]>
Commit | Line | Data |
---|---|---|
58964a49 | 1 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
d02b48c6 RE |
2 | * All rights reserved. |
3 | * | |
4 | * This package is an SSL implementation written | |
5 | * by Eric Young (eay@cryptsoft.com). | |
6 | * The implementation was written so as to conform with Netscapes SSL. | |
0f113f3e | 7 | * |
d02b48c6 RE |
8 | * This library is free for commercial and non-commercial use as long as |
9 | * the following conditions are aheared to. The following conditions | |
10 | * apply to all code found in this distribution, be it the RC4, RSA, | |
11 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
12 | * included with this distribution is covered by the same copyright terms | |
13 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
0f113f3e | 14 | * |
d02b48c6 RE |
15 | * Copyright remains Eric Young's, and as such any Copyright notices in |
16 | * the code are not to be removed. | |
17 | * If this package is used in a product, Eric Young should be given attribution | |
18 | * as the author of the parts of the library used. | |
19 | * This can be in the form of a textual message at program startup or | |
20 | * in documentation (online or textual) provided with the package. | |
0f113f3e | 21 | * |
d02b48c6 RE |
22 | * Redistribution and use in source and binary forms, with or without |
23 | * modification, are permitted provided that the following conditions | |
24 | * are met: | |
25 | * 1. Redistributions of source code must retain the copyright | |
26 | * notice, this list of conditions and the following disclaimer. | |
27 | * 2. Redistributions in binary form must reproduce the above copyright | |
28 | * notice, this list of conditions and the following disclaimer in the | |
29 | * documentation and/or other materials provided with the distribution. | |
30 | * 3. All advertising materials mentioning features or use of this software | |
31 | * must display the following acknowledgement: | |
32 | * "This product includes cryptographic software written by | |
33 | * Eric Young (eay@cryptsoft.com)" | |
34 | * The word 'cryptographic' can be left out if the rouines from the library | |
35 | * being used are not cryptographic related :-). | |
0f113f3e | 36 | * 4. If you include any Windows specific code (or a derivative thereof) from |
d02b48c6 RE |
37 | * the apps directory (application code) you must include an acknowledgement: |
38 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
0f113f3e | 39 | * |
d02b48c6 RE |
40 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
41 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
42 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
43 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
44 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
45 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
46 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
48 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
49 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
50 | * SUCH DAMAGE. | |
0f113f3e | 51 | * |
d02b48c6 RE |
52 | * The licence and distribution terms for any publically available version or |
53 | * derivative of this code cannot be changed. i.e. this code cannot simply be | |
54 | * copied and put under another distribution licence | |
55 | * [including the GNU Public Licence.] | |
56 | */ | |
57 | ||
3eeaab4b | 58 | #include <openssl/opensslconf.h> |
