 1024
+static char *
+ssl_give_srp_client_pwd_cb(SSL *s, void *arg)
+{
+        SRP_CLIENT_ARG *srp_client_arg = (SRP_CLIENT_ARG *)arg;
+        return BUF_strdup((char *)srp_client_arg->srppassin);
+}
+/* SRP server */
+/* This is a context that we pass to SRP server callbacks */
+typedef struct srp_server_arg_st {
+        char *expected_user;
+        char *pass;
+} SRP_SERVER_ARG;
+static int
+ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
+{
+        SRP_SERVER_ARG *p = (SRP_SERVER_ARG *) arg;
+        if (strcmp(p->expected_user, SSL_get_srp_username(s)) != 0) {
+                fprintf(stderr, "User %s doesn't exist\n", SSL_get_srp_username(s));
+                return SSL3_AL_FATAL;
+        }
+        if (SSL_set_srp_server_param_pw(s, p->expected_user, p->pass, "1024") < 0) {
+                *ad = SSL_AD_INTERNAL_ERROR;
+                return SSL3_AL_FATAL;
+        }
+        return SSL_ERROR_NONE;
+}
+#endif
 static BIO *bio_err = NULL;
 static BIO *bio_stdout = NULL;
@@ -277,6 +320,10 @@ sv_usage(void)
 #ifndef OPENSSL_NO_PSK
        fprintf(stderr, " -psk arg      - PSK in hex (without 0x)\n");
 #endif
+#ifndef OPENSSL_NO_SRP
+        fprintf(stderr, " -srpuser user  - SRP username to use\n");
+        fprintf(stderr, " -srppass arg   - password for 'user'\n");
+#endif
        fprintf(stderr, " -ssl3         - use SSLv3\n");
        fprintf(stderr, " -tls1         - use TLSv1\n");
        fprintf(stderr, " -CApath arg   - PEM format directory of CA's\n");
@@ -452,6 +499,12 @@ main(int argc, char *argv[])
 #ifndef OPENSSL_NO_ECDH
        EC_KEY *ecdh = NULL;
 #endif
+#ifndef OPENSSL_NO_SRP
+        /* client */
+        SRP_CLIENT_ARG srp_client_arg = {NULL, NULL};
+        /* server */
+        SRP_SERVER_ARG srp_server_arg = {NULL, NULL};
+#endif
        int no_dhe = 0;
        int no_ecdhe = 0;
        int no_psk = 0;
@@ -541,6 +594,19 @@ main(int argc, char *argv[])
                        no_psk = 1;
 #endif
                }
+#ifndef OPENSSL_NO_SRP
+                else if (strcmp(*argv, "-srpuser") == 0) {
+                        if (--argc < 1)
+                                goto bad;
+                        srp_server_arg.expected_user = srp_client_arg.srplogin= *(++argv);
+                        tls1 = 1;
+                } else if (strcmp(*argv, "-srppass") == 0) {
+                        if (--argc < 1)
+                                goto bad;
+                        srp_server_arg.pass = srp_client_arg.srppassin= *(++argv);
+                        tls1 = 1;
+                }
+#endif
                else if (strcmp(*argv, "-ssl2") == 0)
                        ssl2 = 1;
                else if (strcmp(*argv, "-tls1") == 0)
@@ -848,6 +914,23 @@ bad:
                }
 #endif
        }
+#ifndef OPENSSL_NO_SRP
+        if (srp_client_arg.srplogin) {
+                if (!SSL_CTX_set_srp_username(c_ctx, srp_client_arg.srplogin)) {
+                        BIO_printf(bio_err, "Unable to set SRP username\n");
+                        goto end;
