X-Git-Url: https://git.openssl.org/?a=blobdiff_plain;f=apps%2Fgenrsa.c;h=3f76d9bada05d76a2a9955bf0ff4be5a60c45c12;hb=4b1fe471ac99b9f8692be85dcbcbf6977eb35c78;hp=ebd69e15ed7c1fda1f6f8992a7dc9cd1fcab0066;hpb=c27363f566274a65067d7559f9669f300f957183;p=openssl.git

diff --git a/apps/genrsa.c b/apps/genrsa.c
index ebd69e15ed..3f76d9bada 100644
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -1,12 +1,15 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
  * https://www.openssl.org/source/license.html
  */
 
+/* We need to use the deprecated RSA low level calls */
+#define OPENSSL_SUPPRESS_DEPRECATED
+
 #include <openssl/opensslconf.h>
 #ifdef OPENSSL_NO_RSA
 NON_EMPTY_TRANSLATION_UNIT
@@ -17,6 +20,7 @@ NON_EMPTY_TRANSLATION_UNIT
 # include <sys/types.h>
 # include <sys/stat.h>
 # include "apps.h"
+# include "progs.h"
 # include <openssl/bio.h>
 # include <openssl/err.h>
 # include <openssl/bn.h>
@@ -27,28 +31,45 @@ NON_EMPTY_TRANSLATION_UNIT
 # include <openssl/rand.h>
 
 # define DEFBITS 2048
+# define DEFPRIMES 2
+
+static int verbose = 0;
 
 static int genrsa_cb(int p, int n, BN_GENCB *cb);
 
 typedef enum OPTION_choice {
     OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
     OPT_3, OPT_F4, OPT_ENGINE,
-    OPT_OUT, OPT_PASSOUT, OPT_CIPHER,
-    OPT_R_ENUM
+    OPT_OUT, OPT_PASSOUT, OPT_CIPHER, OPT_PRIMES, OPT_VERBOSE,
+    OPT_R_ENUM, OPT_PROV_ENUM
 } OPTION_CHOICE;
 
 const OPTIONS genrsa_options[] = {
+    {OPT_HELP_STR, 1, '-', "Usage: %s [options] numbits\n"},
+
+    OPT_SECTION("General"),
     {"help", OPT_HELP, '-', "Display this summary"},
+# ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+# endif
+
+    OPT_SECTION("Input"),
     {"3", OPT_3, '-', "Use 3 for the E value"},
     {"F4", OPT_F4, '-', "Use F4 (0x10001) for the E value"},
     {"f4", OPT_F4, '-', "Use F4 (0x10001) for the E value"},
-    {"out", OPT_OUT, 's', "Output the key to specified file"},
-    OPT_R_OPTIONS,
+
+    OPT_SECTION("Output"),
+    {"out", OPT_OUT, '>', "Output the key to specified file"},
     {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
+    {"primes", OPT_PRIMES, 'p', "Specify number of primes"},
+    {"verbose", OPT_VERBOSE, '-', "Verbose output"},
     {"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
-# ifndef OPENSSL_NO_ENGINE
-    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
-# endif
+
+    OPT_R_OPTIONS,
+    OPT_PROV_OPTIONS,
+
+    OPT_PARAMETERS(),
+    {"numbits", 0, 0, "Size of key in bits"},
     {NULL}
 };
 
@@ -62,7 +83,7 @@ int genrsa_main(int argc, char **argv)
     const BIGNUM *e;
     RSA *rsa = NULL;
     const EVP_CIPHER *enc = NULL;
-    int ret = 1, num = DEFBITS, private = 0;
+    int ret = 1, num = DEFBITS, private = 0, primes = DEFPRIMES;
     unsigned long f4 = RSA_F4;
     char *outfile = NULL, *passoutarg = NULL, *passout = NULL;
     char *prog, *hexe, *dece;
@@ -101,6 +122,10 @@ opthelp:
             if (!opt_rand(o))
                 goto end;
             break;
+        case OPT_PROV_CASES:
+            if (!opt_provider(o))
+                goto end;
+            break;
         case OPT_PASSOUT:
             passoutarg = opt_arg();
             break;
@@ -108,6 +133,13 @@ opthelp:
             if (!opt_cipher(opt_unknown(), &enc))
                 goto end;
             break;
+        case OPT_PRIMES:
+            if (!opt_int(opt_arg(), &primes))
+                goto end;
+            break;
+        case OPT_VERBOSE:
+            verbose = 1;
+            break;
         }
     }
     argc = opt_num_rest();
@@ -116,6 +148,11 @@ opthelp:
     if (argc == 1) {
         if (!opt_int(argv[0], &num) || num <= 0)
             goto end;
+        if (num > OPENSSL_RSA_MAX_MODULUS_BITS)
+            BIO_printf(bio_err,
+                       "Warning: It is not recommended to use more than %d bit for RSA keys.\n"
+                       "         Your key size is %d! Larger key size may behave not as expected.\n",
+                       OPENSSL_RSA_MAX_MODULUS_BITS, num);
     } else if (argc > 0) {
         BIO_printf(bio_err, "Extra arguments given.\n");
         goto opthelp;
@@ -131,19 +168,21 @@ opthelp:
     if (out == NULL)
         goto end;
 
-    BIO_printf(bio_err, "Generating RSA private key, %d bit long modulus\n",
-               num);
+    if (verbose)
+        BIO_printf(bio_err, "Generating RSA private key, %d bit long modulus (%d primes)\n",
+                   num, primes);
     rsa = eng ? RSA_new_method(eng) : RSA_new();
     if (rsa == NULL)
         goto end;
 
-    if (!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, cb))
+    if (!BN_set_word(bn, f4)
+        || !RSA_generate_multi_prime_key(rsa, num, primes, bn, cb))
         goto end;
 
     RSA_get0_key(rsa, NULL, &e, NULL);
     hexe = BN_bn2hex(e);
     dece = BN_bn2dec(e);
-    if (hexe && dece) {
+    if (hexe && dece && verbose) {
         BIO_printf(bio_err, "e is %s (0x%s)\n", dece, hexe);
     }
     OPENSSL_free(hexe);
@@ -166,13 +205,16 @@ opthelp:
     OPENSSL_free(passout);
     if (ret != 0)
         ERR_print_errors(bio_err);
-    return (ret);
+    return ret;
 }
 
 static int genrsa_cb(int p, int n, BN_GENCB *cb)
 {
     char c = '*';
 
+    if (!verbose)
+        return 1;
+
     if (p == 0)
         c = '.';
     if (p == 1)