[PATCH v2 09/19] rsatoc: use non deprecated openssl functions to retrieve RSA params

Sascha Hauer <s.hauer@xxxxxxxxxxxxxx> · Thu, 1 Aug 2024 07:57:27 +0200

EVP_PKEY_get1_RSA() and RSA_get0_key() are deprecated. Use
EVP_PKEY_get_bn_param() instead.

Signed-off-by: Sascha Hauer <s.hauer@xxxxxxxxxxxxxx>
---
 scripts/rsatoc.c | 29 +++++++++++++++--------------
 1 file changed, 15 insertions(+), 14 deletions(-)

diff --git a/scripts/rsatoc.c b/scripts/rsatoc.c
index afef6212d0..c7bc4ba843 100644
--- a/scripts/rsatoc.c
+++ b/scripts/rsatoc.c
@@ -18,6 +18,8 @@
 #include <openssl/ssl.h>
 #include <openssl/evp.h>
 #include <openssl/engine.h>
+#include <openssl/provider.h>
+#include <openssl/core_names.h>
 
 static int dts, standalone;
 
@@ -160,14 +162,17 @@ static int engine_get_pub_key(const char *key_id, EVP_PKEY **key)
 /*
  * rsa_get_exponent(): - Get the public exponent from an RSA key
  */
-static int rsa_get_exponent(RSA *key, uint64_t *e)
+static int rsa_get_exponent(EVP_PKEY *key, uint64_t *e)
 {
 	int ret;
 	BIGNUM *bn_te = NULL;
-	const BIGNUM *key_e;
+	BIGNUM *key_e = NULL;
 	uint64_t te;
 
-	RSA_get0_key(key, NULL, &key_e, NULL);
+	ret = EVP_PKEY_get_bn_param(key, OSSL_PKEY_PARAM_RSA_E, &key_e);
+	if (!ret)
+		return -EINVAL;
+
 	if (BN_num_bits(key_e) > 64) {
 		ret = -EINVAL;
 		goto cleanup;
@@ -204,6 +209,7 @@ static int rsa_get_exponent(RSA *key, uint64_t *e)
 cleanup:
 	if (bn_te)
 		BN_free(bn_te);
+	BN_free(key_e);
 
 	return ret;
 }
@@ -214,20 +220,12 @@ static int rsa_get_exponent(RSA *key, uint64_t *e)
 static int rsa_get_params(EVP_PKEY *key, uint64_t *exponent, uint32_t *n0_invp,
 			  BIGNUM **modulusp, BIGNUM **r_squaredp)
 {
-	RSA *rsa;
 	BIGNUM *big1, *big2, *big32, *big2_32;
 	BIGNUM *n, *r, *r_squared, *tmp;
-	const BIGNUM *key_n;
+	BIGNUM *key_n = NULL;
 	BN_CTX *bn_ctx = BN_CTX_new();
 	int ret;
 
-	/* Convert to a RSA_style key. */
-	rsa = EVP_PKEY_get1_RSA(key);
-	if (!rsa) {
-		openssl_error("Couldn't convert to a RSA style key");
-		return -EINVAL;
-	}
-
 	/* Initialize BIGNUMs */
 	big1 = BN_new();
 	big2 = BN_new();
@@ -243,11 +241,14 @@ static int rsa_get_params(EVP_PKEY *key, uint64_t *exponent, uint32_t *n0_invp,
 		return -ENOMEM;
 	}
 
-	ret = rsa_get_exponent(rsa, exponent);
+	ret = rsa_get_exponent(key, exponent);
 	if (ret)
 		goto cleanup;
 
-	RSA_get0_key(rsa, &key_n, NULL, NULL);
+	ret = EVP_PKEY_get_bn_param(key, OSSL_PKEY_PARAM_RSA_N, &key_n);
+	if (!ret)
+		return -EINVAL;
+
 	if (!BN_copy(n, key_n) || !BN_set_word(big1, 1L) ||
 	    !BN_set_word(big2, 2L) || !BN_set_word(big32, 32L)) {
 		ret = -EINVAL;
-- 
2.39.2








