From 3c5b02bde6754f2db27a8b413739711396690e1c Mon Sep 17 00:00:00 2001
From: Cyrille Bagard <nocbos@gmail.com>
Date: Mon, 21 Aug 2017 00:37:29 +0200
Subject: Replaced calls to deprecated functions building RSA keys.

---
 ChangeLog                  |  8 +++++
 src/analysis/db/certs.c    | 81 +++++++++++++++++++++++++++++++++++++++-------
 tests/analysis/db/certs.py |  4 +--
 3 files changed, 79 insertions(+), 14 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index a64d9b4..7061552 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+17-08-21  Cyrille Bagard <nocbos@gmail.com>
+
+	* src/analysis/db/certs.c:
+	Replace calls to deprecated functions building RSA keys.
+
+	* tests/analysis/db/certs.py:
+	Update expected outputs.
+
 17-08-18  Cyrille Bagard <nocbos@gmail.com>
 
 	* src/format/elf/Makefile.am:
diff --git a/src/analysis/db/certs.c b/src/analysis/db/certs.c
index 8367c39..c6b49a8 100644
--- a/src/analysis/db/certs.c
+++ b/src/analysis/db/certs.c
@@ -47,6 +47,9 @@ static bool add_extension_to_cert(X509 *, X509 *, /*const */char *, /*const */ch
 /* Ajoute une extension à une requête de signature. */
 static bool add_extension_to_req(STACK_OF(X509_EXTENSION) *, int, /*const */char *);
 
+/* Crée une paire de clefs RSA. */
+static RSA *generate_rsa_key(unsigned int, unsigned long);
+
 
 
 /******************************************************************************
@@ -171,6 +174,68 @@ static bool add_extension_to_cert(X509 *issuer, X509 *subj, /*const */char *name
 
 /******************************************************************************
 *                                                                             *
+*  Paramètres  : bits = taille de la clef en nombre de bits.                  *
+*                e    = valeur de l'exposant destiné à la clef.               *
+*                                                                             *
+*  Description : Crée une paire de clefs RSA.                                 *
+*                                                                             *
+*  Retour      : Clef RSA mise en place.                                      *
+*                                                                             *
+*  Remarques   : -                                                            *
+*                                                                             *
+******************************************************************************/
+
+static RSA *generate_rsa_key(unsigned int bits, unsigned long e)
+{
+    RSA *result;                            /* Clef à retourner            */
+    BIGNUM *bne;                            /* Autre version de l'exposant */
+    int ret;                                /* Bilan d'un appel            */
+
+    bne = BN_new();
+    if (bne == NULL)
+    {
+        log_variadic_message(LMT_ERROR, _("Unable to create a BIGNUM structure (error=%lu)"), ERR_get_error());
+        goto grk_no_bne;
+    }
+
+    ret = BN_set_word(bne, e);
+    if (ret != 1) goto grk_bne_failed;
+
+    result = RSA_new();
+    if (bne == NULL)
+    {
+        log_variadic_message(LMT_ERROR, _("Unable to create a RSA key (error=%lu)"), ERR_get_error());
+        goto grk_no_rsa;
+    }
+
+    ret = RSA_generate_key_ex(result, bits, bne, NULL);
+    if (ret != 1)
+    {
+        log_variadic_message(LMT_ERROR, _("Unable to generate RSA key (error=%lu)"), ERR_get_error());
+
+        RSA_free(result);
+        result = NULL;
+
+        goto grk_done;
+    }
+
+ grk_done:
+
+ grk_no_rsa:
+
+ grk_bne_failed:
+
+    BN_free(bne);
+
+ grk_no_bne:
+
+    return result;
+
+}
+
+
+/******************************************************************************
+*                                                                             *
 *  Paramètres  : dir     = répertoire d'enregistrement de la création.        *
 *                label   = étiquette à coller au certificat produit.          *
 *                valid   = durée de validité en secondes.                     *
@@ -194,12 +259,8 @@ bool make_ca(const char *dir, const char *label, unsigned long valid, const x509
     char *filename;                         /* Chemin d'accès à un fichier */
     FILE *stream;                           /* Flux ouvert en écriture     */
 
-    rsa = RSA_generate_key(4096, 17, NULL, NULL);
-    if (rsa == NULL)
-    {
-        log_variadic_message(LMT_ERROR, _("Unable to generate RSA key (error=%lu)"), ERR_get_error());
-        goto rsa_failed;
-    }
+    rsa = generate_rsa_key(4096, 17);
+    if (rsa == NULL) goto rsa_failed;
 
     pk = EVP_PKEY_new();
     if (pk == NULL) goto pk_failed;
@@ -402,12 +463,8 @@ bool make_request(const char *dir, const char *label, const x509_entries *entrie
     char *filename;                         /* Chemin d'accès à un fichier */
     FILE *stream;                           /* Flux ouvert en écriture     */
 
-    rsa = RSA_generate_key(2048, 17, NULL, NULL);
-    if (rsa == NULL)
-    {
-        log_variadic_message(LMT_ERROR, _("Unable to generate RSA key (error=%lu)"), ERR_get_error());
-        goto rsa_failed;
-    }
+    rsa = generate_rsa_key(2048, 17);
+    if (rsa == NULL) goto rsa_failed;
 
     pk = EVP_PKEY_new();
     if (pk == NULL) goto pk_failed;
diff --git a/tests/analysis/db/certs.py b/tests/analysis/db/certs.py
index c4dfa32..ead768e 100644
--- a/tests/analysis/db/certs.py
+++ b/tests/analysis/db/certs.py
@@ -63,7 +63,7 @@ class TestRestrictedContent(ChrysalideTestCase):
 
         cmd = 'openssl x509 -in %s/ca-cert.pem -subject -noout' % self._tmppath
 
-        expected = b'subject= /C=UK/CN=OpenSSL Group\n'
+        expected = b'subject=C = UK, CN = OpenSSL Group\n'
 
         self.checkOutput(cmd, expected)
 
@@ -99,7 +99,7 @@ class TestRestrictedContent(ChrysalideTestCase):
 
         cmd = 'openssl x509 -in %s/server-cert.pem -subject -noout' % self._tmppath
 
-        expected = b'subject= /C=UK/CN=OpenSSL Group\n'
+        expected = b'subject=C = UK, CN = OpenSSL Group\n'
 
         self.checkOutput(cmd, expected)
 
-- 
cgit v0.11.2-87-g4458