From e2ea0fd70bb2ee470abb87a35b8cd30f2229e491 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <quic_jouni@quicinc.com>
Date: Thu, 23 Feb 2023 16:44:38 +0200
Subject: [PATCH] EST: Write the RSA private key using the standard PRIVATE KEY
 format

The routines used for using raw RSA keys directly have been deprecated
in OpenSSL 3.0. There should be no particular need to use the "RSA
PRIVATE KEY" format, so replace this with the more common "PRIVATE KEY"
format that can be written without use of the deprecated functions.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
---
 hs20/client/est.c | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/hs20/client/est.c b/hs20/client/est.c
index 5c6e2f67d..425b72d18 100644
--- a/hs20/client/est.c
+++ b/hs20/client/est.c
@@ -11,7 +11,6 @@
 #include <openssl/evp.h>
 #include <openssl/pem.h>
 #include <openssl/pkcs7.h>
-#include <openssl/rsa.h>
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
@@ -367,7 +366,6 @@ static int generate_csr(struct hs20_osu_client *ctx, char *key_pem,
 {
 	EVP_PKEY_CTX *pctx = NULL;
 	EVP_PKEY *pkey = NULL;
-	RSA *rsa;
 	X509_REQ *req = NULL;
 	int ret = -1;
 	unsigned int val;
@@ -395,16 +393,11 @@ static int generate_csr(struct hs20_osu_client *ctx, char *key_pem,
 	EVP_PKEY_CTX_free(pctx);
 	pctx = NULL;
 
-	rsa = EVP_PKEY_get1_RSA(pkey);
-	if (rsa == NULL)
-		goto fail;
-
 	if (key_pem) {
 		FILE *f = fopen(key_pem, "wb");
 		if (f == NULL)
 			goto fail;
-		if (!PEM_write_RSAPrivateKey(f, rsa, NULL, NULL, 0, NULL,
-					     NULL)) {
+		if (!PEM_write_PrivateKey(f, pkey, NULL, NULL, 0, NULL, NULL)) {
 			wpa_printf(MSG_INFO, "Could not write private key: %s",
 				   ERR_error_string(ERR_get_error(), NULL));
 			fclose(f);