From 90c3450e446ccdad3c8200bca032d6791dcb93ce Mon Sep 17 00:00:00 2001
From: Chris Koeritz <fred@gruntose.com>
Date: Wed, 16 Aug 2017 02:54:23 +0000
Subject: [PATCH] updated for new openssl

---
 nucleus/library/crypto/rsa_crypto.cpp | 15 ++++++++++++---
 nucleus/library/crypto/ssl_init.cpp   |  8 ++++++--
 nucleus/library/crypto/ssl_init.h     | 11 ++++++-----
 3 files changed, 24 insertions(+), 10 deletions(-)

diff --git a/nucleus/library/crypto/rsa_crypto.cpp b/nucleus/library/crypto/rsa_crypto.cpp
index 231df924..165f66b6 100644
--- a/nucleus/library/crypto/rsa_crypto.cpp
+++ b/nucleus/library/crypto/rsa_crypto.cpp
@@ -31,6 +31,7 @@
 #include <structures/static_memory_gremlin.h>
 
 #include <openssl/bn.h>
+#include <openssl/err.h>
 #include <openssl/rsa.h>
 
 using namespace basis;
@@ -118,12 +119,20 @@ RSA *rsa_crypto::generate_key(int key_size)
   static_ssl_initializer();
   LOG("into generate key");
   auto_synchronizer mutt(__single_stepper());
-  RSA *to_return = RSA_generate_key(key_size, 65537, NULL_POINTER, NULL_POINTER);
-  if (!to_return) {
+  RSA *to_return = RSA_new();
+  BIGNUM *e = BN_new();
+  BN_set_word(e, 65537);
+//hmmm: only one value of e?
+  int ret = RSA_generate_key_ex(to_return, key_size, e, NULL_POINTER);
+  if (!ret) {
     continuable_error(static_class_name(), func,
-        a_sprintf("failed to generate a key of %d bits.", key_size));
+        a_sprintf("failed to generate a key of %d bits: error is %ld.", key_size, ERR_get_error()));
+    BN_free(e);
+    RSA_free(to_return);
+    return NULL;
   }
   LOG("after key generated");
+  BN_free(e);
   return to_return;
 }
 
diff --git a/nucleus/library/crypto/ssl_init.cpp b/nucleus/library/crypto/ssl_init.cpp
index 128cd54d..161874cb 100644
--- a/nucleus/library/crypto/ssl_init.cpp
+++ b/nucleus/library/crypto/ssl_init.cpp
@@ -70,8 +70,12 @@ ssl_init::~ssl_init()
   FUNCDEF("dtor");
   LOG("prior to crypto cleanup");
   CRYPTO_cleanup_all_ex_data();
-  LOG("prior to err remove state");
-  ERR_remove_state(0);
+
+//hmmm: deprecated
+//  LOG("prior to err remove state");
+//  ERR_remove_thread_state(NULL);
+
+
 //THIS HAD TO be removed in most recent openssl; does it exist?
 //  LOG("prior to mem leaks fp");
 //  CRYPTO_mem_leaks_fp(stderr);
diff --git a/nucleus/library/crypto/ssl_init.h b/nucleus/library/crypto/ssl_init.h
index fc1d8af2..9ea05d79 100644
--- a/nucleus/library/crypto/ssl_init.h
+++ b/nucleus/library/crypto/ssl_init.h
@@ -28,12 +28,13 @@ namespace crypto {
   very bottom and it will be managed globally for the entire program.
 */
 
-//we define NEWER_OPENSSL for those places where we're using openssl 1.1.1.
-#if defined(_MSC_VER)
+//// //we define NEWER_OPENSSL for those places where we're using openssl 1.1.1.
+//// #if defined(_MSC_VER)
   #define NEWER_OPENSSL
-#else
-//  #define OLDER_OPENSSL
-#endif
+//hmmm: to be cleaned up; should assume only new ssl from now on.
+//// #else
+//// //  #define OLDER_OPENSSL
+//// #endif
 
 class ssl_init : public virtual basis::nameable
 {
-- 
2.34.1