This commit was manufactured by cvs2git to create tag 'tb_20250414'.tb_20250414

author: cvs2svn <admin@example.com> 2025-04-14 17:32:06 +0000
committer: cvs2svn <admin@example.com> 2025-04-14 17:32:06 +0000
commit: eb8dd9dca1228af0cd132f515509051ecfabf6f6 (patch)
tree: edb6da6af7e865d488dc1a29309f1e1ec226e603 /src/usr.bin/openssl/genrsa.c
parent: 247f0352e0ed72a4f476db9dc91f4d982bc83eb2 (diff)
download: openbsd-tb_20250414.tar.gz
openbsd-tb_20250414.tar.bz2
openbsd-tb_20250414.zip
1 files changed, 0 insertions, 389 deletions
diff --git a/src/usr.bin/openssl/genrsa.c b/src/usr.bin/openssl/genrsa.c
deleted file mode 100644
index 0b5323fa5f..0000000000
--- a/src/usr.bin/openssl/genrsa.c
+++ /dev/null
@@ -1,389 +0,0 @@
-/* $OpenBSD: genrsa.c,v 1.22 2023/03/06 14:32:06 tb Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-#include <openssl/opensslconf.h>
-/* Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code */
-#ifdef OPENSSL_NO_DEPRECATED
-#undef OPENSSL_NO_DEPRECATED
-#endif
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <stdio.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/bn.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/pem.h>
-#include <openssl/rsa.h>
-#include <openssl/x509.h>
-#define DEFBITS 2048
-static int genrsa_cb(int p, int n, BN_GENCB *cb);
-static struct {
-        const EVP_CIPHER *enc;
-        unsigned long f4;
-        char *outfile;
-        char *passargout;
-} cfg;
-static int
-set_public_exponent(int argc, char **argv, int *argsused)
-{
-        char *option = argv[0];
-        if (strcmp(option, "-3") == 0)
-                cfg.f4 = 3;
-        else if (strcmp(option, "-f4") == 0 || strcmp(option, "-F4") == 0)
-                cfg.f4 = RSA_F4;
-        else
-                return (1);
-        *argsused = 1;
-        return (0);
-}
-static const EVP_CIPHER *get_cipher_by_name(char *name)
-{
-        if (name == NULL || strcmp(name, "") == 0)
-                return (NULL);
-#ifndef OPENSSL_NO_AES
-        else if (strcmp(name, "aes128") == 0)
-                return EVP_aes_128_cbc();
-        else if (strcmp(name, "aes192") == 0)
-                return EVP_aes_192_cbc();
-        else if (strcmp(name, "aes256") == 0)
-                return EVP_aes_256_cbc();
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
-        else if (strcmp(name, "camellia128") == 0)
-                return EVP_camellia_128_cbc();
-        else if (strcmp(name, "camellia192") == 0)
-                return EVP_camellia_192_cbc();
-        else if (strcmp(name, "camellia256") == 0)
-                return EVP_camellia_256_cbc();
-#endif
-#ifndef OPENSSL_NO_DES
-        else if (strcmp(name, "des") == 0)
-                return EVP_des_cbc();
-        else if (strcmp(name, "des3") == 0)
-                return EVP_des_ede3_cbc();
-#endif
-#ifndef OPENSSL_NO_IDEA
-        else if (strcmp(name, "idea") == 0)
-                return EVP_idea_cbc();
-#endif
-        else
-                return (NULL);
-}
-static int
-set_enc(int argc, char **argv, int *argsused)
-{
-        char *name = argv[0];
-        if (*name++ != '-')
-                return (1);
-        if ((cfg.enc = get_cipher_by_name(name)) == NULL)
-                return (1);
-        *argsused = 1;
-        return (0);
-}
-static const struct option genrsa_options[] = {
-        {
-                .name = "3",
-                .desc = "Use 3 for the E value",
-                .type = OPTION_ARGV_FUNC,
-                .opt.argvfunc = set_public_exponent,
-        },
-        {
-                .name = "f4",
-                .desc = "Use F4 (0x10001) for the E value",
-                .type = OPTION_ARGV_FUNC,
-                .opt.argvfunc = set_public_exponent,