5daec7ea | 59 | |
cf1b7d96 | 60 | #ifndef OPENSSL_NO_RSA |
0f113f3e MC |
61 | # include <stdio.h> |
62 | # include <string.h> | |
63 | # include <sys/types.h> | |
64 | # include <sys/stat.h> | |
65 | # include "apps.h" | |
66 | # include <openssl/bio.h> | |
67 | # include <openssl/err.h> | |
68 | # include <openssl/bn.h> | |
69 | # include <openssl/rsa.h> | |
70 | # include <openssl/evp.h> | |
71 | # include <openssl/x509.h> | |
72 | # include <openssl/pem.h> | |
73 | # include <openssl/rand.h> | |
d02b48c6 | 74 | |
0f113f3e | 75 | # define DEFBITS 2048 |
d02b48c6 | 76 | |
6d23cf97 | 77 | static int genrsa_cb(int p, int n, BN_GENCB *cb); |
667ac4ec | 78 | |
7e1b7485 RS |
79 | typedef enum OPTION_choice { |
80 | OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, | |
81 | OPT_3, OPT_F4, OPT_NON_FIPS_ALLOW, OPT_ENGINE, | |
82 | OPT_OUT, OPT_RAND, OPT_PASSOUT, OPT_CIPHER | |
83 | } OPTION_CHOICE; | |
667ac4ec | 84 | |
7e1b7485 RS |
85 | OPTIONS genrsa_options[] = { |
86 | {"help", OPT_HELP, '-', "Display this summary"}, | |
87 | {"3", OPT_3, '-', "Use 3 for the E value"}, | |
88 | {"F4", OPT_F4, '-', "Use F4 (0x10001) for the E value"}, | |
89 | {"f4", OPT_F4, '-', "Use F4 (0x10001) for the E value"}, | |
90 | {"non-fips-allow", OPT_NON_FIPS_ALLOW, '-'}, | |
91 | {"out", OPT_OUT, 's', "Output the key to specified file"}, | |
92 | {"rand", OPT_RAND, 's', | |
93 | "Load the file(s) into the random number generator"}, | |
94 | {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, | |
95 | {"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"}, | |
0f113f3e | 96 | # ifndef OPENSSL_NO_ENGINE |
7e1b7485 | 97 | {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, |
0f113f3e | 98 | # endif |
7e1b7485 RS |
99 | {NULL} |
100 | }; | |
101 | ||
102 | int genrsa_main(int argc, char **argv) | |
103 | { | |
104 | BN_GENCB *cb = BN_GENCB_new(); | |
3b061a00 | 105 | PW_CB_DATA cb_data; |
7e1b7485 RS |
106 | ENGINE *e = NULL; |
107 | BIGNUM *bn = BN_new(); | |
108 | BIO *out = NULL; | |
109 | RSA *rsa = NULL; | |
0f113f3e | 110 | const EVP_CIPHER *enc = NULL; |
3b061a00 | 111 | int ret = 1, non_fips_allow = 0, num = DEFBITS, private = 0; |
0f113f3e | 112 | unsigned long f4 = RSA_F4; |
7e1b7485 | 113 | char *outfile = NULL, *passoutarg = NULL, *passout = NULL; |
333b070e | 114 | char *inrand = NULL, *prog, *hexe, *dece; |
7e1b7485 | 115 | OPTION_CHOICE o; |
348d0d14 | 116 | |
7e1b7485 RS |
117 | if (!bn || !cb) |
118 | goto end; | |
348d0d14 | 119 | |
0f113f3e | 120 | BN_GENCB_set(cb, genrsa_cb, bio_err); |
d02b48c6 | 121 | |
7e1b7485 RS |
122 | prog = opt_init(argc, argv, genrsa_options); |
123 | while ((o = opt_next()) != OPT_EOF) { | |
124 | switch (o) { | |
125 | case OPT_EOF: | |
126 | case OPT_ERR: | |
127 | BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); | |
128 | goto end; | |
129 | case OPT_HELP: | |
130 | ret = 0; | |
131 | opt_help(genrsa_options); | |
132 | goto end; | |
133 | case OPT_3: | |
0f113f3e | 134 | f4 = 3; |
7e1b7485 RS |
135 | break; |
136 | case OPT_F4: | |
0f113f3e | 137 | f4 = RSA_F4; |
7e1b7485 RS |
138 | break; |
139 | case OPT_NON_FIPS_ALLOW: | |
0f113f3e | 140 | non_fips_allow = 1; |
0f113f3e | 141 | break; |
7e1b7485 RS |
142 | case OPT_OUT: |
143 | outfile = opt_arg(); | |
144 | case OPT_ENGINE: | |
333b070e | 145 | e = setup_engine(opt_arg(), 0); |
7e1b7485 RS |
146 | break; |
147 | case OPT_RAND: | |
148 | inrand = opt_arg(); | |
