Fix deprecation warnings for RSA functions with OpenSSL 3.x

Use the default e value of 65537, instead of 3, because 3 is accepted but deprecated.
2024-10-31 21:20:21 +00:00 · 2024-09-28 15:10:24 +03:00 · 2024-09-28 15:10:24 +03:00 · 97e52bc95d
commit 97e52bc95d
parent 80cb2d654d
1 changed files with 24 additions and 1 deletions
--- a/src/ssl.c
+++ b/src/ssl.c
@ -52,7 +52,9 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 #include <openssl/ocsp.h>
-
+//#if OPENSSL_VERSION_NUMBER >= 0x30000000L && !defined(LIBRESSL_VERSION_NUMBER)
+//#include <openssl/core_names.h> // OSSL_PKEY_PARAM_RSA_E
+//#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */

 /*
 * Collection of helper functions on top of the OpenSSL API.
@ -1383,6 +1385,7 @@ EVP_PKEY *
 ssl_key_genrsa(const int keysize)
 {
 	EVP_PKEY *pkey;
+#if OPENSSL_VERSION_NUMBER < 0x30000000L || defined(LIBRESSL_VERSION_NUMBER)
 	RSA *rsa;

 #if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20701000L)
@ -1404,6 +1407,26 @@ ssl_key_genrsa(const int keysize)
 #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
 	pkey = EVP_PKEY_new();
 	EVP_PKEY_assign_RSA(pkey, rsa); /* does not increment refcount */
+#else /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
+	pkey = EVP_RSA_gen(keysize);
+	/*
+	// https://docs.openssl.org/3.0/man7/EVP_PKEY-RSA
+	// "The RSA "e" value. The value may be any odd number greater than or equal to 65537. The default value is 65537.
+	// For legacy reasons a value of 3 is currently accepted but is deprecated."
+	EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name(NULL, "rsa", NULL);
+
+	BIGNUM *bn = BN_new();
+	BN_dec2bn(&bn, "3");
+
+	OSSL_PARAM params[2] = {
+		OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, bn, BN_num_bytes(bn)),
+		OSSL_PARAM_END
+	};
+
+	EVP_PKEY_fromdata_init(ctx);
+	EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEY_PARAMETERS, params);
+	*/
+#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
 	return pkey;
 }