OpenSSL generate_key(): Use EVP_RSA_gen() when using OpenSSL 3.0 or later
authorFabian Keil <fk@fabiankeil.de>
Wed, 10 Jul 2024 17:39:03 +0000 (19:39 +0200)
committerFabian Keil <fk@fabiankeil.de>
Thu, 11 Jul 2024 08:07:08 +0000 (10:07 +0200)
Silences a bunch of deprecation warnings:

    openssl.c:1523:10: warning: 'RSA_new' is deprecated [-Wdeprecated-declarations]
     1523 |    rsa = RSA_new();
          |          ^
    /usr/local/include/openssl/rsa.h:201:1: note: 'RSA_new' has been explicitly marked deprecated here
      201 | OSSL_DEPRECATEDIN_3_0 RSA *RSA_new(void);
          | ^
    /usr/local/include/openssl/macros.h:182:49: note: expanded from macro 'OSSL_DEPRECATEDIN_3_0'
      182 | #   define OSSL_DEPRECATEDIN_3_0                OSSL_DEPRECATED(3.0)
          |                                                 ^
    /usr/local/include/openssl/macros.h:62:52: note: expanded from macro 'OSSL_DEPRECATED'
       62 | #     define OSSL_DEPRECATED(since) __attribute__((deprecated))
          |                                                    ^
    openssl.c:1540:10: warning: 'RSA_generate_key_ex' is deprecated [-Wdeprecated-declarations]
     1540 |    ret = RSA_generate_key_ex(rsa, RSA_KEYSIZE, exp, NULL);
          |          ^
    /usr/local/include/openssl/rsa.h:260:1: note: 'RSA_generate_key_ex' has been explicitly marked deprecated here
      260 | OSSL_DEPRECATEDIN_3_0 int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e,
          | ^
    /usr/local/include/openssl/macros.h:182:49: note: expanded from macro 'OSSL_DEPRECATEDIN_3_0'
      182 | #   define OSSL_DEPRECATEDIN_3_0                OSSL_DEPRECATED(3.0)
          |                                                 ^
    /usr/local/include/openssl/macros.h:62:52: note: expanded from macro 'OSSL_DEPRECATED'
       62 | #     define OSSL_DEPRECATED(since) __attribute__((deprecated))
          |                                                    ^
    openssl.c:1549:9: warning: 'EVP_PKEY_set1_RSA' is deprecated [-Wdeprecated-declarations]
     1549 |    if (!EVP_PKEY_set1_RSA(key, rsa))
          |         ^
    /usr/local/include/openssl/evp.h:1345:1: note: 'EVP_PKEY_set1_RSA' has been explicitly marked deprecated here
     1345 | OSSL_DEPRECATEDIN_3_0
          | ^
    /usr/local/include/openssl/macros.h:182:49: note: expanded from macro 'OSSL_DEPRECATEDIN_3_0'
      182 | #   define OSSL_DEPRECATEDIN_3_0                OSSL_DEPRECATED(3.0)
          |                                                 ^
    /usr/local/include/openssl/macros.h:62:52: note: expanded from macro 'OSSL_DEPRECATED'
       62 | #     define OSSL_DEPRECATED(since) __attribute__((deprecated))
          |                                                    ^
    openssl.c:1592:7: warning: 'RSA_free' is deprecated [-Wdeprecated-declarations]
     1592 |       RSA_free(rsa);
          |       ^
    /usr/local/include/openssl/rsa.h:293:1: note: 'RSA_free' has been explicitly marked deprecated here
      293 | OSSL_DEPRECATEDIN_3_0 void RSA_free(RSA *r);
          | ^
    /usr/local/include/openssl/macros.h:182:49: note: expanded from macro 'OSSL_DEPRECATEDIN_3_0'
      182 | #   define OSSL_DEPRECATEDIN_3_0                OSSL_DEPRECATED(3.0)
          |                                                 ^
    /usr/local/include/openssl/macros.h:62:52: note: expanded from macro 'OSSL_DEPRECATED'
       62 | #     define OSSL_DEPRECATED(since) __attribute__((deprecated))
          |                                                    ^

openssl.c

index 39f4653..97cfc2b 100644 (file)
--- a/openssl.c
+++ b/openssl.c
@@ -1495,8 +1495,10 @@ static int generate_key(struct client_state *csp, char **key_buf)
 {
    int ret = 0;
    char* key_file_path;
+#if (OPENSSL_VERSION_NUMBER < 0x30000000L)
    BIGNUM *exp;
    RSA *rsa;
+#endif
    EVP_PKEY *key;
 
    key_file_path = make_certs_path(csp->config->certificate_directory,
@@ -1515,6 +1517,7 @@ static int generate_key(struct client_state *csp, char **key_buf)
       return 0;
    }
 
+#if (OPENSSL_VERSION_NUMBER < 0x30000000L)
    exp = BN_new();
    rsa = RSA_new();
    key = EVP_PKEY_new();
@@ -1547,6 +1550,9 @@ static int generate_key(struct client_state *csp, char **key_buf)
       ret = -1;
       goto exit;
    }
+#else
+   key = EVP_RSA_gen(RSA_KEYSIZE);
+#endif
 
    /*
     * Exporting private key into file
@@ -1563,6 +1569,7 @@ exit:
    /*
     * Freeing used variables
     */
+#if (OPENSSL_VERSION_NUMBER < 0x30000000L)
    if (exp)
    {
       BN_free(exp);
@@ -1571,6 +1578,7 @@ exit:
    {
       RSA_free(rsa);
    }
+#endif
    if (key)
    {
       EVP_PKEY_free(key);