From dffdccdc9ea15655e14b0899864c9a1e8243d5cd Mon Sep 17 00:00:00 2001 From: Martijn Otto Date: Wed, 27 Mar 2019 13:23:30 +0100 Subject: No longer use deprecated RSA_generate_key in favor of RSA_generate_key_ex --- contrib/epee/src/net_ssl.cpp | 47 +++++++++++++++++++++++++++++++++++++------- 1 file changed, 40 insertions(+), 7 deletions(-) diff --git a/contrib/epee/src/net_ssl.cpp b/contrib/epee/src/net_ssl.cpp index eb0b0ad65..cb65121bd 100644 --- a/contrib/epee/src/net_ssl.cpp +++ b/contrib/epee/src/net_ssl.cpp @@ -46,8 +46,7 @@ namespace { void operator()(BIO* ptr) const noexcept { - if (ptr) - BIO_free(ptr); + BIO_free(ptr); } }; using openssl_bio = std::unique_ptr; @@ -56,12 +55,28 @@ namespace { void operator()(EVP_PKEY* ptr) const noexcept { - if (ptr) - EVP_PKEY_free(ptr); + EVP_PKEY_free(ptr); } }; using openssl_pkey = std::unique_ptr; + struct openssl_rsa_free + { + void operator()(RSA* ptr) const noexcept + { + RSA_free(ptr); + } + }; + using openssl_rsa = std::unique_ptr; + + struct openssl_bignum_free + { + void operator()(BIGNUM* ptr) const noexcept + { + BN_free(ptr); + } + }; + using openssl_bignum = std::unique_ptr; } namespace epee @@ -81,19 +96,37 @@ bool create_ssl_certificate(EVP_PKEY *&pkey, X509 *&cert) } openssl_pkey pkey_deleter{pkey}; - RSA *rsa = RSA_generate_key(4096, RSA_F4, NULL, NULL); + openssl_rsa rsa{RSA_new()}; if (!rsa) + { + MERROR("Error allocating RSA private key"); + return false; + } + + openssl_bignum exponent{BN_new()}; + if (!exponent) + { + MERROR("Error allocating exponent"); + return false; + } + + BN_set_word(exponent.get(), RSA_F4); + + if (RSA_generate_key_ex(rsa.get(), 4096, exponent.get(), nullptr) != 1) { MERROR("Error generating RSA private key"); return false; } - if (EVP_PKEY_assign_RSA(pkey, rsa) <= 0) // The RSA will be automatically freed when the EVP_PKEY structure is freed. + + if (EVP_PKEY_assign_RSA(pkey, rsa.get()) <= 0) { MERROR("Error assigning RSA private key"); - RSA_free(rsa); return false; } + // the RSA key is now managed by the EVP_PKEY structure + (void)rsa.release(); + cert = X509_new(); if (!cert) { -- cgit v1.2.3