-        },
-        {
-                .name = "F4",
-                .desc = "Use F4 (0x10001) for the E value",
-                .type = OPTION_ARGV_FUNC,
-                .opt.argvfunc = set_public_exponent,
-        },
-#ifndef OPENSSL_NO_AES
-        {
-                .name = "aes128",
-                .desc = "Encrypt PEM output with CBC AES",
-                .type = OPTION_ARGV_FUNC,
-                .opt.argvfunc = set_enc,
-        },
-        {
-                .name = "aes192",
-                .desc = "Encrypt PEM output with CBC AES",
-                .type = OPTION_ARGV_FUNC,
-                .opt.argvfunc = set_enc,
-        },
-        {
-                .name = "aes256",
-                .desc = "Encrypt PEM output with CBC AES",
-                .type = OPTION_ARGV_FUNC,
-                .opt.argvfunc = set_enc,
-        },
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
-        {
-                .name = "camellia128",
-                .desc = "Encrypt PEM output with CBC Camellia",
-                .type = OPTION_ARGV_FUNC,
-                .opt.argvfunc = set_enc,
-        },
-        {
-                .name = "camellia192",
-                .desc = "Encrypt PEM output with CBC Camellia",
-                .type = OPTION_ARGV_FUNC,
-                .opt.argvfunc = set_enc,
-        },
-        {
-                .name = "camellia256",
-                .desc = "Encrypt PEM output with CBC Camellia",
-                .type = OPTION_ARGV_FUNC,
-                .opt.argvfunc = set_enc,
-        },
-#endif
-#ifndef OPENSSL_NO_DES
-        {
-                .name = "des",
-                .desc = "Encrypt the generated key with DES in CBC mode",
-                .type = OPTION_ARGV_FUNC,
-                .opt.argvfunc = set_enc,
-        },
-        {
-                .name = "des3",
-                .desc = "Encrypt the generated key with DES in EDE CBC mode (168 bit key)",
-                .type = OPTION_ARGV_FUNC,
-                .opt.argvfunc = set_enc,
-        },
-#endif
-#ifndef OPENSSL_NO_IDEA
-        {
-                .name = "idea",
-                .desc = "Encrypt the generated key with IDEA in CBC mode",
-                .type = OPTION_ARGV_FUNC,
-                .opt.argvfunc = set_enc,
-        },
-#endif
-        {
-                .name = "out",
-                .argname = "file",
-                .desc = "Output the key to 'file'",
-                .type = OPTION_ARG,
-                .opt.arg = &cfg.outfile,
-        },
-        {
-                .name = "passout",
-                .argname = "arg",
-                .desc = "Output file passphrase source",
-                .type = OPTION_ARG,
-                .opt.arg = &cfg.passargout,
-        },
-        { NULL },
-};
-static void
-genrsa_usage(void)
-{
-        fprintf(stderr, "usage: genrsa [-3 | -f4] [-aes128 | -aes192 |");
-        fprintf(stderr, " -aes256 |\n");
-        fprintf(stderr, "    -camellia128 | -camellia192 | -camellia256 |");
-        fprintf(stderr, " -des | -des3 | -idea]\n");
-        fprintf(stderr, "    [-out file] [-passout arg] [numbits]\n\n");
-        options_usage(genrsa_options);
-        fprintf(stderr, "\n");
-}
-int
-genrsa_main(int argc, char **argv)
-{
-        BN_GENCB *cb = NULL;
-        int ret = 1;
-        int num = DEFBITS;
-        char *numbits = NULL;
-        char *passout = NULL;
-        BIO *out = NULL;
-        BIGNUM *bn = NULL;
-        RSA *rsa = NULL;
-        char *rsa_e_hex = NULL, *rsa_e_dec = NULL;
-        if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
-                perror("pledge");
-                exit(1);
-        }
