[openssl] master update
Richard Levitte
levitte at openssl.org
Sat Dec 19 16:03:11 UTC 2020
The branch master has been updated
via e3577adddf6bc4f0d9d202621a2c576d982d6f0a (commit)
via 6ed4022cd1e4b066ddc6131ca659d8a260944a76 (commit)
from a5f2782ceca7af2480c86562e8952b2980251e4e (commit)
- Log -----------------------------------------------------------------
commit e3577adddf6bc4f0d9d202621a2c576d982d6f0a
Author: Richard Levitte <levitte at openssl.org>
Date: Fri Dec 18 15:39:50 2020 +0100
GitHub CI: Separate no-deprecated job from minimal job
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13706)
commit 6ed4022cd1e4b066ddc6131ca659d8a260944a76
Author: Richard Levitte <levitte at openssl.org>
Date: Fri Dec 18 13:17:33 2020 +0100
Fix 'no-deprecated'
Some of the handling of no-deprecated stuff wasn't quite complete, or
even plain wrong.
This restores i2d_PublicKey() to be able to handle EVP_PKEYs with
legacy internal keys.
This also refactors the DSA key tests in test/evp_extra_test.c to use
EVP functionality entirely.
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13706)
-----------------------------------------------------------------------
Summary of changes:
.github/workflows/ci.yml | 11 ++++++++
Configure | 2 +-
crypto/asn1/i2d_evp.c | 15 +++++------
fuzz/server.c | 15 ++++++-----
test/evp_extra_test.c | 69 ++++++++++++++++++++----------------------------
5 files changed, 56 insertions(+), 56 deletions(-)
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 4793246b5a..7588bcca66 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -69,6 +69,17 @@ jobs:
- name: make test
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
+ no-deprecated:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout at v2
+ - name: config
+ run: ./config --strict-warnings no-deprecated && perl configdata.pm --dump
+ - name: make
+ run: make -s -j4
+ - name: make test
+ run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
+
sanitizers:
runs-on: ubuntu-latest
steps:
diff --git a/Configure b/Configure
index 27dafe3d25..064171bbf9 100755
--- a/Configure
+++ b/Configure
@@ -540,7 +540,7 @@ our %disabled = ( # "what" => "comment"
# Note: => pair form used for aesthetics, not to truly make a hash table
my @disable_cascades = (
# "what" => [ "cascade", ... ]
- "bulk" => [ "deprecated", "shared", "dso",
+ "bulk" => [ "shared", "dso",
"aria", "async", "autoload-config",
"blake2", "bf", "camellia", "cast", "chacha",
"cmac", "cms", "cmp", "comp", "ct",
diff --git a/crypto/asn1/i2d_evp.c b/crypto/asn1/i2d_evp.c
index da1d136184..3df49a1701 100644
--- a/crypto/asn1/i2d_evp.c
+++ b/crypto/asn1/i2d_evp.c
@@ -7,8 +7,11 @@
* https://www.openssl.org/source/license.html
*/
-/* We need to use some deprecated APIs to support the legacy bits */
-#define OPENSSL_SUPPRESS_DEPRECATED
+/*
+ * Low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
#include <stdio.h>
#include "internal/cryptlib.h"
@@ -16,9 +19,7 @@
#include <openssl/encoder.h>
#include <openssl/buffer.h>
#include <openssl/x509.h>
-#ifndef OPENSSL_NO_DEPRECATED_3_0
-# include <openssl/rsa.h> /* For i2d_RSAPublicKey */
-#endif
+#include <openssl/rsa.h> /* For i2d_RSAPublicKey */
#include <openssl/dsa.h> /* For i2d_DSAPublicKey */
#include <openssl/ec.h> /* For i2o_ECPublicKey */
#include "crypto/asn1.h"
@@ -106,11 +107,9 @@ int i2d_PublicKey(const EVP_PKEY *a, unsigned char **pp)
return i2d_provided(a, EVP_PKEY_PUBLIC_KEY, output_structures, pp);
}
switch (EVP_PKEY_id(a)) {
-#ifndef OPENSSL_NO_DEPRECATED_3_0
-# ifndef OPENSSL_NO_RSA
+#ifndef OPENSSL_NO_RSA
case EVP_PKEY_RSA:
return i2d_RSAPublicKey(EVP_PKEY_get0_RSA(a), pp);
-# endif
#endif
#ifndef OPENSSL_NO_DSA
case EVP_PKEY_DSA:
diff --git a/fuzz/server.c b/fuzz/server.c
index dc2ade686d..ead9fc1105 100644
--- a/fuzz/server.c
+++ b/fuzz/server.c
@@ -292,7 +292,7 @@ static const char ECDSACertPEM[] = {
};
#endif
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_DEPRECATED_3_0)
+#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
/*
* -----BEGIN DSA PRIVATE KEY-----
* MIIBuwIBAAKBgQDdkFKzNABLOha7Eqj7004+p5fhtR6bxpujToMmSZTYi8igVVXP
