openssl: stop using deprecated read_RSAPublicKey
Starting with openssl 3, the PEM_read_bio_RSAPublicKey function is
deprecated. There is an existing API, PEM_read_PUBKEY which gives a
nicer EVP_PKEY object instead. Switch to use this.
Tested: Unit tests pass, which call 'verify' and use this code path.
Change-Id: Id3d5cf5f200ae1fcb66329c848f6c3567f7ef3d7
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
diff --git a/image_verify.cpp b/image_verify.cpp
index 71bcb58..917128c 100644
--- a/image_verify.cpp
+++ b/image_verify.cpp
@@ -211,17 +211,13 @@
// Create RSA.
auto publicRSA = createPublicRSA(publicKey);
- if (publicRSA == nullptr)
+ if (!publicRSA)
{
log<level::ERR>("Failed to create RSA",
entry("FILE=%s", publicKey.c_str()));
elog<InternalFailure>();
}
- // Assign key to RSA.
- EVP_PKEY_Ptr pKeyPtr(EVP_PKEY_new(), ::EVP_PKEY_free);
- EVP_PKEY_assign_RSA(pKeyPtr.get(), publicRSA);
-
// Initializes a digest context.
EVP_MD_CTX_Ptr rsaVerifyCtx(EVP_MD_CTX_new(), ::EVP_MD_CTX_free);
@@ -238,7 +234,7 @@
}
auto result = EVP_DigestVerifyInit(rsaVerifyCtx.get(), nullptr, hashStruct,
- nullptr, pKeyPtr.get());
+ nullptr, publicRSA.get());
if (result <= 0)
{
@@ -284,9 +280,9 @@
return true;
}
-inline RSA* Signature::createPublicRSA(const std::filesystem::path& publicKey)
+inline EVP_PKEY_Ptr
+ Signature::createPublicRSA(const std::filesystem::path& publicKey)
{
- RSA* rsa = nullptr;
auto size = std::filesystem::file_size(publicKey);
// Read public key file
@@ -299,9 +295,8 @@
elog<InternalFailure>();
}
- rsa = PEM_read_bio_RSA_PUBKEY(keyBio.get(), &rsa, nullptr, nullptr);
-
- return rsa;
+ return {PEM_read_bio_PUBKEY(keyBio.get(), nullptr, nullptr, nullptr),
+ &::EVP_PKEY_free};
}
CustomMap Signature::mapFile(const std::filesystem::path& path, size_t size)