Deprecate the libssl level SRP APIs

The low level SRP implementation has been deprecated with no replacement.
Therefore the libssl level APIs need to be similarly deprecated.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14132)

3 files changed, 15 insertions, 9 deletions

diff --git a/apps/ciphers.c b/apps/ciphers.c
index 3afbbe5002..03ffad3b3b 100644
--- a/apps/ciphers.c
+++ b/apps/ciphers.c
@@ -14,6 +14,7 @@
 #include "progs.h"
 #include <openssl/err.h>
 #include <openssl/ssl.h>
+#include "s_apps.h"
 
 typedef enum OPTION_choice {
     OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
@@ -63,7 +64,7 @@ const OPTIONS ciphers_options[] = {
     {"psk", OPT_PSK, '-', "Include ciphersuites requiring PSK"},
 #endif
 #ifndef OPENSSL_NO_SRP
-    {"srp", OPT_SRP, '-', "Include ciphersuites requiring SRP"},
+    {"srp", OPT_SRP, '-', "(deprecated) Include ciphersuites requiring SRP"},
 #endif
     {"ciphersuites", OPT_CIPHERSUITES, 's',
      "Configure the TLSv1.3 ciphersuites to use"},
@@ -83,12 +84,6 @@ static unsigned int dummy_psk(SSL *ssl, const char *hint, char *identity,
     return 0;
 }
 #endif
-#ifndef OPENSSL_NO_SRP
-static char *dummy_srp(SSL *ssl, void *arg)
-{
-    return "";
-}
-#endif
 
 int ciphers_main(int argc, char **argv)
 {
@@ -205,7 +200,7 @@ int ciphers_main(int argc, char **argv)
 #endif
 #ifndef OPENSSL_NO_SRP
     if (srp)
-        SSL_CTX_set_srp_client_pwd_callback(ctx, dummy_srp);
+        set_up_dummy_srp(ctx);
 #endif
 
     if (ciphersuites != NULL && !SSL_CTX_set_ciphersuites(ctx, ciphersuites)) {
diff --git a/apps/include/s_apps.h b/apps/include/s_apps.h
index 5931c221c4..8ddf7d51e1 100644
--- a/apps/include/s_apps.h
+++ b/apps/include/s_apps.h
@@ -92,6 +92,7 @@ typedef struct srp_arg_st {
 
 int set_up_srp_arg(SSL_CTX *ctx, SRP_ARG *srp_arg, int srp_lateuser, int c_msg,
                    int c_debug);
+void set_up_dummy_srp(SSL_CTX *ctx);
 
 /* The server side SRP context that we pass to all SRP related callbacks */
 typedef struct srpsrvparm_st {
diff --git a/apps/lib/tlssrp_depr.c b/apps/lib/tlssrp_depr.c
index 7b93e34647..91c19b096e 100644
--- a/apps/lib/tlssrp_depr.c
+++ b/apps/lib/tlssrp_depr.c
@@ -10,7 +10,7 @@
 
 /*
  * This file is to enable backwards compatibility for the SRP features of
- * s_client and s_server. All of those features are deprecated and will
+ * s_client, s_server and ciphers. All of those features are deprecated and will
  * eventually disappear. In the meantime, to continue to support them, we
  * need to access deprecated SRP APIs.
  */
@@ -137,6 +137,16 @@ int set_up_srp_arg(SSL_CTX *ctx, SRP_ARG *srp_arg, int srp_lateuser, int c_msg,
     return 1;
 }
 
+static char *dummy_srp(SSL *ssl, void *arg)
+{
+    return "";
+}
+
+void set_up_dummy_srp(SSL_CTX *ctx)
+{
+        SSL_CTX_set_srp_client_pwd_callback(ctx, dummy_srp);
+}
+
 /*
  * This callback pretends to require some asynchronous logic in order to
  * obtain a verifier. When the callback is called for a new connection we