Home Explore Help
Register Sign In
OWEALs
/
openssl
mirror of git://git.openssl.org/openssl.git
2
0
Fork 1
Files Issues 1 Wiki
Browse Source

Fix 'no-deprecated'

Some of the handling of no-deprecated stuff wasn't quite complete, or
even plain wrong.

This restores i2d_PublicKey() to be able to handle EVP_PKEYs with
legacy internal keys.

This also refactors the DSA key tests in test/evp_extra_test.c to use
EVP functionality entirely.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13706)
Richard Levitte 3 years ago
parent
a5f2782cec
commit
6ed4022cd1
3 changed files with 44 additions and 55 deletions
Split View Show Diff Stats
  1. 7 8
      crypto/asn1/i2d_evp.c
  2. 8 7
      fuzz/server.c
  3. 29 40
      test/evp_extra_test.c

+ 7 - 8
crypto/asn1/i2d_evp.c
View File 

@@ -7,8 +7,11 @@
 
  * https://www.openssl.org/source/license.html
 
  */
 
 
-/* We need to use some deprecated APIs to support the legacy bits */
 
-#define OPENSSL_SUPPRESS_DEPRECATED
 
+/*
 
+ * Low level APIs are deprecated for public use, but still ok for
 
+ * internal use.
 
+ */
 
+#include "internal/deprecated.h"
 
 
 #include <stdio.h>
 
 #include "internal/cryptlib.h"
 
@@ -16,9 +19,7 @@
 
 #include <openssl/encoder.h>
 
 #include <openssl/buffer.h>
 
 #include <openssl/x509.h>
 
-#ifndef OPENSSL_NO_DEPRECATED_3_0
 
-# include <openssl/rsa.h>        /* For i2d_RSAPublicKey */
 
-#endif
 
+#include <openssl/rsa.h>         /* For i2d_RSAPublicKey */
 
 #include <openssl/dsa.h>         /* For i2d_DSAPublicKey */
 
 #include <openssl/ec.h>          /* For i2o_ECPublicKey */
 
 #include "crypto/asn1.h"
 
@@ -106,11 +107,9 @@ int i2d_PublicKey(const EVP_PKEY *a, unsigned char **pp)
 
         return i2d_provided(a, EVP_PKEY_PUBLIC_KEY, output_structures, pp);
 
     }
 
     switch (EVP_PKEY_id(a)) {
 
-#ifndef OPENSSL_NO_DEPRECATED_3_0
 
-# ifndef OPENSSL_NO_RSA
 
+#ifndef OPENSSL_NO_RSA
 
     case EVP_PKEY_RSA:
 
         return i2d_RSAPublicKey(EVP_PKEY_get0_RSA(a), pp);
 
-# endif
 
 #endif
 
 #ifndef OPENSSL_NO_DSA
 
     case EVP_PKEY_DSA:

+ 8 - 7
fuzz/server.c
View File 

@@ -292,7 +292,7 @@ static const char ECDSACertPEM[] = {
 
 };
 
 #endif
 
 
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_DEPRECATED_3_0)
 
+#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
 
 /*
 
  * -----BEGIN DSA PRIVATE KEY-----
 
  * MIIBuwIBAAKBgQDdkFKzNABLOha7Eqj7004+p5fhtR6bxpujToMmSZTYi8igVVXP
 
@@ -512,8 +512,8 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
 
     SSL *server;
 
     BIO *in;
 
     BIO *out;
 
-#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DSA) \
 
-    || !defined(OPENSSL_NO_DEPRECATED_3_0)
 
+#if !defined(OPENSSL_NO_EC)                     \
 
+    || (!defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0))
 
     BIO *bio_buf;
 
 #endif
 
     SSL_CTX *ctx;
 
@@ -522,15 +522,16 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
 
     RSA *privkey;
 
 #endif
 
     const uint8_t *bufp;
 
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) \
 
-    || !defined(OPENSSL_NO_DEPRECATED_3_0)
 
+#if !defined(OPENSSL_NO_DEPRECATED_3_0)         \
 
+    || !defined(OPENSSL_NO_DSA)                 \
 
+    || !defined(OPENSSL_NO_EC)
 
     EVP_PKEY *pkey;
 
 #endif
 
     X509 *cert;
 
 #ifndef OPENSSL_NO_EC
 
     EC_KEY *ecdsakey = NULL;
 
 #endif
 
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_DEPRECATED_3_0)
 
+#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
 
     DSA *dsakey = NULL;
 
 #endif
 
     uint8_t opt;
 
