1 files changed, 0 insertions, 128 deletions
diff --git a/src/lib/libssl/src/apps/s_server.c b/src/lib/libssl/src/apps/s_server.c
index 18717d8f23..22e3c18ada 100644
--- a/src/lib/libssl/src/apps/s_server.c
+++ b/src/lib/libssl/src/apps/s_server.c
@@ -175,9 +175,6 @@
 #ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
-#ifndef OPENSSL_NO_SRP
-#include <openssl/srp.h>
-#endif
 #include "s_apps.h"
 #include "timeouts.h"
@@ -349,47 +346,6 @@ out_err:
 }
 #endif
-#ifndef OPENSSL_NO_SRP
-/* This is a context that we pass to callbacks */
-typedef struct srpsrvparm_st {
-        char *login;
-        SRP_VBASE *vb;
-        SRP_user_pwd *user;
-} srpsrvparm;
-/* This callback pretends to require some asynchronous logic in order to obtain
-   a verifier. When the callback is called for a new connection we return
-   with a negative value. This will provoke the accept etc to return with
-   an LOOKUP_X509. The main logic of the reinvokes the suspended call
-   (which would normally occur after a worker has finished) and we
-   set the user parameters.
-*/
-static int 
-ssl_srp_server_param_cb(SSL * s, int *ad, void *arg)
-{
-        srpsrvparm *p = (srpsrvparm *) arg;
-        if (p->login == NULL && p->user == NULL) {
-                p->login = SSL_get_srp_username(s);
-                BIO_printf(bio_err, "SRP username = \"%s\"\n", p->login);
-                return (-1);
-        }
-        if (p->user == NULL) {
-                BIO_printf(bio_err, "User %s doesn't exist\n", p->login);
-                return SSL3_AL_FATAL;
-        }
-        if (SSL_set_srp_server_param(s, p->user->N, p->user->g, p->user->s, p->user->v,
-                p->user->info) < 0) {
-                *ad = SSL_AD_INTERNAL_ERROR;
-                return SSL3_AL_FATAL;
-        }
-        BIO_printf(bio_err, "SRP parameters set: username = \"%s\" info=\"%s\" \n", p->login, p->user->info);
-        /* need to check whether there are memory leaks */
-        p->user = NULL;
-        p->login = NULL;
-        return SSL_ERROR_NONE;
-}
-#endif
 static void 
 s_server_init(void)
@@ -474,10 +430,6 @@ sv_usage(void)
        BIO_printf(bio_err, " -jpake arg    - JPAKE secret to use\n");
 #endif
 #endif
-#ifndef OPENSSL_NO_SRP
-        BIO_printf(bio_err, " -srpvfile file      - The verifier file for SRP\n");
-        BIO_printf(bio_err, " -srpuserseed string - A seed string for a default user salt.\n");
-#endif
        BIO_printf(bio_err, " -ssl2         - Just talk SSLv2\n");
        BIO_printf(bio_err, " -ssl3         - Just talk SSLv3\n");
        BIO_printf(bio_err, " -tls1_2       - Just talk TLSv1.2\n");
@@ -727,9 +679,6 @@ int s_server_main(int, char **);
 #ifndef OPENSSL_NO_JPAKE
 static char *jpake_secret = NULL;
 #endif
-#ifndef OPENSSL_NO_SRP
-static srpsrvparm srp_callback_parm;
-#endif
 #ifndef OPENSSL_NO_SRTP
 static char *srtp_profiles = NULL;
 #endif
@@ -775,10 +724,6 @@ s_server_main(int argc, char *argv[])
        /* by default do not send a PSK identity hint */
        static char *psk_identity_hint = NULL;
 #endif
-#ifndef OPENSSL_NO_SRP
-        char *srpuserseed = NULL;
-        char *srp_verifier_file = NULL;
-#endif
        meth = SSLv23_server_method();
        local_argc = argc;
@@ -977,19 +922,6 @@ s_server_main(int argc, char *argv[])
                        }
                }
 #endif
-#ifndef OPENSSL_NO_SRP
-                else if (strcmp(*argv, "-srpvfile") == 0) {
-                        if (--argc < 1)
-                                goto bad;
-                        srp_verifier_file = *(++argv);
