]> gitweb.factorcode.org Git - factor.git/commitdiff
projects / factor.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8073c8a)
openssl: only set RSA keys if required to do so 1532/head
authorBenjamin Pollack <benjamin@bitquabit.com>
Tue, 23 Feb 2016 13:09:07 +0000 (08:09 -0500)
committerBenjamin Pollack <benjamin@bitquabit.com>
Tue, 23 Feb 2016 13:11:04 +0000 (08:11 -0500)
Modern OpenSSL and LibreSSL both do not require SSL_CTX_set_tmp_rsa to
be called unless SSL_CTX_need_tmp_rsa returns true, and LibreSSL and
OpenSSL compiled with deprecation warnings both will fail if this
happens. This commit resolves that.

With this change, it becomes possible to use LibreSSL in place of
OpenSSL with Factor.

basis/io/sockets/secure/openssl/openssl.factor patch | blob | history
basis/openssl/libssl/libssl.factor patch | blob | history

diff --git a/basis/io/sockets/secure/openssl/openssl.factor b/basis/io/sockets/secure/openssl/openssl.factor
index 3ae50958c54c639c11f2a9e5919d8360ca8b78aa..c8e3570b2731fcf12a0aa60df8f3b78426ae26a9 100644 (file)
--- a/basis/io/sockets/secure/openssl/openssl.factor
+++ b/basis/io/sockets/secure/openssl/openssl.factor
@@ -123,17 +123,21 @@ TUPLE: rsa < disposable handle ;
 
 M: rsa dispose* handle>> RSA_free ;
 
+: needs-rsa-key ( ctx -- ? )
+    handle>> SSL_CTX_need_tmp_rsa 0 = not ; inline
+
 : generate-eph-rsa-key ( ctx -- )
-    [ handle>> ]
-    [| ctx |
-        RSA_new :> rsa-struct
-            rsa-struct
-            ctx config>> ephemeral-key-bits>>
-            RSA_F4 number>bn &BN_clear_free
-            f RSA_generate_key_ex
-        ssl-error rsa-struct <rsa> &dispose handle>>
-    ] bi
-    SSL_CTX_set_tmp_rsa ssl-error ;
+    dup needs-rsa-key [
+        [ handle>> ]
+        [| ctx |
+            RSA_new :> rsa-struct
+                rsa-struct
+                ctx config>> ephemeral-key-bits>>
+                RSA_F4 number>bn &BN_clear_free
+                f RSA_generate_key_ex
+            ssl-error rsa-struct <rsa> &dispose handle>>
+        ] bi
+    SSL_CTX_set_tmp_rsa ssl-error ] [ drop ] if ;
 
 : <openssl-context> ( config ctx -- context )
     openssl-context new-disposable
diff --git a/basis/openssl/libssl/libssl.factor b/basis/openssl/libssl/libssl.factor
index 2a3b3fd2e3f2afa652d340721a5eebc64504ec59..a4bfd8404b44219833d5eb3db4e1d23b34d35d64 100644 (file)
--- a/basis/openssl/libssl/libssl.factor
+++ b/basis/openssl/libssl/libssl.factor
@@ -410,6 +410,9 @@ FUNCTION: void SSL_CTX_set_tmp_rsa_callback ( SSL_CTX* ctx, void* rsa )
 
 FUNCTION: void* BIO_f_ssl (  )
 
+: SSL_CTX_need_tmp_rsa ( ctx -- n )
+    SSL_CTRL_NEED_TMP_RSA 0 f SSL_CTX_ctrl ;
+
 : SSL_CTX_set_tmp_rsa ( ctx rsa -- n )
     [ SSL_CTRL_SET_TMP_RSA 0 ] dip SSL_CTX_ctrl ;
 
Factor programming language