openssl: stop using deprecated read_RSAPublicKey
Starting with openssl 3, the PEM_read_bio_RSAPublicKey function is
deprecated. There is an existing API, PEM_read_PUBKEY which gives a
nicer EVP_PKEY object instead. Switch to use this.
Tested: Unit tests pass, which call 'verify' and use this code path.
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I45a935173f2d4d29660ef38f8e1ebcfa13c043d1
diff --git a/image_verify.cpp b/image_verify.cpp
index b7654aa..d67cfac 100644
--- a/image_verify.cpp
+++ b/image_verify.cpp
@@ -294,16 +294,12 @@
// Create RSA.
auto publicRSA = createPublicRSA(publicKey);
- if (publicRSA == nullptr)
+ if (!publicRSA)
{
error("Failed to create RSA from {PATH}", "PATH", publicKey);
elog<InternalFailure>();
}
- // Assign key to RSA.
- EVP_PKEY_Ptr pKeyPtr(EVP_PKEY_new(), ::EVP_PKEY_free);
- EVP_PKEY_assign_RSA(pKeyPtr.get(), publicRSA);
-
// Initializes a digest context.
EVP_MD_CTX_Ptr rsaVerifyCtx(EVP_MD_CTX_new(), ::EVP_MD_CTX_free);
@@ -320,7 +316,7 @@
}
auto result = EVP_DigestVerifyInit(rsaVerifyCtx.get(), nullptr, hashStruct,
- nullptr, pKeyPtr.get());
+ nullptr, publicRSA.get());
if (result <= 0)
{
@@ -366,9 +362,8 @@
return true;
}
-inline RSA* Signature::createPublicRSA(const fs::path& publicKey)
+inline EVP_PKEY_Ptr Signature::createPublicRSA(const fs::path& publicKey)
{
- RSA* rsa = nullptr;
auto size = fs::file_size(publicKey);
// Read public key file
@@ -381,9 +376,8 @@
elog<InternalFailure>();
}
- rsa = PEM_read_bio_RSA_PUBKEY(keyBio.get(), &rsa, nullptr, nullptr);
-
- return rsa;
+ return {PEM_read_bio_PUBKEY(keyBio.get(), nullptr, nullptr, nullptr),
+ &::EVP_PKEY_free};
}
CustomMap Signature::mapFile(const fs::path& path, size_t size)