diff options
author | Ed Tanous <ed@tanous.net> | 2019-02-14 09:48:25 +0300 |
---|---|---|
committer | Ed Tanous <ed.tanous@intel.com> | 2019-03-23 01:04:15 +0300 |
commit | 6ea007a2faec52ad62680015d2a3f00371a1e351 (patch) | |
tree | 587875f7488b745a1f33952ba8952e5869f0f6a6 /include/ssl_key_handler.hpp | |
parent | 8bd25ccda8030e5725ecdf5fa64d6083040ddf8a (diff) | |
download | bmcweb-6ea007a2faec52ad62680015d2a3f00371a1e351.tar.xz |
bmcweb: Fix a bunch of warnings
bmcweb classically has not taken a strong opinion on warnings. With
this commit, that policy is changing, and bmcweb will invoke the best
warnings we are able to enable, and turn on -Werror for all builds.
This is intended to reduce the likelihood of hard-to-debug situations
that the compiler coulve caught early on.
Change-Id: I57474410821e82666b3a108cfd0db7d070e8900a
Signed-off-by: Ed Tanous <ed@tanous.net>
Diffstat (limited to 'include/ssl_key_handler.hpp')
-rw-r--r-- | include/ssl_key_handler.hpp | 97 |
1 files changed, 43 insertions, 54 deletions
diff --git a/include/ssl_key_handler.hpp b/include/ssl_key_handler.hpp index 34a7c04409..133d40da5f 100644 --- a/include/ssl_key_handler.hpp +++ b/include/ssl_key_handler.hpp @@ -17,9 +17,7 @@ namespace ensuressl { static void initOpenssl(); -static void cleanupOpenssl(); -static EVP_PKEY *createRsaKey(); -static EVP_PKEY *createEcKey(); +static EVP_PKEY *createKey(); static void handleOpensslError(); inline bool verifyOpensslKeyCert(const std::string &filepath) @@ -110,7 +108,7 @@ inline void generateSslCertificate(const std::string &filepath) // EVP_PKEY *pRsaPrivKey = create_rsa_key(); std::cerr << "Generating EC key\n"; - EVP_PKEY *pRsaPrivKey = createEcKey(); + EVP_PKEY *pRsaPrivKey = createKey(); if (pRsaPrivKey != nullptr) { std::cerr << "Generating x509 Certificate\n"; @@ -177,9 +175,16 @@ inline void generateSslCertificate(const std::string &filepath) // cleanup_openssl(); } - -EVP_PKEY *createRsaKey() +EVP_PKEY *createKey() { + EVP_PKEY *pKey = NULL; + pKey = EVP_PKEY_new(); + if (pKey == nullptr) + { + handleOpensslError(); + return nullptr; + } +#if BMCWEB_RSA_KEY RSA *pRSA = NULL; #if OPENSSL_VERSION_NUMBER < 0x00908000L pRSA = RSA_generate_key(2048, RSA_3, NULL, NULL); @@ -187,60 +192,54 @@ EVP_PKEY *createRsaKey() RSA_generate_key_ex(pRSA, 2048, NULL, NULL); #endif - EVP_PKEY *pKey = EVP_PKEY_new(); - if ((pRSA != nullptr) && (pKey != nullptr) && - EVP_PKEY_assign_RSA(pKey, pRSA)) - { - /* pKey owns pRSA from now */ - if (RSA_check_key(pRSA) <= 0) - { - fprintf(stderr, "RSA_check_key failed.\n"); - handleOpensslError(); - EVP_PKEY_free(pKey); - pKey = NULL; - } - } - else + if ((pRSA != nullptr) || EVP_PKEY_assign_RSA(pKey, pRSA) != 1) { handleOpensslError(); if (pRSA != nullptr) { RSA_free(pRSA); - pRSA = NULL; } if (pKey != nullptr) { EVP_PKEY_free(pKey); - pKey = NULL; } + return nullptr; } - return pKey; -} -EVP_PKEY *createEcKey() -{ - EVP_PKEY *pKey = NULL; - int eccgrp = 0; - eccgrp = OBJ_txt2nid("prime256v1"); + /* pKey owns pRSA from now */ + if (RSA_check_key(pRSA) != 1) + { + fprintf(stderr, "RSA_check_key failed.\n"); + handleOpensslError(); + EVP_PKEY_free(pKey); + return nullptr; + } +#else + int eccgrp = OBJ_txt2nid("prime256v1"); EC_KEY *myecc = EC_KEY_new_by_curve_name(eccgrp); - if (myecc != nullptr) + if (myecc == nullptr) { - EC_KEY_set_asn1_flag(myecc, OPENSSL_EC_NAMED_CURVE); - EC_KEY_generate_key(myecc); - pKey = EVP_PKEY_new(); - if (pKey != nullptr) - { - if (EVP_PKEY_assign_EC_KEY(pKey, myecc)) - { - /* pKey owns pRSA from now */ - if (EC_KEY_check_key(myecc) <= 0) - { - fprintf(stderr, "EC_check_key failed.\n"); - } - } - } + handleOpensslError(); + return nullptr; + } + + EC_KEY_set_asn1_flag(myecc, OPENSSL_EC_NAMED_CURVE); + if (EC_KEY_generate_key(myecc) != 1) + { + handleOpensslError(); + EC_KEY_free(myecc); + return nullptr; + } + + if (EVP_PKEY_assign_EC_KEY(pKey, myecc) != 1) + { + handleOpensslError(); + EC_KEY_free(myecc); + return nullptr; } + +#endif return pKey; } @@ -253,16 +252,6 @@ void initOpenssl() #endif } -void cleanupOpenssl() -{ - CRYPTO_cleanup_all_ex_data(); - ERR_free_strings(); -#if OPENSSL_VERSION_NUMBER < 0x10100000L - ERR_remove_thread_state(0); -#endif - EVP_cleanup(); -} - void handleOpensslError() { ERR_print_errors_fp(stderr); |