-        if ((bn = BN_new()) == NULL)
-                goto err;
-        if ((cb = BN_GENCB_new()) == NULL) {
-                BIO_printf(bio_err, "Error allocating BN_GENCB object\n");
-                goto err;
-        }
-        BN_GENCB_set(cb, genrsa_cb, bio_err);
-        if ((out = BIO_new(BIO_s_file())) == NULL) {
-                BIO_printf(bio_err, "unable to create BIO for output\n");
-                goto err;
-        }
-        memset(&cfg, 0, sizeof(cfg));
-        cfg.f4 = RSA_F4;
-        if (options_parse(argc, argv, genrsa_options, &numbits, NULL) != 0) {
-                genrsa_usage();
-                goto err;
-        }
-        if ((numbits != NULL) &&
-            ((sscanf(numbits, "%d", &num) == 0) || (num < 0))) {
-                genrsa_usage();
-                goto err;
-        }
-        if (!app_passwd(bio_err, NULL, cfg.passargout, NULL,
-            &passout)) {
-                BIO_printf(bio_err, "Error getting password\n");
-                goto err;
-        }
-        if (cfg.outfile == NULL) {
-                BIO_set_fp(out, stdout, BIO_NOCLOSE);
-        } else {
-                if (BIO_write_filename(out, cfg.outfile) <= 0) {
-                        perror(cfg.outfile);
-                        goto err;
-                }
-        }
-        BIO_printf(bio_err, "Generating RSA private key, %d bit long modulus\n",
-            num);
-        rsa = RSA_new();
-        if (!rsa)
-                goto err;
-        if (!BN_set_word(bn, cfg.f4) ||
-            !RSA_generate_key_ex(rsa, num, bn, cb))
-                goto err;
-        if ((rsa_e_hex = BN_bn2hex(RSA_get0_e(rsa))) == NULL)
-                goto err;
-        if ((rsa_e_dec = BN_bn2dec(RSA_get0_e(rsa))) == NULL)
-                goto err;
-        BIO_printf(bio_err, "e is %s (0x%s)\n", rsa_e_dec, rsa_e_hex);
-        {
-                PW_CB_DATA cb_data;
-                cb_data.password = passout;
-                cb_data.prompt_info = cfg.outfile;
-                if (!PEM_write_bio_RSAPrivateKey(out, rsa, cfg.enc,
-                    NULL, 0, password_callback, &cb_data))
-                        goto err;
-        }
-        ret = 0;
- err:
-        BN_free(bn);
-        BN_GENCB_free(cb);
-        RSA_free(rsa);
-        BIO_free_all(out);
-        free(rsa_e_dec);
-        free(rsa_e_hex);
-        free(passout);
-        if (ret != 0)
-                ERR_print_errors(bio_err);
-        return (ret);
-}
-static int
-genrsa_cb(int p, int n, BN_GENCB *cb)
-{
-        char c = '*';
-        if (p == 0)
-                c = '.';
-        if (p == 1)
-                c = '+';
-        if (p == 2)
-                c = '*';
-        if (p == 3)
-                c = '\n';
-        BIO_write(BN_GENCB_get_arg(cb), &c, 1);
-        (void) BIO_flush(BN_GENCB_get_arg(cb));
-        return 1;
-}
author	cvs2svn <admin@example.com>	2025-04-14 17:32:06 +0000
committer	cvs2svn <admin@example.com>	2025-04-14 17:32:06 +0000
commit	eb8dd9dca1228af0cd132f515509051ecfabf6f6 (patch)
tree	edb6da6af7e865d488dc1a29309f1e1ec226e603 /src/usr.bin/openssl/genrsa.c
parent	247f0352e0ed72a4f476db9dc91f4d982bc83eb2 (diff)
download	openbsd-tb_20250414.tar.gz openbsd-tb_20250414.tar.bz2 openbsd-tb_20250414.zip

diff --git a/src/usr.bin/openssl/genrsa.c b/src/usr.bin/openssl/genrsa.c deleted file mode 100644 index 0b5323fa5f..0000000000 --- a/src/usr.bin/openssl/genrsa.c +++ /dev/null
@@ -1,389 +0,0 @@
1	/* $OpenBSD: genrsa.c,v 1.22 2023/03/06 14:32:06 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.
4	*
5	* This package is an SSL implementation written
6	* by Eric Young (eay@cryptsoft.com).
7	* The implementation was written so as to conform with Netscapes SSL.
