Don't use deprecated RSA-specific functions for openssl 3.0 or later.

2026-02-27 15:12:12 +00:00 · 2022-03-04 20:40:21 +11:00
parent 5998ebd1b4
commit 58ea397ae6
1 changed files with 95 additions and 5 deletions
--- a/include/boost/asio/ssl/impl/context.ipp
+++ b/include/boost/asio/ssl/impl/context.ipp
@@ -48,13 +48,13 @@ struct context::evp_pkey_cleanup
  ~evp_pkey_cleanup() { if (p) ::EVP_PKEY_free(p); }
 };

+#if (OPENSSL_VERSION_NUMBER < 0x30000000L)
 struct context::rsa_cleanup
 {
  RSA* p;
  ~rsa_cleanup() { if (p) ::RSA_free(p); }
 };

-#if (OPENSSL_VERSION_NUMBER < 0x30000000L)
 struct context::dh_cleanup
 {
  DH* p;
@@ -947,16 +947,53 @@ BOOST_ASIO_SYNC_OP_VOID context::use_rsa_private_key(
      && (!defined(LIBRESSL_VERSION_NUMBER) \
        || LIBRESSL_VERSION_NUMBER >= 0x2070000fL)) \
    || defined(BOOST_ASIO_USE_WOLFSSL)
-    pem_password_cb* callback = ::SSL_CTX_get_default_passwd_cb(handle_);
-    void* cb_userdata = ::SSL_CTX_get_default_passwd_cb_userdata(handle_);
+  pem_password_cb* callback = ::SSL_CTX_get_default_passwd_cb(handle_);
+  void* cb_userdata = ::SSL_CTX_get_default_passwd_cb_userdata(handle_);
 #else // (OPENSSL_VERSION_NUMBER >= 0x10100000L)
-    pem_password_cb* callback = handle_->default_passwd_callback;
-    void* cb_userdata = handle_->default_passwd_callback_userdata;
+  pem_password_cb* callback = handle_->default_passwd_callback;
+  void* cb_userdata = handle_->default_passwd_callback_userdata;
 #endif // (OPENSSL_VERSION_NUMBER >= 0x10100000L)

  bio_cleanup bio = { make_buffer_bio(private_key) };
  if (bio.p)
  {
+#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
+    evp_pkey_cleanup evp_private_key = { 0 };
+    switch (format)
+    {
+    case context_base::asn1:
+      evp_private_key.p = ::d2i_PrivateKey_bio(bio.p, 0);
+      break;
+    case context_base::pem:
+      evp_private_key.p = ::PEM_read_bio_PrivateKey(
+          bio.p, 0, callback,
+          cb_userdata);
+      break;
+    default:
+      {
+        ec = boost::asio::error::invalid_argument;
+        BOOST_ASIO_SYNC_OP_VOID_RETURN(ec);
+      }
+    }
+
+    if (evp_private_key.p)
+    {
+      if (::EVP_PKEY_is_a(evp_private_key.p, "RSA") == 0)
+      {
+        ec = boost::system::error_code(
+            static_cast<int>(ERR_PACK(ERR_LIB_EVP,
+                0, EVP_R_EXPECTING_AN_RSA_KEY)),
+            boost::asio::error::get_ssl_category());
+        BOOST_ASIO_SYNC_OP_VOID_RETURN(ec);
+      }
+
+      if (::SSL_CTX_use_PrivateKey(handle_, evp_private_key.p) == 1)
+      {
+        ec = boost::system::error_code();
+        BOOST_ASIO_SYNC_OP_VOID_RETURN(ec);
+      }
+    }
+#else // (OPENSSL_VERSION_NUMBER >= 0x30000000L)
    rsa_cleanup rsa_private_key = { 0 };
    switch (format)
    {
@@ -983,6 +1020,7 @@ BOOST_ASIO_SYNC_OP_VOID context::use_rsa_private_key(
        BOOST_ASIO_SYNC_OP_VOID_RETURN(ec);
      }
    }
+#endif // (OPENSSL_VERSION_NUMBER >= 0x30000000L)
  }

  ec = boost::system::error_code(
@@ -1037,6 +1075,57 @@ BOOST_ASIO_SYNC_OP_VOID context::use_rsa_private_key_file(
    const std::string& filename, context::file_format format,
    boost::system::error_code& ec)
 {
+#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
+  ::ERR_clear_error();
+
+  pem_password_cb* callback = ::SSL_CTX_get_default_passwd_cb(handle_);
+  void* cb_userdata = ::SSL_CTX_get_default_passwd_cb_userdata(handle_);
+
+  bio_cleanup bio = { ::BIO_new_file(filename.c_str(), "r") };
+  if (bio.p)
+  {
+    evp_pkey_cleanup evp_private_key = { 0 };
+    switch (format)
+    {
+    case context_base::asn1:
+      evp_private_key.p = ::d2i_PrivateKey_bio(bio.p, 0);
+      break;
+    case context_base::pem:
+      evp_private_key.p = ::PEM_read_bio_PrivateKey(
+          bio.p, 0, callback,
+          cb_userdata);
+      break;
+    default:
+      {
+        ec = boost::asio::error::invalid_argument;
+        BOOST_ASIO_SYNC_OP_VOID_RETURN(ec);
+      }
+    }
+
+    if (evp_private_key.p)
+    {
+      if (::EVP_PKEY_is_a(evp_private_key.p, "RSA") == 0)
+      {
+        ec = boost::system::error_code(
+            static_cast<int>(ERR_PACK(ERR_LIB_EVP,
+                0, EVP_R_EXPECTING_AN_RSA_KEY)),
+            boost::asio::error::get_ssl_category());
+        BOOST_ASIO_SYNC_OP_VOID_RETURN(ec);
+      }
+
+      if (::SSL_CTX_use_PrivateKey(handle_, evp_private_key.p) == 1)
+      {
+        ec = boost::system::error_code();
+        BOOST_ASIO_SYNC_OP_VOID_RETURN(ec);
+      }
+    }
+  }
+
+  ec = boost::system::error_code(
+      static_cast<int>(::ERR_get_error()),
+      boost::asio::error::get_ssl_category());
+  BOOST_ASIO_SYNC_OP_VOID_RETURN(ec);
+#else // (OPENSSL_VERSION_NUMBER >= 0x30000000L)
  int file_type;
  switch (format)
  {
@@ -1066,6 +1155,7 @@ BOOST_ASIO_SYNC_OP_VOID context::use_rsa_private_key_file(

  ec = boost::system::error_code();
  BOOST_ASIO_SYNC_OP_VOID_RETURN(ec);
+#endif // (OPENSSL_VERSION_NUMBER >= 0x30000000L)
 }

 void context::use_tmp_dh(const const_buffer& dh)