]> git.ipfire.org Git - thirdparty/openssl.git/blame - apps/genrsa.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Fix X509_PUBKEY_cmp(), move to crypto/x509/x_pubkey.c, rename, export, and document it
[thirdparty/openssl.git] / apps / genrsa.c
CommitLineData
846e33c7 1/*
33388b44 2 * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
d02b48c6 3 *
dffa7520 4 * Licensed under the Apache License 2.0 (the "License"). You may not use
846e33c7
RS		 5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
d02b48c6
RE		 8 */
9
3eeaab4b 10#include <openssl/opensslconf.h>
1ae56f2f
RS		 11
12#include <stdio.h>
13#include <string.h>
14#include <sys/types.h>
15#include <sys/stat.h>
16#include "apps.h"
17#include "progs.h"
18#include <openssl/bio.h>
19#include <openssl/err.h>
20#include <openssl/bn.h>
21#include <openssl/rsa.h>
22#include <openssl/evp.h>
23#include <openssl/x509.h>
24#include <openssl/pem.h>
25#include <openssl/rand.h>
26
27#define DEFBITS 2048
28#define DEFPRIMES 2
d02b48c6 29
c43fa566
PP		 30static int verbose = 0;
31
8f7e1f68 32static int genrsa_cb(EVP_PKEY_CTX *ctx);
667ac4ec 33
7e1b7485
RS		 34typedef enum OPTION_choice {
35 OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
700b4a4a 36 OPT_3, OPT_F4, OPT_ENGINE,
c43fa566 37 OPT_OUT, OPT_PASSOUT, OPT_CIPHER, OPT_PRIMES, OPT_VERBOSE,
6bd4e3f2 38 OPT_R_ENUM, OPT_PROV_ENUM
7e1b7485 39} OPTION_CHOICE;
667ac4ec 40
44c83ebd 41const OPTIONS genrsa_options[] = {
92de469f 42 {OPT_HELP_STR, 1, '-', "Usage: %s [options] numbits\n"},
5388f986
RS		 43
44 OPT_SECTION("General"),
7e1b7485 45 {"help", OPT_HELP, '-', "Display this summary"},
1ae56f2f 46#ifndef OPENSSL_NO_ENGINE
5388f986 47 {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
1ae56f2f 48#endif
5388f986
RS		 49
50 OPT_SECTION("Input"),
7e1b7485
RS		 51 {"3", OPT_3, '-', "Use 3 for the E value"},
52 {"F4", OPT_F4, '-', "Use F4 (0x10001) for the E value"},
53 {"f4", OPT_F4, '-', "Use F4 (0x10001) for the E value"},
5388f986
RS		 54
55 OPT_SECTION("Output"),
6f007824 56 {"out", OPT_OUT, '>', "Output the key to specified file"},
7e1b7485 57 {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
665d899f 58 {"primes", OPT_PRIMES, 'p', "Specify number of primes"},
c43fa566 59 {"verbose", OPT_VERBOSE, '-', "Verbose output"},
5388f986
RS		 60 {"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
61
62 OPT_R_OPTIONS,
6bd4e3f2 63 OPT_PROV_OPTIONS,
92de469f
RS		 64
65 OPT_PARAMETERS(),
66 {"numbits", 0, 0, "Size of key in bits"},
7e1b7485
RS		 67 {NULL}
68};
69
70int genrsa_main(int argc, char **argv)
71{
72 BN_GENCB *cb = BN_GENCB_new();
9862e9aa 73 ENGINE *eng = NULL;
7e1b7485 74 BIGNUM *bn = BN_new();
8f7e1f68 75 RSA *rsa;
7e1b7485 76 BIO *out = NULL;
2ac6115d 77 const BIGNUM *e;
8f7e1f68
P		 78 EVP_PKEY *pkey = NULL;
79 EVP_PKEY_CTX *ctx = NULL;
0f113f3e 80 const EVP_CIPHER *enc = NULL;
665d899f 81 int ret = 1, num = DEFBITS, private = 0, primes = DEFPRIMES;
0f113f3e 82 unsigned long f4 = RSA_F4;
7e1b7485 83 char *outfile = NULL, *passoutarg = NULL, *passout = NULL;
3ee1eac2 84 char *prog, *hexe, *dece;
7e1b7485 85 OPTION_CHOICE o;
8f7e1f68 86 unsigned char *ebuf = NULL;
348d0d14 87
96487cdd 88 if (bn == NULL || cb == NULL)
7e1b7485 89 goto end;
348d0d14 90
7e1b7485
RS		 91 prog = opt_init(argc, argv, genrsa_options);
92 while ((o = opt_next()) != OPT_EOF) {
93 switch (o) {
94 case OPT_EOF:
95 case OPT_ERR:
c27363f5 96opthelp:
7e1b7485
RS		 97 BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
98 goto end;
99 case OPT_HELP:
100 ret = 0;
101 opt_help(genrsa_options);
102 goto end;
103 case OPT_3:
8f7e1f68 104 f4 = RSA_3;
7e1b7485
RS		 105 break;
106 case OPT_F4:
0f113f3e 107 f4 = RSA_F4;
7e1b7485 108 break;
7e1b7485
RS		 109 case OPT_OUT:
110 outfile = opt_arg();
902c6b95 111 break;
7e1b7485 112 case OPT_ENGINE:
9862e9aa 113 eng = setup_engine(opt_arg(), 0);
7e1b7485 114 break;
3ee1eac2
RS		 115 case OPT_R_CASES:
116 if (!opt_rand(o))
