commit 50e3f06823696c74eea90a77e16b28da1f79cd47

Author: Ingo Franzki <ifranzki@linux.ibm.com>

Date:   Wed Jun 30 14:33:33 2021 +0200

    SOFT: Remove deprecated OpenSSL functions

    All low level RSA, EC_KEY, and DH functions are deprecated in OpenSSL 3.0.

    Update the code to not use any of those.

    Change the digest operation context to store the OpenSSL digest context,

    instead of the deprecated way of retrieving and restoring the digest state.

    This makes the digest operation context 'non savable'.

    Also remove support for OpenSSL < v1.1.1. This code used even more

    low level OpenSSL functions.

    Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>

diff --git a/usr/lib/soft_stdll/soft_specific.c b/usr/lib/soft_stdll/soft_specific.c

index 5ca22693..43fd17c3 100644

--- a/usr/lib/soft_stdll/soft_specific.c

+++ b/usr/lib/soft_stdll/soft_specific.c

@@ -26,10 +26,6 @@

 #include <openssl/opensslv.h>

-#if OPENSSL_VERSION_NUMBER < 0x10101000L

-#define NO_EC 1

-#endif

-

 #include "pkcs11types.h"

 #include "defs.h"

 #include "host_defs.h"

@@ -54,14 +50,10 @@

 #include <openssl/crypto.h>

 #include <openssl/cmac.h>

 #include <openssl/ec.h>

-

-/*

- * In order to make opencryptoki compatible with

- * OpenSSL 1.1 API Changes and backward compatible

- * we need to check for its version

- */

-#if OPENSSL_VERSION_NUMBER < 0x10100000L

-#define OLDER_OPENSSL

+#include <openssl/bn.h>

+#if OPENSSL_VERSION_PREREQ(3, 0)

+#include <openssl/core_names.h>

+#include <openssl/param_build.h>

 #endif

 #define MAX_GENERIC_KEY_SIZE 256

@@ -76,7 +68,10 @@ static const MECH_LIST_ELEMENT soft_mech_list[] = {

 #if !(NODSA)

     {CKM_DSA_KEY_PAIR_GEN, {512, 1024, CKF_GENERATE_KEY_PAIR}},

 #endif

+#if !OPENSSL_VERSION_PREREQ(3, 0)

+    /* OpenSSL 3.0 supports single-DES only with the legacy provider */

     {CKM_DES_KEY_GEN, {8, 8, CKF_GENERATE}},

+#endif

     {CKM_DES3_KEY_GEN, {24, 24, CKF_GENERATE}},

 #if !(NOCDMF)

     {CKM_CDMF_KEY_GEN, {0, 0, CKF_GENERATE}},

@@ -120,10 +115,13 @@ static const MECH_LIST_ELEMENT soft_mech_list[] = {

     {CKM_DH_PKCS_KEY_PAIR_GEN, {512, 2048, CKF_GENERATE_KEY_PAIR}},

 #endif

 /* End code contributed by Corrent corp. */

+#if !OPENSSL_VERSION_PREREQ(3, 0)

+    /* OpenSSL 3.0 supports single-DES only with the legacy provider */

     {CKM_DES_ECB, {8, 8, CKF_ENCRYPT | CKF_DECRYPT | CKF_WRAP | CKF_UNWRAP}},

     {CKM_DES_CBC, {8, 8, CKF_ENCRYPT | CKF_DECRYPT | CKF_WRAP | CKF_UNWRAP}},

     {CKM_DES_CBC_PAD,

      {8, 8, CKF_ENCRYPT | CKF_DECRYPT | CKF_WRAP | CKF_UNWRAP}},

+#endif

 #if !(NOCDMF)

     {CKM_CDMF_ECB, {0, 0, CKF_ENCRYPT | CKF_DECRYPT | CKF_WRAP | CKF_UNWRAP}},

     {CKM_CDMF_CBC, {0, 0, CKF_ENCRYPT | CKF_DECRYPT | CKF_WRAP | CKF_UNWRAP}},

@@ -286,58 +284,6 @@ CK_RV token_specific_des_ecb(STDLL_TokData_t *tokdata,

                              CK_ULONG *out_data_len,

                              OBJECT *key, CK_BYTE encrypt)

 {

-#if OPENSSL_VERSION_NUMBER < 0x10100000L

-    CK_RV rc;

-    DES_key_schedule des_key2;

-    const_DES_cblock key_val_SSL, in_key_data;