-                        meth = TLSv1_server_method();
-                } else if (strcmp(*argv, "-srpuserseed") == 0) {
-                        if (--argc < 1)
-                                goto bad;
-                        srpuserseed = *(++argv);
-                        meth = TLSv1_server_method();
-                }
-#endif
                else if (strcmp(*argv, "-www") == 0) {
                        www = 1;
                } else if (strcmp(*argv, "-WWW") == 0) {
@@ -1535,22 +1467,6 @@ bad:
        }
 #endif
-#ifndef OPENSSL_NO_SRP
-        if (srp_verifier_file != NULL) {
-                srp_callback_parm.vb = SRP_VBASE_new(srpuserseed);
-                srp_callback_parm.user = NULL;
-                srp_callback_parm.login = NULL;
-                if ((ret = SRP_VBASE_init(srp_callback_parm.vb, srp_verifier_file)) != SRP_NO_ERROR) {
-                        BIO_printf(bio_err,
-                            "Cannot initialize SRP verifier file \"%s\":ret=%d\n",
-                            srp_verifier_file, ret);
-                        goto end;
-                }
-                SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, verify_callback);
-                SSL_CTX_set_srp_cb_arg(ctx, &srp_callback_parm);
-                SSL_CTX_set_srp_username_callback(ctx, ssl_srp_server_param_cb);
-        } else
-#endif
        if (CAfile != NULL) {
                SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile));
 #ifndef OPENSSL_NO_TLSEXT
@@ -1866,17 +1782,6 @@ sv_body(char *hostname, int s, unsigned char *context)
                                }
 #endif
                                k = SSL_write(con, &(buf[l]), (unsigned int) i);
-#ifndef OPENSSL_NO_SRP
-                                while (SSL_get_error(con, k) == SSL_ERROR_WANT_X509_LOOKUP) {
-                                        BIO_printf(bio_s_out, "LOOKUP renego during write\n");
-                                        srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login);
-                                        if (srp_callback_parm.user)
-                                                BIO_printf(bio_s_out, "LOOKUP done %s\n", srp_callback_parm.user->info);
-                                        else
-                                                BIO_printf(bio_s_out, "LOOKUP not successful\n");
-                                        k = SSL_write(con, &(buf[l]), (unsigned int) i);
-                                }
-#endif
                                switch (SSL_get_error(con, k)) {
                                case SSL_ERROR_NONE:
                                        break;
@@ -1917,17 +1822,6 @@ sv_body(char *hostname, int s, unsigned char *context)
                        } else {
                again:
                                i = SSL_read(con, (char *) buf, bufsize);
-#ifndef OPENSSL_NO_SRP
-                                while (SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
-                                        BIO_printf(bio_s_out, "LOOKUP renego during read\n");
-                                        srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login);
-                                        if (srp_callback_parm.user)
-                                                BIO_printf(bio_s_out, "LOOKUP done %s\n", srp_callback_parm.user->info);
-                                        else
-                                                BIO_printf(bio_s_out, "LOOKUP not successful\n");
-                                        i = SSL_read(con, (char *) buf, bufsize);
-                                }
