diff options
author | Patrick Williams <patrick@stwcx.xyz> | 2021-12-14 01:55:46 +0300 |
---|---|---|
committer | Patrick Williams <patrick@stwcx.xyz> | 2021-12-15 00:15:34 +0300 |
commit | aec7066c6bf1cd418418e03dc7e0edefa8595b77 (patch) | |
tree | a22f4123373a948aa6b41a13061d168efbaad02d /include/ssl_key_handler.hpp | |
parent | 4f277b542659afb0f14f57fe07fe7f0f63a4d22e (diff) | |
download | bmcweb-aec7066c6bf1cd418418e03dc7e0edefa8595b77.tar.xz |
ssl_key_handler: use OpenSSL 3.0 API for keygen
The APIs for generating an EC key for have changed between OpenSSL 1.x
and OpenSSL 3.x. Create a separate implementation for OpenSSL 3.x.
Tested: Copied code from phosphor-certificate-manager, which was
tested using unit tests, and confirmed it builds and runs when compiled
with the OpenSSL 3.x library.
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I6df0fb5429e0812763dad4a208bb914fb285fd78
Diffstat (limited to 'include/ssl_key_handler.hpp')
-rw-r--r-- | include/ssl_key_handler.hpp | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/include/ssl_key_handler.hpp b/include/ssl_key_handler.hpp index 7710ae2315..4578c2b0f0 100644 --- a/include/ssl_key_handler.hpp +++ b/include/ssl_key_handler.hpp @@ -308,6 +308,8 @@ inline void generateSslCertificate(const std::string& filepath, EVP_PKEY* createEcKey() { EVP_PKEY* pKey = nullptr; + +#if (OPENSSL_VERSION_NUMBER < 0x30000000L) int eccgrp = 0; eccgrp = OBJ_txt2nid("secp384r1"); @@ -329,6 +331,45 @@ EVP_PKEY* createEcKey() } } } +#else + // Create context for curve parameter generation. + std::unique_ptr<EVP_PKEY_CTX, decltype(&::EVP_PKEY_CTX_free)> ctx{ + EVP_PKEY_CTX_new_id(EVP_PKEY_EC, nullptr), &::EVP_PKEY_CTX_free}; + if (!ctx) + { + return nullptr; + } + + // Set up curve parameters. + EVP_PKEY* params = nullptr; + if ((EVP_PKEY_paramgen_init(ctx.get()) <= 0) || + (EVP_PKEY_CTX_set_ec_param_enc(ctx.get(), OPENSSL_EC_NAMED_CURVE) <= + 0) || + (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx.get(), NID_secp384r1) <= + 0) || + (EVP_PKEY_paramgen(ctx.get(), ¶ms) <= 0)) + { + return nullptr; + } + + // Set up RAII holder for params. + std::unique_ptr<EVP_PKEY, decltype(&::EVP_PKEY_free)> pparams{ + params, &::EVP_PKEY_free}; + + // Set new context for key generation, using curve parameters. + ctx.reset(EVP_PKEY_CTX_new_from_pkey(nullptr, params, nullptr)); + if (!ctx || (EVP_PKEY_keygen_init(ctx.get()) <= 0)) + { + return nullptr; + } + + // Generate key. + if (EVP_PKEY_keygen(ctx.get(), &pKey) <= 0) + { + return nullptr; + } +#endif + return pKey; } |