+                }
+                SSL_CTX_set_srp_cb_arg(c_ctx, &srp_client_arg);
+                SSL_CTX_set_srp_client_pwd_callback(c_ctx, ssl_give_srp_client_pwd_cb);
+                /*SSL_CTX_set_srp_strength(c_ctx, srp_client_arg.strength);*/
+        }
+        if (srp_server_arg.expected_user != NULL) {
+                SSL_CTX_set_verify(s_ctx, SSL_VERIFY_NONE, verify_callback);
+                SSL_CTX_set_srp_cb_arg(s_ctx, &srp_server_arg);
+                SSL_CTX_set_srp_username_callback(s_ctx, ssl_srp_server_param_cb);
+        }
+#endif
        c_ssl = SSL_new(c_ctx);
        s_ssl = SSL_new(s_ctx);
author	tedu <>	2014-04-16 20:39:09 +0000
committer	tedu <>	2014-04-16 20:39:09 +0000
commit	e7892d59587f55067ca2e2bc6fa26cf4bcd6c084 (patch)
tree	761d3461cd8f278c74120d2836c29dd21dc95be6 /src/lib/libssl/src/ssl/ssltest.c
parent	750d86a4fc04f53024575d65269281ea6c4e450c (diff)
download	openbsd-e7892d59587f55067ca2e2bc6fa26cf4bcd6c084.tar.gz openbsd-e7892d59587f55067ca2e2bc6fa26cf4bcd6c084.tar.bz2 openbsd-e7892d59587f55067ca2e2bc6fa26cf4bcd6c084.zip

diff --git a/src/lib/libssl/src/ssl/ssltest.c b/src/lib/libssl/src/ssl/ssltest.c index 1d43f5a0e8..771c50a3e1 100644 --- a/src/lib/libssl/src/ssl/ssltest.c +++ b/src/lib/libssl/src/ssl/ssltest.c
@@ -182,6 +182,9 @@
182	#ifndef OPENSSL_NO_DH	182	#ifndef OPENSSL_NO_DH
183	#include <openssl/dh.h>	183	#include <openssl/dh.h>
184	#endif	184	#endif
		185	#ifndef OPENSSL_NO_SRP
		186	#include <openssl/srp.h>
		187	#endif
185	#include <openssl/bn.h>	188	#include <openssl/bn.h>
186		189
187	#define _XOPEN_SOURCE_EXTENDED 1 /* Or gethostname won't be declared properly	190	#define _XOPEN_SOURCE_EXTENDED 1 /* Or gethostname won't be declared properly
@@ -231,6 +234,46 @@ static unsigned int psk_server_callback(SSL ssl, const char identity,
231	unsigned char *psk, unsigned int max_psk_len);	234	unsigned char *psk, unsigned int max_psk_len);
232	#endif	235	#endif
233		236
		237	#ifndef OPENSSL_NO_SRP
		238	/* SRP client */
		239	/* This is a context that we pass to all callbacks */
		240	typedef struct srp_client_arg_st {
		241	char *srppassin;
		242	char *srplogin;
		243	} SRP_CLIENT_ARG;
		244
		245	#define PWD_STRLEN 1024
		246
		247	static char *
		248	ssl_give_srp_client_pwd_cb(SSL s, void arg)
		249	{
		250	SRP_CLIENT_ARG srp_client_arg = (SRP_CLIENT_ARG )arg;
		251	return BUF_strdup((char *)srp_client_arg->srppassin);
		252	}
		253
		254	/* SRP server */
		255	/* This is a context that we pass to SRP server callbacks */
		256	typedef struct srp_server_arg_st {
		257	char *expected_user;
		258	char *pass;
		259	} SRP_SERVER_ARG;
		260
		261	static int
		262	ssl_srp_server_param_cb(SSL s, int ad, void *arg)
		263	{
		264	SRP_SERVER_ARG p = (SRP_SERVER_ARG ) arg;
		265
		266	if (strcmp(p->expected_user, SSL_get_srp_username(s)) != 0) {
		267	fprintf(stderr, "User %s doesn't exist\n", SSL_get_srp_username(s));
		268	return SSL3_AL_FATAL;
		269	}
		270	if (SSL_set_srp_server_param_pw(s, p->expected_user, p->pass, "1024") < 0) {
		271	*ad = SSL_AD_INTERNAL_ERROR;
