1 /* 2 * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <openssl/opensslconf.h> 11 12 #include <stdio.h> 13 #include <string.h> 14 #include <sys/types.h> 15 #include <sys/stat.h> 16 #include "apps.h" 17 #include "progs.h" 18 #include <openssl/bio.h> 19 #include <openssl/err.h> 20 #include <openssl/bn.h> 21 #include <openssl/rsa.h> 22 #include <openssl/evp.h> 23 #include <openssl/x509.h> 24 #include <openssl/pem.h> 25 #include <openssl/rand.h> 26 27 #define DEFBITS 2048 28 #define DEFPRIMES 2 29 30 static int verbose = 0; 31 32 typedef enum OPTION_choice { 33 OPT_COMMON, 34 #ifndef OPENSSL_NO_DEPRECATED_3_0 35 OPT_3, 36 #endif 37 OPT_F4, 38 OPT_ENGINE, 39 OPT_OUT, 40 OPT_PASSOUT, 41 OPT_CIPHER, 42 OPT_PRIMES, 43 OPT_VERBOSE, 44 OPT_QUIET, 45 OPT_R_ENUM, 46 OPT_PROV_ENUM, 47 OPT_TRADITIONAL 48 } OPTION_CHOICE; 49 50 const OPTIONS genrsa_options[] = { 51 { OPT_HELP_STR, 1, '-', "Usage: %s [options] numbits\n" }, 52 53 OPT_SECTION("General"), 54 { "help", OPT_HELP, '-', "Display this summary" }, 55 #ifndef OPENSSL_NO_ENGINE 56 { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, 57 #endif 58 59 OPT_SECTION("Input"), 60 #ifndef OPENSSL_NO_DEPRECATED_3_0 61 { "3", OPT_3, '-', "(deprecated) Use 3 for the E value" }, 62 #endif 63 { "F4", OPT_F4, '-', "Use the Fermat number F4 (0x10001) for the E value" }, 64 { "f4", OPT_F4, '-', "Use the Fermat number F4 (0x10001) for the E value" }, 65 66 OPT_SECTION("Output"), 67 { "out", OPT_OUT, '>', "Output the key to specified file" }, 68 { "passout", OPT_PASSOUT, 's', "Output file pass phrase source" }, 69 { "primes", OPT_PRIMES, 'p', "Specify number of primes" }, 70 { "verbose", OPT_VERBOSE, '-', "Verbose output" }, 71 { "quiet", OPT_QUIET, '-', "Terse output" }, 72 { "traditional", OPT_TRADITIONAL, '-', 73 "Use traditional format for private keys" }, 74 { "", OPT_CIPHER, '-', "Encrypt the output with any supported cipher" }, 75 76 OPT_R_OPTIONS, 77 OPT_PROV_OPTIONS, 78 79 OPT_PARAMETERS(), 80 { "numbits", 0, 0, "Size of key in bits" }, 81 { NULL } 82 }; 83 84 int genrsa_main(int argc, char **argv) 85 { 86 BN_GENCB *cb = BN_GENCB_new(); 87 ENGINE *eng = NULL; 88 BIGNUM *bn = BN_new(); 89 BIO *out = NULL; 90 EVP_PKEY *pkey = NULL; 91 EVP_PKEY_CTX *ctx = NULL; 92 EVP_CIPHER *enc = NULL; 93 int ret = 1, num = DEFBITS, private = 0, primes = DEFPRIMES; 94 unsigned long f4 = RSA_F4; 95 char *outfile = NULL, *passoutarg = NULL, *passout = NULL; 96 char *prog, *hexe, *dece, *ciphername = NULL; 97 OPTION_CHOICE o; 98 int traditional = 0; 99 100 if (bn == NULL || cb == NULL) 101 goto end; 102 103 opt_set_unknown_name("cipher"); 104 prog = opt_init(argc, argv, genrsa_options); 105 while ((o = opt_next()) != OPT_EOF) { 106 switch (o) { 107 case OPT_EOF: 108 case OPT_ERR: 109 opthelp: 110 BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); 111 goto end; 112 case OPT_HELP: 113 ret = 0; 114 opt_help(genrsa_options); 115 goto end; 116 #ifndef OPENSSL_NO_DEPRECATED_3_0 117 case OPT_3: 118 f4 = RSA_3; 119 break; 120 #endif 121 case OPT_F4: 122 f4 = RSA_F4; 123 break; 124 case OPT_OUT: 125 outfile = opt_arg(); 126 break; 127 case OPT_ENGINE: 128 eng = setup_engine(opt_arg(), 0); 129 break; 130 case OPT_R_CASES: 