X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=apps%2Fgenrsa.c;h=94cb613ccb9737291d6a374c2b715b6b9334cd54;hp=dfcb523ebabae0375308753a2494b7eb25d65043;hb=7ce79a5bfdbcd53ae75f85e94eed665a05b5dea3;hpb=6dcd1c91092b19b9492e2719c899d4e34bbeaf32 diff --git a/apps/genrsa.c b/apps/genrsa.c index dfcb523eba..94cb613ccb 100644 --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -56,6 +56,13 @@ * [including the GNU Public Licence.] */ +#include +/* Until the key-gen callbacks are modified to use newer prototypes, we allow + * deprecated functions for openssl-internal code */ +#ifdef OPENSSL_NO_DEPRECATED +#undef OPENSSL_NO_DEPRECATED +#endif + #ifndef OPENSSL_NO_RSA #include #include @@ -69,36 +76,49 @@ #include #include #include -#include +#include -#define DEFBITS 512 +#define DEFBITS 1024 #undef PROG #define PROG genrsa_main -static void MS_CALLBACK genrsa_cb(int p, int n, void *arg); +static int MS_CALLBACK genrsa_cb(int p, int n, BN_GENCB *cb); int MAIN(int, char **); int MAIN(int argc, char **argv) { + BN_GENCB cb; +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif int ret=1; - RSA *rsa=NULL; + int non_fips_allow = 0; int i,num=DEFBITS; long l; const EVP_CIPHER *enc=NULL; unsigned long f4=RSA_F4; char *outfile=NULL; char *passargout = NULL, *passout = NULL; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif char *inrand=NULL; BIO *out=NULL; + BIGNUM *bn = BN_new(); + RSA *rsa = NULL; + + if(!bn) goto err; apps_startup(); + BN_GENCB_set(&cb, genrsa_cb, bio_err); if (bio_err == NULL) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + + if (!load_config(bio_err, NULL)) + goto err; if ((out=BIO_new(BIO_s_file())) == NULL) { BIO_printf(bio_err,"unable to create BIO for output\n"); @@ -119,11 +139,13 @@ int MAIN(int argc, char **argv) f4=3; else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0) f4=RSA_F4; +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-rand") == 0) { if (--argc < 1) goto bad; @@ -138,12 +160,34 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_IDEA else if (strcmp(*argv,"-idea") == 0) enc=EVP_idea_cbc(); +#endif +#ifndef OPENSSL_NO_SEED + else if (strcmp(*argv,"-seed") == 0) + enc=EVP_seed_cbc(); +#endif +#ifndef OPENSSL_NO_AES + else if (strcmp(*argv,"-aes128") == 0) + enc=EVP_aes_128_cbc(); + else if (strcmp(*argv,"-aes192") == 0) + enc=EVP_aes_192_cbc(); + else if (strcmp(*argv,"-aes256") == 0) + enc=EVP_aes_256_cbc(); +#endif +#ifndef OPENSSL_NO_CAMELLIA + else if (strcmp(*argv,"-camellia128") == 0) + enc=EVP_camellia_128_cbc(); + else if (strcmp(*argv,"-camellia192") == 0) + enc=EVP_camellia_192_cbc(); + else if (strcmp(*argv,"-camellia256") == 0) + enc=EVP_camellia_256_cbc(); #endif else if (strcmp(*argv,"-passout") == 0) { if (--argc < 1) goto bad; passargout= *(++argv); } + else if (strcmp(*argv,"-non-fips-allow") == 0) + non_fips_allow = 1; else break; argv++; @@ -157,12 +201,26 @@ bad: BIO_printf(bio_err," -des3 encrypt the generated key with DES in ede cbc mode (168 bit key)\n"); #ifndef OPENSSL_NO_IDEA BIO_printf(bio_err," -idea encrypt the generated key with IDEA in cbc mode\n"); +#endif +#ifndef OPENSSL_NO_SEED + BIO_printf(bio_err," -seed\n"); + BIO_printf(bio_err," encrypt PEM output with cbc seed\n"); +#endif +#ifndef OPENSSL_NO_AES + BIO_printf(bio_err," -aes128, -aes192, -aes256\n"); + BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); +#endif +#ifndef OPENSSL_NO_CAMELLIA + BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n"); + BIO_printf(bio_err," encrypt PEM output with cbc camellia\n"); #endif BIO_printf(bio_err," -out file output the key to 'file\n"); BIO_printf(bio_err," -passout arg output file pass phrase source\n"); BIO_printf(bio_err," -f4 use F4 (0x10001) for the E value\n"); BIO_printf(bio_err," -3 use 3 for the E value\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); +#endif BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err," load the file (or the files in the directory) into\n"); BIO_printf(bio_err," the random number generator\n"); @@ -176,7 +234,9 @@ bad: goto err; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if (outfile == NULL) { @@ -208,12 +268,22 @@ bad: BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n", num); - rsa=RSA_generate_key(num,f4,genrsa_cb,bio_err); +#ifdef OPENSSL_NO_ENGINE + rsa = RSA_new(); +#else + rsa = RSA_new_method(e); +#endif + if (!rsa) + goto err; + + if (non_fips_allow) + rsa->flags |= RSA_FLAG_NON_FIPS_ALLOW; + + if(!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb)) + goto err; app_RAND_write_file(NULL, bio_err); - if (rsa == NULL) goto err; - /* We need to do the following for when the base number size is < * long, esp windows 3.1 :-(. */ l=0L; @@ -237,15 +307,17 @@ bad: ret=0; err: - if (rsa != NULL) RSA_free(rsa); - if (out != NULL) BIO_free_all(out); + if (bn) BN_free(bn); + if (rsa) RSA_free(rsa); + if (out) BIO_free_all(out); if(passout) OPENSSL_free(passout); if (ret != 0) ERR_print_errors(bio_err); - EXIT(ret); + apps_shutdown(); + OPENSSL_EXIT(ret); } -static void MS_CALLBACK genrsa_cb(int p, int n, void *arg) +static int MS_CALLBACK genrsa_cb(int p, int n, BN_GENCB *cb) { char c='*'; @@ -253,11 +325,12 @@ static void MS_CALLBACK genrsa_cb(int p, int n, void *arg) if (p == 1) c='+'; if (p == 2) c='*'; if (p == 3) c='\n'; - BIO_write((BIO *)arg,&c,1); - (void)BIO_flush((BIO *)arg); + BIO_write(cb->arg,&c,1); + (void)BIO_flush(cb->arg); #ifdef LINT p=n; #endif + return 1; } #else /* !OPENSSL_NO_RSA */