Rsa_generate_key_ex Site Www.openssl.org

  1. Generate Key With Openssl
  1. * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  2. * Licensed under the OpenSSL license (the 'License'). You may not use
  3. * this file except in compliance with the License. You can obtain a copy
  4. * in the file LICENSE in the source distribution or at
  5. */
  6. /*
  7. * NB: these functions have been 'upgraded', the deprecated versions (which
  8. * are compatibility wrappers using these functions) are in rsa_depr.c. -
  9. */
  10. #include <stdio.h>
  11. #include 'internal/cryptlib.h'
  12. #include 'rsa_locl.h'
  13. static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
  14. * NB: this wrapper would normally be placed in rsa_lib.c and the static
  15. * implementation would probably be in rsa_eay.c. Nonetheless, is kept here
  16. * so that we don't introduce a new linker dependency. Eg. any application
  17. * that wasn't previously linking object code related to key-generation won't
  18. * have to now just because key-generation is part of RSA_METHOD.
  19. int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
  20. if (rsa->meth->rsa_keygen)
  21. return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
  22. return rsa_builtin_keygen(rsa, bits, e_value, cb);
  23. static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
  24. {
  25. BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL, *tmp;
  26. BN_CTX *ctx = NULL;
  27. /*
  28. * When generating ridiculously small keys, we can get stuck
  29. * continually regenerating the same prime values.
  30. if (bits < 16) {
  31. RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, RSA_R_KEY_SIZE_TOO_SMALL);
  32. }
  33. ctx = BN_CTX_new();
  34. goto err;
  35. r0 = BN_CTX_get(ctx);
  36. r2 = BN_CTX_get(ctx);
  37. if (r3 NULL)
  38. bitsq = bits - bitsp;
  39. /* We need the RSA components non-NULL */
  40. goto err;
  41. if (!rsa->d && ((rsa->d = BN_secure_new()) NULL))
  42. if (!rsa->e && ((rsa->e = BN_new()) NULL))
  43. if (!rsa->p && ((rsa->p = BN_secure_new()) NULL))
  44. if (!rsa->q && ((rsa->q = BN_secure_new()) NULL))
  45. if (!rsa->dmp1 && ((rsa->dmp1 = BN_secure_new()) NULL))
  46. if (!rsa->dmq1 && ((rsa->dmq1 = BN_secure_new()) NULL))
  47. if (!rsa->iqmp && ((rsa->iqmp = BN_secure_new()) NULL))
  48. goto err;
  49. /* generate p and q */
  50. if (!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb))
  51. if (!BN_sub(r2, rsa->p, BN_value_one()))
  52. if (!BN_gcd(r1, r2, rsa->e, ctx))
  53. if (BN_is_one(r1))
  54. if (!BN_GENCB_call(cb, 2, n++))
  55. }
  56. goto err;
  57. do {
  58. if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb))
  59. } while (BN_cmp(rsa->p, rsa->q) 0);
  60. goto err;
  61. goto err;
  62. break;
  63. goto err;
  64. if (!BN_GENCB_call(cb, 3, 1))
  65. if (BN_cmp(rsa->p, rsa->q) < 0) {
  66. rsa->p = rsa->q;
  67. }
  68. /* calculate n */
  69. goto err;
  70. /* calculate d */
  71. goto err; /* p-1 */
  72. goto err; /* q-1 */
  73. goto err; /* (p-1)(q-1) */
  74. BIGNUM *pr0 = BN_new();
  75. if (pr0 NULL)
  76. BN_with_flags(pr0, r0, BN_FLG_CONSTTIME);
  77. BN_free(pr0);
  78. }
  79. /* We MUST free pr0 before any further use of r0 */
  80. }
  81. {
  82. goto err;
  83. !BN_mod(rsa->dmp1, d, r1, ctx)
  84. !BN_mod(rsa->dmq1, d, r2, ctx)) {
  85. goto err;
  86. /* We MUST free d before any further use of rsa->d */
  87. }
  88. {
  89. goto err;
  90. if (!BN_mod_inverse(rsa->iqmp, rsa->q, p, ctx)) {
  91. goto err;
  92. /* We MUST free p before any further use of rsa->p */
  93. }
  94. ok = 1;
  95. if (ok -1) {
  96. ok = 0;
  97. if (ctx != NULL)
  98. BN_CTX_free(ctx);
  99. return ok;
  1. Diff -ruN openssh-7.4p1/aclocal.m4 openssh-7.4p1+x509-10.0/aclocal.m4 - openssh-7.4p1/aclocal.m4 2016-12-19 06:00000 +0200 openssh-7.4p1+x509-10.0.
  2. “The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.
  3. On the OpenSSL Wiki page called EVP Key and Parameter Generation it states the following: Since these functions use random numbers you should ensure that the random number generator is appropria.
Www.openssl.org

Generate Key With Openssl

Linux generate key pair ssh. RSAgeneratekeyex documentation. I've been looking all over for this, and I can't find it. Background - I'm trying to build stunnel on a platform that doesn't include RSAgeneratekey, so I need.