From 387ba3f36092f2072ee6a05abeac27deaca177bd Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 29 Sep 2021 15:03:44 +0200
Subject: [PATCH] openssl-util: use EVP API to get RSA bits

(cherry picked from commit 7f12adc3000c08a370f74bd16c654506c8a99e92)

Resolves: #2016042
---
 src/shared/openssl-util.c | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/src/shared/openssl-util.c b/src/shared/openssl-util.c
index bb47ae5e87..bd728e6c7c 100644
--- a/src/shared/openssl-util.c
+++ b/src/shared/openssl-util.c
@@ -46,7 +46,6 @@ int rsa_pkey_to_suitable_key_size(
                 size_t *ret_suitable_key_size) {
 
         size_t suitable_key_size;
-        const RSA *rsa;
         int bits;
 
         assert_se(pkey);
@@ -58,11 +57,7 @@ int rsa_pkey_to_suitable_key_size(
         if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA)
                 return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG), "X.509 certificate does not refer to RSA key.");
 
-        rsa = EVP_PKEY_get0_RSA(pkey);
-        if (!rsa)
-                return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to acquire RSA public key from X.509 certificate.");
-
-        bits = RSA_bits(rsa);
+        bits = EVP_PKEY_bits(pkey);
         log_debug("Bits in RSA key: %i", bits);
 
         /* We use PKCS#1 padding for the RSA cleartext, hence let's leave some extra space for it, hence only