-    DES_cblock out_key_data;

-    unsigned int i, j;

-    CK_ATTRIBUTE *attr = NULL;

-

-    UNUSED(tokdata);

-

-    // get the key value

-    rc = template_attribute_get_non_empty(key->template, CKA_VALUE, &attr);

-    if (rc != CKR_OK) {

-        TRACE_ERROR("Could not find CKA_VALUE for the key\n");

-        return rc;

-    }

-    // Create the key schedule

-    memcpy(&key_val_SSL, attr->pValue, 8);

-    DES_set_key_unchecked(&key_val_SSL, &des_key2);

-

-    // the des decrypt will only fail if the data length is not evenly divisible

-    // by 8

-    if (in_data_len % DES_BLOCK_SIZE) {

-        TRACE_ERROR("%s\n", ock_err(ERR_DATA_LEN_RANGE));

-        return CKR_DATA_LEN_RANGE;

-    }

-    // Both the encrypt and the decrypt are done 8 bytes at a time

-    if (encrypt) {

-        for (i = 0; i < in_data_len; i = i + 8) {

-            memcpy(in_key_data, in_data + i, 8);

-            DES_ecb_encrypt(&in_key_data, &out_key_data, &des_key2,

-                            DES_ENCRYPT);

-            memcpy(out_data + i, out_key_data, 8);

-        }

-

-        *out_data_len = in_data_len;

-        rc = CKR_OK;

-    } else {

-

-        for (j = 0; j < in_data_len; j = j + 8) {

-            memcpy(in_key_data, in_data + j, 8);

-            DES_ecb_encrypt(&in_key_data, &out_key_data, &des_key2,

-                            DES_DECRYPT);

-            memcpy(out_data + j, out_key_data, 8);

-        }

-

-        *out_data_len = in_data_len;

-        rc = CKR_OK;

-    }

-

-    return rc;

-#else

     const EVP_CIPHER *cipher = EVP_des_ecb();

     EVP_CIPHER_CTX *ctx = NULL;

     CK_ATTRIBUTE *attr = NULL;

@@ -384,7 +330,6 @@ done:

     OPENSSL_cleanse(dkey, sizeof(dkey));

     EVP_CIPHER_CTX_free(ctx);

     return rc;

-#endif

 }

 CK_RV token_specific_des_cbc(STDLL_TokData_t *tokdata,

@@ -394,47 +339,6 @@ CK_RV token_specific_des_cbc(STDLL_TokData_t *tokdata,

                              CK_ULONG *out_data_len,

                              OBJECT *key, CK_BYTE *init_v, CK_BYTE encrypt)

 {

-#if OPENSSL_VERSION_NUMBER < 0x10100000L

-    CK_RV rc;

-    CK_ATTRIBUTE *attr = NULL;

-    DES_cblock ivec;

-    DES_key_schedule des_key2;

-    const_DES_cblock key_val_SSL;

-

-    UNUSED(tokdata);

-

-    // get the key value

-    rc = template_attribute_get_non_empty(key->template, CKA_VALUE, &attr);

-    if (rc != CKR_OK) {

-        TRACE_ERROR("Could not find CKA_VALUE for the key\n");

-        return rc;

-    }

-    // Create the key schedule

-    memcpy(&key_val_SSL, attr->pValue, 8);

-    DES_set_key_unchecked(&key_val_SSL, &des_key2);

-

-    memcpy(&ivec, init_v, 8);

-    // the des decrypt will only fail if the data length is not evenly divisible

-    // by 8

-    if (in_data_len % DES_BLOCK_SIZE) {

-        TRACE_ERROR("%s\n", ock_err(ERR_DATA_LEN_RANGE));

-        return CKR_DATA_LEN_RANGE;

-    }

-

-    if (encrypt) {

-        DES_ncbc_encrypt(in_data, out_data, in_data_len, &des_key2, &ivec,

-                         DES_ENCRYPT);

-        *out_data_len = in_data_len;

-        rc = CKR_OK;

-    } else {

-        DES_ncbc_encrypt(in_data, out_data, in_data_len, &des_key2, &ivec,

-                         DES_DECRYPT);

-        *out_data_len = in_data_len;

-        rc = CKR_OK;

-    }

-

-    return rc;

-#else

     const EVP_CIPHER *cipher = EVP_des_cbc();

     EVP_CIPHER_CTX *ctx = NULL;

