Deprecate the libssl level SRP APIs

The low level SRP implementation has been deprecated with no replacement.
Therefore the libssl level APIs need to be similarly deprecated.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from #14132)

apps/ciphers.c

@@ -14,6 +14,7 @@
 #include "progs.h"
 #include <openssl/err.h>
 #include <openssl/ssl.h>
+#include "s_apps.h"
 
 typedef enum OPTION_choice {
     OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
@@ -63,7 +64,7 @@ const OPTIONS ciphers_options[] = {
     {"psk", OPT_PSK, '-', "Include ciphersuites requiring PSK"},
 #endif
 #ifndef OPENSSL_NO_SRP
-    {"srp", OPT_SRP, '-', "Include ciphersuites requiring SRP"},
+    {"srp", OPT_SRP, '-', "(deprecated) Include ciphersuites requiring SRP"},
 #endif
     {"ciphersuites", OPT_CIPHERSUITES, 's',
      "Configure the TLSv1.3 ciphersuites to use"},
@@ -83,12 +84,6 @@ static unsigned int dummy_psk(SSL *ssl, const char *hint, char *identity,
     return 0;
 }
 #endif
-#ifndef OPENSSL_NO_SRP
-static char *dummy_srp(SSL *ssl, void *arg)
-{
-    return "";
-}
-#endif
 
 int ciphers_main(int argc, char **argv)
 {
@@ -205,7 +200,7 @@ int ciphers_main(int argc, char **argv)
 #endif
 #ifndef OPENSSL_NO_SRP
     if (srp)
-        SSL_CTX_set_srp_client_pwd_callback(ctx, dummy_srp);
+        set_up_dummy_srp(ctx);
 #endif
 
     if (ciphersuites != NULL && !SSL_CTX_set_ciphersuites(ctx, ciphersuites)) {

apps/include/s_apps.h

@@ -92,6 +92,7 @@ typedef struct srp_arg_st {
 
 int set_up_srp_arg(SSL_CTX *ctx, SRP_ARG *srp_arg, int srp_lateuser, int c_msg,
                    int c_debug);
+void set_up_dummy_srp(SSL_CTX *ctx);
 
 /* The server side SRP context that we pass to all SRP related callbacks */
 typedef struct srpsrvparm_st {

apps/lib/tlssrp_depr.c

@@ -10,7 +10,7 @@
 
 /*
  * This file is to enable backwards compatibility for the SRP features of
- * s_client and s_server. All of those features are deprecated and will
+ * s_client, s_server and ciphers. All of those features are deprecated and will
  * eventually disappear. In the meantime, to continue to support them, we
  * need to access deprecated SRP APIs.
  */
@@ -137,6 +137,16 @@ int set_up_srp_arg(SSL_CTX *ctx, SRP_ARG *srp_arg, int srp_lateuser, int c_msg,
     return 1;
 }
 
+static char *dummy_srp(SSL *ssl, void *arg)
+{
+    return "";
+}
+
+void set_up_dummy_srp(SSL_CTX *ctx)
+{
+        SSL_CTX_set_srp_client_pwd_callback(ctx, dummy_srp);
+}
+
 /*
  * This callback pretends to require some asynchronous logic in order to
  * obtain a verifier. When the callback is called for a new connection we

include/openssl/ssl.h.in

@@ -666,12 +666,13 @@ void SSL_set_msg_callback(SSL *ssl,
 # ifndef OPENSSL_NO_SRP
 
 /* see tls_srp.c */
-__owur int SSL_SRP_CTX_init(SSL *s);
-__owur int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx);
-int SSL_SRP_CTX_free(SSL *ctx);
-int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx);
-__owur int SSL_srp_server_param_with_username(SSL *s, int *ad);
-__owur int SRP_Calc_A_param(SSL *s);
+OSSL_DEPRECATEDIN_3_0 __owur int SSL_SRP_CTX_init(SSL *s);
+OSSL_DEPRECATEDIN_3_0 __owur int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx);
+OSSL_DEPRECATEDIN_3_0 int SSL_SRP_CTX_free(SSL *ctx);
+OSSL_DEPRECATEDIN_3_0 int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx);
+OSSL_DEPRECATEDIN_3_0 __owur int SSL_srp_server_param_with_username(SSL *s,
+                                                                    int *ad);
+OSSL_DEPRECATEDIN_3_0 __owur int SRP_Calc_A_param(SSL *s);
 
 # endif
 
@@ -1833,27 +1834,32 @@ __owur X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx);
 __owur X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl);
 
 # ifndef OPENSSL_NO_SRP
-int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name);
-int SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password);
-int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength);
+OSSL_DEPRECATEDIN_3_0 int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name);
+OSSL_DEPRECATEDIN_3_0 int SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password);
+OSSL_DEPRECATEDIN_3_0 int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength);
+OSSL_DEPRECATEDIN_3_0
 int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx,
                                         char *(*cb) (SSL *, void *));
+OSSL_DEPRECATEDIN_3_0
 int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx,
                                           int (*cb) (SSL *, void *));
+OSSL_DEPRECATEDIN_3_0
 int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx,
                                       int (*cb) (SSL *, int *, void *));
-int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg);
+OSSL_DEPRECATEDIN_3_0 int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg);
 
