Fix build warnings with OpenSSL 3+

signalwire · Nov 30, 2024 · baffd86 · baffd86
1 parent 9d83282
commit baffd86
Show file tree

Hide file tree

Showing 3 changed files with 50 additions and 34 deletions.
diff --git a/src/ks_ssl.c b/src/ks_ssl.c
@@ -180,56 +180,64 @@ KS_DECLARE(int) ks_gen_cert(const char *dir, const char *file)
 	return(0);
 }
 
-static int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days)
+static EVP_PKEY *generate_rsa_key(int bits)
 {
-	X509 *x;
+#if OPENSSL_VERSION_NUMBER >= 0x30000000
+	return EVP_RSA_gen(bits);
+#else
 	EVP_PKEY *pk;
 	RSA *rsa;
-	X509_NAME *name = NULL;
-
-	ks_assert(pkeyp);
-	ks_assert(x509p);
 
-	if (*pkeyp == NULL) {
-		if ((pk = EVP_PKEY_new()) == NULL) {
-			abort();
-		}
-	} else {
-		pk = *pkeyp;
+	pk = EVP_PKEY_new();
+	if (pk == NULL) {
+		return NULL;
 	}
 
-	if (*x509p == NULL) {
-		if ((x = X509_new()) == NULL) {
-			goto err;
+# if OPENSSL_VERSION_NUMBER >= 0x10100000
+	rsa = RSA_new();
+	{
+		static const BN_ULONG ULONG_RSA_F4 = RSA_F4;
+		BIGNUM* BN_value_RSA_F4 = BN_new();
+		if (!BN_value_RSA_F4) {
+			RSA_free(rsa);
+			EVP_PKEY_free(pk);
+			return NULL;
 		}
-	} else {
-		x = *x509p;
+		BN_set_word(BN_value_RSA_F4,ULONG_RSA_F4);
+		RSA_generate_key_ex(rsa, bits, BN_value_RSA_F4, NULL);
+		BN_free(BN_value_RSA_F4);
 	}
+# else
+	rsa = RSA_generate_key(bits, RSA_F4, NULL, NULL);
+# endif
 
+	if (!EVP_PKEY_assign_RSA(pk, rsa)) {
+		RSA_free(rsa);
+		EVP_PKEY_free(pk);
+		return NULL;
+	}
 
-#if OPENSSL_VERSION_NUMBER >= 0x10100000
-    rsa = RSA_new();
-    {
-        static const BN_ULONG ULONG_RSA_F4 = RSA_F4;
-        BIGNUM* BN_value_RSA_F4 = BN_new();
-        if (!BN_value_RSA_F4) {
-            abort();
-            goto err;
-        }
-        BN_set_word(BN_value_RSA_F4,ULONG_RSA_F4);
-        RSA_generate_key_ex(rsa, bits, BN_value_RSA_F4, NULL);
-        BN_free(BN_value_RSA_F4);
-    }
-#else
-    rsa = RSA_generate_key(bits, RSA_F4, NULL, NULL);
+	return pk;
 #endif
+}
 
-	if (!EVP_PKEY_assign_RSA(pk, rsa)) {
+static int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days)
+{
+	X509 *x;
+	EVP_PKEY *pk;
+	X509_NAME *name = NULL;
+
+	ks_assert(pkeyp);
+	ks_assert(x509p);
+
+	if ((pk = generate_rsa_key(bits)) == NULL) {
 		abort();
 		goto err;
 	}
 
-	rsa = NULL;
+	if ((x = X509_new()) == NULL) {
+		goto err;
+	}
 
 	X509_set_version(x, 0);
 	ASN1_INTEGER_set(X509_get_serialNumber(x), serial);

diff --git a/src/kws.c b/src/kws.c
@@ -176,12 +176,16 @@ static int b64encode(unsigned char *in, ks_size_t ilen, unsigned char *out, ks_s
 
 static void sha1_digest(unsigned char *digest, char *in)
 {
+#if OPENSSL_VERSION_NUMBER >= 0x30000000
+	SHA1(in, strlen(in), digest);
+#else
 	SHA_CTX sha;
 
 	SHA1_Init(&sha);
 	SHA1_Update(&sha, in, strlen(in));
 	SHA1_Final(digest, &sha);
 
+#endif
 }
 
 /* fix me when we get real rand funcs in ks */

diff --git a/tests/testwebsock2.c b/tests/testwebsock2.c
@@ -97,11 +97,15 @@ static void sha1_digest(char *digest, unsigned char *in)
 
 static void sha1_digest(unsigned char *digest, char *in)
 {
+#if OPENSSL_VERSION_NUMBER >= 0x30000000
+	SHA1(in, strlen(in), digest);
+#else
 	SHA_CTX sha;
 
 	SHA1_Init(&sha);
 	SHA1_Update(&sha, in, strlen(in));
 	SHA1_Final(digest, &sha);
+#endif
 }
 #endif