8	*
9	* This library is free for commercial and non-commercial use as long as
10	* the following conditions are aheared to. The following conditions
11	* apply to all code found in this distribution, be it the RC4, RSA,
12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
13	* included with this distribution is covered by the same copyright terms
14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
15	*
16	* Copyright remains Eric Young's, and as such any Copyright notices in
17	* the code are not to be removed.
18	* If this package is used in a product, Eric Young should be given attribution
19	* as the author of the parts of the library used.
20	* This can be in the form of a textual message at program startup or
21	* in documentation (online or textual) provided with the package.
22	*
23	* Redistribution and use in source and binary forms, with or without
24	* modification, are permitted provided that the following conditions
25	* are met:
26	* 1. Redistributions of source code must retain the copyright
27	* notice, this list of conditions and the following disclaimer.
28	* 2. Redistributions in binary form must reproduce the above copyright
29	* notice, this list of conditions and the following disclaimer in the
30	* documentation and/or other materials provided with the distribution.
31	* 3. All advertising materials mentioning features or use of this software
32	* must display the following acknowledgement:
33	* "This product includes cryptographic software written by
34	* Eric Young (eay@cryptsoft.com)"
35	* The word 'cryptographic' can be left out if the rouines from the library
36	* being used are not cryptographic related :-).
37	* 4. If you include any Windows specific code (or a derivative thereof) from
38	* the apps directory (application code) you must include an acknowledgement:
39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40	*
41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51	* SUCH DAMAGE.
52	*
53	* The licence and distribution terms for any publically available version or
54	* derivative of this code cannot be changed. i.e. this code cannot simply be
55	* copied and put under another distribution licence
56	* [including the GNU Public Licence.]
57	*/
58
59	#include <openssl/opensslconf.h>
60
61	/* Until the key-gen callbacks are modified to use newer prototypes, we allow
62	* deprecated functions for openssl-internal code */
63	#ifdef OPENSSL_NO_DEPRECATED
64	#undef OPENSSL_NO_DEPRECATED
65	#endif
66
67
68	#include <sys/types.h>
69	#include <sys/stat.h>
70
71	#include <stdio.h>
72	#include <string.h>
73
74	#include "apps.h"
75
76	#include <openssl/bio.h>
77	#include <openssl/bn.h>
78	#include <openssl/err.h>
79	#include <openssl/evp.h>
80	#include <openssl/pem.h>
81	#include <openssl/rsa.h>
82	#include <openssl/x509.h>
83
84	#define DEFBITS 2048
85
86	static int genrsa_cb(int p, int n, BN_GENCB *cb);
87
88	static struct {
89	const EVP_CIPHER *enc;
90	unsigned long f4;
91	char *outfile;
92	char *passargout;
93	} cfg;
94
95	static int
96	set_public_exponent(int argc, char *argv, int argsused)
97	{
98	char *option = argv[0];
99
100	if (strcmp(option, "-3") == 0)
101	cfg.f4 = 3;
102	else if (strcmp(option, "-f4") == 0 \|\| strcmp(option, "-F4") == 0)
103	cfg.f4 = RSA_F4;
104	else
105	return (1);
106
107	*argsused = 1;
108	return (0);
