commit 4283d65fc11cfc822258a3969260d2dce0638ad4
from: Omar Polo <op@omarpolo.com>
date: Wed Feb 10 14:25:39 2021 UTC

don't allocate BIGNUM on the stack

on fedora 33 the BIGNUM type is opaque.  Allocate always to avoid headaches.

commit - f6b9a079e378d2891906510206419fd28f3ff890
commit + 4283d65fc11cfc822258a3969260d2dce0638ad4
blob - 66c7ced24a7b4af27b971aa69402bc72d33239a6
blob + 9c88b8363aa57ec08a5a884431e50a01a5cee042
--- utils.c
+++ utils.c
@@ -17,6 +17,7 @@
 #include <errno.h>
 #include <string.h>
 
+#include <openssl/bn.h>
 #include <openssl/pem.h>
 #include <openssl/x509_vfy.h>
 #include <openssl/x509v3.h>
@@ -116,7 +117,7 @@ xstrdup(const char *s)
 void
 gen_certificate(const char *host, const char *certpath, const char *keypath)
 {
-	BIGNUM		e;
+	BIGNUM		*e;
 	EVP_PKEY	*pkey;
 	RSA		*rsa;
 	X509		*x509;
@@ -132,11 +133,13 @@ gen_certificate(const char *host, const char *certpath
                 fatal("couldn't create a new private key");
 
 	if ((rsa = RSA_new()) == NULL)
-		fatal("could'nt generate rsa");
+		fatal("couldn't generate rsa");
 
-	BN_init(&e);
-	BN_set_word(&e, 17);
-	if (!RSA_generate_key_ex(rsa, 4096, &e, NULL))
+	if ((e = BN_new()) == NULL)
+		fatal("couldn't allocate a bignum");
+
+	BN_set_word(e, 17);
+	if (!RSA_generate_key_ex(rsa, 4096, e, NULL))
 		fatal("couldn't generate a rsa key");
 
 	if (!EVP_PKEY_assign_RSA(pkey, rsa))
@@ -174,6 +177,7 @@ gen_certificate(const char *host, const char *certpath
 		fatal("couldn't write cert");
 	fclose(f);
 
+	BN_free(e);
 	X509_free(x509);
 	RSA_free(rsa);
 }