		272	return SSL3_AL_FATAL;
		273	}
		274	return SSL_ERROR_NONE;
		275	}
		276	#endif
234		277
235	static BIO *bio_err = NULL;	278	static BIO *bio_err = NULL;
236	static BIO *bio_stdout = NULL;	279	static BIO *bio_stdout = NULL;
@@ -277,6 +320,10 @@ sv_usage(void)
277	#ifndef OPENSSL_NO_PSK	320	#ifndef OPENSSL_NO_PSK
278	fprintf(stderr, " -psk arg - PSK in hex (without 0x)\n");	321	fprintf(stderr, " -psk arg - PSK in hex (without 0x)\n");
279	#endif	322	#endif
		323	#ifndef OPENSSL_NO_SRP
		324	fprintf(stderr, " -srpuser user - SRP username to use\n");
		325	fprintf(stderr, " -srppass arg - password for 'user'\n");
		326	#endif
280	fprintf(stderr, " -ssl3 - use SSLv3\n");	327	fprintf(stderr, " -ssl3 - use SSLv3\n");
281	fprintf(stderr, " -tls1 - use TLSv1\n");	328	fprintf(stderr, " -tls1 - use TLSv1\n");
282	fprintf(stderr, " -CApath arg - PEM format directory of CA's\n");	329	fprintf(stderr, " -CApath arg - PEM format directory of CA's\n");
@@ -452,6 +499,12 @@ main(int argc, char *argv[])
452	#ifndef OPENSSL_NO_ECDH	499	#ifndef OPENSSL_NO_ECDH
453	EC_KEY *ecdh = NULL;	500	EC_KEY *ecdh = NULL;
454	#endif	501	#endif
		502	#ifndef OPENSSL_NO_SRP
		503	/* client */
		504	SRP_CLIENT_ARG srp_client_arg = {NULL, NULL};
		505	/* server */
		506	SRP_SERVER_ARG srp_server_arg = {NULL, NULL};
		507	#endif
455	int no_dhe = 0;	508	int no_dhe = 0;
456	int no_ecdhe = 0;	509	int no_ecdhe = 0;
457	int no_psk = 0;	510	int no_psk = 0;
@@ -541,6 +594,19 @@ main(int argc, char *argv[])
541	no_psk = 1;	594	no_psk = 1;
542	#endif	595	#endif
543	}	596	}
		597	#ifndef OPENSSL_NO_SRP
		598	else if (strcmp(*argv, "-srpuser") == 0) {
		599	if (--argc < 1)
		600	goto bad;
		601	srp_server_arg.expected_user = srp_client_arg.srplogin= *(++argv);
		602	tls1 = 1;
		603	} else if (strcmp(*argv, "-srppass") == 0) {
		604	if (--argc < 1)
		605	goto bad;
		606	srp_server_arg.pass = srp_client_arg.srppassin= *(++argv);
		607	tls1 = 1;
		608	}
		609	#endif
544	else if (strcmp(*argv, "-ssl2") == 0)	610	else if (strcmp(*argv, "-ssl2") == 0)
545	ssl2 = 1;	611	ssl2 = 1;
546	else if (strcmp(*argv, "-tls1") == 0)	612	else if (strcmp(*argv, "-tls1") == 0)
@@ -848,6 +914,23 @@ bad:
848	}	914	}
849	#endif	915	#endif
850	}	916	}
		917	#ifndef OPENSSL_NO_SRP
		918	if (srp_client_arg.srplogin) {
		919	if (!SSL_CTX_set_srp_username(c_ctx, srp_client_arg.srplogin)) {
		920	BIO_printf(bio_err, "Unable to set SRP username\n");
		921	goto end;
		922	}
		923	SSL_CTX_set_srp_cb_arg(c_ctx, &srp_client_arg);
		924	SSL_CTX_set_srp_client_pwd_callback(c_ctx, ssl_give_srp_client_pwd_cb);
		925	/SSL_CTX_set_srp_strength(c_ctx, srp_client_arg.strength);/
		926	}
		927
		928	if (srp_server_arg.expected_user != NULL) {
		929	SSL_CTX_set_verify(s_ctx, SSL_VERIFY_NONE, verify_callback);
		930	SSL_CTX_set_srp_cb_arg(s_ctx, &srp_server_arg);
		931	SSL_CTX_set_srp_username_callback(s_ctx, ssl_srp_server_param_cb);
		932	}
		933	#endif
851		934
852	c_ssl = SSL_new(c_ctx);	935	c_ssl = SSL_new(c_ctx);
853	s_ssl = SSL_new(s_ctx);	936	s_ssl = SSL_new(s_ctx);