     CK_ATTRIBUTE *attr = NULL;

@@ -481,7 +385,6 @@ done:

     OPENSSL_cleanse(dkey, sizeof(dkey));

     EVP_CIPHER_CTX_free(ctx);

     return rc;

-#endif

 }

 CK_RV token_specific_tdes_ecb(STDLL_TokData_t *tokdata,

@@ -491,80 +394,6 @@ CK_RV token_specific_tdes_ecb(STDLL_TokData_t *tokdata,

                               CK_ULONG *out_data_len,

                               OBJECT *key, CK_BYTE encrypt)

 {

-#if OPENSSL_VERSION_NUMBER < 0x10100000L

-    CK_RV rc;

-    CK_ATTRIBUTE *attr = NULL;

-    CK_BYTE key_value[3 * DES_KEY_SIZE];

-    CK_KEY_TYPE keytype;

-    unsigned int k, j;

-    DES_key_schedule des_key1;

-    DES_key_schedule des_key2;

-    DES_key_schedule des_key3;

-    const_DES_cblock key_SSL1, key_SSL2, key_SSL3, in_key_data;

-    DES_cblock out_key_data;

-

-    UNUSED(tokdata);

-

-    // get the key type

-    rc = template_attribute_get_ulong(key->template, CKA_KEY_TYPE, &keytype);

-    if (rc != CKR_OK) {

-        TRACE_ERROR("Could not find CKA_KEY_TYPE for the key\n");

-        return rc;

-    }

-

-    // get the key value

-    rc = template_attribute_get_non_empty(key->template, CKA_VALUE, &attr);

-    if (rc != CKR_OK) {

-        TRACE_ERROR("Could not find CKA_VALUE for the key\n");

-        return rc;

-    }

-    if (keytype == CKK_DES2) {

-        memcpy(key_value, attr->pValue, 2 * DES_KEY_SIZE);

-        memcpy(key_value + (2 * DES_KEY_SIZE), attr->pValue, DES_KEY_SIZE);

-    } else {

-        memcpy(key_value, attr->pValue, 3 * DES_KEY_SIZE);

-    }

-

-    // The key as passed is a 24 byte long string containing three des keys

-    // pick them apart and create the 3 corresponding key schedules

-    memcpy(&key_SSL1, key_value, 8);

-    memcpy(&key_SSL2, key_value + 8, 8);

-    memcpy(&key_SSL3, key_value + 16, 8);

-    DES_set_key_unchecked(&key_SSL1, &des_key1);

-    DES_set_key_unchecked(&key_SSL2, &des_key2);

-    DES_set_key_unchecked(&key_SSL3, &des_key3);

-

-    // the des decrypt will only fail if the data length is not evenly divisible

-    // by 8

-    if (in_data_len % DES_BLOCK_SIZE) {

-        TRACE_ERROR("%s\n", ock_err(ERR_DATA_LEN_RANGE));

-        return CKR_DATA_LEN_RANGE;

-    }

-    // the encrypt and decrypt are done 8 bytes at a time

-    if (encrypt) {

-        for (k = 0; k < in_data_len; k = k + 8) {

-            memcpy(in_key_data, in_data + k, 8);

-            DES_ecb3_encrypt((const_DES_cblock *) & in_key_data,

-                             (DES_cblock *) & out_key_data,

-                             &des_key1, &des_key2, &des_key3, DES_ENCRYPT);

-            memcpy(out_data + k, out_key_data, 8);

-        }

-        *out_data_len = in_data_len;

-        rc = CKR_OK;

-    } else {

-        for (j = 0; j < in_data_len; j = j + 8) {

-            memcpy(in_key_data, in_data + j, 8);

-            DES_ecb3_encrypt((const_DES_cblock *) & in_key_data,

-                             (DES_cblock *) & out_key_data,

-                             &des_key1, &des_key2, &des_key3, DES_DECRYPT);

-            memcpy(out_data + j, out_key_data, 8);

-        }

-        *out_data_len = in_data_len;

-        rc = CKR_OK;

-    }

-

-    return rc;

-#else

     const EVP_CIPHER *cipher = EVP_des_ede3_ecb();

     EVP_CIPHER_CTX *ctx = NULL;

     CK_ATTRIBUTE *attr = NULL;

@@ -624,7 +453,6 @@ done:

     OPENSSL_cleanse(dkey, sizeof(dkey));

     EVP_CIPHER_CTX_free(ctx);

     return rc;

