From 551cd19406a560d0d206bff5b4e9da064ec222b6 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 14 Dec 2008 12:47:26 +0000 Subject: [PATCH] Move RSA key generation into the wrappers. --- configure.in | 8 +- have.h | 8 ++ src/Makefile.am | 4 +- src/connection.h | 2 - src/gcrypt/cipher.c | 6 +- src/gcrypt/cipher.h | 4 + src/gcrypt/digest.h | 2 + src/gcrypt/rsa.c | 4 +- src/gcrypt/rsagen.c | 222 +++++++++++++++++++++++++++++++++++++++++++ src/gcrypt/rsagen.h | 31 ++++++ src/meta.c | 2 +- src/net.h | 8 +- src/node.h | 2 + src/openssl/cipher.h | 4 + src/openssl/digest.h | 2 + src/openssl/rsagen.c | 85 +++++++++++++++++ src/openssl/rsagen.h | 31 ++++++ src/tincctl.c | 56 ++--------- 18 files changed, 413 insertions(+), 68 deletions(-) create mode 100644 src/gcrypt/rsagen.c create mode 100644 src/gcrypt/rsagen.h create mode 100644 src/openssl/rsagen.c create mode 100644 src/openssl/rsagen.h diff --git a/configure.in b/configure.in index eb0040bc..456b9b23 100644 --- a/configure.in +++ b/configure.in @@ -91,7 +91,7 @@ dnl We do this in multiple stages, because unlike Linux all the other operating AC_HEADER_STDC AC_CHECK_HEADERS([stdbool.h syslog.h sys/file.h sys/ioctl.h sys/mman.h sys/param.h sys/socket.h sys/time.h sys/uio.h sys/wait.h netdb.h arpa/inet.h]) -AC_CHECK_HEADERS([net/if.h net/if_types.h linux/if_tun.h net/if_tun.h net/if_tap.h net/ethernet.h net/if_arp.h netinet/in_systm.h netinet/in.h netinet/in6.h], +AC_CHECK_HEADERS([net/if.h net/if_types.h linux/if_tun.h net/if_tun.h net/if_tap.h net/ethernet.h net/if_arp.h netinet/in_systm.h netinet/in.h netinet/in6.h time.h], [], [], [#include "have.h"] ) AC_CHECK_HEADERS([netinet/if_ether.h netinet/ip.h netinet/ip6.h], @@ -119,7 +119,7 @@ dnl Checks for library functions. AC_FUNC_MEMCMP AC_FUNC_ALLOCA AC_TYPE_SIGNAL -AC_CHECK_FUNCS([asprintf daemon fchmod flock ftime fork get_current_dir_name gettimeofday mlockall putenv random select strdup strerror strsignal strtol system unsetenv vsyslog writev], +AC_CHECK_FUNCS([asprintf daemon fchmod flock ftime fork get_current_dir_name gettimeofday mlockall putenv random select strdup strerror strsignal strtol system time unsetenv vsyslog writev], [], [], [#include "have.h"] ) AC_FUNC_MALLOC @@ -149,10 +149,10 @@ tinc_LZO if test "$with_libgcrypt" = yes; then AM_PATH_LIBGCRYPT([1.4.0], [], []) - ln -sf gcrypt/crypto.c gcrypt/crypto.h gcrypt/cipher.c gcrypt/cipher.h gcrypt/digest.c gcrypt/digest.h gcrypt/rsa.c gcrypt/rsa.h src/ + ln -sf gcrypt/cipher.c gcrypt/cipher.h gcrypt/crypto.c gcrypt/crypto.h gcrypt/digest.c gcrypt/digest.h gcrypt/rsa.c gcrypt/rsa.h gcrypt/rsagen.c gcrypt/rsagen.h src/ else tinc_OPENSSL - ln -sf openssl/crypto.c openssl/crypto.h openssl/cipher.c openssl/cipher.h openssl/digest.c openssl/digest.h openssl/rsa.c openssl/rsa.h src/ + ln -sf openssl/cipher.c openssl/cipher.h openssl/crypto.c openssl/crypto.h openssl/digest.c openssl/digest.h openssl/rsa.c openssl/rsa.h openssl/rsagen.c openssl/rsagen.h src/ fi diff --git a/have.h b/have.h index 8a58af33..e0652a9d 100644 --- a/have.h +++ b/have.h @@ -57,6 +57,10 @@ #include #endif +#ifdef HAVE_TIME_H +#include +#endif + #ifdef HAVE_SYS_TYPES_H #include #endif @@ -165,4 +169,8 @@ #include #endif +#ifdef HAVE_LIBEVENT +#include +#endif + #endif /* __TINC_SYSTEM_H__ */ diff --git a/src/Makefile.am b/src/Makefile.am index fb0b46cd..ed110e9f 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -9,7 +9,7 @@ tincd_SOURCES = cipher.c conf.c connection.c control.c crypto.c digest.c edge.c net_socket.c netutl.c node.c process.c protocol.c protocol_auth.c protocol_edge.c protocol_misc.c \ protocol_key.c protocol_subnet.c route.c rsa.c subnet.c tincd.c -tincctl_SOURCES = tincctl.c +tincctl_SOURCES = tincctl.c rsagen.c nodist_tincd_SOURCES = device.c @@ -18,7 +18,7 @@ DEFAULT_INCLUDES = INCLUDES = @INCLUDES@ -I$(top_builddir) -I$(top_srcdir)/lib noinst_HEADERS = cipher.h conf.h connection.h control.h crypto.h device.h digest.h edge.h graph.h logger.h meta.h net.h netutl.h node.h process.h \ - protocol.h route.h rsa.h subnet.h + protocol.h route.h rsa.h rsagen.h subnet.h LIBS = @LIBS@ @LIBGCRYPT_LIBS@ @LIBINTL@ diff --git a/src/connection.h b/src/connection.h index ca71cad9..08778bf3 100644 --- a/src/connection.h +++ b/src/connection.h @@ -23,8 +23,6 @@ #ifndef __TINC_CONNECTION_H__ #define __TINC_CONNECTION_H__ -#include - #include "cipher.h" #include "digest.h" #include "rsa.h" diff --git a/src/gcrypt/cipher.c b/src/gcrypt/cipher.c index 71add007..77add6c3 100644 --- a/src/gcrypt/cipher.c +++ b/src/gcrypt/cipher.c @@ -55,7 +55,7 @@ static struct { }; static bool nametocipher(const char *name, int *algo, int *mode) { - int i; + size_t i; for(i = 0; i < sizeof ciphertable / sizeof *ciphertable; i++) { if(ciphertable[i].name && !strcasecmp(name, ciphertable[i].name)) { @@ -69,7 +69,7 @@ static bool nametocipher(const char *name, int *algo, int *mode) { } static bool nidtocipher(int nid, int *algo, int *mode) { - int i; + size_t i; for(i = 0; i < sizeof ciphertable / sizeof *ciphertable; i++) { if(nid == ciphertable[i].nid) { @@ -83,7 +83,7 @@ static bool nidtocipher(int nid, int *algo, int *mode) { } static bool ciphertonid(int algo, int mode, int *nid) { - int i; + size_t i; for(i = 0; i < sizeof ciphertable / sizeof *ciphertable; i++) { if(algo == ciphertable[i].algo && mode == ciphertable[i].mode) { diff --git a/src/gcrypt/cipher.h b/src/gcrypt/cipher.h index 08a7dc54..4d1e0962 100644 --- a/src/gcrypt/cipher.h +++ b/src/gcrypt/cipher.h @@ -24,6 +24,10 @@ #include +#define CIPHER_MAX_BLOCK_SIZE 32 +#define CIPHER_MAX_IV_SIZE 16 +#define CIPHER_MAX_KEY_SIZE 32 + typedef struct cipher { gcry_cipher_hd_t handle; char *key; diff --git a/src/gcrypt/digest.h b/src/gcrypt/digest.h index 4e3a0c43..18e49108 100644 --- a/src/gcrypt/digest.h +++ b/src/gcrypt/digest.h @@ -24,6 +24,8 @@ #include +#define DIGEST_MAX_SIZE 64 + typedef struct digest { int algo; int nid; diff --git a/src/gcrypt/rsa.c b/src/gcrypt/rsa.c index bb0f9bb3..65301625 100644 --- a/src/gcrypt/rsa.c +++ b/src/gcrypt/rsa.c @@ -26,7 +26,7 @@ #include "logger.h" #include "rsa.h" -// Base64 encoding/decoding tables +// Base64 decoding table static const uint8_t