Use RSA_generate_key_ex where available.

svn:r17804

2 files changed, 28 insertions, 0 deletions

diff --git a/ChangeLog b/ChangeLog
index 3eef25c4f..186101064 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,8 @@ Changes in version 0.2.1.10-alpha - 2009-01-??
       of which countries we've seen clients from recently. Now controllers
       like Vidalia can show bridge operators that they're actually making
       a difference.
+    - Build correctly against versions of OpenSSL 0.9.8 or later built
+      without support for deprecated functions.
 
   o Minor bugfixes (performance):
     - Squeeze 2-5% out of client performance (according to oprofile) by
diff --git a/src/common/crypto.c b/src/common/crypto.c
index 6686017bc..2c892fbc1 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -406,7 +406,33 @@ crypto_pk_generate_key(crypto_pk_env_t *env)
 
   if (env->key)
     RSA_free(env->key);
+#if OPENSSL_VERSION_NUMBER < 0x00908000l
+  /* In openssl 0.9.7, RSA_generate_key is all we have. */
   env->key = RSA_generate_key(PK_BYTES*8,65537, NULL, NULL);
+#else
+  /* In openssl 0.9.8, RSA_generate_key is deprecated. */
+  {
+    BIGNUM *e = BN_new();
+    RSA *r = NULL;
+    if (!e)
+      goto done;
+    if (! BN_set_word(e, 65537))
+      goto done;
+    r = RSA_new();
+    if (!r)
+      goto done;
+    if (RSA_generate_key_ex(r, PK_BYTES*8, e, NULL) == -1)
+      goto done;
+
+    env->key = r;
+    r = NULL;
+  done:
+    if (e)
+      BN_free(e);
+    if (r)
+      RSA_free(r);
+    }
+#endif
   if (!env->key) {
     crypto_log_errors(LOG_WARN, "generating RSA key");
     return -1;