109	}
110
111	static const EVP_CIPHER get_cipher_by_name(char name)
112	{
113	if (name == NULL \|\| strcmp(name, "") == 0)
114	return (NULL);
115	#ifndef OPENSSL_NO_AES
116	else if (strcmp(name, "aes128") == 0)
117	return EVP_aes_128_cbc();
118	else if (strcmp(name, "aes192") == 0)
119	return EVP_aes_192_cbc();
120	else if (strcmp(name, "aes256") == 0)
121	return EVP_aes_256_cbc();
122	#endif
123	#ifndef OPENSSL_NO_CAMELLIA
124	else if (strcmp(name, "camellia128") == 0)
125	return EVP_camellia_128_cbc();
126	else if (strcmp(name, "camellia192") == 0)
127	return EVP_camellia_192_cbc();
128	else if (strcmp(name, "camellia256") == 0)
129	return EVP_camellia_256_cbc();
130	#endif
131	#ifndef OPENSSL_NO_DES
132	else if (strcmp(name, "des") == 0)
133	return EVP_des_cbc();
134	else if (strcmp(name, "des3") == 0)
135	return EVP_des_ede3_cbc();
136	#endif
137	#ifndef OPENSSL_NO_IDEA
138	else if (strcmp(name, "idea") == 0)
139	return EVP_idea_cbc();
140	#endif
141	else
142	return (NULL);
143	}
144
145	static int
146	set_enc(int argc, char *argv, int argsused)
147	{
148	char *name = argv[0];
149
150	if (*name++ != '-')
151	return (1);
152
153	if ((cfg.enc = get_cipher_by_name(name)) == NULL)
154	return (1);
155
156	*argsused = 1;
157	return (0);
158	}
159
160	static const struct option genrsa_options[] = {
161	{
162	.name = "3",
163	.desc = "Use 3 for the E value",
164	.type = OPTION_ARGV_FUNC,
165	.opt.argvfunc = set_public_exponent,
166	},
167	{
168	.name = "f4",
169	.desc = "Use F4 (0x10001) for the E value",
170	.type = OPTION_ARGV_FUNC,
171	.opt.argvfunc = set_public_exponent,
172	},
173	{
174	.name = "F4",
175	.desc = "Use F4 (0x10001) for the E value",
176	.type = OPTION_ARGV_FUNC,
177	.opt.argvfunc = set_public_exponent,
178	},
179	#ifndef OPENSSL_NO_AES
180	{
181	.name = "aes128",
182	.desc = "Encrypt PEM output with CBC AES",
183	.type = OPTION_ARGV_FUNC,
184	.opt.argvfunc = set_enc,
185	},
186	{
187	.name = "aes192",
188	.desc = "Encrypt PEM output with CBC AES",
189	.type = OPTION_ARGV_FUNC,
190	.opt.argvfunc = set_enc,
191	},
192	{
193	.name = "aes256",
194	.desc = "Encrypt PEM output with CBC AES",
195	.type = OPTION_ARGV_FUNC,
196	.opt.argvfunc = set_enc,
197	},
198	#endif
199	#ifndef OPENSSL_NO_CAMELLIA
200	{
201	.name = "camellia128",
202	.desc = "Encrypt PEM output with CBC Camellia",
203	.type = OPTION_ARGV_FUNC,
204	.opt.argvfunc = set_enc,
205	},
206	{
207	.name = "camellia192",
208	.desc = "Encrypt PEM output with CBC Camellia",
209	.type = OPTION_ARGV_FUNC,
210	.opt.argvfunc = set_enc,
211	},
212	{
213	.name = "camellia256",
214	.desc = "Encrypt PEM output with CBC Camellia",
215	.type = OPTION_ARGV_FUNC,
216	.opt.argvfunc = set_enc,
217	},
218	#endif
219	#ifndef OPENSSL_NO_DES
220	{
221	.name = "des",
222	.desc = "Encrypt the generated key with DES in CBC mode",
223	.type = OPTION_ARGV_FUNC,
224	.opt.argvfunc = set_enc,
225	},
226	{
227	.name = "des3",
228	.desc = "Encrypt the generated key with DES in EDE CBC mode (168 bit key)",
229	.type = OPTION_ARGV_FUNC,
230	.opt.argvfunc = set_enc,
231	},
232	#endif
233	#ifndef OPENSSL_NO_IDEA
234	{
235	.name = "idea",
236	.desc = "Encrypt the generated key with IDEA in CBC mode",
237	.type = OPTION_ARGV_FUNC,
238	.opt.argvfunc = set_enc,
239	},
240	#endif
241	{
242	.name = "out",
243	.argname = "file",