b64d[128] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, @@ -53,8 +53,6 @@ static const uint8_t b64d[128] = { 0xff, 0xff }; -static const char b64e[64] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; - // PEM encoding/decoding functions static bool pem_decode(FILE *fp, const char *header, uint8_t *buf, size_t size, size_t *outsize) { diff --git a/src/gcrypt/rsagen.c b/src/gcrypt/rsagen.c new file mode 100644 index 00000000..d9f42b70 --- /dev/null +++ b/src/gcrypt/rsagen.c @@ -0,0 +1,222 @@ +/* + rsagen.c -- RSA key generation and export + Copyright (C) 2008 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id$ +*/ + +#include "system.h" + +#include + +#include "rsagen.h" + +#if 0 +// Base64 encoding table + +static const char b64e[64] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; + +// PEM encoding + +static bool pem_encode(FILE *fp, const char *header, uint8_t *buf, size_t size) { + bool decode = false; + char line[1024]; + uint32_t word = 0; + int shift = 0; + size_t i, j = 0; + + fprintf(fp, "-----BEGIN %s-----\n", header); + + for(i = 0; i < size; i += 3) { + if(i <= size - 3) { + word = buf[i] << 16 | buf[i + 1] << 8 | buf[i + 2]; + } else { + word = buf[i] << 16; + if(i == size - 2) + word |= buf[i + 1] << 8; + } + + line[j++] = b64e[(word >> 18) ]; + line[j++] = b64e[(word >> 12) & 0x3f]; + line[j++] = b64e[(word >> 6) & 0x3f]; + line[j++] = b64e[(word ) & 0x3f]; + + if(j >= 64) { + line[j++] = '\n'; + line[j] = 0; + fputs(line, fp); + j = 0; + } + } + + if(size % 3 > 0) { + if(size % 3 > 1) + line[j++] = '='; + line[j++] = '='; + } + + if(j) { + line[j++] = '\n'; + line[j] = 0; + fputs(line, fp); + } + + fprintf(fp, "-----END %s-----\n", header); + + return true; +} + + +// BER encoding functions + +static bool ber_write_id(uint8_t **p, size_t *buflen, int id) { + if(*buflen <= 0) + return false; + + if(id >= 0x1f) { + while(id) { + if(*buflen <= 0) + return false; + + (*buflen)--; + **p = id & 0x7f; + id >>= 7; + if(id) + **p |= 0x80; + (*p)++; + } + } else { + (*buflen)--; + *(*p)++ = id; + } + + return true; +} + +static bool ber_write_len(uint8_t **p, size_t *buflen, size_t len) { + do { + if(*buflen <= 0) + return false; + + (*buflen)--; + **p = len & 0x7f; + len >>= 7; + if(len) + **p |= 0x80; + (*p)++; + } while(len); + + return true; +} + +static bool ber_write_sequence(uint8_t **p, size_t *buflen, uint8_t *seqbuf, size_t seqlen) { + if(!ber_write_id(p, buflen, 0x10) || !ber_write_len(p, buflen, seqlen) || *buflen < seqlen) + return false; + + memcpy(*p, seqbuf, seqlen); + *p += seqlen; + *buflen -= seqlen; + + return true; +} + +static bool ber_write_mpi(uint8_t **p, size_t *buflen, gcry_mpi_t mpi) { + uint8_t tmpbuf[1024]; + size_t tmplen = sizeof tmpbuf; + gcry_error_t err; + + err = gcry_mpi_aprint(GCRYMPI_FMT_USG, &tmpbuf, &tmplen, mpi); + if(err) + return false; + + if(!ber_write_id(p, buflen, 0x02) || !ber_write_len(p, buflen, tmplen) || *buflen < tmplen) + return false; + + memcpy(*p, tmpbuf, tmplen); + *p += tmplen; + *buflen -= tmplen; + + return true; +} + +// Write PEM RSA keys + +bool rsa_write_pem_public_key(rsa_t *rsa, FILE *fp) { + uint8_t derbuf1[8096]; + uint8_t derbuf2[8096]; + uint8_t *derp1 = derbuf1; + uint8_t *derp2 = derbuf2; + size_t derlen1 = sizeof derbuf1; + size_t derlen2 = sizeof derbuf2; + + if(!ber_write_mpi(&derp1, &derlen1, &rsa->n) + || !ber_write_mpi(&derp1, &derlen1, &rsa->e) + || !ber_write_sequence(&derp2, &derlen2, derbuf1, derlen1)) { + logger(LOG_ERR, _("Error while encoding RSA public key")); + return false; + } + + if(!pem_encode(fp, "RSA PUBLIC KEY", derbuf2, derlen2)) { + logger(LOG_ERR, _("Unable to write RSA public key: %s"), strerror(errno)); + return false; + } + + return true; +} + +bool rsa_write_pem_private_key(rsa_t *rsa, FILE *fp) { + uint8_t derbuf1[8096]; + uint8_t derbuf2[8096]; + uint8_t *derp1 = derbuf1; + uint8_t *derp2 = derbuf2; + size_t derlen1 = sizeof derbuf1; + size_t derlen2 = sizeof derbuf2; + + if(!ber_write_mpi(&derp1, &derlen1, &bits) + || ber_write_mpi(&derp1, &derlen1, &rsa->n) // modulus + || ber_write_mpi(&derp1, &derlen1, &rsa->e) // public exponent + || ber_write_mpi(&derp1, &derlen1, &rsa->d) // private exponent + || ber_write_mpi(&derp1, &derlen1, &p) + || ber_write_mpi(&derp1, &derlen1, &q) + || ber_write_mpi(&derp1, &derlen1, &exp1) + || ber_write_mpi(&derp1, &derlen1, &exp2) + || ber_write_mpi(&derp1, &derlen1, &coeff)) + logger(LOG_ERR, _("Error while encoding RSA private key")); + return false; + } + + if(!pem_encode(fp, "RSA PRIVATE KEY", derbuf2, derlen2)) { + logger(LOG_ERR, _("Unable to write RSA private key: %s"), strerror(errno)); + return false; + } + + return true; +} +#endif + +bool rsa_write_pem_public_key(rsa_t *rsa, FILE *fp) { + return false; +} + +bool rsa_write_pem_private_key(rsa_t *rsa, FILE *fp) { + return false; +} + +bool rsa_generate(rsa_t *rsa, size_t bits, unsigned long exponent) { + fprintf(stderr, _("Generating RSA keys with libgcrypt not implemented yet\n")); + return false; +} diff --git a/src/gcrypt/rsagen.h b/src/gcrypt/rsagen.h new file mode 100644 index 00000000..e5aff63d --- /dev/null +++ b/src/gcrypt/rsagen.h @@ -0,0 +1,31 @@ +/* + rsagen.h -- RSA key generation and export + Copyright (C) 2008 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id$ +*/ + +#ifndef __TINC_RSAGEN_H__ +#define __TINC_RSAGEN_H__ + +#include "rsa.h" + +extern bool rsa_generate(rsa_t *rsa, size_t bits, unsigned long exponent); +extern bool rsa_write_pem_public_key(rsa_t *rsa, FILE *fp); +extern bool rsa_write_pem_private_key(rsa_t *rsa, FILE *fp); + +#endif diff --git a/src/meta.c b/src/meta.c index aaa5c30c..82dde3a5 100644 --- a/src/meta.c +++ b/src/meta.c @@ -112,7 +112,7 @@ bool receive_meta(connection_t *c) { bufp = endp; } else { size_t outlen = inlen; - ifdebug(META) logger(LOG_DEBUG, _("Received encrypted %d bytes"), inlen); + ifdebug(META) logger(LOG_DEBUG, _("Received encrypted %zu bytes"), inlen); evbuffer_expand(c->buffer->input, c->buffer->input->off + inlen); if(!cipher_decrypt(&c->incipher, bufp, inlen, c->buffer->input->buffer + c->buffer->input->off, &outlen, false) || inlen != outlen) { diff --git