[PATCH v2] pki_crypto: Replace deprecated RSA_generate_key() with RSA_generate_key_ex()

[Petar Koretic <petar.koretic@xxxxxxxxxx>]

On Mar 16, 09:41, Aris Adamantiadis wrote:
> Hi Petar,
> I agree with the principle, but I don't think this code can work...
> RSA_generate_key takes an RSA* as parameter and in our code we probably
> have key->rsa==NULL. (if we don't then the old code had a memory leak).
>
> Does the test case work ?
>
> Aris
>

Yes, you are right. This works, tested with tests/unittests/torture_pki

Signed-off-by: Petar Koretic <petar.koretic@xxxxxxxxxx>
---
 src/pki_crypto.c | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/src/pki_crypto.c b/src/pki_crypto.c
index 89bb538..ccf05f4 100644
--- a/src/pki_crypto.c
+++ b/src/pki_crypto.c
@@ -383,10 +383,20 @@ fail:
 }
 
 int pki_key_generate_rsa(ssh_key key, int parameter){
-    key->rsa = RSA_generate_key(parameter, 65537, NULL, NULL);
-    if(key->rsa == NULL)
-        return SSH_ERROR;
-    return SSH_OK;
+	BIGNUM *e;
+	int rc;
+
+	e = BN_new();
+	key->rsa = RSA_new();
+
+	BN_set_word(e, 65537);
+	rc = RSA_generate_key_ex(key->rsa, parameter, e, NULL);
+
+	BN_free(e);
+
+	if (rc == -1 || key->rsa == NULL)
+		return SSH_ERROR;
+	return SSH_OK;
 }
 
 int pki_key_generate_dss(ssh_key key, int parameter){
-- 
1.9.0