117 goto end;
7e1b7485 118 break;
6bd4e3f2
P		 119 case OPT_PROV_CASES:
120 if (!opt_provider(o))
121 goto end;
122 break;
7e1b7485
RS		 123 case OPT_PASSOUT:
124 passoutarg = opt_arg();
125 break;
126 case OPT_CIPHER:
127 if (!opt_cipher(opt_unknown(), &enc))
128 goto end;
129 break;
665d899f
PY		 130 case OPT_PRIMES:
131 if (!opt_int(opt_arg(), &primes))
132 goto end;
133 break;
c43fa566
PP		 134 case OPT_VERBOSE:
135 verbose = 1;
136 break;
7e1b7485 137 }
0f113f3e 138 }
7e1b7485
RS		 139 argc = opt_num_rest();
140 argv = opt_rest();
a3fe382e 141
c27363f5
RS		 142 if (argc == 1) {
143 if (!opt_int(argv[0], &num) || num <= 0)
144 goto end;
0336df2f
GS		 145 if (num > OPENSSL_RSA_MAX_MODULUS_BITS)
146 BIO_printf(bio_err,
147 "Warning: It is not recommended to use more than %d bit for RSA keys.\n"
148 " Your key size is %d! Larger key size may behave not as expected.\n",
149 OPENSSL_RSA_MAX_MODULUS_BITS, num);
c27363f5
RS		 150 } else if (argc > 0) {
151 BIO_printf(bio_err, "Extra arguments given.\n");
152 goto opthelp;
153 }
a3fe382e 154
c27363f5 155 private = 1;
7e1b7485 156 if (!app_passwd(NULL, passoutarg, NULL, &passout)) {
0f113f3e 157 BIO_printf(bio_err, "Error getting password\n");
7e1b7485 158 goto end;
0f113f3e 159 }
5270e702 160
bdd58d98 161 out = bio_open_owner(outfile, FORMAT_PEM, private);
7e1b7485
RS		 162 if (out == NULL)
163 goto end;
d02b48c6 164
8f7e1f68
P		 165 if (!init_gen_str(&ctx, "RSA", eng, 0))
166 goto end;
167
168 EVP_PKEY_CTX_set_cb(ctx, genrsa_cb);
169 EVP_PKEY_CTX_set_app_data(ctx, bio_err);
170
171 if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, num) <= 0) {
172 BIO_printf(bio_err, "Error setting RSA length\n");
173 goto end;
174 }
175 if (!BN_set_word(bn, f4)) {
176 BIO_printf(bio_err, "Error allocating RSA public exponent\n");
177 goto end;
178 }
179 if (EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, bn) <= 0) {
180 BIO_printf(bio_err, "Error setting RSA public exponent\n");
181 goto end;
182 }
183 if (EVP_PKEY_CTX_set_rsa_keygen_primes(ctx, primes) <= 0) {
184 BIO_printf(bio_err, "Error setting number of primes\n");
185 goto end;
186 }
c43fa566
PP		 187 if (verbose)
188 BIO_printf(bio_err, "Generating RSA private key, %d bit long modulus (%d primes)\n",
189 num, primes);
8f7e1f68
P		 190 if (!EVP_PKEY_keygen(ctx, &pkey)) {
191 BIO_printf(bio_err, "Error generating RSA key\n");
7e1b7485 192 goto end;
8f7e1f68 193 }
dc03504d 194
8f7e1f68
P		 195 if (verbose) {
196 if ((rsa = EVP_PKEY_get0_RSA(pkey)) != NULL) {
197 RSA_get0_key(rsa, NULL, &e, NULL);
198 } else {
199 BIO_printf(bio_err, "Error cannot access RSA e\n");
200 goto end;
201 }
202 hexe = BN_bn2hex(e);
203 dece = BN_bn2dec(e);
204 if (hexe && dece) {
205 BIO_printf(bio_err, "e is %s (0x%s)\n", dece, hexe);
206 }
207 OPENSSL_free(hexe);
208 OPENSSL_free(dece);
0f113f3e 209 }
8f7e1f68 210 if (!PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, passout))
3b061a00 211 goto end;
d02b48c6 212
0f113f3e 213 ret = 0;
7e1b7485 214 end:
23a1d5e9
RS		 215 BN_free(bn);
216 BN_GENCB_free(cb);
8f7e1f68
P		 217 EVP_PKEY_CTX_free(ctx);
218 EVP_PKEY_free(pkey);
ca3a82c3 219 BIO_free_all(out);
dd1abd44 220 release_engine(eng);
b548a1f1 221 OPENSSL_free(passout);
8f7e1f68 222 OPENSSL_free(ebuf);
0f113f3e
MC		 223 if (ret != 0)
224 ERR_print_errors(bio_err);
26a7d938 225 return ret;
0f113f3e 226}
d02b48c6 227
8f7e1f68 228static int genrsa_cb(EVP_PKEY_CTX *ctx)
0f113f3e
MC		 229{
230 char c = '*';
8f7e1f68
P		 231 BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
232 int p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
d02b48c6 233
c43fa566
PP		 234 if (!verbose)
235 return 1;
236
0f113f3e
MC		 237 if (p == 0)
238 c = '.';
239 if (p == 1)
240 c = '+';
241 if (p == 2)
242 c = '*';
243 if (p == 3)
244 c = '\n';
8f7e1f68
P		 245 BIO_write(b, &c, 1);
246 (void)BIO_flush(b);
0f113f3e
MC		 247 return 1;
248}
A mirror of the official openssl repository