Move RSA key generation into the wrappers.

configure.in

@@ -91,7 +91,7 @@ dnl We do this in multiple stages, because unlike Linux all the other operating
 
 AC_HEADER_STDC
 AC_CHECK_HEADERS([stdbool.h syslog.h sys/file.h sys/ioctl.h sys/mman.h sys/param.h sys/socket.h sys/time.h sys/uio.h sys/wait.h netdb.h arpa/inet.h])
-AC_CHECK_HEADERS([net/if.h net/if_types.h linux/if_tun.h net/if_tun.h net/if_tap.h net/ethernet.h net/if_arp.h netinet/in_systm.h netinet/in.h netinet/in6.h],
+AC_CHECK_HEADERS([net/if.h net/if_types.h linux/if_tun.h net/if_tun.h net/if_tap.h net/ethernet.h net/if_arp.h netinet/in_systm.h netinet/in.h netinet/in6.h time.h],
   [], [], [#include "have.h"]
 )
 AC_CHECK_HEADERS([netinet/if_ether.h netinet/ip.h netinet/ip6.h],
@@ -119,7 +119,7 @@ dnl Checks for library functions.
 AC_FUNC_MEMCMP
 AC_FUNC_ALLOCA
 AC_TYPE_SIGNAL
-AC_CHECK_FUNCS([asprintf daemon fchmod flock ftime fork get_current_dir_name gettimeofday mlockall putenv random select strdup strerror strsignal strtol system unsetenv vsyslog writev],
+AC_CHECK_FUNCS([asprintf daemon fchmod flock ftime fork get_current_dir_name gettimeofday mlockall putenv random select strdup strerror strsignal strtol system time unsetenv vsyslog writev],
   [], [], [#include "have.h"]
 )
 AC_FUNC_MALLOC
@@ -149,10 +149,10 @@ tinc_LZO
 
 if test "$with_libgcrypt" = yes; then
 	AM_PATH_LIBGCRYPT([1.4.0], [], [])
-    	ln -sf gcrypt/crypto.c gcrypt/crypto.h gcrypt/cipher.c gcrypt/cipher.h gcrypt/digest.c gcrypt/digest.h gcrypt/rsa.c gcrypt/rsa.h src/
+    	ln -sf gcrypt/cipher.c gcrypt/cipher.h gcrypt/crypto.c gcrypt/crypto.h gcrypt/digest.c gcrypt/digest.h gcrypt/rsa.c gcrypt/rsa.h gcrypt/rsagen.c gcrypt/rsagen.h src/
 else
 	tinc_OPENSSL
-    	ln -sf openssl/crypto.c openssl/crypto.h openssl/cipher.c openssl/cipher.h openssl/digest.c openssl/digest.h openssl/rsa.c openssl/rsa.h src/
+    	ln -sf openssl/cipher.c openssl/cipher.h openssl/crypto.c openssl/crypto.h openssl/digest.c openssl/digest.h openssl/rsa.c openssl/rsa.h openssl/rsagen.c openssl/rsagen.h src/
 fi
 	
 

have.h

@@ -57,6 +57,10 @@
 #include <sys/time.h>
 #endif
 
+#ifdef HAVE_TIME_H
+#include <time.h>
+#endif
+
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
 #endif
@@ -165,4 +169,8 @@
 #include <winsock2.h>
 #endif
 
+#ifdef HAVE_LIBEVENT
+#include <event.h>
+#endif
+
 #endif /* __TINC_SYSTEM_H__ */

src/Makefile.am

@@ -9,7 +9,7 @@ tincd_SOURCES = cipher.c conf.c connection.c control.c crypto.c digest.c edge.c
 	net_socket.c netutl.c node.c process.c protocol.c protocol_auth.c protocol_edge.c protocol_misc.c	\
 	protocol_key.c protocol_subnet.c route.c rsa.c subnet.c tincd.c
 
