Deprecate the libssl level SRP APIs

The low level SRP implementation has been deprecated with no replacement.
Therefore the libssl level APIs need to be similarly deprecated.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14132)

1 files changed, 71 insertions, 0 deletions

diff --git a/test/helpers/handshake_srp.c b/test/helpers/handshake_srp.c
new file mode 100644
index 0000000000..f18e5c81a6
--- /dev/null
+++ b/test/helpers/handshake_srp.c
@@ -0,0 +1,71 @@
+/*
+ * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * SRP is deprecated and there is no replacent. When SRP is removed, the code in
+ * this file can be removed too. Until then we have to use the deprecated APIs.
+ */
+#define OPENSSL_SUPPRESS_DEPRECATED
+
+#include <openssl/srp.h>
+#include <openssl/ssl.h>
+#include "handshake.h"
+#include "../testutil.h"
+
+static char *client_srp_cb(SSL *s, void *arg)
+{
+    CTX_DATA *ctx_data = (CTX_DATA*)(arg);
+    return OPENSSL_strdup(ctx_data->srp_password);
+}
+
+static int server_srp_cb(SSL *s, int *ad, void *arg)
+{
+    CTX_DATA *ctx_data = (CTX_DATA*)(arg);
+    if (strcmp(ctx_data->srp_user, SSL_get_srp_username(s)) != 0)
+        return SSL3_AL_FATAL;
+    if (SSL_set_srp_server_param_pw(s, ctx_data->srp_user,
+                                    ctx_data->srp_password,
+                                    "2048" /* known group */) < 0) {
+        *ad = SSL_AD_INTERNAL_ERROR;
+        return SSL3_AL_FATAL;
+    }
+    return SSL_ERROR_NONE;
+}
+
+int configure_handshake_ctx_for_srp(SSL_CTX *server_ctx, SSL_CTX *server2_ctx,
+                                    SSL_CTX *client_ctx,
+                                    const SSL_TEST_EXTRA_CONF *extra,
+                                    CTX_DATA *server_ctx_data,
+                                    CTX_DATA *server2_ctx_data,
+                                    CTX_DATA *client_ctx_data)
+{
+    if (extra->server.srp_user != NULL) {
+        SSL_CTX_set_srp_username_callback(server_ctx, server_srp_cb);
+        server_ctx_data->srp_user = OPENSSL_strdup(extra->server.srp_user);
+        server_ctx_data->srp_password = OPENSSL_strdup(extra->server.srp_password);
+        SSL_CTX_set_srp_cb_arg(server_ctx, server_ctx_data);
+    }
+    if (extra->server2.srp_user != NULL) {
+        if (!TEST_ptr(server2_ctx))
+            return 0;
+        SSL_CTX_set_srp_username_callback(server2_ctx, server_srp_cb);
+        server2_ctx_data->srp_user = OPENSSL_strdup(extra->server2.srp_user);
+        server2_ctx_data->srp_password = OPENSSL_strdup(extra->server2.srp_password);
+        SSL_CTX_set_srp_cb_arg(server2_ctx, server2_ctx_data);
+    }
+    if (extra->client.srp_user != NULL) {
+        if (!TEST_true(SSL_CTX_set_srp_username(client_ctx,
+                                                extra->client.srp_user)))
+            return 0;
+        SSL_CTX_set_srp_client_pwd_callback(client_ctx, client_srp_cb);
+        client_ctx_data->srp_password = OPENSSL_strdup(extra->client.srp_password);
+        SSL_CTX_set_srp_cb_arg(client_ctx, client_ctx_data);
+    }
+    return 1;
+}