+OSSL_DEPRECATEDIN_3_0
 int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g,
                              BIGNUM *sa, BIGNUM *v, char *info);
+OSSL_DEPRECATEDIN_3_0
 int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass,
                                 const char *grp);
 
-__owur BIGNUM *SSL_get_srp_g(SSL *s);
-__owur BIGNUM *SSL_get_srp_N(SSL *s);
+OSSL_DEPRECATEDIN_3_0 __owur BIGNUM *SSL_get_srp_g(SSL *s);
+OSSL_DEPRECATEDIN_3_0 __owur BIGNUM *SSL_get_srp_N(SSL *s);
 
-__owur char *SSL_get_srp_username(SSL *s);
-__owur char *SSL_get_srp_userinfo(SSL *s);
+OSSL_DEPRECATEDIN_3_0 __owur char *SSL_get_srp_username(SSL *s);
+OSSL_DEPRECATEDIN_3_0 __owur char *SSL_get_srp_userinfo(SSL *s);
 # endif
 
 /*

ssl/s3_lib.c

@@ -3330,7 +3330,7 @@ int ssl3_handshake_write(SSL *s)
 int ssl3_new(SSL *s)
 {
 #ifndef OPENSSL_NO_SRP
-    if (!SSL_SRP_CTX_init(s))
+    if (!ssl_srp_ctx_init_intern(s))
         return 0;
 #endif
 
@@ -3366,7 +3366,7 @@ void ssl3_free(SSL *s)
     OPENSSL_free(s->s3.alpn_proposed);
 
 #ifndef OPENSSL_NO_SRP
-    SSL_SRP_CTX_free(s);
+    ssl_srp_ctx_free_intern(s);
 #endif
     memset(&s->s3, 0, sizeof(s->s3));
 }

ssl/ssl_lib.c

@@ -3239,7 +3239,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq,
         goto err;
 
 #ifndef OPENSSL_NO_SRP
-    if (!SSL_CTX_SRP_CTX_init(ret))
+    if (!ssl_ctx_srp_ctx_init_intern(ret))
         goto err;
 #endif
 #ifndef OPENSSL_NO_ENGINE
@@ -3382,7 +3382,7 @@ void SSL_CTX_free(SSL_CTX *a)
     sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
 #endif
 #ifndef OPENSSL_NO_SRP
-    SSL_CTX_SRP_CTX_free(a);
+    ssl_ctx_srp_ctx_free_intern(a);
 #endif
 #ifndef OPENSSL_NO_ENGINE
     tls_engine_finish(a->client_cert_engine);

ssl/ssl_local.h

@@ -2828,6 +2828,14 @@ int ssl_hmac_old_update(SSL_HMAC *ctx, const unsigned char *data, size_t len);
 int ssl_hmac_old_final(SSL_HMAC *ctx, unsigned char *md, size_t *len);
 size_t ssl_hmac_old_size(const SSL_HMAC *ctx);
 
+int ssl_ctx_srp_ctx_free_intern(SSL_CTX *ctx);
+int ssl_ctx_srp_ctx_init_intern(SSL_CTX *ctx);
+int ssl_srp_ctx_free_intern(SSL *s);
+int ssl_srp_ctx_init_intern(SSL *s);
+
+int ssl_srp_calc_a_param_intern(SSL *s);
+int ssl_srp_server_param_with_username_intern(SSL *s, int *ad);
+
 # else /* OPENSSL_UNIT_TEST */
 
 #  define ssl_init_wbio_buffer SSL_test_functions()->p_ssl_init_wbio_buffer

ssl/statem/statem_clnt.c

@@ -2716,7 +2716,7 @@ MSG_PROCESS_RETURN tls_process_server_done(SSL *s, PACKET *pkt)
     }
 #ifndef OPENSSL_NO_SRP
     if (s->s3.tmp.new_cipher->algorithm_mkey & SSL_kSRP) {
-        if (SRP_Calc_A_param(s) <= 0) {
+        if (ssl_srp_calc_a_param_intern(s) <= 0) {
             SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_SRP_A_CALC);
             return MSG_PROCESS_ERROR;
         }

ssl/statem/statem_srvr.c

@@ -1258,7 +1258,7 @@ static int ssl_check_srp_ext_ClientHello(SSL *s)
                      SSL_R_PSK_IDENTITY_NOT_FOUND);
             return -1;
         } else {
-            ret = SSL_srp_server_param_with_username(s, &al);
+            ret = ssl_srp_server_param_with_username_intern(s, &al);
             if (ret < 0)
                 return 0;
             if (ret == SSL3_AL_FATAL) {

ssl/tls_srp.c

@@ -11,7 +11,10 @@
  * for the EdelKey project.
  */
 
-/* We need to use the SRP deprecated APIs */
+/*
+ * We need to use the SRP deprecated APIs in order to implement the SSL SRP
+ * APIs - which are themselves deprecated.
+ */
 #define OPENSSL_SUPPRESS_DEPRECATED
 
