OpenSSL generate_key(): Check EVP_RSA_gen()'s return value

[privoxy.git] / openssl.c

diff --git a/openssl.c b/openssl.c
index 4b1fceb..ba2fc3e 100644 (file)
--- a/openssl.c
+++ b/openssl.c
@@ -36,7 +36,7 @@
 #include <openssl/bn.h>
 #include <openssl/opensslv.h>
 #include <openssl/pem.h>
-#include <openssl/md5.h>
+#include <openssl/sha.h>
 #include <openssl/x509v3.h>
 #ifdef _WIN32
 /* https://www.openssl.org/docs/faq.html
@@ -706,8 +706,8 @@ exit:
  *
  * Function    :  host_to_hash
  *
- * Description :  Creates MD5 hash from host name. Host name is loaded
- *                from structure csp and saved again into it.
+ * Description :  Creates a sha256 hash from host name. The host name
+ *                is taken from the csp structure and stored into it.
  *
  * Parameters  :
  *          1  :  csp = Current client state (buffers, headers, etc...)
@@ -718,25 +718,11 @@ exit:
  *********************************************************************/
 static int host_to_hash(struct client_state *csp)
 {
-   int ret = 0;
-
-   memset(csp->http->hash_of_host, 0, sizeof(csp->http->hash_of_host));
-   MD5((unsigned char *)csp->http->host, strlen(csp->http->host),
+   SHA256((unsigned char *)csp->http->host, strlen(csp->http->host),
       csp->http->hash_of_host);
 
-   /* Converting hash into string with hex */
-   size_t i = 0;
-   for (; i < 16; i++)
-   {
-      if ((ret = sprintf((char *)csp->http->hash_of_host_hex + 2 * i, "%02x",
-         csp->http->hash_of_host[i])) < 0)
-      {
-         log_error(LOG_LEVEL_ERROR, "Sprintf return value: %d", ret);
-         return -1;
-      }
-   }
+   return create_hexadecimal_hash_of_host(csp);
 
-   return 0;
 }
 
 
@@ -803,7 +789,7 @@ extern int create_client_ssl_connection(struct client_state *csp)
    if (ret < 0)
    {
       log_error(LOG_LEVEL_ERROR,
-         "generate_host_certificate failed: %d", ret);
+         "generate_host_certificate() failed: %d", ret);
       ret = -1;
       goto exit;
    }
@@ -1495,8 +1481,10 @@ static int generate_key(struct client_state *csp, char **key_buf)
 {
    int ret = 0;
    char* key_file_path;
+#if (OPENSSL_VERSION_NUMBER < 0x30000000L)
    BIGNUM *exp;
    RSA *rsa;
+#endif
    EVP_PKEY *key;
 
    key_file_path = make_certs_path(csp->config->certificate_directory,
@@ -1515,6 +1503,7 @@ static int generate_key(struct client_state *csp, char **key_buf)
       return 0;
    }
 
+#if (OPENSSL_VERSION_NUMBER < 0x30000000L)
    exp = BN_new();
    rsa = RSA_new();
    key = EVP_PKEY_new();
@@ -1547,6 +1536,15 @@ static int generate_key(struct client_state *csp, char **key_buf)
       ret = -1;
       goto exit;
    }
+#else
+   key = EVP_RSA_gen(RSA_KEYSIZE);
+   if (key == NULL)
+   {
+      log_error(LOG_LEVEL_ERROR, "EVP_RSA_gen() failed");
+      ret = -1;
+      goto exit;
+   }
+#endif
 
    /*
     * Exporting private key into file
@@ -1563,6 +1561,7 @@ exit:
    /*
     * Freeing used variables
     */
+#if (OPENSSL_VERSION_NUMBER < 0x30000000L)
    if (exp)
    {
       BN_free(exp);
@@ -1571,6 +1570,7 @@ exit:
    {
       RSA_free(rsa);
    }
+#endif
    if (key)
    {
       EVP_PKEY_free(key);