Mercurial > dovecot > core-2.2
changeset 21476:75ff4f96cdc4
lib-ssl-iostream: Use RSA_generate_key_ex() if it exists
This avoids deprecation warnings about RSA_generate_key() in OpenSSL v1.1.
| author | Timo Sirainen <timo.sirainen@dovecot.fi> |
|---|---|
| date | Sun, 05 Feb 2017 21:51:29 +0200 |
| parents | 011fc620d6f6 |
| children | 15eafce831ed |
| files | configure.ac src/lib-ssl-iostream/iostream-openssl-context.c |
| diffstat | 2 files changed, 18 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/configure.ac Mon Feb 06 00:11:14 2017 +0200 +++ b/configure.ac Sun Feb 05 21:51:29 2017 +0200 @@ -1756,6 +1756,9 @@ AC_CHECK_LIB(ssl, SSL_COMP_free_compression_methods, [ AC_DEFINE(HAVE_SSL_COMP_FREE_COMPRESSION_METHODS,, [Build with SSL_COMP_free_compression_methods() support]) ],, $SSL_LIBS) + AC_CHECK_LIB(ssl, RSA_generate_key_ex, [ + AC_DEFINE(HAVE_RSA_GENERATE_KEY_EX,, [Build with RSA_generate_key_ex() support]) + ],, $SSL_LIBS) AC_CHECK_LIB(ssl, [EVP_PKEY_CTX_new_id], [have_evp_pkey_ctx_new_id="yes"],, $SSL_LIBS) AC_CHECK_LIB(ssl, [EC_KEY_new], [have_ec_key_new="yes"],, $SSL_LIBS) if test "$have_evp_pkey_ctx_new_id" = "yes" && test "$have_ec_key_new" = "yes"; then
--- a/src/lib-ssl-iostream/iostream-openssl-context.c Mon Feb 06 00:11:14 2017 +0200 +++ b/src/lib-ssl-iostream/iostream-openssl-context.c Sun Feb 05 21:51:29 2017 +0200 @@ -29,7 +29,22 @@ static RSA *ssl_gen_rsa_key(SSL *ssl ATTR_UNUSED, int is_export ATTR_UNUSED, int keylength) { +#ifdef HAVE_RSA_GENERATE_KEY_EX + BIGNUM *bn = BN_new(); + RSA *rsa = RSA_new(); + + if (bn != NULL && BN_set_word(bn, RSA_F4) != 0 && + RSA_generate_key_ex(rsa, keylength, bn, NULL) != 0) + return rsa; + + if (bn != NULL) + BN_free(bn); + if (rsa != NULL) + RSA_free(rsa); + return NULL; +#else return RSA_generate_key(keylength, RSA_F4, NULL, NULL); +#endif } static DH *ssl_tmp_dh_callback(SSL *ssl ATTR_UNUSED,