149 | break; | |
150 | case OPT_PASSOUT: | |
151 | passoutarg = opt_arg(); | |
152 | break; | |
153 | case OPT_CIPHER: | |
154 | if (!opt_cipher(opt_unknown(), &enc)) | |
155 | goto end; | |
156 | break; | |
157 | } | |
0f113f3e | 158 | } |
7e1b7485 RS |
159 | argc = opt_num_rest(); |
160 | argv = opt_rest(); | |
3b061a00 | 161 | private = 1; |
a3fe382e | 162 | |
7e1b7485 RS |
163 | if (argv[0] && (!opt_int(argv[0], &num) || num <= 0)) |
164 | goto end; | |
a3fe382e | 165 | |
7e1b7485 | 166 | if (!app_passwd(NULL, passoutarg, NULL, &passout)) { |
0f113f3e | 167 | BIO_printf(bio_err, "Error getting password\n"); |
7e1b7485 | 168 | goto end; |
0f113f3e | 169 | } |
5270e702 | 170 | |
296f54ee RL |
171 | if (!app_load_modules(NULL)) |
172 | goto end; | |
173 | ||
3b061a00 | 174 | out = bio_open_owner(outfile, "w", private); |
7e1b7485 RS |
175 | if (out == NULL) |
176 | goto end; | |
d02b48c6 | 177 | |
7e1b7485 | 178 | if (!app_RAND_load_file(NULL, 1) && inrand == NULL |
0f113f3e MC |
179 | && !RAND_status()) { |
180 | BIO_printf(bio_err, | |
181 | "warning, not much extra random data, consider using the -rand option\n"); | |
182 | } | |
183 | if (inrand != NULL) | |
184 | BIO_printf(bio_err, "%ld semi-random bytes loaded\n", | |
185 | app_RAND_load_files(inrand)); | |
d02b48c6 | 186 | |
0f113f3e MC |
187 | BIO_printf(bio_err, "Generating RSA private key, %d bit long modulus\n", |
188 | num); | |
333b070e | 189 | rsa = e ? RSA_new_method(e) : RSA_new(); |
0f113f3e | 190 | if (!rsa) |
7e1b7485 | 191 | goto end; |
0f113f3e MC |
192 | |
193 | if (non_fips_allow) | |
194 | rsa->flags |= RSA_FLAG_NON_FIPS_ALLOW; | |
645532b9 | 195 | |
0f113f3e | 196 | if (!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, cb)) |
7e1b7485 | 197 | goto end; |
dc03504d | 198 | |
7e1b7485 | 199 | app_RAND_write_file(NULL); |
d02b48c6 | 200 | |
0f113f3e MC |
201 | hexe = BN_bn2hex(rsa->e); |
202 | dece = BN_bn2dec(rsa->e); | |
203 | if (hexe && dece) { | |
204 | BIO_printf(bio_err, "e is %s (0x%s)\n", dece, hexe); | |
205 | } | |
25aaa98a RS |
206 | OPENSSL_free(hexe); |
207 | OPENSSL_free(dece); | |
3b061a00 RS |
208 | cb_data.password = passout; |
209 | cb_data.prompt_info = outfile; | |
210 | assert(private); | |
211 | if (!PEM_write_bio_RSAPrivateKey(out, rsa, enc, NULL, 0, | |
212 | (pem_password_cb *)password_callback, | |
213 | &cb_data)) | |
214 | goto end; | |
d02b48c6 | 215 | |
0f113f3e | 216 | ret = 0; |
7e1b7485 | 217 | end: |
23a1d5e9 RS |
218 | BN_free(bn); |
219 | BN_GENCB_free(cb); | |
d6407083 | 220 | RSA_free(rsa); |
ca3a82c3 | 221 | BIO_free_all(out); |
b548a1f1 | 222 | OPENSSL_free(passout); |
0f113f3e MC |
223 | if (ret != 0) |
224 | ERR_print_errors(bio_err); | |
7e1b7485 | 225 | return (ret); |
0f113f3e | 226 | } |
d02b48c6 | 227 | |
6d23cf97 | 228 | static int genrsa_cb(int p, int n, BN_GENCB *cb) |
0f113f3e MC |
229 | { |
230 | char c = '*'; | |
d02b48c6 | 231 | |
0f113f3e MC |
232 | if (p == 0) |
233 | c = '.'; | |
234 | if (p == 1) | |
235 | c = '+'; | |
236 | if (p == 2) | |
237 | c = '*'; | |
238 | if (p == 3) | |
239 | c = '\n'; | |
240 | BIO_write(BN_GENCB_get_arg(cb), &c, 1); | |
241 | (void)BIO_flush(BN_GENCB_get_arg(cb)); | |
242 | return 1; | |
243 | } | |
244 | #else /* !OPENSSL_NO_RSA */ | |
752d706a BL |
245 | |
246 | # if PEDANTIC | |
0f113f3e | 247 | static void *dummy = &dummy; |
752d706a BL |
248 | # endif |
249 | ||
f5d7a031 | 250 | #endif |