[openssl] master update

Richard Levitte Sat, 19 Dec 2020 08:03:25 -0800

The branch master has been updated
       via  e3577adddf6bc4f0d9d202621a2c576d982d6f0a (commit)
       via  6ed4022cd1e4b066ddc6131ca659d8a260944a76 (commit)
      from  a5f2782ceca7af2480c86562e8952b2980251e4e (commit)



- Log -----------------------------------------------------------------
commit e3577adddf6bc4f0d9d202621a2c576d982d6f0a
Author: Richard Levitte <levi...@openssl.org>
Date:   Fri Dec 18 15:39:50 2020 +0100

    GitHub CI: Separate no-deprecated job from minimal job
    
    Reviewed-by: Tomas Mraz <tm...@fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/13706)

commit 6ed4022cd1e4b066ddc6131ca659d8a260944a76
Author: Richard Levitte <levi...@openssl.org>
Date:   Fri Dec 18 13:17:33 2020 +0100

    Fix 'no-deprecated'
    
    Some of the handling of no-deprecated stuff wasn't quite complete, or
    even plain wrong.
    
    This restores i2d_PublicKey() to be able to handle EVP_PKEYs with
    legacy internal keys.
    
    This also refactors the DSA key tests in test/evp_extra_test.c to use
    EVP functionality entirely.
    
    Reviewed-by: Tomas Mraz <tm...@fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/13706)

-----------------------------------------------------------------------

Summary of changes:
 .github/workflows/ci.yml | 11 ++++++++
 Configure                |  2 +-
 crypto/asn1/i2d_evp.c    | 15 +++++------
 fuzz/server.c            | 15 ++++++-----
 test/evp_extra_test.c    | 69 ++++++++++++++++++++----------------------------
 5 files changed, 56 insertions(+), 56 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 4793246b5a..7588bcca66 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -69,6 +69,17 @@ jobs:
     - name: make test
       run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
 
+  no-deprecated:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: config
+      run: ./config --strict-warnings no-deprecated && perl configdata.pm 
--dump
+    - name: make
+      run: make -s -j4
+    - name: make test
+      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
+
   sanitizers:
     runs-on: ubuntu-latest
     steps:
diff --git a/Configure b/Configure
index 27dafe3d25..064171bbf9 100755
--- a/Configure
+++ b/Configure
@@ -540,7 +540,7 @@ our %disabled = ( # "what"         => "comment"
 # Note: => pair form used for aesthetics, not to truly make a hash table
 my @disable_cascades = (
     # "what"            => [ "cascade", ... ]
-    "bulk"              => [ "deprecated", "shared", "dso",
+    "bulk"              => [ "shared", "dso",
                              "aria", "async", "autoload-config",
                              "blake2", "bf", "camellia", "cast", "chacha",
                              "cmac", "cms", "cmp", "comp", "ct",
diff --git a/crypto/asn1/i2d_evp.c b/crypto/asn1/i2d_evp.c
index da1d136184..3df49a1701 100644
--- a/crypto/asn1/i2d_evp.c
+++ b/crypto/asn1/i2d_evp.c
@@ -7,8 +7,11 @@
  * https://www.openssl.org/source/license.html
  */
 
-/* We need to use some deprecated APIs to support the legacy bits */
-#define OPENSSL_SUPPRESS_DEPRECATED
+/*
+ * Low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
 
 #include <stdio.h>
 #include "internal/cryptlib.h"
@@ -16,9 +19,7 @@
 #include <openssl/encoder.h>
 #include <openssl/buffer.h>
 #include <openssl/x509.h>
-#ifndef OPENSSL_NO_DEPRECATED_3_0
-# include <openssl/rsa.h>        /* For i2d_RSAPublicKey */
-#endif
+#include <openssl/rsa.h>         /* For i2d_RSAPublicKey */
 #include <openssl/dsa.h>         /* For i2d_DSAPublicKey */
 #include <openssl/ec.h>          /* For i2o_ECPublicKey */
 #include "crypto/asn1.h"
@@ -106,11 +107,9 @@ int i2d_PublicKey(const EVP_PKEY *a, unsigned char **pp)
         return i2d_provided(a, EVP_PKEY_PUBLIC_KEY, output_structures, pp);
     }
     switch (EVP_PKEY_id(a)) {
-#ifndef OPENSSL_NO_DEPRECATED_3_0
-# ifndef OPENSSL_NO_RSA
+#ifndef OPENSSL_NO_RSA
     case EVP_PKEY_RSA:
         return i2d_RSAPublicKey(EVP_PKEY_get0_RSA(a), pp);
-# endif
 #endif
 #ifndef OPENSSL_NO_DSA
     case EVP_PKEY_DSA:
diff --git a/fuzz/server.c b/fuzz/server.c
index dc2ade686d..ead9fc1105 100644
--- a/fuzz/server.c
+++ b/fuzz/server.c
@@ -292,7 +292,7 @@ static const char ECDSACertPEM[] = {
 };
 #endif
 