 #include <openssl/crypto.h>
@@ -22,7 +25,11 @@
 #ifndef OPENSSL_NO_SRP
 # include <openssl/srp.h>
 
-int SSL_CTX_SRP_CTX_free(struct ssl_ctx_st *ctx)
+/*
+ * The public API SSL_CTX_SRP_CTX_free() is deprecated so we use
+ * ssl_ctx_srp_ctx_free_intern() internally.
+ */
+int ssl_ctx_srp_ctx_free_intern(SSL_CTX *ctx)
 {
     if (ctx == NULL)
         return 0;
@@ -41,7 +48,16 @@ int SSL_CTX_SRP_CTX_free(struct ssl_ctx_st *ctx)
     return 1;
 }
 
-int SSL_SRP_CTX_free(struct ssl_st *s)
+int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx)
+{
+    return ssl_ctx_srp_ctx_free_intern(ctx);
+}
+
+/*
+ * The public API SSL_SRP_CTX_free() is deprecated so we use
+ * ssl_srp_ctx_free_intern() internally.
+ */
+int ssl_srp_ctx_free_intern(SSL *s)
 {
     if (s == NULL)
         return 0;
@@ -60,7 +76,16 @@ int SSL_SRP_CTX_free(struct ssl_st *s)
     return 1;
 }
 
-int SSL_SRP_CTX_init(struct ssl_st *s)
+int SSL_SRP_CTX_free(SSL *s)
+{
+    return ssl_srp_ctx_free_intern(s);
+}
+
+/*
+ * The public API SSL_SRP_CTX_init() is deprecated so we use
+ * ssl_srp_ctx_init_intern() internally.
+ */
+int ssl_srp_ctx_init_intern(SSL *s)
 {
     SSL_CTX *ctx;
 
@@ -129,7 +154,16 @@ int SSL_SRP_CTX_init(struct ssl_st *s)
     return 0;
 }
 
-int SSL_CTX_SRP_CTX_init(struct ssl_ctx_st *ctx)
+int SSL_SRP_CTX_init(SSL *s)
+{
+    return ssl_srp_ctx_init_intern(s);
+}
+
+/*
+ * The public API SSL_CTX_SRP_CTX_init() is deprecated so we use
+ * ssl_ctx_srp_ctx_init_intern() internally.
+ */
+int ssl_ctx_srp_ctx_init_intern(SSL_CTX *ctx)
 {
     if (ctx == NULL)
         return 0;
@@ -140,8 +174,17 @@ int SSL_CTX_SRP_CTX_init(struct ssl_ctx_st *ctx)
     return 1;
 }
 
+int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx)
+{
+    return ssl_ctx_srp_ctx_init_intern(ctx);
+}
+
 /* server side */
-int SSL_srp_server_param_with_username(SSL *s, int *ad)
+/*
+ * The public API SSL_srp_server_param_with_username() is deprecated so we use
+ * ssl_srp_server_param_with_username_intern() internally.
+ */
+int ssl_srp_server_param_with_username_intern(SSL *s, int *ad)
 {
     unsigned char b[SSL_MAX_MASTER_KEY_LENGTH];
     int al;
@@ -173,6 +216,11 @@ int SSL_srp_server_param_with_username(SSL *s, int *ad)
             NULL) ? SSL_ERROR_NONE : SSL3_AL_FATAL;
 }
 
+int SSL_srp_server_param_with_username(SSL *s, int *ad)
+{
+    return ssl_srp_server_param_with_username_intern(s, ad);
+}
+
 /*
  * If the server just has the raw password, make up a verifier entry on the
  * fly
@@ -364,7 +412,11 @@ int srp_verify_server_param(SSL *s)
     return 1;
 }
 
-int SRP_Calc_A_param(SSL *s)
+/*
+ * The public API SRP_Calc_A_param() is deprecated so we use
+ * ssl_srp_calc_a_param_intern() internally.
+ */
+int ssl_srp_calc_a_param_intern(SSL *s)
 {
     unsigned char rnd[SSL_MAX_MASTER_KEY_LENGTH];
 
@@ -379,6 +431,11 @@ int SRP_Calc_A_param(SSL *s)
     return 1;
 }
 
+int SRP_Calc_A_param(SSL *s)
+{
+    return ssl_srp_calc_a_param_intern(s);
+}
+
 BIGNUM *SSL_get_srp_g(SSL *s)
 {
     if (s->srp_ctx.g != NULL)

test/build.info

@@ -279,6 +279,9 @@ IF[{- !$disabled{tests} -}]
   DEPEND[ssl_test_ctx_test]=../libcrypto ../libssl libtestutil.a
 
   SOURCE[ssl_test]=ssl_test.c helpers/ssl_test_ctx.c helpers/handshake.c
+  IF[{- !$disabled{'srp'} -}]
+    SOURCE[ssl_test]=helpers/handshake_srp.c
+  ENDIF
   INCLUDE[ssl_test]=../include ../apps/include
   DEPEND[ssl_test]=../libcrypto ../libssl libtestutil.a