244	.desc = "Output the key to 'file'",
245	.type = OPTION_ARG,
246	.opt.arg = &cfg.outfile,
247	},
248	{
249	.name = "passout",
250	.argname = "arg",
251	.desc = "Output file passphrase source",
252	.type = OPTION_ARG,
253	.opt.arg = &cfg.passargout,
254	},
255	{ NULL },
256	};
257
258	static void
259	genrsa_usage(void)
260	{
261	fprintf(stderr, "usage: genrsa [-3 \| -f4] [-aes128 \| -aes192 \|");
262	fprintf(stderr, " -aes256 \|\n");
263	fprintf(stderr, " -camellia128 \| -camellia192 \| -camellia256 \|");
264	fprintf(stderr, " -des \| -des3 \| -idea]\n");
265	fprintf(stderr, " [-out file] [-passout arg] [numbits]\n\n");
266	options_usage(genrsa_options);
267	fprintf(stderr, "\n");
268	}
269
270	int
271	genrsa_main(int argc, char **argv)
272	{
273	BN_GENCB *cb = NULL;
274	int ret = 1;
275	int num = DEFBITS;
276	char *numbits = NULL;
277	char *passout = NULL;
278	BIO *out = NULL;
279	BIGNUM *bn = NULL;
280	RSA *rsa = NULL;
281	char rsa_e_hex = NULL, rsa_e_dec = NULL;
282
283	if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
284	perror("pledge");
285	exit(1);
286	}
287
288	if ((bn = BN_new()) == NULL)
289	goto err;
290
291	if ((cb = BN_GENCB_new()) == NULL) {
292	BIO_printf(bio_err, "Error allocating BN_GENCB object\n");
293	goto err;
294	}
295
296	BN_GENCB_set(cb, genrsa_cb, bio_err);
297
298	if ((out = BIO_new(BIO_s_file())) == NULL) {
299	BIO_printf(bio_err, "unable to create BIO for output\n");
300	goto err;
301	}
302
303	memset(&cfg, 0, sizeof(cfg));
304	cfg.f4 = RSA_F4;
305
306	if (options_parse(argc, argv, genrsa_options, &numbits, NULL) != 0) {
307	genrsa_usage();
308	goto err;
309	}
310
311	if ((numbits != NULL) &&
312	((sscanf(numbits, "%d", &num) == 0) \|\| (num < 0))) {
313	genrsa_usage();
314	goto err;
315	}
316
317	if (!app_passwd(bio_err, NULL, cfg.passargout, NULL,
318	&passout)) {
319	BIO_printf(bio_err, "Error getting password\n");
320	goto err;
321	}
322
323	if (cfg.outfile == NULL) {
324	BIO_set_fp(out, stdout, BIO_NOCLOSE);
325	} else {
326	if (BIO_write_filename(out, cfg.outfile) <= 0) {
327	perror(cfg.outfile);
328	goto err;
329	}
330	}
331
332	BIO_printf(bio_err, "Generating RSA private key, %d bit long modulus\n",
333	num);
334	rsa = RSA_new();
335	if (!rsa)
336	goto err;
337
338	if (!BN_set_word(bn, cfg.f4) \|\|
339	!RSA_generate_key_ex(rsa, num, bn, cb))
340	goto err;
341
342	if ((rsa_e_hex = BN_bn2hex(RSA_get0_e(rsa))) == NULL)
343	goto err;
344	if ((rsa_e_dec = BN_bn2dec(RSA_get0_e(rsa))) == NULL)
345	goto err;
346
347	BIO_printf(bio_err, "e is %s (0x%s)\n", rsa_e_dec, rsa_e_hex);
348	{
349	PW_CB_DATA cb_data;
350	cb_data.password = passout;
351	cb_data.prompt_info = cfg.outfile;
352	if (!PEM_write_bio_RSAPrivateKey(out, rsa, cfg.enc,
353	NULL, 0, password_callback, &cb_data))
354	goto err;
355	}
356
357	ret = 0;
358	err:
359	BN_free(bn);
360	BN_GENCB_free(cb);
361	RSA_free(rsa);
362	BIO_free_all(out);
363	free(rsa_e_dec);
364	free(rsa_e_hex);
365	free(passout);
366
367	if (ret != 0)
368	ERR_print_errors(bio_err);
369
370	return (ret);
371	}
372
373	static int
374	genrsa_cb(int p, int n, BN_GENCB *cb)
375	{
376	char c = '*';
377
378	if (p == 0)
379	c = '.';
380	if (p == 1)
381	c = '+';
382	if (p == 2)
383	c = '*';
384	if (p == 3)
385	c = '\n';
386	BIO_write(BN_GENCB_get_arg(cb), &c, 1);
387	(void) BIO_flush(BN_GENCB_get_arg(cb));
388	return 1;
389	}