openssl
/
openssl
mirror of https://github.com/openssl/openssl
1
0
Fork 0
Code Issues Releases Wiki Activity

Fix 'no-deprecated' 

Some of the handling of no-deprecated stuff wasn't quite complete, or
even plain wrong.

This restores i2d_PublicKey() to be able to handle EVP_PKEYs with
legacy internal keys.

This also refactors the DSA key tests in test/evp_extra_test.c to use
EVP functionality entirely.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13706)
This commit is contained in:
Richard Levitte 2020-12-18 13:17:33 +01:00
parent a5f2782cec
commit 6ed4022cd1
3 changed files with 45 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
crypto/asn1/i2d_evp.c
View File

@ -7,8 +7,11 @@
* https://www.openssl.org/source/license.html
*/
/* We need to use some deprecated APIs to support the legacy bits */
#define OPENSSL_SUPPRESS_DEPRECATED
/*
* Low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include "internal/cryptlib.h"
@ -16,9 +19,7 @@
#include <openssl/encoder.h>
#include <openssl/buffer.h>
#include <openssl/x509.h>
#ifndef OPENSSL_NO_DEPRECATED_3_0
# include <openssl/rsa.h> /* For i2d_RSAPublicKey */
#endif
#include <openssl/rsa.h> /* For i2d_RSAPublicKey */
#include <openssl/dsa.h> /* For i2d_DSAPublicKey */
#include <openssl/ec.h> /* For i2o_ECPublicKey */
#include "crypto/asn1.h"
@ -106,11 +107,9 @@ int i2d_PublicKey(const EVP_PKEY *a, unsigned char **pp)
return i2d_provided(a, EVP_PKEY_PUBLIC_KEY, output_structures, pp);
}
switch (EVP_PKEY_id(a)) {
#ifndef OPENSSL_NO_DEPRECATED_3_0
# ifndef OPENSSL_NO_RSA
#ifndef OPENSSL_NO_RSA
case EVP_PKEY_RSA:
return i2d_RSAPublicKey(EVP_PKEY_get0_RSA(a), pp);
# endif
#endif
#ifndef OPENSSL_NO_DSA
case EVP_PKEY_DSA:

15
fuzz/server.c
View File

@ -292,7 +292,7 @@ static const char ECDSACertPEM[] = {
};
#endif
#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_DEPRECATED_3_0)
#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
/*
* -----BEGIN DSA PRIVATE KEY-----
* MIIBuwIBAAKBgQDdkFKzNABLOha7Eqj7004+p5fhtR6bxpujToMmSZTYi8igVVXP
@ -512,8 +512,8 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
SSL *server;
BIO *in;
BIO *out;
#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DSA) \
|| !defined(OPENSSL_NO_DEPRECATED_3_0)
#if !defined(OPENSSL_NO_EC) \
|| (!defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0))
BIO *bio_buf;
#endif
SSL_CTX *ctx;
@ -522,15 +522,16 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
RSA *privkey;
#endif
const uint8_t *bufp;
#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) \
|| !defined(OPENSSL_NO_DEPRECATED_3_0)
#if !defined(OPENSSL_NO_DEPRECATED_3_0) \
|| !defined(OPENSSL_NO_DSA) \
|| !defined(OPENSSL_NO_EC)
EVP_PKEY *pkey;
#endif
X509 *cert;
#ifndef OPENSSL_NO_EC
EC_KEY *ecdsakey = NULL;
#endif
#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_DEPRECATED_3_0)
#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
DSA *dsakey = NULL;
#endif
uint8_t opt;
@ -593,7 +594,7 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
X509_free(cert);
#endif
#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_DEPRECATED_3_0)
#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
/* DSA */
bio_buf = BIO_new(BIO_s_mem());
OPENSSL_assert((size_t)BIO_write(bio_buf, DSAPrivateKeyPEM, sizeof(DSAPrivateKeyPEM)) == sizeof(DSAPrivateKeyPEM));

71
test/evp_extra_test.c
View File

@ -435,26 +435,8 @@ static EVP_PKEY *load_example_rsa_key(void)
#ifndef OPENSSL_NO_DSA
static EVP_PKEY *load_example_dsa_key(void)
{
EVP_PKEY *ret = NULL;
const unsigned char *derp = kExampleDSAKeyDER;
EVP_PKEY *pkey = NULL;
DSA *dsa = NULL;
if (!TEST_true(d2i_DSAPrivateKey(&dsa, &derp, sizeof(kExampleDSAKeyDER))))
return NULL;
if (!TEST_ptr(pkey = EVP_PKEY_new())
|| !TEST_true(EVP_PKEY_set1_DSA(pkey, dsa)))
goto end;
ret = pkey;
pkey = NULL;
end:
EVP_PKEY_free(pkey);
DSA_free(dsa);
return ret;
return load_example_key("DSA", kExampleDSAKeyDER,
sizeof(kExampleDSAKeyDER));
}
#endif
@ -1684,8 +1666,10 @@ static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
#ifndef OPENSSL_NO_DSA
static int test_DSA_get_set_params(void)
{
DSA *dsa = NULL;
OSSL_PARAM_BLD *bld = NULL;
OSSL_PARAM *params = NULL;
BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
EVP_PKEY_CTX *pctx = NULL;
EVP_PKEY *pkey = NULL;
int ret = 0;
@ -1693,34 +1677,39 @@ static int test_DSA_get_set_params(void)
* Setup the parameters for our DSA object. For our purposes they don't
* have to actually be *valid* parameters. We just need to set something.
*/
dsa = DSA_new();
p = BN_new();
q = BN_new();
g = BN_new();
pub = BN_new();
priv = BN_new();
if (!TEST_ptr(dsa)
|| !TEST_ptr(p)
|| !TEST_ptr(q)
|| !TEST_ptr(g)
|| !TEST_ptr(pub)
|| !DSA_set0_pqg(dsa, p, q, g)
|| !DSA_set0_key(dsa, pub, priv))
if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
|| !TEST_ptr(bld = OSSL_PARAM_BLD_new())
|| !TEST_ptr(p = BN_new())
|| !TEST_ptr(q = BN_new())
|| !TEST_ptr(g = BN_new())
|| !TEST_ptr(pub = BN_new())
|| !TEST_ptr(priv = BN_new()))
goto err;
p = q = g = pub = priv = NULL;
pkey = EVP_PKEY_new();
if (!TEST_ptr(pkey)
|| !TEST_true(EVP_PKEY_assign_DSA(pkey, dsa)))
if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
|| !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
|| !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
|| !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
pub))
|| !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
priv)))
goto err;
if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
goto err;
dsa = NULL;
if (!TEST_int_gt(EVP_PKEY_key_fromdata_init(pctx), 0)
|| !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, params), 0))
goto err;
if (!TEST_ptr(pkey))
goto err;
ret = test_EVP_PKEY_CTX_get_set_params(pkey);
err:
EVP_PKEY_free(pkey);
DSA_free(dsa);
EVP_PKEY_CTX_free(pctx);
OSSL_PARAM_BLD_free_params(params);
OSSL_PARAM_BLD_free(bld);
BN_free(p);
BN_free(q);
BN_free(g);