@@ -593,7 +594,7 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
 
     X509_free(cert);
 
 #endif
 
 
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_DEPRECATED_3_0)
 
+#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
 
     /* DSA */
 
     bio_buf = BIO_new(BIO_s_mem());
 
     OPENSSL_assert((size_t)BIO_write(bio_buf, DSAPrivateKeyPEM, sizeof(DSAPrivateKeyPEM)) == sizeof(DSAPrivateKeyPEM));

+ 29 - 40
test/evp_extra_test.c
View File 

@@ -435,26 +435,8 @@ static EVP_PKEY *load_example_rsa_key(void)
 
 #ifndef OPENSSL_NO_DSA
 
 static EVP_PKEY *load_example_dsa_key(void)
 
 {
 
-    EVP_PKEY *ret = NULL;
 
-    const unsigned char *derp = kExampleDSAKeyDER;
 
-    EVP_PKEY *pkey = NULL;
 
-    DSA *dsa = NULL;
 
-
 
-    if (!TEST_true(d2i_DSAPrivateKey(&dsa, &derp, sizeof(kExampleDSAKeyDER))))
 
-        return NULL;
 
-
 
-    if (!TEST_ptr(pkey = EVP_PKEY_new())
 
-            || !TEST_true(EVP_PKEY_set1_DSA(pkey, dsa)))
 
-        goto end;
 
-
 
-    ret = pkey;
 
-    pkey = NULL;
 
-
 
-end:
 
-    EVP_PKEY_free(pkey);
 
-    DSA_free(dsa);
 
-
 
-    return ret;
 
+    return load_example_key("DSA", kExampleDSAKeyDER,
 
+                            sizeof(kExampleDSAKeyDER));
 
 }
 
 #endif
 
 
@@ -1684,8 +1666,10 @@ static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
 
 #ifndef OPENSSL_NO_DSA
 
 static int test_DSA_get_set_params(void)
 
 {
 
-    DSA *dsa = NULL;
 
+    OSSL_PARAM_BLD *bld = NULL;
 
+    OSSL_PARAM *params = NULL;
 
     BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
 
+    EVP_PKEY_CTX *pctx = NULL;
 
     EVP_PKEY *pkey = NULL;
 
     int ret = 0;
 
 
@@ -1693,34 +1677,39 @@ static int test_DSA_get_set_params(void)
 
      * Setup the parameters for our DSA object. For our purposes they don't
 
      * have to actually be *valid* parameters. We just need to set something.
 
      */
 
-    dsa = DSA_new();
 
-    p = BN_new();
 
-    q = BN_new();
 
-    g = BN_new();
 
-    pub = BN_new();
 
-    priv = BN_new();
 
-    if (!TEST_ptr(dsa)
 
-            || !TEST_ptr(p)
 
-            || !TEST_ptr(q)
 
-            || !TEST_ptr(g)
 
-            || !TEST_ptr(pub)
 
-            || !DSA_set0_pqg(dsa, p, q, g)
 
-        || !DSA_set0_key(dsa, pub, priv))
 
+    if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
 
+        || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
 
+        || !TEST_ptr(p = BN_new())
 
+        || !TEST_ptr(q = BN_new())
 
+        || !TEST_ptr(g = BN_new())
 
+        || !TEST_ptr(pub = BN_new())
 
+        || !TEST_ptr(priv = BN_new()))
 
+        goto err;
 
+    if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
 
+        || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
 
+        || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
 
+        || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
 
+                                             pub))
 
+        || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
 
+                                             priv)))
 
+        goto err;
 
+    if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
 
         goto err;
 
-    p = q = g = pub = priv = NULL;
 
 
-    pkey = EVP_PKEY_new();
 
-    if (!TEST_ptr(pkey)
 
-            || !TEST_true(EVP_PKEY_assign_DSA(pkey, dsa)))
 
+    if (!TEST_int_gt(EVP_PKEY_key_fromdata_init(pctx), 0)
 
+        || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, params), 0))
 
         goto err;
 
 
-    dsa = NULL;
 
+    if (!TEST_ptr(pkey))
 
+        goto err;
 
 
     ret = test_EVP_PKEY_CTX_get_set_params(pkey);
 
 
  err:
 
     EVP_PKEY_free(pkey);
 
-    DSA_free(dsa);
 
+    EVP_PKEY_CTX_free(pctx);
 
+    OSSL_PARAM_BLD_free_params(params);
 
+    OSSL_PARAM_BLD_free(bld);
 
     BN_free(p);
 
     BN_free(q);
 
     BN_free(g);