No longer use deprecated RSA_generate_key in favor of

RSA_generate_key_ex
This commit is contained in:
Martijn Otto 2019-03-27 13:23:30 +01:00
parent e4b049da05
commit dffdccdc9e
No known key found for this signature in database
GPG Key ID: D2E0D5D0B1D606F9

View File

@ -46,7 +46,6 @@ namespace
{ {
void operator()(BIO* ptr) const noexcept void operator()(BIO* ptr) const noexcept
{ {
if (ptr)
BIO_free(ptr); BIO_free(ptr);
} }
}; };
@ -56,12 +55,28 @@ namespace
{ {
void operator()(EVP_PKEY* ptr) const noexcept void operator()(EVP_PKEY* ptr) const noexcept
{ {
if (ptr)
EVP_PKEY_free(ptr); EVP_PKEY_free(ptr);
} }
}; };
using openssl_pkey = std::unique_ptr<EVP_PKEY, openssl_pkey_free>; using openssl_pkey = std::unique_ptr<EVP_PKEY, openssl_pkey_free>;
struct openssl_rsa_free
{
void operator()(RSA* ptr) const noexcept
{
RSA_free(ptr);
}
};
using openssl_rsa = std::unique_ptr<RSA, openssl_rsa_free>;
struct openssl_bignum_free
{
void operator()(BIGNUM* ptr) const noexcept
{
BN_free(ptr);
}
};
using openssl_bignum = std::unique_ptr<BIGNUM, openssl_bignum_free>;
} }
namespace epee namespace epee
@ -81,19 +96,37 @@ bool create_ssl_certificate(EVP_PKEY *&pkey, X509 *&cert)
} }
openssl_pkey pkey_deleter{pkey}; openssl_pkey pkey_deleter{pkey};
RSA *rsa = RSA_generate_key(4096, RSA_F4, NULL, NULL); openssl_rsa rsa{RSA_new()};
if (!rsa) if (!rsa)
{
MERROR("Error allocating RSA private key");
return false;
}
openssl_bignum exponent{BN_new()};
if (!exponent)
{
MERROR("Error allocating exponent");
return false;
}
BN_set_word(exponent.get(), RSA_F4);
if (RSA_generate_key_ex(rsa.get(), 4096, exponent.get(), nullptr) != 1)
{ {
MERROR("Error generating RSA private key"); MERROR("Error generating RSA private key");
return false; return false;
} }
if (EVP_PKEY_assign_RSA(pkey, rsa) <= 0) // The RSA will be automatically freed when the EVP_PKEY structure is freed.
if (EVP_PKEY_assign_RSA(pkey, rsa.get()) <= 0)
{ {
MERROR("Error assigning RSA private key"); MERROR("Error assigning RSA private key");
RSA_free(rsa);
return false; return false;
} }
// the RSA key is now managed by the EVP_PKEY structure
(void)rsa.release();
cert = X509_new(); cert = X509_new();
if (!cert) if (!cert)
{ {