pkey_ctx/set_rsa_keygen_pubexp: fix ossl <=1.1

huwcbjones · huwcbjones · commit 83f4b313e4f1 · 2025-07-30T15:35:37.000+01:00
Use the deprecated EVP_PKEY_CTX_set_rsa_keygen_pubexp macro via EVP_PKEY_CTX_ctrl
diff --git a/openssl-sys/src/rsa.rs b/openssl-sys/src/rsa.rs
@@ -7,6 +7,16 @@ pub const RSA_F4: c_long = 0x10001;
 
 cfg_if! {
     if #[cfg(not(ossl300))] {
+        pub unsafe fn EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx: *mut EVP_PKEY_CTX, pubexp: *mut BIGNUM) -> c_int {
+            EVP_PKEY_CTX_ctrl(
+                ctx,
+                EVP_PKEY_RSA,
+                EVP_PKEY_OP_KEYGEN,
+                EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP,
+                0,
+                pubexp as *mut _,
+            )
+        }
         pub unsafe fn EVP_PKEY_CTX_set_rsa_padding(ctx: *mut EVP_PKEY_CTX, pad: c_int) -> c_int {
             EVP_PKEY_CTX_ctrl(
                 ctx,
@@ -82,6 +92,7 @@ pub unsafe fn EVP_PKEY_CTX_set0_rsa_oaep_label(
 
 pub const EVP_PKEY_CTRL_RSA_PADDING: c_int = EVP_PKEY_ALG_CTRL + 1;
 pub const EVP_PKEY_CTRL_RSA_PSS_SALTLEN: c_int = EVP_PKEY_ALG_CTRL + 2;
+pub const EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP: c_int = EVP_PKEY_ALG_CTRL + 4;
 
 pub const EVP_PKEY_CTRL_RSA_MGF1_MD: c_int = EVP_PKEY_ALG_CTRL + 5;
 
diff --git a/openssl/src/pkey_ctx.rs b/openssl/src/pkey_ctx.rs
@@ -73,6 +73,7 @@ use crate::pkey::{HasPrivate, HasPublic, Id, PKey, PKeyRef, Private};
 use crate::rsa::Padding;
 use crate::sign::RsaPssSaltlen;
 use crate::{cvt, cvt_p};
+use cfg_if::cfg_if;
 use foreign_types::{ForeignType, ForeignTypeRef};
 #[cfg(not(any(boringssl, awslc)))]
 use libc::c_int;
@@ -490,10 +491,20 @@ impl<T> PkeyCtxRef<T> {
     #[inline]
     pub fn set_rsa_keygen_pubexp(&mut self, pubexp: &BigNumRef) -> Result<(), ErrorStack> {
         unsafe {
-            cvt(ffi::EVP_PKEY_CTX_set1_rsa_keygen_pubexp(
-                self.as_ptr(),
-                pubexp.as_ptr(),
-            ))?;
+            cfg_if! {
+                if #[cfg(ossl300)] {
+                    cvt(ffi::EVP_PKEY_CTX_set1_rsa_keygen_pubexp(
+                        self.as_ptr(),
+                        pubexp.as_ptr(),
+                    ))?;
+                } else {
+                    cvt(ffi::EVP_PKEY_CTX_set_rsa_keygen_pubexp(
+                        self.as_ptr(),
+                        // Dupe the BN because the EVP_PKEY_CTX takes ownership of it and will free it.
+                        cvt_p(ffi::BN_dup(pubexp.as_ptr()))?,
+                    ))?;
+                }
+            }
         }
 
         Ok(())
