X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=apps%2Fgenrsa.c;h=94cb613ccb9737291d6a374c2b715b6b9334cd54;hp=85da98d45d10bde39b2b708c5128b86a72f9c02c;hb=7e965dcc3812ac6ec4d1413c5ea3224be6486c8f;hpb=2aaec9cced89edfdc8375b38a130fa1c35a98025 diff --git a/apps/genrsa.c b/apps/genrsa.c index 85da98d45d..94cb613ccb 100644 --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -56,6 +56,7 @@ * [including the GNU Public Licence.] */ +#include /* Until the key-gen callbacks are modified to use newer prototypes, we allow * deprecated functions for openssl-internal code */ #ifdef OPENSSL_NO_DEPRECATED @@ -77,7 +78,7 @@ #include #include -#define DEFBITS 512 +#define DEFBITS 1024 #undef PROG #define PROG genrsa_main @@ -92,7 +93,7 @@ int MAIN(int argc, char **argv) ENGINE *e = NULL; #endif int ret=1; - RSA *rsa=NULL; + int non_fips_allow = 0; int i,num=DEFBITS; long l; const EVP_CIPHER *enc=NULL; @@ -104,6 +105,10 @@ int MAIN(int argc, char **argv) #endif char *inrand=NULL; BIO *out=NULL; + BIGNUM *bn = BN_new(); + RSA *rsa = NULL; + + if(!bn) goto err; apps_startup(); BN_GENCB_set(&cb, genrsa_cb, bio_err); @@ -156,6 +161,10 @@ int MAIN(int argc, char **argv) else if (strcmp(*argv,"-idea") == 0) enc=EVP_idea_cbc(); #endif +#ifndef OPENSSL_NO_SEED + else if (strcmp(*argv,"-seed") == 0) + enc=EVP_seed_cbc(); +#endif #ifndef OPENSSL_NO_AES else if (strcmp(*argv,"-aes128") == 0) enc=EVP_aes_128_cbc(); @@ -163,12 +172,22 @@ int MAIN(int argc, char **argv) enc=EVP_aes_192_cbc(); else if (strcmp(*argv,"-aes256") == 0) enc=EVP_aes_256_cbc(); +#endif +#ifndef OPENSSL_NO_CAMELLIA + else if (strcmp(*argv,"-camellia128") == 0) + enc=EVP_camellia_128_cbc(); + else if (strcmp(*argv,"-camellia192") == 0) + enc=EVP_camellia_192_cbc(); + else if (strcmp(*argv,"-camellia256") == 0) + enc=EVP_camellia_256_cbc(); #endif else if (strcmp(*argv,"-passout") == 0) { if (--argc < 1) goto bad; passargout= *(++argv); } + else if (strcmp(*argv,"-non-fips-allow") == 0) + non_fips_allow = 1; else break; argv++; @@ -183,9 +202,17 @@ bad: #ifndef OPENSSL_NO_IDEA BIO_printf(bio_err," -idea encrypt the generated key with IDEA in cbc mode\n"); #endif +#ifndef OPENSSL_NO_SEED + BIO_printf(bio_err," -seed\n"); + BIO_printf(bio_err," encrypt PEM output with cbc seed\n"); +#endif #ifndef OPENSSL_NO_AES BIO_printf(bio_err," -aes128, -aes192, -aes256\n"); BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); +#endif +#ifndef OPENSSL_NO_CAMELLIA + BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n"); + BIO_printf(bio_err," encrypt PEM output with cbc camellia\n"); #endif BIO_printf(bio_err," -out file output the key to 'file\n"); BIO_printf(bio_err," -passout arg output file pass phrase source\n"); @@ -241,14 +268,22 @@ bad: BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n", num); +#ifdef OPENSSL_NO_ENGINE + rsa = RSA_new(); +#else + rsa = RSA_new_method(e); +#endif + if (!rsa) + goto err; + + if (non_fips_allow) + rsa->flags |= RSA_FLAG_NON_FIPS_ALLOW; - if(((rsa = RSA_new()) == NULL) || !RSA_generate_key_ex(rsa, num, f4, &cb)) + if(!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb)) goto err; app_RAND_write_file(NULL, bio_err); - if (rsa == NULL) goto err; - /* We need to do the following for when the base number size is < * long, esp windows 3.1 :-(. */ l=0L; @@ -272,8 +307,9 @@ bad: ret=0; err: - if (rsa != NULL) RSA_free(rsa); - if (out != NULL) BIO_free_all(out); + if (bn) BN_free(bn); + if (rsa) RSA_free(rsa); + if (out) BIO_free_all(out); if(passout) OPENSSL_free(passout); if (ret != 0) ERR_print_errors(bio_err);