-tincctl_SOURCES = tincctl.c
+tincctl_SOURCES = tincctl.c rsagen.c
 
 nodist_tincd_SOURCES = device.c
 
@@ -18,7 +18,7 @@ DEFAULT_INCLUDES =
 INCLUDES = @INCLUDES@ -I$(top_builddir) -I$(top_srcdir)/lib
 
 noinst_HEADERS = cipher.h conf.h connection.h control.h crypto.h device.h digest.h edge.h graph.h logger.h meta.h net.h netutl.h node.h process.h	\
-	protocol.h route.h rsa.h subnet.h
+	protocol.h route.h rsa.h rsagen.h subnet.h
 
 LIBS = @LIBS@ @LIBGCRYPT_LIBS@ @LIBINTL@
 

src/connection.h

@@ -23,8 +23,6 @@
 #ifndef __TINC_CONNECTION_H__
 #define __TINC_CONNECTION_H__
 
-#include <event.h>
-
 #include "cipher.h"
 #include "digest.h"
 #include "rsa.h"

src/gcrypt/cipher.c

@@ -55,7 +55,7 @@ static struct {
 };
 
 static bool nametocipher(const char *name, int *algo, int *mode) {
-	int i;
+	size_t i;
 
 	for(i = 0; i < sizeof ciphertable / sizeof *ciphertable; i++) {
 		if(ciphertable[i].name && !strcasecmp(name, ciphertable[i].name)) {
@@ -69,7 +69,7 @@ static bool nametocipher(const char *name, int *algo, int *mode) {
 }
 
 static bool nidtocipher(int nid, int *algo, int *mode) {
-	int i;
+	size_t i;
 
 	for(i = 0; i < sizeof ciphertable / sizeof *ciphertable; i++) {
 		if(nid == ciphertable[i].nid) {
@@ -83,7 +83,7 @@ static bool nidtocipher(int nid, int *algo, int *mode) {
 }
 
 static bool ciphertonid(int algo, int mode, int *nid) {
-	int i;
+	size_t i;
 
 	for(i = 0; i < sizeof ciphertable / sizeof *ciphertable; i++) {
 		if(algo == ciphertable[i].algo && mode == ciphertable[i].mode) {

src/gcrypt/cipher.h

@@ -24,6 +24,10 @@
 
 #include <gcrypt.h>
 
+#define CIPHER_MAX_BLOCK_SIZE 32
+#define CIPHER_MAX_IV_SIZE 16
+#define CIPHER_MAX_KEY_SIZE 32
+
 typedef struct cipher {
 	gcry_cipher_hd_t handle;
 	char *key;

src/gcrypt/digest.h

@@ -24,6 +24,8 @@
 
 #include <gcrypt.h>
 
+#define DIGEST_MAX_SIZE 64
+
 typedef struct digest {
 	int algo;
 	int nid;

src/gcrypt/rsa.c

@@ -26,7 +26,7 @@
 #include "logger.h"
 #include "rsa.h"
 
-// Base64 encoding/decoding tables
+// Base64 decoding table
 
 static const uint8_t b64d[128] = {
   0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
@@ -53,8 +53,6 @@ static const uint8_t b64d[128] = {
   0xff, 0xff
 };
 
-static const char b64e[64] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
-
 // PEM encoding/decoding functions
 
 static bool pem_decode(FILE *fp, const char *header, uint8_t *buf, size_t size, size_t *outsize) {

