Deprecate the libssl level SRP APIs

The low level SRP implementation has been deprecated with no replacement.
Therefore the libssl level APIs need to be similarly deprecated.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14132)

3 files changed, 92 insertions, 57 deletions

diff --git a/test/helpers/handshake.c b/test/helpers/handshake.c
index 1a06365ebb..bba78f6d79 100644
--- a/test/helpers/handshake.c
+++ b/test/helpers/handshake.c
@@ -13,9 +13,6 @@
 #include <openssl/x509_vfy.h>
 #include <openssl/ssl.h>
 #include <openssl/core_names.h>
-#ifndef OPENSSL_NO_SRP
-#include <openssl/srp.h>
-#endif
 
 #include "../../ssl/ssl_local.h"
 #include "internal/sockets.h"
@@ -63,16 +60,6 @@ typedef struct handshake_ex_data_st {
     ssl_servername_t servername;
 } HANDSHAKE_EX_DATA;
 
-typedef struct ctx_data_st {
-    unsigned char *npn_protocols;
-    size_t npn_protocols_len;
-    unsigned char *alpn_protocols;
-    size_t alpn_protocols_len;
-    char *srp_user;
-    char *srp_password;
-    char *session_ticket_app_data;
-} CTX_DATA;
-
 /* |ctx_data| itself is stack-allocated. */
 static void ctx_data_free_data(CTX_DATA *ctx_data)
 {
@@ -449,28 +436,6 @@ static int server_alpn_cb(SSL *s, const unsigned char **out,
         : SSL_TLSEXT_ERR_ALERT_FATAL;
 }
 
-#ifndef OPENSSL_NO_SRP
-static char *client_srp_cb(SSL *s, void *arg)
-{
-    CTX_DATA *ctx_data = (CTX_DATA*)(arg);
-    return OPENSSL_strdup(ctx_data->srp_password);
-}
-
-static int server_srp_cb(SSL *s, int *ad, void *arg)
-{
-    CTX_DATA *ctx_data = (CTX_DATA*)(arg);
-    if (strcmp(ctx_data->srp_user, SSL_get_srp_username(s)) != 0)
-        return SSL3_AL_FATAL;
-    if (SSL_set_srp_server_param_pw(s, ctx_data->srp_user,
-                                    ctx_data->srp_password,
-                                    "2048" /* known group */) < 0) {
-        *ad = SSL_AD_INTERNAL_ERROR;
-        return SSL3_AL_FATAL;
-    }
-    return SSL_ERROR_NONE;
-}
-#endif  /* !OPENSSL_NO_SRP */
-
 static int generate_session_ticket_cb(SSL *s, void *arg)
 {
     CTX_DATA *server_ctx_data = arg;
@@ -711,28 +676,10 @@ static int configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx,
     }
 #endif
 #ifndef OPENSSL_NO_SRP
-    if (extra->server.srp_user != NULL) {
-        SSL_CTX_set_srp_username_callback(server_ctx, server_srp_cb);
-        server_ctx_data->srp_user = OPENSSL_strdup(extra->server.srp_user);
-        server_ctx_data->srp_password = OPENSSL_strdup(extra->server.srp_password);
-        SSL_CTX_set_srp_cb_arg(server_ctx, server_ctx_data);
-    }
-    if (extra->server2.srp_user != NULL) {
-        if (!TEST_ptr(server2_ctx))
-            goto err;
-        SSL_CTX_set_srp_username_callback(server2_ctx, server_srp_cb);
-        server2_ctx_data->srp_user = OPENSSL_strdup(extra->server2.srp_user);
-        server2_ctx_data->srp_password = OPENSSL_strdup(extra->server2.srp_password);
-        SSL_CTX_set_srp_cb_arg(server2_ctx, server2_ctx_data);
-    }
-    if (extra->client.srp_user != NULL) {
-        if (!TEST_true(SSL_CTX_set_srp_username(client_ctx,
-                                                extra->client.srp_user)))
-            goto err;
-        SSL_CTX_set_srp_client_pwd_callback(client_ctx, client_srp_cb);
-        client_ctx_data->srp_password = OPENSSL_strdup(extra->client.srp_password);
-        SSL_CTX_set_srp_cb_arg(client_ctx, client_ctx_data);
-    }
+    if (!configure_handshake_ctx_for_srp(server_ctx, server2_ctx, client_ctx,
+                                         extra, server_ctx_data,
+                                         server2_ctx_data, client_ctx_data))
+        goto err;
 #endif  /* !OPENSSL_NO_SRP */
     return 1;
 err:
diff --git a/test/helpers/handshake.h b/test/helpers/handshake.h
index f0ae5a8d7e..04ff874623 100644
--- a/test/helpers/handshake.h
+++ b/test/helpers/handshake.h
@@ -12,6 +12,16 @@
 
