1*e0c4386eSCy Schubert /*
2*e0c4386eSCy Schubert  * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
3*e0c4386eSCy Schubert  *
4*e0c4386eSCy Schubert  * Licensed under the Apache License 2.0 (the "License").  You may not use
5*e0c4386eSCy Schubert  * this file except in compliance with the License.  You can obtain a copy
6*e0c4386eSCy Schubert  * in the file LICENSE in the source distribution or at
7*e0c4386eSCy Schubert  * https://www.openssl.org/source/license.html
8*e0c4386eSCy Schubert  */
9*e0c4386eSCy Schubert 
10*e0c4386eSCy Schubert /*
11*e0c4386eSCy Schubert  * SRP is deprecated and there is no replacent. When SRP is removed, the code in
12*e0c4386eSCy Schubert  * this file can be removed too. Until then we have to use the deprecated APIs.
13*e0c4386eSCy Schubert  */
14*e0c4386eSCy Schubert #define OPENSSL_SUPPRESS_DEPRECATED
15*e0c4386eSCy Schubert 
16*e0c4386eSCy Schubert #include <openssl/srp.h>
17*e0c4386eSCy Schubert #include <openssl/ssl.h>
18*e0c4386eSCy Schubert #include "handshake.h"
19*e0c4386eSCy Schubert #include "../testutil.h"
20*e0c4386eSCy Schubert 
client_srp_cb(SSL * s,void * arg)21*e0c4386eSCy Schubert static char *client_srp_cb(SSL *s, void *arg)
22*e0c4386eSCy Schubert {
23*e0c4386eSCy Schubert     CTX_DATA *ctx_data = (CTX_DATA*)(arg);
24*e0c4386eSCy Schubert     return OPENSSL_strdup(ctx_data->srp_password);
25*e0c4386eSCy Schubert }
26*e0c4386eSCy Schubert 
server_srp_cb(SSL * s,int * ad,void * arg)27*e0c4386eSCy Schubert static int server_srp_cb(SSL *s, int *ad, void *arg)
28*e0c4386eSCy Schubert {
29*e0c4386eSCy Schubert     CTX_DATA *ctx_data = (CTX_DATA*)(arg);
30*e0c4386eSCy Schubert     if (strcmp(ctx_data->srp_user, SSL_get_srp_username(s)) != 0)
31*e0c4386eSCy Schubert         return SSL3_AL_FATAL;
32*e0c4386eSCy Schubert     if (SSL_set_srp_server_param_pw(s, ctx_data->srp_user,
33*e0c4386eSCy Schubert                                     ctx_data->srp_password,
34*e0c4386eSCy Schubert                                     "2048" /* known group */) < 0) {
35*e0c4386eSCy Schubert         *ad = SSL_AD_INTERNAL_ERROR;
36*e0c4386eSCy Schubert         return SSL3_AL_FATAL;
37*e0c4386eSCy Schubert     }
38*e0c4386eSCy Schubert     return SSL_ERROR_NONE;
39*e0c4386eSCy Schubert }
40*e0c4386eSCy Schubert 
configure_handshake_ctx_for_srp(SSL_CTX * server_ctx,SSL_CTX * server2_ctx,SSL_CTX * client_ctx,const SSL_TEST_EXTRA_CONF * extra,CTX_DATA * server_ctx_data,CTX_DATA * server2_ctx_data,CTX_DATA * client_ctx_data)41*e0c4386eSCy Schubert int configure_handshake_ctx_for_srp(SSL_CTX *server_ctx, SSL_CTX *server2_ctx,
42*e0c4386eSCy Schubert                                     SSL_CTX *client_ctx,
43*e0c4386eSCy Schubert                                     const SSL_TEST_EXTRA_CONF *extra,
44*e0c4386eSCy Schubert                                     CTX_DATA *server_ctx_data,
45*e0c4386eSCy Schubert                                     CTX_DATA *server2_ctx_data,
46*e0c4386eSCy Schubert                                     CTX_DATA *client_ctx_data)
47*e0c4386eSCy Schubert {
48*e0c4386eSCy Schubert     if (extra->server.srp_user != NULL) {
49*e0c4386eSCy Schubert         SSL_CTX_set_srp_username_callback(server_ctx, server_srp_cb);
50*e0c4386eSCy Schubert         server_ctx_data->srp_user = OPENSSL_strdup(extra->server.srp_user);
51*e0c4386eSCy Schubert         server_ctx_data->srp_password = OPENSSL_strdup(extra->server.srp_password);
52*e0c4386eSCy Schubert         if (server_ctx_data->srp_user == NULL || server_ctx_data->srp_password == NULL) {
53*e0c4386eSCy Schubert             OPENSSL_free(server_ctx_data->srp_user);
54*e0c4386eSCy Schubert             OPENSSL_free(server_ctx_data->srp_password);
55*e0c4386eSCy Schubert             server_ctx_data->srp_user = NULL;
56*e0c4386eSCy Schubert             server_ctx_data->srp_password = NULL;
57*e0c4386eSCy Schubert             return 0;
58*e0c4386eSCy Schubert         }
59*e0c4386eSCy Schubert         SSL_CTX_set_srp_cb_arg(server_ctx, server_ctx_data);
60*e0c4386eSCy Schubert     }
61*e0c4386eSCy Schubert     if (extra->server2.srp_user != NULL) {
62*e0c4386eSCy Schubert         if (!TEST_ptr(server2_ctx))
63*e0c4386eSCy Schubert             return 0;
64*e0c4386eSCy Schubert         SSL_CTX_set_srp_username_callback(server2_ctx, server_srp_cb);
65*e0c4386eSCy Schubert         server2_ctx_data->srp_user = OPENSSL_strdup(extra->server2.srp_user);
66*e0c4386eSCy Schubert         server2_ctx_data->srp_password = OPENSSL_strdup(extra->server2.srp_password);
67*e0c4386eSCy Schubert         if (server2_ctx_data->srp_user == NULL || server2_ctx_data->srp_password == NULL) {
68*e0c4386eSCy Schubert             OPENSSL_free(server2_ctx_data->srp_user);
69*e0c4386eSCy Schubert             OPENSSL_free(server2_ctx_data->srp_password);
70*e0c4386eSCy Schubert             server2_ctx_data->srp_user = NULL;
71*e0c4386eSCy Schubert             server2_ctx_data->srp_password = NULL;
72*e0c4386eSCy Schubert             return 0;
73*e0c4386eSCy Schubert         }
74*e0c4386eSCy Schubert         SSL_CTX_set_srp_cb_arg(server2_ctx, server2_ctx_data);
75*e0c4386eSCy Schubert     }
76*e0c4386eSCy Schubert     if (extra->client.srp_user != NULL) {
77*e0c4386eSCy Schubert         if (!TEST_true(SSL_CTX_set_srp_username(client_ctx,
78*e0c4386eSCy Schubert                                                 extra->client.srp_user)))
79*e0c4386eSCy Schubert             return 0;
80*e0c4386eSCy Schubert         SSL_CTX_set_srp_client_pwd_callback(client_ctx, client_srp_cb);
81*e0c4386eSCy Schubert         client_ctx_data->srp_password = OPENSSL_strdup(extra->client.srp_password);
82*e0c4386eSCy Schubert         if (client_ctx_data->srp_password == NULL)
83*e0c4386eSCy Schubert             return 0;
84*e0c4386eSCy Schubert         SSL_CTX_set_srp_cb_arg(client_ctx, client_ctx_data);
85*e0c4386eSCy Schubert     }
86*e0c4386eSCy Schubert     return 1;
87*e0c4386eSCy Schubert }
88