From 6071feca051c82c0a830c3c98f288544ae1d50c7 Mon Sep 17 00:00:00 2001
From: Ewoud Kohl van Wijngaarden <ewoud@kohlvanwijngaarden.nl>
Date: Thu, 18 Jul 2024 17:58:58 +0200
Subject: [PATCH] Use OpenSSL::PKey.generate_pkey instead of
 OpenSSL::PKey::Algo

This is the recommended way to generate private keys.
---
 lib/puppet/provider/ssl_pkey/openssl.rb | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/lib/puppet/provider/ssl_pkey/openssl.rb b/lib/puppet/provider/ssl_pkey/openssl.rb
index 8ca7df9..4fb7cb8 100644
--- a/lib/puppet/provider/ssl_pkey/openssl.rb
+++ b/lib/puppet/provider/ssl_pkey/openssl.rb
@@ -9,20 +9,25 @@ def self.dirname(resource)
     resource[:path].dirname
   end
 
-  def self.generate_key(resource)
+  # @see man openssl genpkey
+  def self.generate_key_params(resource)
     case resource[:authentication]
     when :dsa
-      OpenSSL::PKey::DSA.new(resource[:size])
+      OpenSSL::PKey.generate_parameters('DSA', 'dsa_paramgen_bits' => resource[:size])
     when :rsa
-      OpenSSL::PKey::RSA.new(resource[:size])
+      OpenSSL::PKey.generate_parameters('RSA', 'rsa_keygen_bits' => resource[:size])
     when :ec
-      OpenSSL::PKey::EC.new(resource[:curve]).generate_key
+      OpenSSL::PKey.generate_parameters('EC', 'ec_paramgen_curve' => resource[:curve])
     else
       raise Puppet::Error,
             "Unknown authentication type '#{resource[:authentication]}'"
     end
   end
 
+  def self.generate_key(resource)
+    OpenSSL::PKey.generate_key(generate_key_params(resource))
+  end
+
   def self.to_pem(resource, key)
     if resource[:password]
       cipher = OpenSSL::Cipher.new('des3')