131 if (!opt_rand(o)) 132 goto end; 133 break; 134 case OPT_PROV_CASES: 135 if (!opt_provider(o)) 136 goto end; 137 break; 138 case OPT_PASSOUT: 139 passoutarg = opt_arg(); 140 break; 141 case OPT_CIPHER: 142 ciphername = opt_unknown(); 143 break; 144 case OPT_PRIMES: 145 primes = opt_int_arg(); 146 break; 147 case OPT_VERBOSE: 148 verbose = 1; 149 break; 150 case OPT_QUIET: 151 verbose = 0; 152 break; 153 case OPT_TRADITIONAL: 154 traditional = 1; 155 break; 156 } 157 } 158 159 /* One optional argument, the bitsize. */ 160 argc = opt_num_rest(); 161 argv = opt_rest(); 162 163 if (argc == 1) { 164 if (!opt_int(argv[0], &num) || num <= 0) 165 goto end; 166 if (num > OPENSSL_RSA_MAX_MODULUS_BITS) 167 BIO_printf(bio_err, 168 "Warning: It is not recommended to use more than %d bit for RSA keys.\n" 169 " Your key size is %d! Larger key size may behave not as expected.\n", 170 OPENSSL_RSA_MAX_MODULUS_BITS, num); 171 } else if (!opt_check_rest_arg(NULL)) { 172 goto opthelp; 173 } 174 175 if (!app_RAND_load()) 176 goto end; 177 178 private = 1; 179 if (!opt_cipher(ciphername, &enc)) 180 goto end; 181 if (!app_passwd(NULL, passoutarg, NULL, &passout)) { 182 BIO_printf(bio_err, "Error getting password\n"); 183 goto end; 184 } 185 186 out = bio_open_owner(outfile, FORMAT_PEM, private); 187 if (out == NULL) 188 goto end; 189 190 if (!init_gen_str(&ctx, "RSA", eng, 0, app_get0_libctx(), 191 app_get0_propq())) 192 goto end; 193 194 if (verbose) 195 EVP_PKEY_CTX_set_cb(ctx, progress_cb); 196 EVP_PKEY_CTX_set_app_data(ctx, bio_err); 197 198 if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, num) <= 0) { 199 BIO_printf(bio_err, "Error setting RSA length\n"); 200 goto end; 201 } 202 if (!BN_set_word(bn, f4)) { 203 BIO_printf(bio_err, "Error allocating RSA public exponent\n"); 204 goto end; 205 } 206 if (EVP_PKEY_CTX_set1_rsa_keygen_pubexp(ctx, bn) <= 0) { 207 BIO_printf(bio_err, "Error setting RSA public exponent\n"); 208 goto end; 209 } 210 if (EVP_PKEY_CTX_set_rsa_keygen_primes(ctx, primes) <= 0) { 211 BIO_printf(bio_err, "Error setting number of primes\n"); 212 goto end; 213 } 214 pkey = app_keygen(ctx, "RSA", num, verbose); 215 if (pkey == NULL) 216 goto end; 217 218 if (verbose) { 219 BIGNUM *e = NULL; 220 221 /* Every RSA key has an 'e' */ 222 EVP_PKEY_get_bn_param(pkey, "e", &e); 223 if (e == NULL) { 224 BIO_printf(bio_err, "Error cannot access RSA e\n"); 225 goto end; 226 } 227 hexe = BN_bn2hex(e); 228 dece = BN_bn2dec(e); 229 if (hexe && dece) { 230 BIO_printf(bio_err, "e is %s (0x%s)\n", dece, hexe); 231 } 232 OPENSSL_free(hexe); 233 OPENSSL_free(dece); 234 BN_free(e); 235 } 236 if (traditional) { 237 if (!PEM_write_bio_PrivateKey_traditional(out, pkey, enc, NULL, 0, 238 NULL, passout)) 239 goto end; 240 } else { 241 if (!PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, passout)) 242 goto end; 243 } 244 245 ret = 0; 246 end: 247 BN_free(bn); 248 BN_GENCB_free(cb); 249 EVP_PKEY_CTX_free(ctx); 250 EVP_PKEY_free(pkey); 251 EVP_CIPHER_free(enc); 252 BIO_free_all(out); 253 release_engine(eng); 254 OPENSSL_free(passout); 255 if (ret != 0) 256 ERR_print_errors(bio_err); 257 return ret; 258 } 259
Indexes created Sat Feb 28 05:31:39 UTC 2026