src/gcrypt/rsagen.c

@@ -0,0 +1,222 @@
+/*
+    rsagen.c -- RSA key generation and export
+    Copyright (C) 2008 Guus Sliepen <guus@tinc-vpn.org>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+    $Id$
+*/
+
+#include "system.h"
+
+#include <gcrypt.h>
+
+#include "rsagen.h"
+
+#if 0
+// Base64 encoding table
+
+static const char b64e[64] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+
+// PEM encoding
+
+static bool pem_encode(FILE *fp, const char *header, uint8_t *buf, size_t size) {
+	bool decode = false;
+	char line[1024];
+	uint32_t word = 0;
+	int shift = 0;
+	size_t i, j = 0;
+
+	fprintf(fp, "-----BEGIN %s-----\n", header);
+
+	for(i = 0; i < size; i += 3) {
+		if(i <= size - 3) {
+			word = buf[i] << 16 | buf[i + 1] << 8 | buf[i + 2];
+		} else {
+			word = buf[i] << 16;
+			if(i == size - 2)
+				word |= buf[i + 1] << 8;
+		}
+
+		line[j++] = b64e[(word >> 18)       ];
+		line[j++] = b64e[(word >> 12) & 0x3f];
+		line[j++] = b64e[(word >>  6) & 0x3f];
+		line[j++] = b64e[(word      ) & 0x3f];
+
+		if(j >= 64) {
+			line[j++] = '\n';
+			line[j] = 0;
+			fputs(line, fp);
+			j = 0;
+		}
+	}
+
+	if(size % 3 > 0) {
+		if(size % 3 > 1)
+			line[j++] = '=';
+		line[j++] = '=';
+	}
+
+	if(j) {
+		line[j++] = '\n';
+		line[j] = 0;
+		fputs(line, fp);
+	}
+
+	fprintf(fp, "-----END %s-----\n", header);
+
+	return true;
+}
+
+
+// BER encoding functions
+
+static bool ber_write_id(uint8_t **p, size_t *buflen, int id) {
+	if(*buflen <= 0)
+		return false;
+
+	if(id >= 0x1f) {
+		while(id) {
+			if(*buflen <= 0)
+				return false;
+
+			(*buflen)--;
+			**p = id & 0x7f;
+			id >>= 7;
+			if(id)
+				**p |= 0x80;
+			(*p)++;
+		}
+	} else {
+		(*buflen)--;
+		*(*p)++ = id;
+	}
+
+	return true;
+}
+
+static bool ber_write_len(uint8_t **p, size_t *buflen, size_t len) {
+	do {
+		if(*buflen <= 0)
+			return false;
+
+		(*buflen)--;
+		**p = len & 0x7f;
+		len >>= 7;
+		if(len)
+			**p |= 0x80;
+		(*p)++;
+	} while(len);
+
+	return true;
+}
+
+static bool ber_write_sequence(uint8_t **p, size_t *buflen, uint8_t *seqbuf, size_t seqlen) {
+	if(!ber_write_id(p, buflen, 0x10) || !ber_write_len(p, buflen, seqlen) || *buflen < seqlen)
+		return false;
+
+	memcpy(*p, seqbuf, seqlen);
+	*p += seqlen;
+	*buflen -= seqlen;
+
+	return true;
+}
+
+static bool ber_write_mpi(uint8_t **p, size_t *buflen, gcry_mpi_t mpi) {
+	uint8_t tmpbuf[1024];
+	size_t tmplen = sizeof tmpbuf;
+	gcry_error_t err;
+
+	err = gcry_mpi_aprint(GCRYMPI_FMT_USG, &tmpbuf, &tmplen, mpi);
+	if(err)
+		return false;
+
+	if(!ber_write_id(p, buflen, 0x02) || !ber_write_len(p, buflen, tmplen) || *buflen < tmplen)
+		return false;
+
+	memcpy(*p, tmpbuf, tmplen);
+	*p += tmplen;
+	*buflen -= tmplen;
+
+	return true;
+}
+
+// Write PEM RSA keys
+
+bool rsa_write_pem_public_key(rsa_t *rsa, FILE *fp) {
+	uint8_t derbuf1[8096];
+	uint8_t derbuf2[8096];
+	uint8_t *derp1 = derbuf1;
+	uint8_t *derp2 = derbuf2;
+	size_t derlen1 = sizeof derbuf1;
+	size_t derlen2 = sizeof derbuf2;
+
+	if(!ber_write_mpi(&derp1, &derlen1, &rsa->n)
+			|| !ber_write_mpi(&derp1, &derlen1, &rsa->e)
+			|| !ber_write_sequence(&derp2, &derlen2, derbuf1, derlen1)) {
+		logger(LOG_ERR, _("Error while encoding RSA public key"));
+		return false;
+	}
+
+	if(!pem_encode(fp, "RSA PUBLIC KEY", derbuf2, derlen2)) {
+		logger(LOG_ERR, _("Unable to write RSA public key: %s"), strerror(errno));
+		return false;
+	}
+
+	return true;
+}
+
+bool rsa_write_pem_private_key(rsa_t *rsa, FILE *fp) {
+	uint8_t derbuf1[8096];
+	uint8_t derbuf2[8096];
+	uint8_t *derp1 = derbuf1;
+	uint8_t *derp2 = derbuf2;
+	size_t derlen1 = sizeof derbuf1;
+	size_t derlen2 = sizeof derbuf2;
+
+	if(!ber_write_mpi(&derp1, &derlen1, &bits)
+			|| ber_write_mpi(&derp1, &derlen1, &rsa->n) // modulus
+			|| ber_write_mpi(&derp1, &derlen1, &rsa->e) // public exponent
+			|| ber_write_mpi(&derp1, &derlen1, &rsa->d) // private exponent
+			|| ber_write_mpi(&derp1, &derlen1, &p)
+			|| ber_write_mpi(&derp1, &derlen1, &q)
+			|| ber_write_mpi(&derp1, &derlen1, &exp1)
+			|| ber_write_mpi(&derp1, &derlen1, &exp2)
+			|| ber_write_mpi(&derp1, &derlen1, &coeff))
+		logger(LOG_ERR, _("Error while encoding RSA private key"));
+		return false;
+	}
+
+	if(!pem_encode(fp, "RSA PRIVATE KEY", derbuf2, derlen2)) {
+		logger(LOG_ERR, _("Unable to write RSA private key: %s"), strerror(errno));
+		return false;
+	}
+
+	return true;
+}
+#endif
+
+bool rsa_write_pem_public_key(rsa_t *rsa, FILE *fp) {
+	return false;
+}
+
+bool rsa_write_pem_private_key(rsa_t *rsa, FILE *fp) {
+	return false;
+}
+
+bool rsa_generate(rsa_t *rsa, size_t bits, unsigned long exponent) {
+	fprintf(stderr, _("Generating RSA keys with libgcrypt not implemented yet\n"));
+	return false;
+}

