Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openpower-pnor-code-mgmt / 3ce1a4cbd2f3ba7c11a48d0f180710a83a1f5c10^! / .
commit3ce1a4cbd2f3ba7c11a48d0f180710a83a1f5c10[log] [tgz]
authorAdriana Kobylak <anoo@us.ibm.com>Wed Dec 08 14:48:52 2021 +0000
committerAdriana Kobylak <anoo@us.ibm.com>Wed Dec 08 15:02:02 2021 +0000
treeb443e690c5f8e94d419e3dc26b4aa8fcf4e6ed48
parent9cbc06b10d2738f7c2e3472cd447612768739f1d [diff]
openssl: stop using deprecated read_RSAPublicKey

Starting with openssl 3, the PEM_read_bio_RSAPublicKey function is
deprecated.  There is an existing API, PEM_read_PUBKEY which gives a
nicer EVP_PKEY object instead.  Switch to use this.

Tested: Unit tests pass, which call 'verify' and use this code path.

Change-Id: Id3d5cf5f200ae1fcb66329c848f6c3567f7ef3d7
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>

diff --git a/image_verify.cpp b/image_verify.cpp
index 71bcb58..917128c 100644
--- a/image_verify.cpp
+++ b/image_verify.cpp

@@ -211,17 +211,13 @@
 
     // Create RSA.
     auto publicRSA = createPublicRSA(publicKey);
-    if (publicRSA == nullptr)
+    if (!publicRSA)
     {
         log<level::ERR>("Failed to create RSA",
                         entry("FILE=%s", publicKey.c_str()));
         elog<InternalFailure>();
     }
 
-    // Assign key to RSA.
-    EVP_PKEY_Ptr pKeyPtr(EVP_PKEY_new(), ::EVP_PKEY_free);
-    EVP_PKEY_assign_RSA(pKeyPtr.get(), publicRSA);
-
     // Initializes a digest context.
     EVP_MD_CTX_Ptr rsaVerifyCtx(EVP_MD_CTX_new(), ::EVP_MD_CTX_free);
 
@@ -238,7 +234,7 @@
     }
 
     auto result = EVP_DigestVerifyInit(rsaVerifyCtx.get(), nullptr, hashStruct,
-                                       nullptr, pKeyPtr.get());
+                                       nullptr, publicRSA.get());
 
     if (result <= 0)
     {
@@ -284,9 +280,9 @@
     return true;
 }
 
-inline RSA* Signature::createPublicRSA(const std::filesystem::path& publicKey)
+inline EVP_PKEY_Ptr
+    Signature::createPublicRSA(const std::filesystem::path& publicKey)
 {
-    RSA* rsa = nullptr;
     auto size = std::filesystem::file_size(publicKey);
 
     // Read public key file
@@ -299,9 +295,8 @@
         elog<InternalFailure>();
     }
 
-    rsa = PEM_read_bio_RSA_PUBKEY(keyBio.get(), &rsa, nullptr, nullptr);
-
-    return rsa;
+    return {PEM_read_bio_PUBKEY(keyBio.get(), nullptr, nullptr, nullptr),
+            &::EVP_PKEY_free};
 }
 
 CustomMap Signature::mapFile(const std::filesystem::path& path, size_t size)

diff --git a/image_verify.hpp b/image_verify.hpp
index d909afe..0d04815 100644
--- a/image_verify.hpp
+++ b/image_verify.hpp

@@ -191,7 +191,7 @@
      * @param[in]  - publickey
      * @param[out] - RSA Object.
      */
-    inline RSA* createPublicRSA(const std::filesystem::path& publicKey);
+    inline EVP_PKEY_Ptr createPublicRSA(const std::filesystem::path& publicKey);
 
     /**
      * @brief Memory map the  file