-#endif

 }

 CK_RV token_specific_tdes_cbc(STDLL_TokData_t *tokdata,

@@ -634,78 +462,6 @@ CK_RV token_specific_tdes_cbc(STDLL_TokData_t *tokdata,

                               CK_ULONG *out_data_len,

                               OBJECT *key, CK_BYTE *init_v, CK_BYTE encrypt)

 {

-#if OPENSSL_VERSION_NUMBER < 0x10100000L

-    CK_ATTRIBUTE *attr = NULL;

-    CK_RV rc = CKR_OK;

-    CK_BYTE key_value[3 * DES_KEY_SIZE];

-    CK_KEY_TYPE keytype;

-    DES_key_schedule des_key1;

-    DES_key_schedule des_key2;

-    DES_key_schedule des_key3;

-    const_DES_cblock key_SSL1, key_SSL2, key_SSL3;

-    DES_cblock ivec;

-

-    UNUSED(tokdata);

-

-    // get the key type

-    rc = template_attribute_get_ulong(key->template, CKA_KEY_TYPE, &keytype);

-    if (rc != CKR_OK) {

-        TRACE_ERROR("Could not find CKA_KEY_TYPE for the key\n");

-        return rc;

-    }

-

-    // get the key value

-    rc = template_attribute_get_non_empty(key->template, CKA_VALUE, &attr);

-    if (rc != CKR_OK) {

-        TRACE_ERROR("Could not find CKA_VALUE for the key\n");

-        return rc;

-    }

-    if (keytype == CKK_DES2) {

-        memcpy(key_value, attr->pValue, 2 * DES_KEY_SIZE);

-        memcpy(key_value + (2 * DES_KEY_SIZE), attr->pValue, DES_KEY_SIZE);

-    } else {

-        memcpy(key_value, attr->pValue, 3 * DES_KEY_SIZE);

-    }

-

-    // The key as passed in is a 24 byte string containing 3 keys

-    // pick it apart and create the key schedules

-    memcpy(&key_SSL1, key_value, 8);

-    memcpy(&key_SSL2, key_value + 8, 8);

-    memcpy(&key_SSL3, key_value + 16, 8);

-    DES_set_key_unchecked(&key_SSL1, &des_key1);

-    DES_set_key_unchecked(&key_SSL2, &des_key2);

-    DES_set_key_unchecked(&key_SSL3, &des_key3);

-

-    memcpy(ivec, init_v, sizeof(ivec));

-

-    // the des decrypt will only fail if the data length is not evenly divisible

-    // by 8

-    if (in_data_len % DES_BLOCK_SIZE) {

-        TRACE_ERROR("%s\n", ock_err(ERR_DATA_LEN_RANGE));

-        return CKR_DATA_LEN_RANGE;

-    }

-    // Encrypt or decrypt the data

-    if (encrypt) {

-        DES_ede3_cbc_encrypt(in_data,

-                             out_data,

-                             in_data_len,

-                             &des_key1,

-                             &des_key2, &des_key3, &ivec, DES_ENCRYPT);

-        *out_data_len = in_data_len;

-        rc = CKR_OK;

-    } else {

-        DES_ede3_cbc_encrypt(in_data,

-                             out_data,

-                             in_data_len,

-                             &des_key1,

-                             &des_key2, &des_key3, &ivec, DES_DECRYPT);

-

-        *out_data_len = in_data_len;

-        rc = CKR_OK;

-    }

-

-    return rc;

-#else

     const EVP_CIPHER *cipher = EVP_des_ede3_cbc();

     EVP_CIPHER_CTX *ctx = NULL;

     CK_ATTRIBUTE *attr = NULL;

@@ -765,7 +521,6 @@ done:

     OPENSSL_cleanse(dkey, sizeof(dkey));

     EVP_CIPHER_CTX_free(ctx);

     return rc;

-#endif

 }

 CK_RV token_specific_tdes_mac(STDLL_TokData_t *tokdata, CK_BYTE *message,

@@ -795,14 +550,20 @@ CK_RV token_specific_tdes_mac(STDLL_TokData_t *tokdata, CK_BYTE *message,

 // convert from the local PKCS11 template representation to

 // the underlying requirement

 // returns the pointer to the local key representation

-static void *rsa_convert_public_key(OBJECT *key_obj)

+static EVP_PKEY *rsa_convert_public_key(OBJECT *key_obj)

