From ec4392e4bb11651c2f8154c526cceddd0dae6646 Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Wed, 10 Jul 2024 19:39:03 +0200 Subject: [PATCH] OpenSSL generate_key(): Use EVP_RSA_gen() when using OpenSSL 3.0 or later Silences a bunch of deprecation warnings: openssl.c:1523:10: warning: 'RSA_new' is deprecated [-Wdeprecated-declarations] 1523 | rsa = RSA_new(); | ^ /usr/local/include/openssl/rsa.h:201:1: note: 'RSA_new' has been explicitly marked deprecated here 201 | OSSL_DEPRECATEDIN_3_0 RSA *RSA_new(void); | ^ /usr/local/include/openssl/macros.h:182:49: note: expanded from macro 'OSSL_DEPRECATEDIN_3_0' 182 | # define OSSL_DEPRECATEDIN_3_0 OSSL_DEPRECATED(3.0) | ^ /usr/local/include/openssl/macros.h:62:52: note: expanded from macro 'OSSL_DEPRECATED' 62 | # define OSSL_DEPRECATED(since) __attribute__((deprecated)) | ^ openssl.c:1540:10: warning: 'RSA_generate_key_ex' is deprecated [-Wdeprecated-declarations] 1540 | ret = RSA_generate_key_ex(rsa, RSA_KEYSIZE, exp, NULL); | ^ /usr/local/include/openssl/rsa.h:260:1: note: 'RSA_generate_key_ex' has been explicitly marked deprecated here 260 | OSSL_DEPRECATEDIN_3_0 int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, | ^ /usr/local/include/openssl/macros.h:182:49: note: expanded from macro 'OSSL_DEPRECATEDIN_3_0' 182 | # define OSSL_DEPRECATEDIN_3_0 OSSL_DEPRECATED(3.0) | ^ /usr/local/include/openssl/macros.h:62:52: note: expanded from macro 'OSSL_DEPRECATED' 62 | # define OSSL_DEPRECATED(since) __attribute__((deprecated)) | ^ openssl.c:1549:9: warning: 'EVP_PKEY_set1_RSA' is deprecated [-Wdeprecated-declarations] 1549 | if (!EVP_PKEY_set1_RSA(key, rsa)) | ^ /usr/local/include/openssl/evp.h:1345:1: note: 'EVP_PKEY_set1_RSA' has been explicitly marked deprecated here 1345 | OSSL_DEPRECATEDIN_3_0 | ^ /usr/local/include/openssl/macros.h:182:49: note: expanded from macro 'OSSL_DEPRECATEDIN_3_0' 182 | # define OSSL_DEPRECATEDIN_3_0 OSSL_DEPRECATED(3.0) | ^ /usr/local/include/openssl/macros.h:62:52: note: expanded from macro 'OSSL_DEPRECATED' 62 | # define OSSL_DEPRECATED(since) __attribute__((deprecated)) | ^ openssl.c:1592:7: warning: 'RSA_free' is deprecated [-Wdeprecated-declarations] 1592 | RSA_free(rsa); | ^ /usr/local/include/openssl/rsa.h:293:1: note: 'RSA_free' has been explicitly marked deprecated here 293 | OSSL_DEPRECATEDIN_3_0 void RSA_free(RSA *r); | ^ /usr/local/include/openssl/macros.h:182:49: note: expanded from macro 'OSSL_DEPRECATEDIN_3_0' 182 | # define OSSL_DEPRECATEDIN_3_0 OSSL_DEPRECATED(3.0) | ^ /usr/local/include/openssl/macros.h:62:52: note: expanded from macro 'OSSL_DEPRECATED' 62 | # define OSSL_DEPRECATED(since) __attribute__((deprecated)) | ^ --- openssl.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/openssl.c b/openssl.c index 39f46531..97cfc2b0 100644 --- a/openssl.c +++ b/openssl.c @@ -1495,8 +1495,10 @@ static int generate_key(struct client_state *csp, char **key_buf) { int ret = 0; char* key_file_path; +#if (OPENSSL_VERSION_NUMBER < 0x30000000L) BIGNUM *exp; RSA *rsa; +#endif EVP_PKEY *key; key_file_path = make_certs_path(csp->config->certificate_directory, @@ -1515,6 +1517,7 @@ static int generate_key(struct client_state *csp, char **key_buf) return 0; } +#if (OPENSSL_VERSION_NUMBER < 0x30000000L) exp = BN_new(); rsa = RSA_new(); key = EVP_PKEY_new(); @@ -1547,6 +1550,9 @@ static int generate_key(struct client_state *csp, char **key_buf) ret = -1; goto exit; } +#else + key = EVP_RSA_gen(RSA_KEYSIZE); +#endif /* * Exporting private key into file @@ -1563,6 +1569,7 @@ exit: /* * Freeing used variables */ +#if (OPENSSL_VERSION_NUMBER < 0x30000000L) if (exp) { BN_free(exp); @@ -1571,6 +1578,7 @@ exit: { RSA_free(rsa); } +#endif if (key) { EVP_PKEY_free(key); -- 2.39.2