From: Stephen Henson Date: Sun, 17 Oct 2010 16:30:13 +0000 (+0000) Subject: Avoid use of deprecated RSA_generate_key() function. X-Git-Tag: 2.3.9~289 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=25ff6f51f16e56d9d1e570d4c8e9dbbed6af8480;p=thirdparty%2Fapache%2Fhttpd.git Avoid use of deprecated RSA_generate_key() function. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1023521 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c index a2ba9a13315..1bffc1ae666 100644 --- a/modules/ssl/ssl_engine_init.c +++ b/modules/ssl/ssl_engine_init.c @@ -90,7 +90,25 @@ static int ssl_tmp_key_init_rsa(server_rec *s, } #endif - +#ifdef HAVE_GENERATE_EX + { + RSA *tkey; + BIGNUM *bn_f4; + if (!(tkey == RSA_new()) + || !(bn_f4 == BN_new()) + || !BN_set_word(bn_f4, RSA_F4) + || !RSA_generate_key_ex(tkey, bits, bn_f4, NULL)) + { + ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, + "Init: Failed to generate temporary " + "%d bit RSA private key", bits); + ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s); + return !OK; + } + BN_free(bn_f4); + mc->pTmpKeys[idx] = tkey; + } +#else if (!(mc->pTmpKeys[idx] = RSA_generate_key(bits, RSA_F4, NULL, NULL))) { @@ -100,6 +118,7 @@ static int ssl_tmp_key_init_rsa(server_rec *s, ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s); return !OK; } +#endif return OK; } diff --git a/modules/ssl/ssl_toolkit_compat.h b/modules/ssl/ssl_toolkit_compat.h index e87361b7ff5..b041ee82528 100644 --- a/modules/ssl/ssl_toolkit_compat.h +++ b/modules/ssl/ssl_toolkit_compat.h @@ -48,6 +48,10 @@ #include #endif +#if (OPENSSL_VERSION_NUMBER >= 0x00908000) +#define HAVE_GENERATE_EX +#endif + /* ECC support came along in OpenSSL 1.0.0 */ #if (OPENSSL_VERSION_NUMBER < 0x10000000) #define OPENSSL_NO_EC