 {

     CK_BBOOL rc;

     CK_ATTRIBUTE *modulus = NULL;

     CK_ATTRIBUTE *pub_exp = NULL;

-

-    RSA *rsa;

+    EVP_PKEY *pkey = NULL;

     BIGNUM *bn_mod, *bn_exp;

+#if OPENSSL_VERSION_PREREQ(3, 0)

+    EVP_PKEY_CTX *pctx = NULL;

+    OSSL_PARAM_BLD *tmpl = NULL;

+    OSSL_PARAM *params = NULL;

+#else

+    RSA *rsa;

+#endif

     rc = template_attribute_get_non_empty(key_obj->template, CKA_MODULUS,

                                           &modulus);

@@ -813,12 +574,7 @@ static void *rsa_convert_public_key(OBJECT *key_obj)

     if (rc != CKR_OK)

         return NULL;

-    // Create an RSA key struct to return

-    rsa = RSA_new();

-    if (rsa == NULL)

-        return NULL;

-

-    // Create and init BIGNUM structs to stick in the RSA struct

+    // Create and init BIGNUM structs

     bn_mod = BN_new();

     bn_exp = BN_new();

@@ -827,24 +583,74 @@ static void *rsa_convert_public_key(OBJECT *key_obj)

             free(bn_mod);

         if (bn_exp)

             free(bn_exp);

-        RSA_free(rsa);

         return NULL;

     }

-    // Convert from strings to BIGNUMs and stick them in the RSA struct

+    // Convert from strings to BIGNUMs

     BN_bin2bn((unsigned char *) modulus->pValue, modulus->ulValueLen, bn_mod);

     BN_bin2bn((unsigned char *) pub_exp->pValue, pub_exp->ulValueLen, bn_exp);

-#ifdef OLDER_OPENSSL

-    rsa->n = bn_mod;

-    rsa->e = bn_exp;

-#else

+#if !OPENSSL_VERSION_PREREQ(3, 0)

+    // Create an RSA key struct to return

+    rsa = RSA_new();

+    if (rsa == NULL) {

+        if (bn_mod)

+             free(bn_mod);

+         if (bn_exp)

+             free(bn_exp);

+        return NULL;

+    }

+

     RSA_set0_key(rsa, bn_mod, bn_exp, NULL);

+

+    pkey = EVP_PKEY_new();

+    if (pkey == NULL) {

+       RSA_free(rsa);

+       return NULL;

+    }

+

+    if (EVP_PKEY_assign_RSA(pkey, rsa) != 1) {

+        RSA_free(rsa);

+        EVP_PKEY_free(pkey);

+        return NULL;

+    }

+#else

+    tmpl = OSSL_PARAM_BLD_new();

+    if (tmpl == NULL)

+        goto out;

+

+    if (!OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_RSA_N, bn_mod) ||

+        !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_RSA_E, bn_exp))

+        goto out;

+

+    params = OSSL_PARAM_BLD_to_param(tmpl);

+    if (params == NULL)

+        goto out;

+

+    pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);

+    if (pctx == NULL)

+        goto out;

+

+    if (!EVP_PKEY_fromdata_init(pctx) ||

+        !EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_PUBLIC_KEY, params))

+        goto out;

+

+out:

+    if (pctx != NULL)

+        EVP_PKEY_CTX_free(pctx);

+    if (tmpl != NULL)

+        OSSL_PARAM_BLD_free(tmpl);

+    if (params != NULL)

+        OSSL_PARAM_free(params);

+    if (bn_mod != NULL)

+        BN_free(bn_mod);

+    if (bn_exp != NULL)

+        BN_free(bn_exp);

 #endif

-    return (void *) rsa;

+    return pkey;

 }

-static void *rsa_convert_private_key(OBJECT *key_obj)

+static EVP_PKEY *rsa_convert_private_key(OBJECT *key_obj)

 {

     CK_ATTRIBUTE *modulus = NULL;

     CK_ATTRIBUTE *pub_exp = NULL;

@@ -854,9 +660,15 @@ static void *rsa_convert_private_key(OBJECT *key_obj)

     CK_ATTRIBUTE *exp1 = NULL;

     CK_ATTRIBUTE *exp2 = NULL;

     CK_ATTRIBUTE *coeff = NULL;

-

+    EVP_PKEY *pkey = NULL;

+#if OPENSSL_VERSION_PREREQ(3, 0)