src/gcrypt/rsagen.h

@@ -0,0 +1,31 @@
+/*
+    rsagen.h -- RSA key generation and export
+    Copyright (C) 2008 Guus Sliepen <guus@tinc-vpn.org>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+    $Id$
+*/
+
+#ifndef __TINC_RSAGEN_H__
+#define __TINC_RSAGEN_H__
+
+#include "rsa.h"
+
+extern bool rsa_generate(rsa_t *rsa, size_t bits, unsigned long exponent);
+extern bool rsa_write_pem_public_key(rsa_t *rsa, FILE *fp);
+extern bool rsa_write_pem_private_key(rsa_t *rsa, FILE *fp);
+
+#endif

src/meta.c

@@ -112,7 +112,7 @@ bool receive_meta(connection_t *c) {
 			bufp = endp;
 		} else {
 			size_t outlen = inlen;
-			ifdebug(META) logger(LOG_DEBUG, _("Received encrypted %d bytes"), inlen);
+			ifdebug(META) logger(LOG_DEBUG, _("Received encrypted %zu bytes"), inlen);
 			evbuffer_expand(c->buffer->input, c->buffer->input->off + inlen);
 
 			if(!cipher_decrypt(&c->incipher, bufp, inlen, c->buffer->input->buffer + c->buffer->input->off, &outlen, false) || inlen != outlen) {

src/net.h

@@ -23,10 +23,9 @@
 #ifndef __TINC_NET_H__
 #define __TINC_NET_H__
 
-#include <openssl/evp.h>
-#include <event.h>
-
 #include "ipv6.h"
+#include "cipher.h"
+#include "digest.h"
 
