2 * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include <openssl/opensslconf.h>
12 NON_EMPTY_TRANSLATION_UNIT
17 # include <sys/types.h>
18 # include <sys/stat.h>
21 # include <openssl/bio.h>
22 # include <openssl/err.h>
23 # include <openssl/bn.h>
24 # include <openssl/rsa.h>
25 # include <openssl/evp.h>
26 # include <openssl/x509.h>
27 # include <openssl/pem.h>
28 # include <openssl/rand.h>
33 static int genrsa_cb(int p
, int n
, BN_GENCB
*cb
);
35 typedef enum OPTION_choice
{
36 OPT_ERR
= -1, OPT_EOF
= 0, OPT_HELP
,
37 OPT_3
, OPT_F4
, OPT_ENGINE
,
38 OPT_OUT
, OPT_PASSOUT
, OPT_CIPHER
, OPT_PRIMES
,
42 const OPTIONS genrsa_options
[] = {
43 {"help", OPT_HELP
, '-', "Display this summary"},
44 {"3", OPT_3
, '-', "Use 3 for the E value"},
45 {"F4", OPT_F4
, '-', "Use F4 (0x10001) for the E value"},
46 {"f4", OPT_F4
, '-', "Use F4 (0x10001) for the E value"},
47 {"out", OPT_OUT
, '>', "Output the key to specified file"},
49 {"passout", OPT_PASSOUT
, 's', "Output file pass phrase source"},
50 {"", OPT_CIPHER
, '-', "Encrypt the output with any supported cipher"},
51 # ifndef OPENSSL_NO_ENGINE
52 {"engine", OPT_ENGINE
, 's', "Use engine, possibly a hardware device"},
54 {"primes", OPT_PRIMES
, 'p', "Specify number of primes"},
58 int genrsa_main(int argc
, char **argv
)
60 BN_GENCB
*cb
= BN_GENCB_new();
63 BIGNUM
*bn
= BN_new();
67 const EVP_CIPHER
*enc
= NULL
;
68 int ret
= 1, num
= DEFBITS
, private = 0, primes
= DEFPRIMES
;
69 unsigned long f4
= RSA_F4
;
70 char *outfile
= NULL
, *passoutarg
= NULL
, *passout
= NULL
;
71 char *prog
, *hexe
, *dece
;
74 if (bn
== NULL
|| cb
== NULL
)
77 BN_GENCB_set(cb
, genrsa_cb
, bio_err
);
79 prog
= opt_init(argc
, argv
, genrsa_options
);
80 while ((o
= opt_next()) != OPT_EOF
) {
85 BIO_printf(bio_err
, "%s: Use -help for summary.\n", prog
);
89 opt_help(genrsa_options
);
101 eng
= setup_engine(opt_arg(), 0);
108 passoutarg
= opt_arg();
111 if (!opt_cipher(opt_unknown(), &enc
))
115 if (!opt_int(opt_arg(), &primes
))
120 argc
= opt_num_rest();
124 if (!opt_int(argv
[0], &num
) || num
<= 0)
126 if (num
> OPENSSL_RSA_MAX_MODULUS_BITS
)
128 "Warning: It is not recommended to use more than %d bit for RSA keys.\n"
129 " Your key size is %d! Larger key size may behave not as expected.\n",
130 OPENSSL_RSA_MAX_MODULUS_BITS
, num
);
131 } else if (argc
> 0) {
132 BIO_printf(bio_err
, "Extra arguments given.\n");
137 if (!app_passwd(NULL
, passoutarg
, NULL
, &passout
)) {
138 BIO_printf(bio_err
, "Error getting password\n");
142 out
= bio_open_owner(outfile
, FORMAT_PEM
, private);
146 BIO_printf(bio_err
, "Generating RSA private key, %d bit long modulus (%d primes)\n",
148 rsa
= eng
? RSA_new_method(eng
) : RSA_new();
152 if (!BN_set_word(bn
, f4
)
153 || !RSA_generate_multi_prime_key(rsa
, num
, primes
, bn
, cb
))
156 RSA_get0_key(rsa
, NULL
, &e
, NULL
);
160 BIO_printf(bio_err
, "e is %s (0x%s)\n", dece
, hexe
);
164 cb_data
.password
= passout
;
165 cb_data
.prompt_info
= outfile
;
167 if (!PEM_write_bio_RSAPrivateKey(out
, rsa
, enc
, NULL
, 0,
168 (pem_password_cb
*)password_callback
,
179 OPENSSL_free(passout
);
181 ERR_print_errors(bio_err
);
185 static int genrsa_cb(int p
, int n
, BN_GENCB
*cb
)
197 BIO_write(BN_GENCB_get_arg(cb
), &c
, 1);
198 (void)BIO_flush(BN_GENCB_get_arg(cb
));