 #include "ssl_test_ctx.h"
 
+typedef struct ctx_data_st {
+    unsigned char *npn_protocols;
+    size_t npn_protocols_len;
+    unsigned char *alpn_protocols;
+    size_t alpn_protocols_len;
+    char *srp_user;
+    char *srp_password;
+    char *session_ticket_app_data;
+} CTX_DATA;
+
 typedef struct handshake_result {
     ssl_test_result_t result;
     /* These alerts are in the 2-byte format returned by the info_callback. */
@@ -78,4 +88,11 @@ HANDSHAKE_RESULT *do_handshake(SSL_CTX *server_ctx, SSL_CTX *server2_ctx,
                                SSL_CTX *resume_client_ctx,
                                const SSL_TEST_CTX *test_ctx);
 
+int configure_handshake_ctx_for_srp(SSL_CTX *server_ctx, SSL_CTX *server2_ctx,
+                                    SSL_CTX *client_ctx,
+                                    const SSL_TEST_EXTRA_CONF *extra,
+                                    CTX_DATA *server_ctx_data,
+                                    CTX_DATA *server2_ctx_data,
+                                    CTX_DATA *client_ctx_data);
+
 #endif  /* OSSL_TEST_HANDSHAKE_HELPER_H */
diff --git a/test/helpers/handshake_srp.c b/test/helpers/handshake_srp.c
new file mode 100644
index 0000000000..f18e5c81a6
--- /dev/null
+++ b/test/helpers/handshake_srp.c
@@ -0,0 +1,71 @@
+/*
+ * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * SRP is deprecated and there is no replacent. When SRP is removed, the code in
+ * this file can be removed too. Until then we have to use the deprecated APIs.
+ */
+#define OPENSSL_SUPPRESS_DEPRECATED
+
+#include <openssl/srp.h>
+#include <openssl/ssl.h>
+#include "handshake.h"
+#include "../testutil.h"
+
+static char *client_srp_cb(SSL *s, void *arg)
+{
+    CTX_DATA *ctx_data = (CTX_DATA*)(arg);
+    return OPENSSL_strdup(ctx_data->srp_password);
+}
+
+static int server_srp_cb(SSL *s, int *ad, void *arg)
+{
+    CTX_DATA *ctx_data = (CTX_DATA*)(arg);
+    if (strcmp(ctx_data->srp_user, SSL_get_srp_username(s)) != 0)
+        return SSL3_AL_FATAL;
+    if (SSL_set_srp_server_param_pw(s, ctx_data->srp_user,
+                                    ctx_data->srp_password,
+                                    "2048" /* known group */) < 0) {
+        *ad = SSL_AD_INTERNAL_ERROR;
+        return SSL3_AL_FATAL;
+    }
+    return SSL_ERROR_NONE;
+}
+
+int configure_handshake_ctx_for_srp(SSL_CTX *server_ctx, SSL_CTX *server2_ctx,
+                                    SSL_CTX *client_ctx,
+                                    const SSL_TEST_EXTRA_CONF *extra,
+                                    CTX_DATA *server_ctx_data,
+                                    CTX_DATA *server2_ctx_data,
+                                    CTX_DATA *client_ctx_data)
+{
+    if (extra->server.srp_user != NULL) {
+        SSL_CTX_set_srp_username_callback(server_ctx, server_srp_cb);
+        server_ctx_data->srp_user = OPENSSL_strdup(extra->server.srp_user);
+        server_ctx_data->srp_password = OPENSSL_strdup(extra->server.srp_password);
+        SSL_CTX_set_srp_cb_arg(server_ctx, server_ctx_data);
+    }
+    if (extra->server2.srp_user != NULL) {
+        if (!TEST_ptr(server2_ctx))
+            return 0;
+        SSL_CTX_set_srp_username_callback(server2_ctx, server_srp_cb);
+        server2_ctx_data->srp_user = OPENSSL_strdup(extra->server2.srp_user);
+        server2_ctx_data->srp_password = OPENSSL_strdup(extra->server2.srp_password);
+        SSL_CTX_set_srp_cb_arg(server2_ctx, server2_ctx_data);
+    }
+    if (extra->client.srp_user != NULL) {
+        if (!TEST_true(SSL_CTX_set_srp_username(client_ctx,
+                                                extra->client.srp_user)))
+            return 0;
+        SSL_CTX_set_srp_client_pwd_callback(client_ctx, client_srp_cb);
+        client_ctx_data->srp_password = OPENSSL_strdup(extra->client.srp_password);
+        SSL_CTX_set_srp_cb_arg(client_ctx, client_ctx_data);
+    }
+    return 1;
+}