+    EVP_PKEY_CTX *pctx = NULL;

+    OSSL_PARAM_BLD *tmpl = NULL;

+    OSSL_PARAM *params = NULL;

+#else

     RSA *rsa;

     RSA_METHOD *meth;

+#endif

     BIGNUM *bn_mod, *bn_pub_exp, *bn_priv_exp, *bn_p1, *bn_p2, *bn_e1, *bn_e2,

         *bn_cf;

@@ -873,6 +685,8 @@ static void *rsa_convert_private_key(OBJECT *key_obj)

     if (!prime2 && !modulus) {

         return NULL;

     }

+

+#if !OPENSSL_VERSION_PREREQ(3, 0)

     // Create and init all the RSA and BIGNUM structs we need.

     rsa = RSA_new();

     if (rsa == NULL)

@@ -884,17 +698,6 @@ static void *rsa_convert_private_key(OBJECT *key_obj)

      * Token doesn't implement RSA and, instead, calls OpenSSL for it.

      * So to avoid it we set RSA methods to the default rsa methods.

      */

-#ifdef OLDER_OPENSSL

-    if (rsa->engine) {

-        meth = (RSA_METHOD *) rsa->meth;

-        const RSA_METHOD *meth2 = RSA_PKCS1_SSLeay();

-        meth->rsa_pub_enc = meth2->rsa_pub_enc;

-        meth->rsa_pub_dec = meth2->rsa_pub_dec;

-        meth->rsa_priv_enc = meth2->rsa_priv_enc;

-        meth->rsa_priv_dec = meth2->rsa_priv_dec;

-        meth->rsa_mod_exp = meth2->rsa_mod_exp;

-        meth->bn_mod_exp = meth2->bn_mod_exp;

-#else

 /*

  * XXX I dont see a better way than to ignore this warning for now.

  * Note that the GCC pragma also works for clang.

@@ -912,8 +715,8 @@ static void *rsa_convert_private_key(OBJECT *key_obj)

         RSA_meth_set_mod_exp(meth, RSA_meth_get_mod_exp(meth2));

         RSA_meth_set_bn_mod_exp(meth, RSA_meth_get_bn_mod_exp(meth2));

 # pragma GCC diagnostic pop

-#endif

     }

+#endif

     bn_mod = BN_new();

     bn_pub_exp = BN_new();

@@ -926,33 +729,14 @@ static void *rsa_convert_private_key(OBJECT *key_obj)

     if ((bn_cf == NULL) || (bn_e2 == NULL) || (bn_e1 == NULL) ||

         (bn_p2 == NULL) || (bn_p1 == NULL) || (bn_priv_exp == NULL) ||

-        (bn_pub_exp == NULL) || (bn_mod == NULL)) {

-        if (rsa)

-            RSA_free(rsa);

-        if (bn_mod)

-            BN_free(bn_mod);

-        if (bn_pub_exp)

-            BN_free(bn_pub_exp);

-        if (bn_priv_exp)

-            BN_free(bn_priv_exp);

-        if (bn_p1)

-            BN_free(bn_p1);

-        if (bn_p2)

-            BN_free(bn_p2);

-        if (bn_e1)

-            BN_free(bn_e1);

-        if (bn_e2)

-            BN_free(bn_e2);

-        if (bn_cf)

-            BN_free(bn_cf);

-        return NULL;

-    }

+        (bn_pub_exp == NULL) || (bn_mod == NULL))

+        goto out;

     // CRT key?

     if (prime1) {

-        if (!prime2 || !exp1 || !exp2 || !coeff) {

-            return NULL;

-        }

+        if (!prime2 || !exp1 || !exp2 || !coeff)

+            goto out;

+

         // Even though this is CRT key, OpenSSL requires the

         // modulus and exponents filled in or encrypt and decrypt will

         // not work

@@ -969,20 +753,44 @@ static void *rsa_convert_private_key(OBJECT *key_obj)

         BN_bin2bn((unsigned char *) exp1->pValue, exp1->ulValueLen, bn_e1);

         BN_bin2bn((unsigned char *) exp2->pValue, exp2->ulValueLen, bn_e2);

         BN_bin2bn((unsigned char *) coeff->pValue, coeff->ulValueLen, bn_cf);

-#ifdef OLDER_OPENSSL

-        rsa->n = bn_mod;

-        rsa->d = bn_priv_exp;

-        rsa->p = bn_p1;

-        rsa->q = bn_p2;