-#endif
                                switch (SSL_get_error(con, i)) {
                                case SSL_ERROR_NONE:
                                        write(fileno(stdout), buf,
@@ -2002,17 +1896,6 @@ init_ssl_connection(SSL * con)
        i = SSL_accept(con);
-#ifndef OPENSSL_NO_SRP
-        while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
-                BIO_printf(bio_s_out, "LOOKUP during accept %s\n", srp_callback_parm.login);
-                srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login);
-                if (srp_callback_parm.user)
-                        BIO_printf(bio_s_out, "LOOKUP done %s\n", srp_callback_parm.user->info);
-                else
-                        BIO_printf(bio_s_out, "LOOKUP not successful\n");
-                i = SSL_accept(con);
-        }
-#endif
        if (i <= 0) {
                if (BIO_sock_should_retry(i)) {
                        BIO_printf(bio_s_out, "DELAY\n");
@@ -2223,17 +2106,6 @@ www_body(char *hostname, int s, unsigned char *context)
        for (;;) {
                if (hack) {
                        i = SSL_accept(con);
-#ifndef OPENSSL_NO_SRP
-                        while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
-                                BIO_printf(bio_s_out, "LOOKUP during accept %s\n", srp_callback_parm.login);
-                                srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login);
-                                if (srp_callback_parm.user)
-                                        BIO_printf(bio_s_out, "LOOKUP done %s\n", srp_callback_parm.user->info);
-                                else
-                                        BIO_printf(bio_s_out, "LOOKUP not successful\n");
-                                i = SSL_accept(con);
-                        }
-#endif
                        switch (SSL_get_error(con, i)) {
                        case SSL_ERROR_NONE:
                                break;

diff --git a/src/lib/libssl/src/apps/s_server.c b/src/lib/libssl/src/apps/s_server.c index 18717d8f23..22e3c18ada 100644 --- a/src/lib/libssl/src/apps/s_server.c +++ b/src/lib/libssl/src/apps/s_server.c
@@ -175,9 +175,6 @@
175	#ifndef OPENSSL_NO_RSA	175	#ifndef OPENSSL_NO_RSA
176	#include <openssl/rsa.h>	176	#include <openssl/rsa.h>
177	#endif	177	#endif
178	#ifndef OPENSSL_NO_SRP
179	#include <openssl/srp.h>
180	#endif
181	#include "s_apps.h"	178	#include "s_apps.h"
182	#include "timeouts.h"	179	#include "timeouts.h"
183		180
@@ -349,47 +346,6 @@ out_err:
349	}	346	}
350	#endif	347	#endif
351		348
352	#ifndef OPENSSL_NO_SRP
353	/* This is a context that we pass to callbacks */
354	typedef struct srpsrvparm_st {
355	char *login;
356	SRP_VBASE *vb;
357	SRP_user_pwd *user;
358	} srpsrvparm;
359
360	/* This callback pretends to require some asynchronous logic in order to obtain
361	a verifier. When the callback is called for a new connection we return
362	with a negative value. This will provoke the accept etc to return with
363	an LOOKUP_X509. The main logic of the reinvokes the suspended call
364	(which would normally occur after a worker has finished) and we
365	set the user parameters.
366	*/
367	static int
368	ssl_srp_server_param_cb(SSL * s, int ad, void arg)
369	{
370	srpsrvparm p = (srpsrvparm ) arg;
371	if (p->login == NULL && p->user == NULL) {
372	p->login = SSL_get_srp_username(s);
373	BIO_printf(bio_err, "SRP username = \"%s\"\n", p->login);
374	return (-1);
375	}
376	if (p->user == NULL) {
377	BIO_printf(bio_err, "User %s doesn't exist\n", p->login);
