diff options
-rw-r--r-- | ChangeLog | 8 | ||||
-rw-r--r-- | src/analysis/db/certs.c | 81 | ||||
-rw-r--r-- | tests/analysis/db/certs.py | 4 |
3 files changed, 79 insertions, 14 deletions
@@ -1,3 +1,11 @@ +17-08-21 Cyrille Bagard <nocbos@gmail.com> + + * src/analysis/db/certs.c: + Replace calls to deprecated functions building RSA keys. + + * tests/analysis/db/certs.py: + Update expected outputs. + 17-08-18 Cyrille Bagard <nocbos@gmail.com> * src/format/elf/Makefile.am: diff --git a/src/analysis/db/certs.c b/src/analysis/db/certs.c index 8367c39..c6b49a8 100644 --- a/src/analysis/db/certs.c +++ b/src/analysis/db/certs.c @@ -47,6 +47,9 @@ static bool add_extension_to_cert(X509 *, X509 *, /*const */char *, /*const */ch /* Ajoute une extension à une requête de signature. */ static bool add_extension_to_req(STACK_OF(X509_EXTENSION) *, int, /*const */char *); +/* Crée une paire de clefs RSA. */ +static RSA *generate_rsa_key(unsigned int, unsigned long); + /****************************************************************************** @@ -171,6 +174,68 @@ static bool add_extension_to_cert(X509 *issuer, X509 *subj, /*const */char *name /****************************************************************************** * * +* Paramètres : bits = taille de la clef en nombre de bits. * +* e = valeur de l'exposant destiné à la clef. * +* * +* Description : Crée une paire de clefs RSA. * +* * +* Retour : Clef RSA mise en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static RSA *generate_rsa_key(unsigned int bits, unsigned long e) +{ + RSA *result; /* Clef à retourner */ + BIGNUM *bne; /* Autre version de l'exposant */ + int ret; /* Bilan d'un appel */ + + bne = BN_new(); + if (bne == NULL) + { + log_variadic_message(LMT_ERROR, _("Unable to create a BIGNUM structure (error=%lu)"), ERR_get_error()); + goto grk_no_bne; + } + + ret = BN_set_word(bne, e); + if (ret != 1) goto grk_bne_failed; + + result = RSA_new(); + if (bne == NULL) + { + log_variadic_message(LMT_ERROR, _("Unable to create a RSA key (error=%lu)"), ERR_get_error()); + goto grk_no_rsa; + } + + ret = RSA_generate_key_ex(result, bits, bne, NULL); + if (ret != 1) + { + log_variadic_message(LMT_ERROR, _("Unable to generate RSA key (error=%lu)"), ERR_get_error()); + + RSA_free(result); + result = NULL; + + goto grk_done; + } + + grk_done: + + grk_no_rsa: + + grk_bne_failed: + + BN_free(bne); + + grk_no_bne: + + return result; + +} + + +/****************************************************************************** +* * * Paramètres : dir = répertoire d'enregistrement de la création. * * label = étiquette à coller au certificat produit. * * valid = durée de validité en secondes. * @@ -194,12 +259,8 @@ bool make_ca(const char *dir, const char *label, unsigned long valid, const x509 char *filename; /* Chemin d'accès à un fichier */ FILE *stream; /* Flux ouvert en écriture */ - rsa = RSA_generate_key(4096, 17, NULL, NULL); - if (rsa == NULL) - { - log_variadic_message(LMT_ERROR, _("Unable to generate RSA key (error=%lu)"), ERR_get_error()); - goto rsa_failed; - } + rsa = generate_rsa_key(4096, 17); + if (rsa == NULL) goto rsa_failed; pk = EVP_PKEY_new(); if (pk == NULL) goto pk_failed; @@ -402,12 +463,8 @@ bool make_request(const char *dir, const char *label, const x509_entries *entrie char *filename; /* Chemin d'accès à un fichier */ FILE *stream; /* Flux ouvert en écriture */ - rsa = RSA_generate_key(2048, 17, NULL, NULL); - if (rsa == NULL) - { - log_variadic_message(LMT_ERROR, _("Unable to generate RSA key (error=%lu)"), ERR_get_error()); - goto rsa_failed; - } + rsa = generate_rsa_key(2048, 17); + if (rsa == NULL) goto rsa_failed; pk = EVP_PKEY_new(); if (pk == NULL) goto pk_failed; diff --git a/tests/analysis/db/certs.py b/tests/analysis/db/certs.py index c4dfa32..ead768e 100644 --- a/tests/analysis/db/certs.py +++ b/tests/analysis/db/certs.py @@ -63,7 +63,7 @@ class TestRestrictedContent(ChrysalideTestCase): cmd = 'openssl x509 -in %s/ca-cert.pem -subject -noout' % self._tmppath - expected = b'subject= /C=UK/CN=OpenSSL Group\n' + expected = b'subject=C = UK, CN = OpenSSL Group\n' self.checkOutput(cmd, expected) @@ -99,7 +99,7 @@ class TestRestrictedContent(ChrysalideTestCase): cmd = 'openssl x509 -in %s/server-cert.pem -subject -noout' % self._tmppath - expected = b'subject= /C=UK/CN=OpenSSL Group\n' + expected = b'subject=C = UK, CN = OpenSSL Group\n' self.checkOutput(cmd, expected) |