Browse Source

Use RSA_generate_key_ex where available.

svn:r17804
Nick Mathewson 17 years ago
parent
commit
b0a8ecd193
2 changed files with 28 additions and 0 deletions
  1. 2 0
      ChangeLog
  2. 26 0
      src/common/crypto.c

+ 2 - 0
ChangeLog

@@ -4,6 +4,8 @@ Changes in version 0.2.1.10-alpha - 2009-01-??
       of which countries we've seen clients from recently. Now controllers
       of which countries we've seen clients from recently. Now controllers
       like Vidalia can show bridge operators that they're actually making
       like Vidalia can show bridge operators that they're actually making
       a difference.
       a difference.
+    - Build correctly against versions of OpenSSL 0.9.8 or later built
+      without support for deprecated functions.
 
 
   o Minor bugfixes (performance):
   o Minor bugfixes (performance):
     - Squeeze 2-5% out of client performance (according to oprofile) by
     - Squeeze 2-5% out of client performance (according to oprofile) by

+ 26 - 0
src/common/crypto.c

@@ -406,7 +406,33 @@ crypto_pk_generate_key(crypto_pk_env_t *env)
 
 
   if (env->key)
   if (env->key)
     RSA_free(env->key);
     RSA_free(env->key);
+#if OPENSSL_VERSION_NUMBER < 0x00908000l
+  /* In openssl 0.9.7, RSA_generate_key is all we have. */
   env->key = RSA_generate_key(PK_BYTES*8,65537, NULL, NULL);
   env->key = RSA_generate_key(PK_BYTES*8,65537, NULL, NULL);
+#else
+  /* In openssl 0.9.8, RSA_generate_key is deprecated. */
+  {
+    BIGNUM *e = BN_new();
+    RSA *r = NULL;
+    if (!e)
+      goto done;
+    if (! BN_set_word(e, 65537))
+      goto done;
+    r = RSA_new();
+    if (!r)
+      goto done;
+    if (RSA_generate_key_ex(r, PK_BYTES*8, e, NULL) == -1)
+      goto done;
+
+    env->key = r;
+    r = NULL;
+  done:
+    if (e)
+      BN_free(e);
+    if (r)
+      RSA_free(r);
+    }
+#endif
   if (!env->key) {
   if (!env->key) {
     crypto_log_errors(LOG_WARN, "generating RSA key");
     crypto_log_errors(LOG_WARN, "generating RSA key");
     return -1;
     return -1;