1 /* 2 * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 /* 11 * SRP is deprecated and there is no replacement. When SRP is removed, 12 * the code in this file can be removed too. Until then we have to use 13 * the deprecated APIs. 14 */ 15 #define OPENSSL_SUPPRESS_DEPRECATED 16 17 #include <openssl/srp.h> 18 #include <openssl/ssl.h> 19 #include "handshake.h" 20 #include "../testutil.h" 21 22 static char *client_srp_cb(SSL *s, void *arg) 23 { 24 CTX_DATA *ctx_data = (CTX_DATA *)(arg); 25 return OPENSSL_strdup(ctx_data->srp_password); 26 } 27 28 static int server_srp_cb(SSL *s, int *ad, void *arg) 29 { 30 CTX_DATA *ctx_data = (CTX_DATA *)(arg); 31 if (strcmp(ctx_data->srp_user, SSL_get_srp_username(s)) != 0) 32 return SSL3_AL_FATAL; 33 if (SSL_set_srp_server_param_pw(s, ctx_data->srp_user, 34 ctx_data->srp_password, 35 "2048" /* known group */) 36 < 0) { 37 *ad = SSL_AD_INTERNAL_ERROR; 38 return SSL3_AL_FATAL; 39 } 40 return SSL_ERROR_NONE; 41 } 42 43 int configure_handshake_ctx_for_srp(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, 44 SSL_CTX *client_ctx, 45 const SSL_TEST_EXTRA_CONF *extra, 46 CTX_DATA *server_ctx_data, 47 CTX_DATA *server2_ctx_data, 48 CTX_DATA *client_ctx_data) 49 { 50 if (extra->server.srp_user != NULL) { 51 SSL_CTX_set_srp_username_callback(server_ctx, server_srp_cb); 52 server_ctx_data->srp_user = OPENSSL_strdup(extra->server.srp_user); 53 server_ctx_data->srp_password = OPENSSL_strdup(extra->server.srp_password); 54 if (server_ctx_data->srp_user == NULL || server_ctx_data->srp_password == NULL) { 55 OPENSSL_free(server_ctx_data->srp_user); 56 OPENSSL_free(server_ctx_data->srp_password); 57 server_ctx_data->srp_user = NULL; 58 server_ctx_data->srp_password = NULL; 59 return 0; 60 } 61 SSL_CTX_set_srp_cb_arg(server_ctx, server_ctx_data); 62 } 63 if (extra->server2.srp_user != NULL) { 64 if (!TEST_ptr(server2_ctx)) 65 return 0; 66 SSL_CTX_set_srp_username_callback(server2_ctx, server_srp_cb); 67 server2_ctx_data->srp_user = OPENSSL_strdup(extra->server2.srp_user); 68 server2_ctx_data->srp_password = OPENSSL_strdup(extra->server2.srp_password); 69 if (server2_ctx_data->srp_user == NULL || server2_ctx_data->srp_password == NULL) { 70 OPENSSL_free(server2_ctx_data->srp_user); 71 OPENSSL_free(server2_ctx_data->srp_password); 72 server2_ctx_data->srp_user = NULL; 73 server2_ctx_data->srp_password = NULL; 74 return 0; 75 } 76 SSL_CTX_set_srp_cb_arg(server2_ctx, server2_ctx_data); 77 } 78 if (extra->client.srp_user != NULL) { 79 if (!TEST_true(SSL_CTX_set_srp_username(client_ctx, 80 extra->client.srp_user))) 81 return 0; 82 SSL_CTX_set_srp_client_pwd_callback(client_ctx, client_srp_cb); 83 client_ctx_data->srp_password = OPENSSL_strdup(extra->client.srp_password); 84 if (client_ctx_data->srp_password == NULL) 85 return 0; 86 SSL_CTX_set_srp_cb_arg(client_ctx, client_ctx_data); 87 } 88 return 1; 89 } 90