From cb2c84b0ad9aadd4c92d8ef978c2bfca578cd3c4 Mon Sep 17 00:00:00 2001
From: Mark Dain <mark@markdain.net>
Date: Sat, 21 Nov 2020 13:56:37 +0000
Subject: [PATCH] Switch to using ECDSA (secp384r1) keys

---
 src/tls.c | 13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

diff --git a/src/tls.c b/src/tls.c
index f7ed344..e3653f2 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -23,17 +23,12 @@ tls_host_gencert(struct gmnisrv_tls *tlsconf, struct gmnisrv_host *host,
 	EVP_PKEY *pkey = EVP_PKEY_new();
 	assert(pkey);
 
-	BIGNUM *bn = BN_new();
-	assert(bn);
-	BN_set_word(bn, RSA_F4);
-
-	RSA* rsa = RSA_new();
-	assert(rsa);
-	int r = RSA_generate_key_ex(rsa, 4096, bn, NULL);
+	EC_KEY* ec_key = EC_KEY_new_by_curve_name(NID_secp384r1);
+	assert(ec_key);
+	int r = EC_KEY_generate_key(ec_key);
 	assert(r == 1);
-	BN_free(bn);
 
-	EVP_PKEY_assign_RSA(pkey, rsa);
+	EVP_PKEY_assign_EC_KEY(pkey, ec_key);
 
 	X509 * x509 = X509_new();
 	assert(x509);