diff options
| author | Matt Caswell <matt@openssl.org> | 2021-02-08 11:31:59 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2021-02-12 08:47:32 +0000 |
| commit | 76cb077f81c96e98d2f2042478c916ed2fdeda16 (patch) | |
| tree | fe98349c43554f984f2256b180584903164b4a74 /test/helpers | |
| parent | 6d2a1eff553b0bd463cce008a25506d89280679f (diff) | |
Deprecate the libssl level SRP APIs
The low level SRP implementation has been deprecated with no replacement.
Therefore the libssl level APIs need to be similarly deprecated.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14132)
Diffstat (limited to 'test/helpers')
| -rw-r--r-- | test/helpers/handshake.c | 61 | ||||
| -rw-r--r-- | test/helpers/handshake.h | 17 | ||||
| -rw-r--r-- | test/helpers/handshake_srp.c | 71 |
3 files changed, 92 insertions, 57 deletions
diff --git a/test/helpers/handshake.c b/test/helpers/handshake.c index 1a06365ebb..bba78f6d79 100644 --- a/test/helpers/handshake.c +++ b/test/helpers/handshake.c @@ -13,9 +13,6 @@ #include <openssl/x509_vfy.h> #include <openssl/ssl.h> #include <openssl/core_names.h> -#ifndef OPENSSL_NO_SRP -#include <openssl/srp.h> -#endif #include "../../ssl/ssl_local.h" #include "internal/sockets.h" @@ -63,16 +60,6 @@ typedef struct handshake_ex_data_st { ssl_servername_t servername; } HANDSHAKE_EX_DATA; -typedef struct ctx_data_st { - unsigned char *npn_protocols; - size_t npn_protocols_len; - unsigned char *alpn_protocols; - size_t alpn_protocols_len; - char *srp_user; - char *srp_password; - char *session_ticket_app_data; -} CTX_DATA; - /* |ctx_data| itself is stack-allocated. */ static void ctx_data_free_data(CTX_DATA *ctx_data) { @@ -449,28 +436,6 @@ static int server_alpn_cb(SSL *s, const unsigned char **out, : SSL_TLSEXT_ERR_ALERT_FATAL; } -#ifndef OPENSSL_NO_SRP -static char *client_srp_cb(SSL *s, void *arg) -{ - CTX_DATA *ctx_data = (CTX_DATA*)(arg); - return OPENSSL_strdup(ctx_data->srp_password); -} - -static int server_srp_cb(SSL *s, int *ad, void *arg) -{ - CTX_DATA *ctx_data = (CTX_DATA*)(arg); - if (strcmp(ctx_data->srp_user, SSL_get_srp_username(s)) != 0) - return SSL3_AL_FATAL; - if (SSL_set_srp_server_param_pw(s, ctx_data->srp_user, - ctx_data->srp_password, - "2048" /* known group */) < 0) { - *ad = SSL_AD_INTERNAL_ERROR; - return SSL3_AL_FATAL; - } - return SSL_ERROR_NONE; -} -#endif /* !OPENSSL_NO_SRP */ - static int generate_session_ticket_cb(SSL *s, void *arg) { CTX_DATA *server_ctx_data = arg; @@ -711,28 +676,10 @@ static int configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, } #endif #ifndef OPENSSL_NO_SRP - if (extra->server.srp_user != NULL) { - SSL_CTX_set_srp_username_callback(server_ctx, server_srp_cb); - server_ctx_data->srp_user = OPENSSL_strdup(extra->server.srp_user); - server_ctx_data->srp_password = OPENSSL_strdup(extra->server.srp_password); - SSL_CTX_set_srp_cb_arg(server_ctx, server_ctx_data); - } - if (extra->server2.srp_user != NULL) { - if (!TEST_ptr(server2_ctx)) - goto err; - SSL_CTX_set_srp_username_callback(server2_ctx, server_srp_cb); - server2_ctx_data->srp_user = OPENSSL_strdup(extra->server2.srp_user); - server2_ctx_data->srp_password = OPENSSL_strdup(extra->server2.srp_password); - SSL_CTX_set_srp_cb_arg(server2_ctx, server2_ctx_data); - } - if (extra->client.srp_user != NULL) { - if (!TEST_true(SSL_CTX_set_srp_username(client_ctx, - extra->client.srp_user))) - goto err; - SSL_CTX_set_srp_client_pwd_callback(client_ctx, client_srp_cb); - client_ctx_data->srp_password = OPENSSL_strdup(extra->client.srp_password); - SSL_CTX_set_srp_cb_arg(client_ctx, client_ctx_data); - } + if (!configure_handshake_ctx_for_srp(server_ctx, server2_ctx, client_ctx, + extra, server_ctx_data, + server2_ctx_data, client_ctx_data)) + goto err; #endif /* !OPENSSL_NO_SRP */ return 1; err: diff --git a/test/helpers/handshake.h b/test/helpers/handshake.h index f0ae5a8d7e..04ff874623 100644 --- a/test/helpers/handshake.h +++ b/test/helpers/handshake.h @@ -12,6 +12,16 @@ #include "ssl_test_ctx.h" +typedef struct ctx_data_st { + unsigned char *npn_protocols; + size_t npn_protocols_len; + unsigned char *alpn_protocols; + size_t alpn_protocols_len; + char *srp_user; + char *srp_password; + char *session_ticket_app_data; +} CTX_DATA; + typedef struct handshake_result { ssl_test_result_t result; /* These alerts are in the 2-byte format returned by the info_callback. */ @@ -78,4 +88,11 @@ HANDSHAKE_RESULT *do_handshake(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, SSL_CTX *resume_client_ctx, const SSL_TEST_CTX *test_ctx); +int configure_handshake_ctx_for_srp(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, + SSL_CTX *client_ctx, + const SSL_TEST_EXTRA_CONF *extra, + CTX_DATA *server_ctx_data, + CTX_DATA *server2_ctx_data, + CTX_DATA *client_ctx_data); + #endif /* OSSL_TEST_HANDSHAKE_HELPER_H */ diff --git a/test/helpers/handshake_srp.c b/test/helpers/handshake_srp.c new file mode 100644 index 0000000000..f18e5c81a6 --- /dev/null +++ b/test/helpers/handshake_srp.c @@ -0,0 +1,71 @@ +/* + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * SRP is deprecated and there is no replacent. When SRP is removed, the code in + * this file can be removed too. Until then we have to use the deprecated APIs. + */ +#define OPENSSL_SUPPRESS_DEPRECATED + +#include <openssl/srp.h> +#include <openssl/ssl.h> +#include "handshake.h" +#include "../testutil.h" + +static char *client_srp_cb(SSL *s, void *arg) +{ + CTX_DATA *ctx_data = (CTX_DATA*)(arg); + return OPENSSL_strdup(ctx_data->srp_password); +} + +static int server_srp_cb(SSL *s, int *ad, void *arg) +{ + CTX_DATA *ctx_data = (CTX_DATA*)(arg); + if (strcmp(ctx_data->srp_user, SSL_get_srp_username(s)) != 0) + return SSL3_AL_FATAL; + if (SSL_set_srp_server_param_pw(s, ctx_data->srp_user, + ctx_data->srp_password, + "2048" /* known group */) < 0) { + *ad = SSL_AD_INTERNAL_ERROR; + return SSL3_AL_FATAL; + } + return SSL_ERROR_NONE; +} + +int configure_handshake_ctx_for_srp(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, + SSL_CTX *client_ctx, + const SSL_TEST_EXTRA_CONF *extra, + CTX_DATA *server_ctx_data, + CTX_DATA *server2_ctx_data, + CTX_DATA *client_ctx_data) +{ + if (extra->server.srp_user != NULL) { + SSL_CTX_set_srp_username_callback(server_ctx, server_srp_cb); + server_ctx_data->srp_user = OPENSSL_strdup(extra->server.srp_user); + server_ctx_data->srp_password = OPENSSL_strdup(extra->server.srp_password); + SSL_CTX_set_srp_cb_arg(server_ctx, server_ctx_data); + } + if (extra->server2.srp_user != NULL) { + if (!TEST_ptr(server2_ctx)) + return 0; + SSL_CTX_set_srp_username_callback(server2_ctx, server_srp_cb); + server2_ctx_data->srp_user = OPENSSL_strdup(extra->server2.srp_user); + server2_ctx_data->srp_password = OPENSSL_strdup(extra->server2.srp_password); + SSL_CTX_set_srp_cb_arg(server2_ctx, server2_ctx_data); + } + if (extra->client.srp_user != NULL) { + if (!TEST_true(SSL_CTX_set_srp_username(client_ctx, + extra->client.srp_user))) + return 0; + SSL_CTX_set_srp_client_pwd_callback(client_ctx, client_srp_cb); + client_ctx_data->srp_password = OPENSSL_strdup(extra->client.srp_password); + SSL_CTX_set_srp_cb_arg(client_ctx, client_ctx_data); + } + return 1; +} |