Replace deprecated RAND_pseudo_bytes and RSA_generate_key

virtueistheonlygood · Jan 14, 2018 · 85dacee · 85dacee
1 parent cb43853
commit 85dacee
Show file tree

Hide file tree

Showing 6 changed files with 42 additions and 22 deletions.
diff --git a/cachedsess.t.c b/cachedsess.t.c
@@ -120,7 +120,7 @@ START_TEST(cache_dsess_03)
 }
 END_TEST
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 START_TEST(cache_dsess_04)
 {
 	SSL_SESSION *s1, *s2;
@@ -161,7 +161,7 @@ cachedsess_suite(void)
 	tcase_add_test(tc, cache_dsess_01);
 	tcase_add_test(tc, cache_dsess_02);
 	tcase_add_test(tc, cache_dsess_03);
-#if OPENSSL_VERSION_NUMBER < 0x10100000
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	tcase_add_test(tc, cache_dsess_04);
 #endif
 	suite_add_tcase(s, tc);

diff --git a/cachefkcrt.t.c b/cachefkcrt.t.c
@@ -89,7 +89,7 @@ START_TEST(cache_fkcrt_03)
 }
 END_TEST
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 START_TEST(cache_fkcrt_04)
 {
 	X509 *c1, *c2;
@@ -132,7 +132,7 @@ cachefkcrt_suite(void)
 	tcase_add_test(tc, cache_fkcrt_01);
 	tcase_add_test(tc, cache_fkcrt_02);
 	tcase_add_test(tc, cache_fkcrt_03);
-#if OPENSSL_VERSION_NUMBER < 0x10100000
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	tcase_add_test(tc, cache_fkcrt_04);
 #endif
 	suite_add_tcase(s, tc);

diff --git a/cachessess.t.c b/cachessess.t.c
@@ -121,7 +121,7 @@ START_TEST(cache_ssess_03)
 }
 END_TEST
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 START_TEST(cache_ssess_04)
 {
 	SSL_SESSION *s1, *s2;
@@ -165,7 +165,7 @@ cachessess_suite(void)
 	tcase_add_test(tc, cache_ssess_01);
 	tcase_add_test(tc, cache_ssess_02);
 	tcase_add_test(tc, cache_ssess_03);
-#if OPENSSL_VERSION_NUMBER < 0x10100000
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	tcase_add_test(tc, cache_ssess_04);
 #endif
 	suite_add_tcase(s, tc);

diff --git a/ssl.c b/ssl.c
@@ -88,10 +88,9 @@ ssl_ssl_cert_get(SSL *s)
 }
 #endif /* OpenSSL 0.9.8y, 1.0.0k or 1.0.1e */
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000
-#define SSL_is_server(ssl) (ssl->type != SSL_ST_CONNECT)
-#define X509_get_signature_nid(x509) (OBJ_obj2nid(x509->sig_alg->algorithm))
-static int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+int
+DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
 {
     /* If the fields p and g in d are NULL, the corresponding input
      * parameters MUST be non-NULL.  q may remain NULL.
@@ -462,7 +461,9 @@ ssl_fini(void)
 	if (!ssl_initialized)
 		return;
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	ERR_remove_state(0); /* current thread */
+#endif
 
 #if defined(OPENSSL_THREADS) && OPENSSL_VERSION_NUMBER < 0x10100000L
 	CRYPTO_set_locking_callback(NULL);
@@ -826,13 +827,15 @@ ssl_rand(void *p, size_t sz)
 {
 	int rv;
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	rv = RAND_pseudo_bytes((unsigned char*)p, sz);
-	if (rv == -1) {
-		rv = RAND_bytes((unsigned char*)p, sz);
-		if (rv != 1)
-			return -1;
-	}
-	return 0;
+	if (rv == 1)
+		return 0;
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+	rv = RAND_bytes((unsigned char*)p, sz);
+	if (rv == 1)
+		return 0;
+	return -1;
 }
 
 /*
@@ -1275,12 +1278,26 @@ ssl_key_load(const char *filename)
 EVP_PKEY *
 ssl_key_genrsa(const int keysize)
 {
-	EVP_PKEY * pkey;
-	RSA * rsa;
+	EVP_PKEY *pkey;
+	RSA *rsa;
 
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+	BIGNUM *bn;
+	int rv;
+	rsa = RSA_new();
+	bn = BN_new();
+	BN_dec2bn(&bn, "3");
+	rv = RSA_generate_key_ex(rsa, keysize, bn, NULL);
+	BN_free(bn);
+	if (rv != 1) {
+		RSA_free(rsa);
+		return NULL;
+	}
+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
 	rsa = RSA_generate_key(keysize, 3, NULL, NULL);
 	if (!rsa)
 		return NULL;
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
 	pkey = EVP_PKEY_new();
 	EVP_PKEY_assign_RSA(pkey, rsa); /* does not increment refcount */
 	return pkey;

diff --git a/ssl.h b/ssl.h
@@ -69,6 +69,13 @@
 #define OPENSSL_NO_SHA0
 #endif
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define ASN1_STRING_get0_data(value) ASN1_STRING_data(value)
+#define SSL_is_server(ssl) (ssl->type != SSL_ST_CONNECT)
+#define X509_get_signature_nid(x509) (OBJ_obj2nid(x509->sig_alg->algorithm))
+int DH_set0_pqg(DH *, BIGNUM *, BIGNUM *, BIGNUM *);
+#endif
+
 /*
  * The constructors returning a SSL_METHOD * were changed to return
  * a const SSL_METHOD * between 0.9.8 and 1.0.0.

diff --git a/ssl.t.c b/ssl.t.c
@@ -498,10 +498,6 @@ START_TEST(ssl_tls_clienthello_parse_10)
 }
 END_TEST
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000
-#define ASN1_STRING_get0_data(value) ASN1_STRING_data(value)
-#endif
-
 START_TEST(ssl_key_identifier_sha1_01)
 {
 	X509 *c;