diff --git a/crypto/asn1/i2d_evp.c b/crypto/asn1/i2d_evp.c index da1d136184..3df49a1701 100644 --- a/crypto/asn1/i2d_evp.c +++ b/crypto/asn1/i2d_evp.c @@ -7,8 +7,11 @@ * https://www.openssl.org/source/license.html */ -/* We need to use some deprecated APIs to support the legacy bits */ -#define OPENSSL_SUPPRESS_DEPRECATED +/* + * Low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" #include #include "internal/cryptlib.h" @@ -16,9 +19,7 @@ #include #include #include -#ifndef OPENSSL_NO_DEPRECATED_3_0 -# include /* For i2d_RSAPublicKey */ -#endif +#include /* For i2d_RSAPublicKey */ #include /* For i2d_DSAPublicKey */ #include /* For i2o_ECPublicKey */ #include "crypto/asn1.h" @@ -106,11 +107,9 @@ int i2d_PublicKey(const EVP_PKEY *a, unsigned char **pp) return i2d_provided(a, EVP_PKEY_PUBLIC_KEY, output_structures, pp); } switch (EVP_PKEY_id(a)) { -#ifndef OPENSSL_NO_DEPRECATED_3_0 -# ifndef OPENSSL_NO_RSA +#ifndef OPENSSL_NO_RSA case EVP_PKEY_RSA: return i2d_RSAPublicKey(EVP_PKEY_get0_RSA(a), pp); -# endif #endif #ifndef OPENSSL_NO_DSA case EVP_PKEY_DSA: diff --git a/fuzz/server.c b/fuzz/server.c index dc2ade686d..ead9fc1105 100644 --- a/fuzz/server.c +++ b/fuzz/server.c @@ -292,7 +292,7 @@ static const char ECDSACertPEM[] = { }; #endif -#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_DEPRECATED_3_0) +#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) /* * -----BEGIN DSA PRIVATE KEY----- * MIIBuwIBAAKBgQDdkFKzNABLOha7Eqj7004+p5fhtR6bxpujToMmSZTYi8igVVXP @@ -512,8 +512,8 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) SSL *server; BIO *in; BIO *out; -#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DSA) \ - || !defined(OPENSSL_NO_DEPRECATED_3_0) +#if !defined(OPENSSL_NO_EC) \ + || (!defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)) BIO *bio_buf; #endif SSL_CTX *ctx; @@ -522,15 +522,16 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) RSA *privkey; #endif const uint8_t *bufp; -#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) \ - || !defined(OPENSSL_NO_DEPRECATED_3_0) +#if !defined(OPENSSL_NO_DEPRECATED_3_0) \ + || !defined(OPENSSL_NO_DSA) \ + || !defined(OPENSSL_NO_EC) EVP_PKEY *pkey; #endif X509 *cert; #ifndef OPENSSL_NO_EC EC_KEY *ecdsakey = NULL; #endif -#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_DEPRECATED_3_0) +#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) DSA *dsakey = NULL; #endif uint8_t opt; @@ -593,7 +594,7 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) X509_free(cert); #endif -#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_DEPRECATED_3_0) +#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) /* DSA */ bio_buf = BIO_new(BIO_s_mem()); OPENSSL_assert((size_t)BIO_write(bio_buf, DSAPrivateKeyPEM, sizeof(DSAPrivateKeyPEM)) == sizeof(DSAPrivateKeyPEM)); diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index c1aaf67c85..67e5a48c3e 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -435,26 +435,8 @@ static EVP_PKEY *load_example_rsa_key(void) #ifndef OPENSSL_NO_DSA static EVP_PKEY *load_example_dsa_key(void) { - EVP_PKEY *ret = NULL; - const unsigned char *derp = kExampleDSAKeyDER; - EVP_PKEY *pkey = NULL; - DSA *dsa = NULL; - - if (!TEST_true(d2i_DSAPrivateKey(&dsa, &derp, sizeof(kExampleDSAKeyDER)))) - return NULL; - - if (!TEST_ptr(pkey = EVP_PKEY_new()) - || !TEST_true(EVP_PKEY_set1_DSA(pkey, dsa))) - goto end; - - ret = pkey; - pkey = NULL; - -end: - EVP_PKEY_free(pkey); - DSA_free(dsa); - - return ret; + return load_example_key("DSA", kExampleDSAKeyDER, + sizeof(kExampleDSAKeyDER)); } #endif @@ -1684,8 +1666,10 @@ static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey) #ifndef OPENSSL_NO_DSA static int test_DSA_get_set_params(void) { - DSA *dsa = NULL; + OSSL_PARAM_BLD *bld = NULL; + OSSL_PARAM *params = NULL; BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL; + EVP_PKEY_CTX *pctx = NULL; EVP_PKEY *pkey = NULL; int ret = 0; @@ -1693,34 +1677,39 @@ static int test_DSA_get_set_params(void) * Setup the parameters for our DSA object. For our purposes they don't * have to actually be *valid* parameters. We just need to set something. */ - dsa = DSA_new(); - p = BN_new(); - q = BN_new(); - g = BN_new(); - pub = BN_new(); - priv = BN_new(); - if (!TEST_ptr(dsa) - || !TEST_ptr(p) - || !TEST_ptr(q) - || !TEST_ptr(g) - || !TEST_ptr(pub) - || !DSA_set0_pqg(dsa, p, q, g) - || !DSA_set0_key(dsa, pub, priv)) + if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL)) + || !TEST_ptr(bld = OSSL_PARAM_BLD_new()) + || !TEST_ptr(p = BN_new()) + || !TEST_ptr(q = BN_new()) + || !TEST_ptr(g = BN_new()) + || !TEST_ptr(pub = BN_new()) + || !TEST_ptr(priv = BN_new())) goto err; - p = q = g = pub = priv = NULL; - - pkey = EVP_PKEY_new(); - if (!TEST_ptr(pkey) - || !TEST_true(EVP_PKEY_assign_DSA(pkey, dsa))) + if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, + pub)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, + priv))) + goto err; + if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))) goto err; - dsa = NULL; + if (!TEST_int_gt(EVP_PKEY_key_fromdata_init(pctx), 0) + || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, params), 0)) + goto err; + + if (!TEST_ptr(pkey)) + goto err; ret = test_EVP_PKEY_CTX_get_set_params(pkey); err: EVP_PKEY_free(pkey); - DSA_free(dsa); + EVP_PKEY_CTX_free(pctx); + OSSL_PARAM_BLD_free_params(params); + OSSL_PARAM_BLD_free(bld); BN_free(p); BN_free(q); BN_free(g);