From 387ba3f36092f2072ee6a05abeac27deaca177bd Mon Sep 17 00:00:00 2001

From: Lennart Poettering <lennart@poettering.net>

Date: Wed, 29 Sep 2021 15:03:44 +0200

Subject: [PATCH] openssl-util: use EVP API to get RSA bits

(cherry picked from commit 7f12adc3000c08a370f74bd16c654506c8a99e92)

Resolves: #2016042

---

 src/shared/openssl-util.c | 7 +------

 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/src/shared/openssl-util.c b/src/shared/openssl-util.c

index bb47ae5e87..bd728e6c7c 100644

--- a/src/shared/openssl-util.c

+++ b/src/shared/openssl-util.c

@@ -46,7 +46,6 @@ int rsa_pkey_to_suitable_key_size(

                 size_t *ret_suitable_key_size) {

         size_t suitable_key_size;

-        const RSA *rsa;

         int bits;

         assert_se(pkey);

@@ -58,11 +57,7 @@ int rsa_pkey_to_suitable_key_size(

         if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA)

                 return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG), "X.509 certificate does not refer to RSA key.");

-        rsa = EVP_PKEY_get0_RSA(pkey);

-        if (!rsa)

-                return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to acquire RSA public key from X.509 certificate.");

-

-        bits = RSA_bits(rsa);

+        bits = EVP_PKEY_bits(pkey);

         log_debug("Bits in RSA key: %i", bits);

         /* We use PKCS#1 padding for the RSA cleartext, hence let's leave some extra space for it, hence only