378	return SSL3_AL_FATAL;
379	}
380	if (SSL_set_srp_server_param(s, p->user->N, p->user->g, p->user->s, p->user->v,
381	p->user->info) < 0) {
382	*ad = SSL_AD_INTERNAL_ERROR;
383	return SSL3_AL_FATAL;
384	}
385	BIO_printf(bio_err, "SRP parameters set: username = \"%s\" info=\"%s\" \n", p->login, p->user->info);
386	/* need to check whether there are memory leaks */
387	p->user = NULL;
388	p->login = NULL;
389	return SSL_ERROR_NONE;
390	}
391
392	#endif
393		349
394	static void	350	static void
395	s_server_init(void)	351	s_server_init(void)
@@ -474,10 +430,6 @@ sv_usage(void)
474	BIO_printf(bio_err, " -jpake arg - JPAKE secret to use\n");	430	BIO_printf(bio_err, " -jpake arg - JPAKE secret to use\n");
475	#endif	431	#endif
476	#endif	432	#endif
477	#ifndef OPENSSL_NO_SRP
478	BIO_printf(bio_err, " -srpvfile file - The verifier file for SRP\n");
479	BIO_printf(bio_err, " -srpuserseed string - A seed string for a default user salt.\n");
480	#endif
481	BIO_printf(bio_err, " -ssl2 - Just talk SSLv2\n");	433	BIO_printf(bio_err, " -ssl2 - Just talk SSLv2\n");
482	BIO_printf(bio_err, " -ssl3 - Just talk SSLv3\n");	434	BIO_printf(bio_err, " -ssl3 - Just talk SSLv3\n");
483	BIO_printf(bio_err, " -tls1_2 - Just talk TLSv1.2\n");	435	BIO_printf(bio_err, " -tls1_2 - Just talk TLSv1.2\n");
@@ -727,9 +679,6 @@ int s_server_main(int, char **);
727	#ifndef OPENSSL_NO_JPAKE	679	#ifndef OPENSSL_NO_JPAKE
728	static char *jpake_secret = NULL;	680	static char *jpake_secret = NULL;
729	#endif	681	#endif
730	#ifndef OPENSSL_NO_SRP
731	static srpsrvparm srp_callback_parm;
732	#endif
733	#ifndef OPENSSL_NO_SRTP	682	#ifndef OPENSSL_NO_SRTP
734	static char *srtp_profiles = NULL;	683	static char *srtp_profiles = NULL;
735	#endif	684	#endif
@@ -775,10 +724,6 @@ s_server_main(int argc, char *argv[])
775	/* by default do not send a PSK identity hint */	724	/* by default do not send a PSK identity hint */
776	static char *psk_identity_hint = NULL;	725	static char *psk_identity_hint = NULL;
777	#endif	726	#endif
778	#ifndef OPENSSL_NO_SRP
779	char *srpuserseed = NULL;
780	char *srp_verifier_file = NULL;
781	#endif
782	meth = SSLv23_server_method();	727	meth = SSLv23_server_method();
783		728
784	local_argc = argc;	729	local_argc = argc;
@@ -977,19 +922,6 @@ s_server_main(int argc, char *argv[])
977	}	922	}
978	}	923	}
979	#endif	924	#endif
980	#ifndef OPENSSL_NO_SRP
981	else if (strcmp(*argv, "-srpvfile") == 0) {
982	if (--argc < 1)
983	goto bad;
984	srp_verifier_file = *(++argv);
985	meth = TLSv1_server_method();
986	} else if (strcmp(*argv, "-srpuserseed") == 0) {
987	if (--argc < 1)
988	goto bad;
989	srpuserseed = *(++argv);
990	meth = TLSv1_server_method();
991	}
992	#endif
993	else if (strcmp(*argv, "-www") == 0) {	925	else if (strcmp(*argv, "-www") == 0) {
994	www = 1;	926	www = 1;
995	} else if (strcmp(*argv, "-WWW") == 0) {	927	} else if (strcmp(*argv, "-WWW") == 0) {
@@ -1535,22 +1467,6 @@ bad:
1535	}	1467	}
1536	#endif	1468	#endif
1537		1469
1538	#ifndef OPENSSL_NO_SRP
1539	if (srp_verifier_file != NULL) {
1540	srp_callback_parm.vb = SRP_VBASE_new(srpuserseed);
1541	srp_callback_parm.user = NULL;
1542	srp_callback_parm.login = NULL;
1543	if ((ret = SRP_VBASE_init(srp_callback_parm.vb, srp_verifier_file)) != SRP_NO_ERROR) {
1544	BIO_printf(bio_err,
1545	"Cannot initialize SRP verifier file \"%s\":ret=%d\n",
1546	srp_verifier_file, ret);
1547	goto end;
1548	}
1549	SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, verify_callback);
1550	SSL_CTX_set_srp_cb_arg(ctx, &srp_callback_parm);
1551	SSL_CTX_set_srp_username_callback(ctx, ssl_srp_server_param_cb);