 #ifdef ENABLE_JUMBOGRAMS
 #define MTU 9018				/* 9000 bytes payload + 14 bytes ethernet header + 4 bytes VLAN tag */
@@ -34,7 +33,7 @@
 #define MTU 1518				/* 1500 bytes payload + 14 bytes ethernet header + 4 bytes VLAN tag */
 #endif
 
-#define MAXSIZE (MTU + 4 + EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + MTU/64 + 20)	/* MTU + seqno + padding + HMAC + compressor overhead */
+#define MAXSIZE (MTU + 4 + CIPHER_MAX_BLOCK_SIZE + DIGEST_MAX_SIZE + MTU/64 + 20)	/* MTU + seqno + padding + HMAC + compressor overhead */
 #define MAXBUFSIZE ((MAXSIZE > 2048 ? MAXSIZE : 2048) + 128)	/* Enough room for a request with a MAXSIZEd packet or a 8192 bits RSA key */
 
 #define MAXSOCKETS 8			/* Probably overkill... */
@@ -127,7 +126,6 @@ extern int listen_sockets;
 extern int keylifetime;
 extern bool do_prune;
 extern char *myport;
-extern EVP_CIPHER_CTX packet_ctx;
 
 /* Yes, very strange placement indeed, but otherwise the typedefs get all tangled up */
 #include "connection.h"

src/node.h

@@ -23,6 +23,8 @@
 #ifndef __TINC_NODE_H__
 #define __TINC_NODE_H__
 
+#include <event.h>
+
 #include "splay_tree.h"
 #include "cipher.h"
 #include "connection.h"

src/openssl/cipher.h

@@ -24,6 +24,10 @@
 
 #include <openssl/evp.h>
 
+#define CIPHER_MAX_BLOCK_SIZE EVP_MAX_BLOCK_LENGTH
+#define CIPHER_MAX_KEY_SIZE EVP_MAX_KEY_LENGTH
+#define CIPHER_MAX_IV_SIZE EVP_MAX_IV_LENGTH
+
 typedef struct cipher {
 	EVP_CIPHER_CTX ctx;
 	const EVP_CIPHER *cipher;

src/openssl/digest.h

@@ -24,6 +24,8 @@
 
 #include <openssl/evp.h>
 
+#define DIGEST_MAX_SIZE EVP_MAX_MD_SIZE
+
 typedef struct digest {
 	const EVP_MD *digest;
 } digest_t;

src/openssl/rsagen.c

@@ -0,0 +1,85 @@
+/*
+    rsagen.c -- RSA key generation and export
+    Copyright (C) 2008 Guus Sliepen <guus@tinc-vpn.org>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+    $Id$
+*/
+
+#include "system.h"
+
+#include <openssl/pem.h>
+#include <openssl/err.h>
+
+#include "logger.h"
+#include "rsagen.h"
+
+/* This function prettyprints the key generation process */
+
+static void indicator(int a, int b, void *p) {
+	switch (a) {
+		case 0:
+			fprintf(stderr, ".");
+			break;
+
+		case 1:
+			fprintf(stderr, "+");
+			break;
+
+		case 2:
+			fprintf(stderr, "-");
+			break;
+
+		case 3:
+			switch (b) {
+				case 0:
+					fprintf(stderr, " p\n");
+					break;
+
+				case 1:
+					fprintf(stderr, " q\n");
+					break;
+
+				default:
+					fprintf(stderr, "?");
+			}
+			break;
+
+		default:
+			fprintf(stderr, "?");
+	}
+}
+
+// Generate RSA key
+
+bool rsa_generate(rsa_t *rsa, size_t bits, unsigned long exponent) {
+	*rsa = RSA_generate_key(bits, exponent, indicator, NULL);
+
+	return *rsa;
+}
+
+// Write PEM RSA keys
+
+bool rsa_write_pem_public_key(rsa_t *rsa, FILE *fp) {
+	PEM_write_RSAPublicKey(fp, *rsa);
+
+	return true;
+}
+
+bool rsa_write_pem_private_key(rsa_t *rsa, FILE *fp) {
+	PEM_write_RSAPrivateKey(fp, *rsa, NULL, NULL, 0, NULL, NULL);
+	return true;
+}

