From: Timo Sirainen Date: Sun, 5 Feb 2017 19:51:29 +0000 (+0200) Subject: lib-ssl-iostream: Use RSA_generate_key_ex() if it exists X-Git-Tag: 2.2.28.rc1~166 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8adfdb0f446941dad4c23c6db34c2a42705930be;p=thirdparty%2Fdovecot%2Fcore.git lib-ssl-iostream: Use RSA_generate_key_ex() if it exists This avoids deprecation warnings about RSA_generate_key() in OpenSSL v1.1. --- diff --git a/configure.ac b/configure.ac index 18d1fe3567..f223378168 100644 --- a/configure.ac +++ b/configure.ac @@ -1756,6 +1756,9 @@ if test $want_openssl != no && test $have_ssl = no; then AC_CHECK_LIB(ssl, SSL_COMP_free_compression_methods, [ AC_DEFINE(HAVE_SSL_COMP_FREE_COMPRESSION_METHODS,, [Build with SSL_COMP_free_compression_methods() support]) ],, $SSL_LIBS) + AC_CHECK_LIB(ssl, RSA_generate_key_ex, [ + AC_DEFINE(HAVE_RSA_GENERATE_KEY_EX,, [Build with RSA_generate_key_ex() support]) + ],, $SSL_LIBS) AC_CHECK_LIB(ssl, [EVP_PKEY_CTX_new_id], [have_evp_pkey_ctx_new_id="yes"],, $SSL_LIBS) AC_CHECK_LIB(ssl, [EC_KEY_new], [have_ec_key_new="yes"],, $SSL_LIBS) if test "$have_evp_pkey_ctx_new_id" = "yes" && test "$have_ec_key_new" = "yes"; then diff --git a/src/lib-ssl-iostream/iostream-openssl-context.c b/src/lib-ssl-iostream/iostream-openssl-context.c index 2b593dafe9..40d7c0efe6 100644 --- a/src/lib-ssl-iostream/iostream-openssl-context.c +++ b/src/lib-ssl-iostream/iostream-openssl-context.c @@ -29,7 +29,22 @@ static int ssl_iostream_init_global(const struct ssl_iostream_settings *set, static RSA *ssl_gen_rsa_key(SSL *ssl ATTR_UNUSED, int is_export ATTR_UNUSED, int keylength) { +#ifdef HAVE_RSA_GENERATE_KEY_EX + BIGNUM *bn = BN_new(); + RSA *rsa = RSA_new(); + + if (bn != NULL && BN_set_word(bn, RSA_F4) != 0 && + RSA_generate_key_ex(rsa, keylength, bn, NULL) != 0) + return rsa; + + if (bn != NULL) + BN_free(bn); + if (rsa != NULL) + RSA_free(rsa); + return NULL; +#else return RSA_generate_key(keylength, RSA_F4, NULL, NULL); +#endif } static DH *ssl_tmp_dh_callback(SSL *ssl ATTR_UNUSED,