OpenSSL: crypto_ec_key_get_private_key() using new EVP_PKEY API

Implement crypto_ec_key_get_private_key() without the deprecated EC_KEY
API when using OpenSSL 3.0.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
index e2c8bca2b348d0a210badff0a6478488e0215270..14953677431f271463a72504482ee58d6255cddd 100644 (file)
--- a/src/crypto/crypto_openssl.c
+++ b/src/crypto/crypto_openssl.c
@@ -3438,6 +3438,14 @@ struct crypto_bignum *
 crypto_ec_key_get_private_key(struct crypto_ec_key *key)
 {
        EVP_PKEY *pkey = (EVP_PKEY *) key;
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+       BIGNUM *bn = NULL;
+
+       if (!EVP_PKEY_is_a(pkey, "EC") ||
+           EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_PRIV_KEY, &bn) != 1)
+               return NULL;
+       return (struct crypto_bignum *) bn;
+#else /* OpenSSL version >= 3.0 */
        const EC_KEY *eckey;
        const BIGNUM *bn;
 
@@ -3448,6 +3456,7 @@ crypto_ec_key_get_private_key(struct crypto_ec_key *key)
        if (!bn)
                return NULL;
        return (struct crypto_bignum *) BN_dup(bn);
+#endif /* OpenSSL version >= 3.0 */
 }