src/openssl/rsagen.h

@@ -0,0 +1,31 @@
+/*
+    rsagen.h -- RSA key generation and export
+    Copyright (C) 2008 Guus Sliepen <guus@tinc-vpn.org>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+    $Id$
+*/
+
+#ifndef __TINC_RSAGEN_H__
+#define __TINC_RSAGEN_H__
+
+#include "rsa.h"
+
+extern bool rsa_generate(rsa_t *rsa, size_t bits, unsigned long exponent);
+extern bool rsa_write_pem_public_key(rsa_t *rsa, FILE *fp);
+extern bool rsa_write_pem_private_key(rsa_t *rsa, FILE *fp);
+
+#endif

src/tincctl.c

@@ -22,17 +22,12 @@
 #include "system.h"
 
 #include <sys/un.h>
-#include <openssl/rand.h>
-#include <openssl/rsa.h>
-#include <openssl/pem.h>
-#include <openssl/evp.h>
-#include <openssl/engine.h>
-
 #include <getopt.h>
 
 #include "xalloc.h"
 #include "protocol.h"
 #include "control_common.h"
+#include "rsagen.h"
 
 /* The name this program was run with. */
 char *program_name = NULL;
@@ -192,56 +187,19 @@ FILE *ask_and_open(const char *filename, const char *what, const char *mode) {
 	return r;
 }
 
-/* This function prettyprints the key generation process */
-
-static void indicator(int a, int b, void *p) {
-	switch (a) {
-		case 0:
-			fprintf(stderr, ".");
-			break;
-
-		case 1:
-			fprintf(stderr, "+");
-			break;
-
-		case 2:
-			fprintf(stderr, "-");
-			break;
-
-		case 3:
-			switch (b) {
-				case 0:
-					fprintf(stderr, " p\n");
-					break;
-
-				case 1:
-					fprintf(stderr, " q\n");
-					break;
-
-				default:
-					fprintf(stderr, "?");
-			}
-			break;
-
-		default:
-			fprintf(stderr, "?");
-	}
-}
-
 /*
   Generate a public/private RSA keypair, and ask for a file to store
   them in.
 */
 static bool keygen(int bits) {
-	RSA *rsa_key;
+	rsa_t key;
 	FILE *f;
 	char *name = NULL;
 	char *filename;
 
 	fprintf(stderr, _("Generating %d bits keys:\n"), bits);
-	rsa_key = RSA_generate_key(bits, 0x10001, indicator, NULL);
 
-	if(!rsa_key) {
+	if(!rsa_generate(&key, bits, 0x10001)) {
 		fprintf(stderr, _("Error during key generation!\n"));
 		return false;
 	} else
@@ -261,7 +219,8 @@ static bool keygen(int bits) {
 	if(ftell(f))
 		fprintf(stderr, _("Appending key to existing contents.\nMake sure only one key is stored in the file.\n"));
 
-	PEM_write_RSAPrivateKey(f, rsa_key, NULL, NULL, 0, NULL, NULL);
+	rsa_write_pem_private_key(&key, f);
+
 	fclose(f);
 	free(filename);
 
@@ -278,7 +237,8 @@ static bool keygen(int bits) {
 	if(ftell(f))
 		fprintf(stderr, _("Appending key to existing contents.\nMake sure only one key is stored in the file.\n"));
 
-	PEM_write_RSAPublicKey(f, rsa_key);
+	rsa_write_pem_public_key(&key, f);
+
 	fclose(f);
 	free(filename);
 
@@ -425,7 +385,7 @@ static int send_ctl_request_cooked(int fd, enum request_type type,
 	}
 
 	if(buf != NULL) {
-		printf("%*s", buflen, buf);
+		printf("%*s", (int)buflen, buf);
 		free(buf);
 	}