a/src/net.h b/src/net.h index c97d9312..1f7b4576 100644 --- a/src/net.h +++ b/src/net.h @@ -23,10 +23,9 @@ #ifndef __TINC_NET_H__ #define __TINC_NET_H__ -#include -#include - #include "ipv6.h" +#include "cipher.h" +#include "digest.h" #ifdef ENABLE_JUMBOGRAMS #define MTU 9018 /* 9000 bytes payload + 14 bytes ethernet header + 4 bytes VLAN tag */ @@ -34,7 +33,7 @@ #define MTU 1518 /* 1500 bytes payload + 14 bytes ethernet header + 4 bytes VLAN tag */ #endif -#define MAXSIZE (MTU + 4 + EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + MTU/64 + 20) /* MTU + seqno + padding + HMAC + compressor overhead */ +#define MAXSIZE (MTU + 4 + CIPHER_MAX_BLOCK_SIZE + DIGEST_MAX_SIZE + MTU/64 + 20) /* MTU + seqno + padding + HMAC + compressor overhead */ #define MAXBUFSIZE ((MAXSIZE > 2048 ? MAXSIZE : 2048) + 128) /* Enough room for a request with a MAXSIZEd packet or a 8192 bits RSA key */ #define MAXSOCKETS 8 /* Probably overkill... */ @@ -127,7 +126,6 @@ extern int listen_sockets; extern int keylifetime; extern bool do_prune; extern char *myport; -extern EVP_CIPHER_CTX packet_ctx; /* Yes, very strange placement indeed, but otherwise the typedefs get all tangled up */ #include "connection.h" diff --git a/src/node.h b/src/node.h index da5081b4..7b777288 100644 --- a/src/node.h +++ b/src/node.h @@ -23,6 +23,8 @@ #ifndef __TINC_NODE_H__ #define __TINC_NODE_H__ +#include + #include "splay_tree.h" #include "cipher.h" #include "connection.h" diff --git a/src/openssl/cipher.h b/src/openssl/cipher.h index d17e2545..20535ed3 100644 --- a/src/openssl/cipher.h +++ b/src/openssl/cipher.h @@ -24,6 +24,10 @@ #include +#define CIPHER_MAX_BLOCK_SIZE EVP_MAX_BLOCK_LENGTH +#define CIPHER_MAX_KEY_SIZE EVP_MAX_KEY_LENGTH +#define CIPHER_MAX_IV_SIZE EVP_MAX_IV_LENGTH + typedef struct cipher { EVP_CIPHER_CTX ctx; const EVP_CIPHER *cipher; diff --git a/src/openssl/digest.h b/src/openssl/digest.h index 28ee9d0d..f10e67fb 100644 --- a/src/openssl/digest.h +++ b/src/openssl/digest.h @@ -24,6 +24,8 @@ #include +#define DIGEST_MAX_SIZE EVP_MAX_MD_SIZE + typedef struct digest { const EVP_MD *digest; } digest_t; diff --git a/src/openssl/rsagen.c b/src/openssl/rsagen.c new file mode 100644 index 00000000..689e8a6a --- /dev/null +++ b/src/openssl/rsagen.c @@ -0,0 +1,85 @@ +/* + rsagen.c -- RSA key generation and export + Copyright (C) 2008 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id$ +*/ + +#include "system.h" + +#include +#include + +#include "logger.h" +#include "rsagen.h" + +/* This function prettyprints the key generation process */ + +static void indicator(int a, int b, void *p) { + switch (a) { + case 0: + fprintf(stderr, "."); + break; + + case 1: + fprintf(stderr, "+"); + break; + + case 2: + fprintf(stderr, "-"); + break; + + case 3: + switch (b) { + case 0: + fprintf(stderr, " p\n"); + break; + + case 1: + fprintf(stderr, " q\n"); + break; + + default: + fprintf(stderr, "?"); + } + break; + + default: + fprintf(stderr, "?"); + } +} + +// Generate RSA key + +bool rsa_generate(rsa_t *rsa, size_t bits, unsigned long exponent) { + *rsa = RSA_generate_key(bits, exponent, indicator, NULL); + + return *rsa; +} + +// Write PEM RSA keys + +bool rsa_write_pem_public_key(rsa_t *rsa, FILE *fp) { + PEM_write_RSAPublicKey(fp, *rsa); + + return true; +} + +bool rsa_write_pem_private_key(rsa_t *rsa, FILE *fp) { + PEM_write_RSAPrivateKey(fp, *rsa, NULL, NULL, 0, NULL, NULL); + return true; +} diff --git a/src/openssl/rsagen.h b/src/openssl/rsagen.h new file mode 100644 index 00000000..e5aff63d --- /dev/null +++ b/src/openssl/rsagen.h @@ -0,0 +1,31 @@ +/* + rsagen.h -- RSA key generation and export + Copyright (C) 2008 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id$ +*/ + +#ifndef __TINC_RSAGEN_H__ +#define __TINC_RSAGEN_H__ + +#include "rsa.h" + +extern bool rsa_generate(rsa_t *rsa, size_t bits, unsigned long exponent); +extern bool rsa_write_pem_public_key(rsa_t *rsa, FILE *fp); +extern bool rsa_write_pem_private_key(rsa_t *rsa, FILE *fp); + +#endif diff --git a/src/tincctl.c b/src/tincctl.c index 7cfc62e5..814800e8 100644 --- a/src/tincctl.c +++ b/src/tincctl.c @@ -22,17 +22,12 @@ #include "system.h" #include -#include -#include -#include -#include -#include - #include #include "xalloc.h" #include "protocol.h" #include "control_common.h" +#include "rsagen.h" /* The name this program was run with. */ char *program_name = NULL; @@ -192,56 +187,19 @@ FILE *ask_and_open(const char *filename, const char *what, const char *mode) { return r; } -/* This function prettyprints the key generation process */ - -static void indicator(int a, int b, void *p) { - switch (a) { - case 0: - fprintf(stderr, "."); - break; - - case 1: - fprintf(stderr, "+"); - break; - - case 2: - fprintf(stderr, "-"); - break; - - case 3: - switch (b) { - case 0: - fprintf(stderr, " p\n"); - break; - - case 1: - fprintf(stderr, " q\n"); - break; - - default: - fprintf(stderr, "?"); - } - break; - - default: - fprintf(stderr, "?"); - } -} - /* Generate a public/private RSA keypair, and ask for a file to store them in. */ static bool keygen(int bits) { - RSA *rsa_key; + rsa_t key; FILE *f; char *name = NULL; char *filename; fprintf(stderr, _("Generating %d bits keys:\n"), bits); - rsa_key = RSA_generate_key(bits, 0x10001, indicator, NULL); - if(!rsa_key) { + if(!rsa_generate(&key, bits, 0x10001)) { fprintf(stderr, _("Error during key generation!\n")); return false; } else @@ -261,7 +219,8 @@ static bool keygen(int bits) { if(ftell(f)) fprintf(stderr, _("Appending key to existing contents.\nMake sure only one key is stored in the file.\n")); - PEM_write_RSAPrivateKey(f, rsa_key, NULL, NULL, 0, NULL, NULL); + rsa_write_pem_private_key(&key, f); + fclose(f); free(filename); @@ -278,7 +237,8 @@ static bool keygen(int bits) { if(ftell(f)) fprintf(stderr, _("Appending key to existing contents.\nMake sure only one key is stored in the file.\n")); - PEM_write_RSAPublicKey(f, rsa_key); + rsa_write_pem_public_key(&key, f); + fclose(f); free(filename); @@ -425,7 +385,7 @@ static int send_ctl_request_cooked(int fd, enum request_type type, } if(buf != NULL) { - printf("%*s", buflen, buf); + printf("%*s", (int)buflen, buf); free(buf); }