Revert "bmcweb: Fix a bunch of warnings"
This reverts commit 6ea007a2faec52ad62680015d2a3f00371a1e351.
Reason for revert: Reports of bmcweb seg faults.
Change-Id: I408f1bb29c2f8e427a6621cdaac8c31b847ebf06
diff --git a/include/ssl_key_handler.hpp b/include/ssl_key_handler.hpp
index 133d40d..34a7c04 100644
--- a/include/ssl_key_handler.hpp
+++ b/include/ssl_key_handler.hpp
@@ -17,7 +17,9 @@
namespace ensuressl
{
static void initOpenssl();
-static EVP_PKEY *createKey();
+static void cleanupOpenssl();
+static EVP_PKEY *createRsaKey();
+static EVP_PKEY *createEcKey();
static void handleOpensslError();
inline bool verifyOpensslKeyCert(const std::string &filepath)
@@ -108,7 +110,7 @@
// EVP_PKEY *pRsaPrivKey = create_rsa_key();
std::cerr << "Generating EC key\n";
- EVP_PKEY *pRsaPrivKey = createKey();
+ EVP_PKEY *pRsaPrivKey = createEcKey();
if (pRsaPrivKey != nullptr)
{
std::cerr << "Generating x509 Certificate\n";
@@ -175,16 +177,9 @@
// cleanup_openssl();
}
-EVP_PKEY *createKey()
+
+EVP_PKEY *createRsaKey()
{
- EVP_PKEY *pKey = NULL;
- pKey = EVP_PKEY_new();
- if (pKey == nullptr)
- {
- handleOpensslError();
- return nullptr;
- }
-#if BMCWEB_RSA_KEY
RSA *pRSA = NULL;
#if OPENSSL_VERSION_NUMBER < 0x00908000L
pRSA = RSA_generate_key(2048, RSA_3, NULL, NULL);
@@ -192,54 +187,60 @@
RSA_generate_key_ex(pRSA, 2048, NULL, NULL);
#endif
- if ((pRSA != nullptr) || EVP_PKEY_assign_RSA(pKey, pRSA) != 1)
+ EVP_PKEY *pKey = EVP_PKEY_new();
+ if ((pRSA != nullptr) && (pKey != nullptr) &&
+ EVP_PKEY_assign_RSA(pKey, pRSA))
+ {
+ /* pKey owns pRSA from now */
+ if (RSA_check_key(pRSA) <= 0)
+ {
+ fprintf(stderr, "RSA_check_key failed.\n");
+ handleOpensslError();
+ EVP_PKEY_free(pKey);
+ pKey = NULL;
+ }
+ }
+ else
{
handleOpensslError();
if (pRSA != nullptr)
{
RSA_free(pRSA);
+ pRSA = NULL;
}
if (pKey != nullptr)
{
EVP_PKEY_free(pKey);
+ pKey = NULL;
}
- return nullptr;
}
+ return pKey;
+}
- /* pKey owns pRSA from now */
- if (RSA_check_key(pRSA) != 1)
- {
- fprintf(stderr, "RSA_check_key failed.\n");
- handleOpensslError();
- EVP_PKEY_free(pKey);
- return nullptr;
- }
+EVP_PKEY *createEcKey()
+{
+ EVP_PKEY *pKey = NULL;
+ int eccgrp = 0;
+ eccgrp = OBJ_txt2nid("prime256v1");
-#else
- int eccgrp = OBJ_txt2nid("prime256v1");
EC_KEY *myecc = EC_KEY_new_by_curve_name(eccgrp);
- if (myecc == nullptr)
+ if (myecc != nullptr)
{
- handleOpensslError();
- return nullptr;
+ EC_KEY_set_asn1_flag(myecc, OPENSSL_EC_NAMED_CURVE);
+ EC_KEY_generate_key(myecc);
+ pKey = EVP_PKEY_new();
+ if (pKey != nullptr)
+ {
+ if (EVP_PKEY_assign_EC_KEY(pKey, myecc))
+ {
+ /* pKey owns pRSA from now */
+ if (EC_KEY_check_key(myecc) <= 0)
+ {
+ fprintf(stderr, "EC_check_key failed.\n");
+ }
+ }
+ }
}
-
- EC_KEY_set_asn1_flag(myecc, OPENSSL_EC_NAMED_CURVE);
- if (EC_KEY_generate_key(myecc) != 1)
- {
- handleOpensslError();
- EC_KEY_free(myecc);
- return nullptr;
- }
-
- if (EVP_PKEY_assign_EC_KEY(pKey, myecc) != 1)
- {
- handleOpensslError();
- EC_KEY_free(myecc);
- return nullptr;
- }
-
-#endif
return pKey;
}
@@ -252,6 +253,16 @@
#endif
}
+void cleanupOpenssl()
+{
+ CRYPTO_cleanup_all_ex_data();
+ ERR_free_strings();
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ ERR_remove_thread_state(0);
+#endif
+ EVP_cleanup();
+}
+
void handleOpensslError()
{
ERR_print_errors_fp(stderr);