[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 08/11] pki_crypto: use DSA_generate_parameters_ex for BoringSSL
[Thread Prev] | [Thread Next]
- Subject: [PATCH 08/11] pki_crypto: use DSA_generate_parameters_ex for BoringSSL
- From: Jon Simons <jon@xxxxxxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Sat, 9 Sep 2017 20:12:51 -0700
- To: libssh@xxxxxxxxxx
- Cc: Jon Simons <jon@xxxxxxxxxxxxx>
It is possible to compile with BoringSSL and the deprecated
'DSA_generate_parameters' function, but by default on my setup
the link stage will fail.
Use the non-deprecated 'DSA_generate_parameters_ex' when
building with BoringSSL to fix this.
Signed-off-by: Jon Simons <jon@xxxxxxxxxxxxx>
---
src/pki_crypto.c | 23 +++++++++++++++++++++++
1 file changed, 23 insertions(+)
diff --git a/src/pki_crypto.c b/src/pki_crypto.c
index f2faa15f..7f5205b3 100644
--- a/src/pki_crypto.c
+++ b/src/pki_crypto.c
@@ -456,11 +456,34 @@ int pki_key_generate_rsa(ssh_key key, int parameter){
int pki_key_generate_dss(ssh_key key, int parameter){
int rc;
+
+#if !defined(OPENSSL_IS_BORINGSSL)
key->dsa = DSA_generate_parameters(parameter, NULL, 0, NULL, NULL,
NULL, NULL);
if(key->dsa == NULL){
return SSH_ERROR;
}
+#else /* !defined(OPENSSL_IS_BORINGSSL) */
+ DSA *dsa = DSA_new();
+ if (dsa == NULL) {
+ return SSH_ERROR;
+ }
+
+ rc = DSA_generate_parameters_ex(dsa, /* DSA */
+ parameter, /* bits */
+ NULL, /* seed_in */
+ 0, /* seed_len */
+ NULL, /* out_counter */
+ NULL, /* out_h */
+ NULL); /* cb */
+ if (rc != 1) {
+ DSA_free(dsa);
+ return SSH_ERROR;
+ }
+
+ key->dsa = dsa;
+#endif /* !defined(OPENSSL_IS_BORINGSSL) */
+
rc = DSA_generate_key(key->dsa);
if (rc != 1){
DSA_free(key->dsa);
--
2.14.1
| [PATCH 00/11] libssh: enable building with BoringSSL | Jon Simons <jon@xxxxxxxxxxxxx> |