add back SRP. i was being too greedy.

1 files changed, 83 insertions, 0 deletions

diff --git a/lib/libssl/src/ssl/ssltest.c b/lib/libssl/src/ssl/ssltest.c
index 1d43f5a0e8b..771c50a3e1e 100644
--- a/lib/libssl/src/ssl/ssltest.c
+++ b/lib/libssl/src/ssl/ssltest.c
@@ -182,6 +182,9 @@
 #ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
 #endif
+#ifndef OPENSSL_NO_SRP
+#include <openssl/srp.h>
+#endif
 #include <openssl/bn.h>
 
 #define _XOPEN_SOURCE_EXTENDED	1 /* Or gethostname won't be declared properly
@@ -231,6 +234,46 @@ static unsigned int psk_server_callback(SSL *ssl, const char *identity,
     unsigned char *psk, unsigned int max_psk_len);
 #endif
 
+#ifndef OPENSSL_NO_SRP
+/* SRP client */
+/* This is a context that we pass to all callbacks */
+typedef struct srp_client_arg_st {
+	char *srppassin;
+	char *srplogin;
+} SRP_CLIENT_ARG;
+
+#define PWD_STRLEN 1024
+
+static char *
+ssl_give_srp_client_pwd_cb(SSL *s, void *arg)
+{
+	SRP_CLIENT_ARG *srp_client_arg = (SRP_CLIENT_ARG *)arg;
+	return BUF_strdup((char *)srp_client_arg->srppassin);
+}
+
+/* SRP server */
+/* This is a context that we pass to SRP server callbacks */
+typedef struct srp_server_arg_st {
+	char *expected_user;
+	char *pass;
+} SRP_SERVER_ARG;
+
+static int
+ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
+{
+	SRP_SERVER_ARG *p = (SRP_SERVER_ARG *) arg;
+
+	if (strcmp(p->expected_user, SSL_get_srp_username(s)) != 0) {
+		fprintf(stderr, "User %s doesn't exist\n", SSL_get_srp_username(s));
+		return SSL3_AL_FATAL;
+	}
+	if (SSL_set_srp_server_param_pw(s, p->expected_user, p->pass, "1024") < 0) {
+		*ad = SSL_AD_INTERNAL_ERROR;
+		return SSL3_AL_FATAL;
+	}
+	return SSL_ERROR_NONE;
+}
+#endif
 
 static BIO *bio_err = NULL;
 static BIO *bio_stdout = NULL;
@@ -277,6 +320,10 @@ sv_usage(void)
 #ifndef OPENSSL_NO_PSK
 	fprintf(stderr, " -psk arg      - PSK in hex (without 0x)\n");
 #endif
+#ifndef OPENSSL_NO_SRP
+	fprintf(stderr, " -srpuser user  - SRP username to use\n");
+	fprintf(stderr, " -srppass arg   - password for 'user'\n");
+#endif
 	fprintf(stderr, " -ssl3         - use SSLv3\n");
 	fprintf(stderr, " -tls1         - use TLSv1\n");
 	fprintf(stderr, " -CApath arg   - PEM format directory of CA's\n");
@@ -452,6 +499,12 @@ main(int argc, char *argv[])
 #ifndef OPENSSL_NO_ECDH
 	EC_KEY *ecdh = NULL;
 #endif
+#ifndef OPENSSL_NO_SRP
+	/* client */
+	SRP_CLIENT_ARG srp_client_arg = {NULL, NULL};
+	/* server */
+	SRP_SERVER_ARG srp_server_arg = {NULL, NULL};
+#endif
 	int no_dhe = 0;
 	int no_ecdhe = 0;
 	int no_psk = 0;
@@ -541,6 +594,19 @@ main(int argc, char *argv[])
 			no_psk = 1;
 #endif
 		}
+#ifndef OPENSSL_NO_SRP
+		else if (strcmp(*argv, "-srpuser") == 0) {
+			if (--argc < 1)
+				goto bad;
+			srp_server_arg.expected_user = srp_client_arg.srplogin= *(++argv);
+			tls1 = 1;
+		} else if (strcmp(*argv, "-srppass") == 0) {
+			if (--argc < 1)
+				goto bad;
+			srp_server_arg.pass = srp_client_arg.srppassin= *(++argv);
+			tls1 = 1;
+		}
+#endif
 		else if (strcmp(*argv, "-ssl2") == 0)
 			ssl2 = 1;
 		else if (strcmp(*argv, "-tls1") == 0)
@@ -848,6 +914,23 @@ bad:
 		}
 #endif
 	}
+#ifndef OPENSSL_NO_SRP
+	if (srp_client_arg.srplogin) {
+		if (!SSL_CTX_set_srp_username(c_ctx, srp_client_arg.srplogin)) {
+			BIO_printf(bio_err, "Unable to set SRP username\n");
+			goto end;
+		}
+		SSL_CTX_set_srp_cb_arg(c_ctx, &srp_client_arg);
+		SSL_CTX_set_srp_client_pwd_callback(c_ctx, ssl_give_srp_client_pwd_cb);
+		/*SSL_CTX_set_srp_strength(c_ctx, srp_client_arg.strength);*/
+	}
+
+	if (srp_server_arg.expected_user != NULL) {
+		SSL_CTX_set_verify(s_ctx, SSL_VERIFY_NONE, verify_callback);
+		SSL_CTX_set_srp_cb_arg(s_ctx, &srp_server_arg);
+		SSL_CTX_set_srp_username_callback(s_ctx, ssl_srp_server_param_cb);
+	}
+#endif
 
 	c_ssl = SSL_new(c_ctx);
 	s_ssl = SSL_new(s_ctx);