diff options
author | Matt Caswell <matt@openssl.org> | 2021-02-08 11:31:59 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2021-02-12 08:47:32 +0000 |
commit | 76cb077f81c96e98d2f2042478c916ed2fdeda16 (patch) | |
tree | fe98349c43554f984f2256b180584903164b4a74 /apps | |
parent | 6d2a1eff553b0bd463cce008a25506d89280679f (diff) |
Deprecate the libssl level SRP APIs
The low level SRP implementation has been deprecated with no replacement.
Therefore the libssl level APIs need to be similarly deprecated.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14132)
Diffstat (limited to 'apps')
-rw-r--r-- | apps/ciphers.c | 11 | ||||
-rw-r--r-- | apps/include/s_apps.h | 1 | ||||
-rw-r--r-- | apps/lib/tlssrp_depr.c | 12 |
3 files changed, 15 insertions, 9 deletions
diff --git a/apps/ciphers.c b/apps/ciphers.c index 3afbbe5002..03ffad3b3b 100644 --- a/apps/ciphers.c +++ b/apps/ciphers.c @@ -14,6 +14,7 @@ #include "progs.h" #include <openssl/err.h> #include <openssl/ssl.h> +#include "s_apps.h" typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, @@ -63,7 +64,7 @@ const OPTIONS ciphers_options[] = { {"psk", OPT_PSK, '-', "Include ciphersuites requiring PSK"}, #endif #ifndef OPENSSL_NO_SRP - {"srp", OPT_SRP, '-', "Include ciphersuites requiring SRP"}, + {"srp", OPT_SRP, '-', "(deprecated) Include ciphersuites requiring SRP"}, #endif {"ciphersuites", OPT_CIPHERSUITES, 's', "Configure the TLSv1.3 ciphersuites to use"}, @@ -83,12 +84,6 @@ static unsigned int dummy_psk(SSL *ssl, const char *hint, char *identity, return 0; } #endif -#ifndef OPENSSL_NO_SRP -static char *dummy_srp(SSL *ssl, void *arg) -{ - return ""; -} -#endif int ciphers_main(int argc, char **argv) { @@ -205,7 +200,7 @@ int ciphers_main(int argc, char **argv) #endif #ifndef OPENSSL_NO_SRP if (srp) - SSL_CTX_set_srp_client_pwd_callback(ctx, dummy_srp); + set_up_dummy_srp(ctx); #endif if (ciphersuites != NULL && !SSL_CTX_set_ciphersuites(ctx, ciphersuites)) { diff --git a/apps/include/s_apps.h b/apps/include/s_apps.h index 5931c221c4..8ddf7d51e1 100644 --- a/apps/include/s_apps.h +++ b/apps/include/s_apps.h @@ -92,6 +92,7 @@ typedef struct srp_arg_st { int set_up_srp_arg(SSL_CTX *ctx, SRP_ARG *srp_arg, int srp_lateuser, int c_msg, int c_debug); +void set_up_dummy_srp(SSL_CTX *ctx); /* The server side SRP context that we pass to all SRP related callbacks */ typedef struct srpsrvparm_st { diff --git a/apps/lib/tlssrp_depr.c b/apps/lib/tlssrp_depr.c index 7b93e34647..91c19b096e 100644 --- a/apps/lib/tlssrp_depr.c +++ b/apps/lib/tlssrp_depr.c @@ -10,7 +10,7 @@ /* * This file is to enable backwards compatibility for the SRP features of - * s_client and s_server. All of those features are deprecated and will + * s_client, s_server and ciphers. All of those features are deprecated and will * eventually disappear. In the meantime, to continue to support them, we * need to access deprecated SRP APIs. */ @@ -137,6 +137,16 @@ int set_up_srp_arg(SSL_CTX *ctx, SRP_ARG *srp_arg, int srp_lateuser, int c_msg, return 1; } +static char *dummy_srp(SSL *ssl, void *arg) +{ + return ""; +} + +void set_up_dummy_srp(SSL_CTX *ctx) +{ + SSL_CTX_set_srp_client_pwd_callback(ctx, dummy_srp); +} + /* * This callback pretends to require some asynchronous logic in order to * obtain a verifier. When the callback is called for a new connection we |