1552	} else
1553	#endif
1554	if (CAfile != NULL) {	1470	if (CAfile != NULL) {
1555	SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile));	1471	SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile));
1556	#ifndef OPENSSL_NO_TLSEXT	1472	#ifndef OPENSSL_NO_TLSEXT
@@ -1866,17 +1782,6 @@ sv_body(char hostname, int s, unsigned char context)
1866	}	1782	}
1867	#endif	1783	#endif
1868	k = SSL_write(con, &(buf[l]), (unsigned int) i);	1784	k = SSL_write(con, &(buf[l]), (unsigned int) i);
1869	#ifndef OPENSSL_NO_SRP
1870	while (SSL_get_error(con, k) == SSL_ERROR_WANT_X509_LOOKUP) {
1871	BIO_printf(bio_s_out, "LOOKUP renego during write\n");
1872	srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login);
1873	if (srp_callback_parm.user)
1874	BIO_printf(bio_s_out, "LOOKUP done %s\n", srp_callback_parm.user->info);
1875	else
1876	BIO_printf(bio_s_out, "LOOKUP not successful\n");
1877	k = SSL_write(con, &(buf[l]), (unsigned int) i);
1878	}
1879	#endif
1880	switch (SSL_get_error(con, k)) {	1785	switch (SSL_get_error(con, k)) {
1881	case SSL_ERROR_NONE:	1786	case SSL_ERROR_NONE:
1882	break;	1787	break;
@@ -1917,17 +1822,6 @@ sv_body(char hostname, int s, unsigned char context)
1917	} else {	1822	} else {
1918	again:	1823	again:
1919	i = SSL_read(con, (char *) buf, bufsize);	1824	i = SSL_read(con, (char *) buf, bufsize);
1920	#ifndef OPENSSL_NO_SRP
1921	while (SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
1922	BIO_printf(bio_s_out, "LOOKUP renego during read\n");
1923	srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login);
1924	if (srp_callback_parm.user)
1925	BIO_printf(bio_s_out, "LOOKUP done %s\n", srp_callback_parm.user->info);
1926	else
1927	BIO_printf(bio_s_out, "LOOKUP not successful\n");
1928	i = SSL_read(con, (char *) buf, bufsize);
1929	}
1930	#endif
1931	switch (SSL_get_error(con, i)) {	1825	switch (SSL_get_error(con, i)) {
1932	case SSL_ERROR_NONE:	1826	case SSL_ERROR_NONE:
1933	write(fileno(stdout), buf,	1827	write(fileno(stdout), buf,
@@ -2002,17 +1896,6 @@ init_ssl_connection(SSL * con)
2002		1896
2003		1897
2004	i = SSL_accept(con);	1898	i = SSL_accept(con);
2005	#ifndef OPENSSL_NO_SRP
2006	while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
2007	BIO_printf(bio_s_out, "LOOKUP during accept %s\n", srp_callback_parm.login);
2008	srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login);
2009	if (srp_callback_parm.user)
2010	BIO_printf(bio_s_out, "LOOKUP done %s\n", srp_callback_parm.user->info);
2011	else
2012	BIO_printf(bio_s_out, "LOOKUP not successful\n");
2013	i = SSL_accept(con);
2014	}
2015	#endif
2016	if (i <= 0) {	1899	if (i <= 0) {
2017	if (BIO_sock_should_retry(i)) {	1900	if (BIO_sock_should_retry(i)) {
2018	BIO_printf(bio_s_out, "DELAY\n");	1901	BIO_printf(bio_s_out, "DELAY\n");
@@ -2223,17 +2106,6 @@ www_body(char hostname, int s, unsigned char context)
2223	for (;;) {	2106	for (;;) {
2224	if (hack) {	2107	if (hack) {
2225	i = SSL_accept(con);	2108	i = SSL_accept(con);
2226	#ifndef OPENSSL_NO_SRP
2227	while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
2228	BIO_printf(bio_s_out, "LOOKUP during accept %s\n", srp_callback_parm.login);
2229	srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login);
2230	if (srp_callback_parm.user)
2231	BIO_printf(bio_s_out, "LOOKUP done %s\n", srp_callback_parm.user->info);
2232	else
2233	BIO_printf(bio_s_out, "LOOKUP not successful\n");
2234	i = SSL_accept(con);
2235	}
2236	#endif
2237	switch (SSL_get_error(con, i)) {	2109	switch (SSL_get_error(con, i)) {
2238	case SSL_ERROR_NONE:	2110	case SSL_ERROR_NONE:
2239	break;	2111	break;