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_DEPRECATED_3_0)
+#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
 /*
  * -----BEGIN DSA PRIVATE KEY-----
  * MIIBuwIBAAKBgQDdkFKzNABLOha7Eqj7004+p5fhtR6bxpujToMmSZTYi8igVVXP
@@ -512,8 +512,8 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
     SSL *server;
     BIO *in;
     BIO *out;
-#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DSA) \
-    || !defined(OPENSSL_NO_DEPRECATED_3_0)
+#if !defined(OPENSSL_NO_EC)                     \
+    || (!defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0))
     BIO *bio_buf;
 #endif
     SSL_CTX *ctx;
@@ -522,15 +522,16 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
     RSA *privkey;
 #endif
     const uint8_t *bufp;
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) \
-    || !defined(OPENSSL_NO_DEPRECATED_3_0)
+#if !defined(OPENSSL_NO_DEPRECATED_3_0)         \
+    || !defined(OPENSSL_NO_DSA)                 \
+    || !defined(OPENSSL_NO_EC)
     EVP_PKEY *pkey;
 #endif
     X509 *cert;
 #ifndef OPENSSL_NO_EC
     EC_KEY *ecdsakey = NULL;
 #endif
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_DEPRECATED_3_0)
+#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
     DSA *dsakey = NULL;
 #endif
     uint8_t opt;
@@ -593,7 +594,7 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
     X509_free(cert);
 #endif
 
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_DEPRECATED_3_0)
+#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
     /* DSA */
     bio_buf = BIO_new(BIO_s_mem());
     OPENSSL_assert((size_t)BIO_write(bio_buf, DSAPrivateKeyPEM, 
sizeof(DSAPrivateKeyPEM)) == sizeof(DSAPrivateKeyPEM));
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index c1aaf67c85..67e5a48c3e 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -435,26 +435,8 @@ static EVP_PKEY *load_example_rsa_key(void)
 #ifndef OPENSSL_NO_DSA
 static EVP_PKEY *load_example_dsa_key(void)
 {
-    EVP_PKEY *ret = NULL;
-    const unsigned char *derp = kExampleDSAKeyDER;
-    EVP_PKEY *pkey = NULL;
-    DSA *dsa = NULL;
-
-    if (!TEST_true(d2i_DSAPrivateKey(&dsa, &derp, sizeof(kExampleDSAKeyDER))))
-        return NULL;
-
-    if (!TEST_ptr(pkey = EVP_PKEY_new())
-            || !TEST_true(EVP_PKEY_set1_DSA(pkey, dsa)))
-        goto end;
-
-    ret = pkey;
-    pkey = NULL;
-
-end:
-    EVP_PKEY_free(pkey);
-    DSA_free(dsa);
-
-    return ret;
+    return load_example_key("DSA", kExampleDSAKeyDER,
+                            sizeof(kExampleDSAKeyDER));
 }
 #endif
 
@@ -1684,8 +1666,10 @@ static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY 
*pkey)
 #ifndef OPENSSL_NO_DSA
 static int test_DSA_get_set_params(void)
 {
-    DSA *dsa = NULL;
+    OSSL_PARAM_BLD *bld = NULL;
+    OSSL_PARAM *params = NULL;
     BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
+    EVP_PKEY_CTX *pctx = NULL;
     EVP_PKEY *pkey = NULL;
     int ret = 0;
 
@@ -1693,34 +1677,39 @@ static int test_DSA_get_set_params(void)
      * Setup the parameters for our DSA object. For our purposes they don't
      * have to actually be *valid* parameters. We just need to set something.
      */
-    dsa = DSA_new();
-    p = BN_new();
-    q = BN_new();
-    g = BN_new();
-    pub = BN_new();
-    priv = BN_new();
-    if (!TEST_ptr(dsa)
-            || !TEST_ptr(p)
-            || !TEST_ptr(q)
-            || !TEST_ptr(g)
-            || !TEST_ptr(pub)
-            || !DSA_set0_pqg(dsa, p, q, g)
-        || !DSA_set0_key(dsa, pub, priv))
+    if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
+        || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
+        || !TEST_ptr(p = BN_new())
+        || !TEST_ptr(q = BN_new())
+        || !TEST_ptr(g = BN_new())
+        || !TEST_ptr(pub = BN_new())
+        || !TEST_ptr(priv = BN_new()))
+        goto err;
+    if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
+        || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
+        || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
+        || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
+                                             pub))
+        || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
+                                             priv)))
+        goto err;
+    if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
         goto err;
-    p = q = g = pub = priv = NULL;
 
-    pkey = EVP_PKEY_new();
-    if (!TEST_ptr(pkey)
-            || !TEST_true(EVP_PKEY_assign_DSA(pkey, dsa)))
+    if (!TEST_int_gt(EVP_PKEY_key_fromdata_init(pctx), 0)
+        || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, params), 0))
         goto err;
 
-    dsa = NULL;
+    if (!TEST_ptr(pkey))
+        goto err;
 
     ret = test_EVP_PKEY_CTX_get_set_params(pkey);
 
  err:
     EVP_PKEY_free(pkey);
-    DSA_free(dsa);
+    EVP_PKEY_CTX_free(pctx);
+    OSSL_PARAM_BLD_free_params(params);
+    OSSL_PARAM_BLD_free(bld);
     BN_free(p);
     BN_free(q);
     BN_free(g);

[openssl] master update

Reply via email to