PR: 1794

#define SRP_NUMBER_ITERATIONS_FOR_PRIME 64

static int SRP_Verify_N_and_g(const BIGNUM *N, const BIGNUM *g)

static int srp_Verify_N_and_g(const BIGNUM *N, const BIGNUM *g)

	{

	BN_CTX *bn_ctx = BN_CTX_new();

	BIGNUM *p = BN_new();

	return ret;

	}

/* This callback is used here for two purposes:

   - extended debugging

   - making some primality tests for unknown groups

   The callback is only called for a non default group.

   An application does not need the call back at all if

   only the stanard groups are used.  In real life situations, 

   client and server already share well known groups, 

   thus there is no need to verify them. 

   Furthermore, in case that a server actually proposes a group that

   is not one of those defined in RFC 5054, it is more appropriate 

   to add the group to a static list and then compare since 

   primality tests are rather cpu consuming.

*/

static int MS_CALLBACK ssl_srp_verify_param_cb(SSL *s, void *arg)

	{

	SRP_ARG *srp_arg = (SRP_ARG *)arg;

		if (srp_arg->debug)

			BIO_printf(bio_err, "SRP param N and g are not known params, going to check deeper.\n");

/* The srp_moregroups must be used with caution, testing primes costs time. 

/* The srp_moregroups is a real debugging feature.

   Implementors should rather add the value to the known ones.

   The minimal size has already been tested.

*/

		if (BN_num_bits(g) <= BN_BITS && SRP_Verify_N_and_g(N,g))

		if (BN_num_bits(g) <= BN_BITS && srp_Verify_N_and_g(N,g))

			return 1;

		}	

	BIO_printf(bio_err, "SRP param N and g rejected.\n");

	return pass;

	}

static char * MS_CALLBACK missing_srp_username_callback(SSL *s, void *arg)

	{

	SRP_ARG *srp_arg = (SRP_ARG *)arg;

	return BUF_strdup(srp_arg->srplogin);

	}

#endif

	char *srtp_profiles = NULL;

#ifndef OPENSSL_NO_SRP

        if (srp_arg.srplogin)

		{

		if (srp_lateuser) 

			SSL_CTX_set_srp_missing_srp_username_callback(ctx,missing_srp_username_callback);

		else if (!SSL_CTX_set_srp_username(ctx, srp_arg.srplogin))

		if (!srp_lateuser && !SSL_CTX_set_srp_username(ctx, srp_arg.srplogin))

			{

			BIO_printf(bio_err,"Unable to set SRP username\n");

			goto end;

#define SSL_CTX_set_srp_verify_param_callback	SSL_CTX_set_srp_vfy_param_cb

#undef SSL_CTX_set_srp_username_callback

#define SSL_CTX_set_srp_username_callback	SSL_CTX_set_srp_un_cb

#undef SSL_CTX_set_srp_missing_srp_username_callback

#define SSL_CTX_set_srp_missing_srp_username_callback \

						SSL_CTX_set_srp_miss_srp_un_cb

/* Hack some long ENGINE names */

#undef ENGINE_get_default_BN_mod_exp_crt

		ctx->srp_ctx.srp_Mask|=SSL_kSRP;

		ctx->srp_ctx.SRP_give_srp_client_pwd_callback=(char *(*)(SSL *,void *))fp;

		break;

	case SSL_CTRL_SET_TLS_EXT_SRP_MISSING_CLIENT_USERNAME_CB:

		ctx->srp_ctx.srp_Mask|=SSL_kSRP;

		ctx->srp_ctx.SRP_TLS_ext_missing_srp_client_username_callback=(char *(*)(SSL *,void *))fp;

		break;

#endif

#endif

	case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:

	int (*SRP_verify_param_callback)(SSL *, void *);

	/* set SRP client passwd callback */

	char *(*SRP_give_srp_client_pwd_callback)(SSL *, void *);

	/* set SRP client username callback */

	char *(*SRP_TLS_ext_missing_srp_client_username_callback)(SSL *, void *);

	char *login;

	BIGNUM *N,*g,*s,*B,*A;

#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB	75

#define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB		76

#define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB		77

#define SSL_CTRL_SET_TLS_EXT_SRP_MISSING_CLIENT_USERNAME_CB		78

#define SSL_CTRL_SET_SRP_ARG		79

#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME		80

#define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH		81

#define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD		82

#define SSL_CTRL_SET_SRP_ARG		78

#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME		79

#define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH		80

#define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD		81

#endif

#define DTLS_CTRL_GET_TIMEOUT		73

	return BUF_strdup((char *)srp_client_arg->srppassin);

	}

static char * MS_CALLBACK missing_srp_username_callback(SSL *s, void *arg)

	{

	SRP_CLIENT_ARG *srp_client_arg = (SRP_CLIENT_ARG *)arg;

	return BUF_strdup(srp_client_arg->srplogin);

	}

/* SRP server */

/* This is a context that we pass to SRP server callbacks */

typedef struct srp_server_arg_st

#endif

#ifndef OPENSSL_NO_SRP

	/* client */

	int srp_lateuser = 0;

	SRP_CLIENT_ARG srp_client_arg = {NULL,NULL};

	/* server */

	SRP_SERVER_ARG srp_server_arg = {NULL,NULL};

#ifndef OPENSSL_NO_SRP

        if (srp_client_arg.srplogin)

		{

		if (srp_lateuser) 

			SSL_CTX_set_srp_missing_srp_username_callback(c_ctx,missing_srp_username_callback);

		else if (!SSL_CTX_set_srp_username(c_ctx, srp_client_arg.srplogin))

		if (!SSL_CTX_set_srp_username(c_ctx, srp_client_arg.srplogin))

			{

			BIO_printf(bio_err,"Unable to set SRP username\n");

			goto end;