diff options
author | Ed Tanous <ed.tanous@intel.com> | 2019-03-25 22:25:26 +0300 |
---|---|---|
committer | Ed Tanous <ed.tanous@intel.com> | 2019-03-25 22:25:26 +0300 |
commit | b01bf2991955ef267ce2be8e7a18eac984990de8 (patch) | |
tree | f34f5fe0ce9c786ddee196f5082e46090c0ccfcf /include/ssl_key_handler.hpp | |
parent | 6ea007a2faec52ad62680015d2a3f00371a1e351 (diff) | |
download | bmcweb-b01bf2991955ef267ce2be8e7a18eac984990de8.tar.xz |
Revert "bmcweb: Fix a bunch of warnings"
This reverts commit 6ea007a2faec52ad62680015d2a3f00371a1e351.
Reason for revert: Reports of bmcweb seg faults.
Change-Id: I408f1bb29c2f8e427a6621cdaac8c31b847ebf06
Diffstat (limited to 'include/ssl_key_handler.hpp')
-rw-r--r-- | include/ssl_key_handler.hpp | 97 |
1 files changed, 54 insertions, 43 deletions
diff --git a/include/ssl_key_handler.hpp b/include/ssl_key_handler.hpp index 133d40da5f..34a7c04409 100644 --- a/include/ssl_key_handler.hpp +++ b/include/ssl_key_handler.hpp @@ -17,7 +17,9 @@ namespace ensuressl { static void initOpenssl(); -static EVP_PKEY *createKey(); +static void cleanupOpenssl(); +static EVP_PKEY *createRsaKey(); +static EVP_PKEY *createEcKey(); static void handleOpensslError(); inline bool verifyOpensslKeyCert(const std::string &filepath) @@ -108,7 +110,7 @@ inline void generateSslCertificate(const std::string &filepath) // EVP_PKEY *pRsaPrivKey = create_rsa_key(); std::cerr << "Generating EC key\n"; - EVP_PKEY *pRsaPrivKey = createKey(); + EVP_PKEY *pRsaPrivKey = createEcKey(); if (pRsaPrivKey != nullptr) { std::cerr << "Generating x509 Certificate\n"; @@ -175,16 +177,9 @@ inline void generateSslCertificate(const std::string &filepath) // cleanup_openssl(); } -EVP_PKEY *createKey() + +EVP_PKEY *createRsaKey() { - EVP_PKEY *pKey = NULL; - pKey = EVP_PKEY_new(); - if (pKey == nullptr) - { - handleOpensslError(); - return nullptr; - } -#if BMCWEB_RSA_KEY RSA *pRSA = NULL; #if OPENSSL_VERSION_NUMBER < 0x00908000L pRSA = RSA_generate_key(2048, RSA_3, NULL, NULL); @@ -192,54 +187,60 @@ EVP_PKEY *createKey() RSA_generate_key_ex(pRSA, 2048, NULL, NULL); #endif - if ((pRSA != nullptr) || EVP_PKEY_assign_RSA(pKey, pRSA) != 1) + EVP_PKEY *pKey = EVP_PKEY_new(); + if ((pRSA != nullptr) && (pKey != nullptr) && + EVP_PKEY_assign_RSA(pKey, pRSA)) + { + /* pKey owns pRSA from now */ + if (RSA_check_key(pRSA) <= 0) + { + fprintf(stderr, "RSA_check_key failed.\n"); + handleOpensslError(); + EVP_PKEY_free(pKey); + pKey = NULL; + } + } + else { handleOpensslError(); if (pRSA != nullptr) { RSA_free(pRSA); + pRSA = NULL; } if (pKey != nullptr) { EVP_PKEY_free(pKey); + pKey = NULL; } - return nullptr; } + return pKey; +} - /* pKey owns pRSA from now */ - if (RSA_check_key(pRSA) != 1) - { - fprintf(stderr, "RSA_check_key failed.\n"); - handleOpensslError(); - EVP_PKEY_free(pKey); - return nullptr; - } +EVP_PKEY *createEcKey() +{ + EVP_PKEY *pKey = NULL; + int eccgrp = 0; + eccgrp = OBJ_txt2nid("prime256v1"); -#else - int eccgrp = OBJ_txt2nid("prime256v1"); EC_KEY *myecc = EC_KEY_new_by_curve_name(eccgrp); - if (myecc == nullptr) + if (myecc != nullptr) { - handleOpensslError(); - return nullptr; - } - - EC_KEY_set_asn1_flag(myecc, OPENSSL_EC_NAMED_CURVE); - if (EC_KEY_generate_key(myecc) != 1) - { - handleOpensslError(); - EC_KEY_free(myecc); - return nullptr; - } - - if (EVP_PKEY_assign_EC_KEY(pKey, myecc) != 1) - { - handleOpensslError(); - EC_KEY_free(myecc); - return nullptr; + EC_KEY_set_asn1_flag(myecc, OPENSSL_EC_NAMED_CURVE); + EC_KEY_generate_key(myecc); + pKey = EVP_PKEY_new(); + if (pKey != nullptr) + { + if (EVP_PKEY_assign_EC_KEY(pKey, myecc)) + { + /* pKey owns pRSA from now */ + if (EC_KEY_check_key(myecc) <= 0) + { + fprintf(stderr, "EC_check_key failed.\n"); + } + } + } } - -#endif return pKey; } @@ -252,6 +253,16 @@ void initOpenssl() #endif } +void cleanupOpenssl() +{ + CRYPTO_cleanup_all_ex_data(); + ERR_free_strings(); +#if OPENSSL_VERSION_NUMBER < 0x10100000L + ERR_remove_thread_state(0); +#endif + EVP_cleanup(); +} + void handleOpensslError() { ERR_print_errors_fp(stderr); |