PR: 1794 Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr> Reviewed by: steve Remove unnecessary code for srp and to add some comments to s_client. - the callback to provide a user during client connect is no longer necessary since rfc 5054 a connection attempt with an srp cipher and no user is terminated when the cipher is acceptable - comments to indicate in s_client the (non-)usefulness of th primalaty tests for non known group parameters.
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 3dcf50e..972e792 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c
@@ -3679,10 +3679,6 @@ ctx->srp_ctx.srp_Mask|=SSL_kSRP; ctx->srp_ctx.SRP_give_srp_client_pwd_callback=(char *(*)(SSL *,void *))fp; break; - case SSL_CTRL_SET_TLS_EXT_SRP_MISSING_CLIENT_USERNAME_CB: - ctx->srp_ctx.srp_Mask|=SSL_kSRP; - ctx->srp_ctx.SRP_TLS_ext_missing_srp_client_username_callback=(char *(*)(SSL *,void *))fp; - break; #endif #endif case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
diff --git a/ssl/ssl.h b/ssl/ssl.h index 92c1f43..e7b6bc5 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h
@@ -695,8 +695,6 @@ int (*SRP_verify_param_callback)(SSL *, void *); /* set SRP client passwd callback */ char *(*SRP_give_srp_client_pwd_callback)(SSL *, void *); - /* set SRP client username callback */ - char *(*SRP_TLS_ext_missing_srp_client_username_callback)(SSL *, void *); char *login; BIGNUM *N,*g,*s,*B,*A; @@ -1581,11 +1579,11 @@ #define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75 #define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76 #define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77 -#define SSL_CTRL_SET_TLS_EXT_SRP_MISSING_CLIENT_USERNAME_CB 78 -#define SSL_CTRL_SET_SRP_ARG 79 -#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 80 -#define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 81 -#define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 82 + +#define SSL_CTRL_SET_SRP_ARG 78 +#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79 +#define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80 +#define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81 #endif #define DTLS_CTRL_GET_TIMEOUT 73
diff --git a/ssl/ssltest.c b/ssl/ssltest.c index cebd4e7..faffbca 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c
@@ -266,12 +266,6 @@ return BUF_strdup((char *)srp_client_arg->srppassin); } -static char * MS_CALLBACK missing_srp_username_callback(SSL *s, void *arg) - { - SRP_CLIENT_ARG *srp_client_arg = (SRP_CLIENT_ARG *)arg; - return BUF_strdup(srp_client_arg->srplogin); - } - /* SRP server */ /* This is a context that we pass to SRP server callbacks */ typedef struct srp_server_arg_st @@ -617,7 +611,6 @@ #endif #ifndef OPENSSL_NO_SRP /* client */ - int srp_lateuser = 0; SRP_CLIENT_ARG srp_client_arg = {NULL,NULL}; /* server */ SRP_SERVER_ARG srp_server_arg = {NULL,NULL}; @@ -1147,9 +1140,7 @@ #ifndef OPENSSL_NO_SRP if (srp_client_arg.srplogin) { - if (srp_lateuser) - SSL_CTX_set_srp_missing_srp_username_callback(c_ctx,missing_srp_username_callback); - else if (!SSL_CTX_set_srp_username(c_ctx, srp_client_arg.srplogin)) + if (!SSL_CTX_set_srp_username(c_ctx, srp_client_arg.srplogin)) { BIO_printf(bio_err,"Unable to set SRP username\n"); goto end;
diff --git a/ssl/tls_srp.c b/ssl/tls_srp.c index febddc7..c363fc3 100644 --- a/ssl/tls_srp.c +++ b/ssl/tls_srp.c
@@ -4,7 +4,7 @@ * for the EdelKey project and contributed to the OpenSSL project 2004. */ /* ==================================================================== - * Copyright (c) 2004 The OpenSSL Project. All rights reserved. + * Copyright (c) 2004-2011 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -82,7 +82,6 @@ ctx->srp_ctx.SRP_cb_arg = NULL; ctx->srp_ctx.SRP_verify_param_callback = NULL; ctx->srp_ctx.SRP_give_srp_client_pwd_callback = NULL; - ctx->srp_ctx.SRP_TLS_ext_missing_srp_client_username_callback = NULL; ctx->srp_ctx.N = NULL; ctx->srp_ctx.g = NULL; ctx->srp_ctx.s = NULL; @@ -115,7 +114,6 @@ s->srp_ctx.SRP_cb_arg = NULL; s->srp_ctx.SRP_verify_param_callback = NULL; s->srp_ctx.SRP_give_srp_client_pwd_callback = NULL; - s->srp_ctx.SRP_TLS_ext_missing_srp_client_username_callback = NULL; s->srp_ctx.N = NULL; s->srp_ctx.g = NULL; s->srp_ctx.s = NULL; @@ -144,7 +142,6 @@ s->srp_ctx.SRP_verify_param_callback = ctx->srp_ctx.SRP_verify_param_callback; /* set SRP client passwd callback */ s->srp_ctx.SRP_give_srp_client_pwd_callback = ctx->srp_ctx.SRP_give_srp_client_pwd_callback; - s->srp_ctx.SRP_TLS_ext_missing_srp_client_username_callback = ctx->srp_ctx.SRP_TLS_ext_missing_srp_client_username_callback; s->srp_ctx.N = NULL; s->srp_ctx.g = NULL; @@ -212,7 +209,6 @@ ctx->srp_ctx.SRP_verify_param_callback = NULL; /* set SRP client passwd callback */ ctx->srp_ctx.SRP_give_srp_client_pwd_callback = NULL; - ctx->srp_ctx.SRP_TLS_ext_missing_srp_client_username_callback = NULL; ctx->srp_ctx.N = NULL; ctx->srp_ctx.g = NULL; @@ -440,16 +436,6 @@ return 1; } -int SRP_have_to_put_srp_username(SSL *s) - { - if (s->srp_ctx.SRP_TLS_ext_missing_srp_client_username_callback == NULL) - return 0; - if ((s->srp_ctx.login = s->srp_ctx.SRP_TLS_ext_missing_srp_client_username_callback(s,s->srp_ctx.SRP_cb_arg)) == NULL) - return 0; - s->srp_ctx.srp_Mask|=SSL_kSRP; - return 1; - } - BIGNUM *SSL_get_srp_g(SSL *s) { if (s->srp_ctx.g != NULL) @@ -521,11 +507,4 @@ (void (*)(void))cb); } -int SSL_CTX_set_srp_missing_srp_username_callback(SSL_CTX *ctx, - char *(*cb)(SSL *,void *)) - { - return tls1_ctx_callback_ctrl(ctx, - SSL_CTRL_SET_TLS_EXT_SRP_MISSING_CLIENT_USERNAME_CB, - (void (*)(void))cb); - } #endif