-        rsa->dmp1 = bn_e1;

-        rsa->dmq1 = bn_e2;

-        rsa->iqmp = bn_cf;

-#else

+

+#if !OPENSSL_VERSION_PREREQ(3, 0)

         RSA_set0_key(rsa, bn_mod, bn_pub_exp, bn_priv_exp);

+        bn_mod = NULL;

+        bn_pub_exp = NULL;

+        bn_priv_exp = NULL;

         RSA_set0_factors(rsa, bn_p1, bn_p2);

+        bn_p1 = NULL;

+        bn_p2 = NULL;

         RSA_set0_crt_params(rsa, bn_e1, bn_e2, bn_cf);

+        bn_e1 = NULL;

+        bn_e2 = NULL;

+        bn_cf = NULL;

+

+        pkey = EVP_PKEY_new();

+        if (pkey == NULL)

+            goto out;

+

+        if (EVP_PKEY_assign_RSA(pkey, rsa) != 1)

+            goto out;

+#else

+        tmpl = OSSL_PARAM_BLD_new();

+        if (tmpl == NULL)

+            goto out;

+

+        if (!OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_RSA_N, bn_mod) ||

+            !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_RSA_E, bn_pub_exp) ||

+            !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_RSA_D, bn_priv_exp) ||

+            !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_RSA_FACTOR1, bn_p1) ||

+            !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_RSA_FACTOR2, bn_p2) ||

+            !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_RSA_EXPONENT1,

+                                                                       bn_e1) ||

+            !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_RSA_EXPONENT2,

+                                                                       bn_e2) ||

+            !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_RSA_COEFFICIENT1,

+                                                                       bn_cf))

+            goto out;

 #endif

-        return rsa;

     } else {                    // must be a non-CRT key

         if (!priv_exp) {

             return NULL;

@@ -993,15 +801,90 @@ static void *rsa_convert_private_key(OBJECT *key_obj)

                   bn_pub_exp);

         BN_bin2bn((unsigned char *) priv_exp->pValue, priv_exp->ulValueLen,

                   bn_priv_exp);

-#ifdef OLDER_OPENSSL

-        rsa->n = bn_mod;

-        rsa->d = bn_priv_exp;

-#else

+

+#if !OPENSSL_VERSION_PREREQ(3, 0)

         RSA_set0_key(rsa, bn_mod, bn_pub_exp, bn_priv_exp);

+        bn_mod = NULL;

+        bn_pub_exp = NULL;

+        bn_priv_exp = NULL;

+

+        pkey = EVP_PKEY_new();

+        if (pkey == NULL)

+            goto out;

+

+        if (EVP_PKEY_assign_RSA(pkey, rsa) != 1)

+            goto out;

+#else

+        tmpl = OSSL_PARAM_BLD_new();

+        if (tmpl == NULL)

+            goto out;

+

+        if (!OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_RSA_N, bn_mod) ||

+            !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_RSA_E, bn_pub_exp) ||

+            !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_RSA_D, bn_priv_exp))

+            goto out;

 #endif

     }

-    return (void *) rsa;

+#if OPENSSL_VERSION_PREREQ(3, 0)

+    params = OSSL_PARAM_BLD_to_param(tmpl);

+    if (params == NULL)

+        goto out;

+

+    pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);

+    if (pctx == NULL)

+        goto out;

+

+    if (!EVP_PKEY_fromdata_init(pctx) ||

+        !EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_PUBLIC_KEY, params))

+        goto out;

+

+    EVP_PKEY_CTX_free(pctx);

+    OSSL_PARAM_BLD_free(tmpl);

+    OSSL_PARAM_free(params);

+    BN_free(bn_mod);

+    BN_free(bn_pub_exp);

+    BN_free(bn_priv_exp);

+    BN_free(bn_p1);

+    BN_free(bn_p2);

+    BN_free(bn_e1);

+    BN_free(bn_e2);

+    BN_free(bn_cf);

+#endif

+

+    return pkey;

+out:

+#if !OPENSSL_VERSION_PREREQ(3, 0)

+    if (rsa)

+        RSA_free(rsa);

+#else

+    if (pctx != NULL)

+        EVP_PKEY_CTX_free(pctx);

+    if (tmpl != NULL)

+        OSSL_PARAM_BLD_free(tmpl);

+    if (params != NULL)

+        OSSL_PARAM_free(params);

+#endif

+    if (pkey)