@@ -512,8 +512,8 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
SSL *server;
BIO *in;
BIO *out;
-#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DSA) \
- || !defined(OPENSSL_NO_DEPRECATED_3_0)
+#if !defined(OPENSSL_NO_EC) \
+ || (!defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0))
BIO *bio_buf;
#endif
SSL_CTX *ctx;
@@ -522,15 +522,16 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
RSA *privkey;
#endif
const uint8_t *bufp;
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) \
- || !defined(OPENSSL_NO_DEPRECATED_3_0)
+#if !defined(OPENSSL_NO_DEPRECATED_3_0) \
+ || !defined(OPENSSL_NO_DSA) \
+ || !defined(OPENSSL_NO_EC)
EVP_PKEY *pkey;
#endif
X509 *cert;
#ifndef OPENSSL_NO_EC
EC_KEY *ecdsakey = NULL;
#endif
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_DEPRECATED_3_0)
+#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
DSA *dsakey = NULL;
#endif
uint8_t opt;
@@ -593,7 +594,7 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
X509_free(cert);
#endif
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_DEPRECATED_3_0)
+#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
/* DSA */
bio_buf = BIO_new(BIO_s_mem());
OPENSSL_assert((size_t)BIO_write(bio_buf, DSAPrivateKeyPEM, sizeof(DSAPrivateKeyPEM)) == sizeof(DSAPrivateKeyPEM));
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index c1aaf67c85..67e5a48c3e 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -435,26 +435,8 @@ static EVP_PKEY *load_example_rsa_key(void)
#ifndef OPENSSL_NO_DSA
static EVP_PKEY *load_example_dsa_key(void)
{
- EVP_PKEY *ret = NULL;
- const unsigned char *derp = kExampleDSAKeyDER;
- EVP_PKEY *pkey = NULL;
- DSA *dsa = NULL;
-
- if (!TEST_true(d2i_DSAPrivateKey(&dsa, &derp, sizeof(kExampleDSAKeyDER))))
- return NULL;
-
- if (!TEST_ptr(pkey = EVP_PKEY_new())
- || !TEST_true(EVP_PKEY_set1_DSA(pkey, dsa)))
- goto end;
-
- ret = pkey;
- pkey = NULL;
-
-end:
- EVP_PKEY_free(pkey);
- DSA_free(dsa);
-
- return ret;
+ return load_example_key("DSA", kExampleDSAKeyDER,
+ sizeof(kExampleDSAKeyDER));
}
#endif
@@ -1684,8 +1666,10 @@ static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
#ifndef OPENSSL_NO_DSA
static int test_DSA_get_set_params(void)
{
- DSA *dsa = NULL;
+ OSSL_PARAM_BLD *bld = NULL;
+ OSSL_PARAM *params = NULL;
BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
+ EVP_PKEY_CTX *pctx = NULL;
EVP_PKEY *pkey = NULL;
int ret = 0;
@@ -1693,34 +1677,39 @@ static int test_DSA_get_set_params(void)
* Setup the parameters for our DSA object. For our purposes they don't
* have to actually be *valid* parameters. We just need to set something.
*/
- dsa = DSA_new();
- p = BN_new();
- q = BN_new();
- g = BN_new();
- pub = BN_new();
- priv = BN_new();
- if (!TEST_ptr(dsa)
- || !TEST_ptr(p)
- || !TEST_ptr(q)
- || !TEST_ptr(g)
- || !TEST_ptr(pub)
- || !DSA_set0_pqg(dsa, p, q, g)
- || !DSA_set0_key(dsa, pub, priv))
+ if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
+ || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
+ || !TEST_ptr(p = BN_new())
+ || !TEST_ptr(q = BN_new())
+ || !TEST_ptr(g = BN_new())
+ || !TEST_ptr(pub = BN_new())
+ || !TEST_ptr(priv = BN_new()))
+ goto err;
+ if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
+ || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
+ || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
+ || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
+ pub))
+ || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
+ priv)))
+ goto err;
+ if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
goto err;
- p = q = g = pub = priv = NULL;
- pkey = EVP_PKEY_new();
- if (!TEST_ptr(pkey)
- || !TEST_true(EVP_PKEY_assign_DSA(pkey, dsa)))
+ if (!TEST_int_gt(EVP_PKEY_key_fromdata_init(pctx), 0)
+ || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, params), 0))
goto err;
- dsa = NULL;
+ if (!TEST_ptr(pkey))
+ goto err;
ret = test_EVP_PKEY_CTX_get_set_params(pkey);
err:
EVP_PKEY_free(pkey);
- DSA_free(dsa);
+ EVP_PKEY_CTX_free(pctx);
+ OSSL_PARAM_BLD_free_params(params);
+ OSSL_PARAM_BLD_free(bld);
BN_free(p);
BN_free(q);
BN_free(g);
More information about the openssl-commits
mailing list