Google Git
Sign in
flutter / third_party / openssl / d7e498ac55f12bc2f4e7f948cbb8de2e3eeafc74^! / . / fuzz
commitd7e498ac55f12bc2f4e7f948cbb8de2e3eeafc74[log] [tgz]
authorRichard Levitte <levitte@openssl.org>Sun Oct 04 16:34:31 2020 +0200
committerRichard Levitte <levitte@openssl.org>Wed Nov 18 23:38:34 2020 +0100
tree755ca6bcbcd3b85d0371713d754b26f4a9d70250
parentb24d6c335d3beb431f8f9847623d4db39ae1f96b [diff]
Deprecate RSA harder

This deprecates all functions that deal with the types RSA and RSA_METHOD

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13096)

diff --git a/fuzz/asn1.c b/fuzz/asn1.c
index 8fe8583..9a4e454 100644
--- a/fuzz/asn1.c
+++ b/fuzz/asn1.c

@@ -169,9 +169,11 @@
     ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION),
     ASN1_ITEM_ref(PROXY_POLICY),
     ASN1_ITEM_ref(RSA_OAEP_PARAMS),
-    ASN1_ITEM_ref(RSAPrivateKey),
     ASN1_ITEM_ref(RSA_PSS_PARAMS),
+#ifndef OPENSSL_NO_DEPRECATED_3_0
+    ASN1_ITEM_ref(RSAPrivateKey),
     ASN1_ITEM_ref(RSAPublicKey),
+#endif
     ASN1_ITEM_ref(SXNET),
     ASN1_ITEM_ref(SXNETID),
     ASN1_ITEM_ref(USERNOTICE),
@@ -339,7 +341,9 @@
     DO_TEST_NO_PRINT(DSA, d2i_DSAPublicKey, i2d_DSAPublicKey);
     DO_TEST_NO_PRINT(DSA, d2i_DSAparams, i2d_DSAparams);
 #endif
+#ifndef OPENSSL_NO_DEPRECATED_3_0
     DO_TEST_NO_PRINT(RSA, d2i_RSAPublicKey, i2d_RSAPublicKey);
+#endif
 #ifndef OPENSSL_NO_EC
     DO_TEST_PRINT_OFFSET(EC_GROUP, d2i_ECPKParameters, i2d_ECPKParameters, ECPKParameters_print);
     DO_TEST_PRINT_OFFSET(EC_KEY, d2i_ECPrivateKey, i2d_ECPrivateKey, EC_KEY_print);

diff --git a/fuzz/server.c b/fuzz/server.c
index 8123c90..4055b58 100644
--- a/fuzz/server.c
+++ b/fuzz/server.c

@@ -12,6 +12,9 @@
 
 /* Test first part of SSL server handshake. */
 
+/* We need to use the deprecated RSA low level calls */
+#define OPENSSL_SUPPRESS_DEPRECATED
+
 #include <time.h>
 #include <openssl/rand.h>
 #include <openssl/ssl.h>
@@ -92,6 +95,7 @@
     0x76, 0x8a, 0xbb,
 };
 
+#ifndef OPENSSL_NO_DEPRECATED_3_0
 static const uint8_t kRSAPrivateKeyDER[] = {
     0x30, 0x82, 0x04, 0xa5, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
     0xce, 0x47, 0xcb, 0x11, 0xbb, 0xd2, 0x9d, 0x8e, 0x9e, 0xd2, 0x1e, 0x14,
@@ -194,6 +198,7 @@
     0xb2, 0xc6, 0xb2, 0x0a, 0x2a, 0x7c, 0x6d, 0x6a, 0x40, 0xfc, 0xf5, 0x50,
     0x98, 0x46, 0x89, 0x82, 0x40,
 };
+#endif
 
 
 #ifndef OPENSSL_NO_EC
@@ -512,7 +517,9 @@
 #endif
     SSL_CTX *ctx;
     int ret;
+#ifndef OPENSSL_NO_DEPRECATED_3_0
     RSA *privkey;
+#endif
     const uint8_t *bufp;
     EVP_PKEY *pkey;
     X509 *cert;
@@ -539,6 +546,7 @@
     ret = SSL_CTX_set_cipher_list(ctx, "ALL:eNULL:@SECLEVEL=0");
     OPENSSL_assert(ret == 1);
 
+#ifndef OPENSSL_NO_DEPRECATED_3_0
     /* RSA */
     bufp = kRSAPrivateKeyDER;
     privkey = d2i_RSAPrivateKey(NULL, &bufp, sizeof(kRSAPrivateKeyDER));
@@ -548,6 +556,7 @@
     ret = SSL_CTX_use_PrivateKey(ctx, pkey);
     OPENSSL_assert(ret == 1);
     EVP_PKEY_free(pkey);
+#endif
 
     bufp = kCertificateDER;
     cert = d2i_X509(NULL, &bufp, sizeof(kCertificateDER));