X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=apps%2Fgendsa.c;h=f2afa1134aef51595313c376a47e0d2b70f5a0b6;hb=0c9fcfebf1b68a1736277c333dd6d59f35eb24f5;hp=c9563a74f7e50741d212035120a560ea70c8ce00;hpb=dd1abd4462e4e4fa84b8f8de2ec70375f9b0e191;p=oweals%2Fopenssl.git diff --git a/apps/gendsa.c b/apps/gendsa.c index c9563a74f7..f2afa1134a 100644 --- a/apps/gendsa.c +++ b/apps/gendsa.c @@ -1,46 +1,52 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ #include -#ifdef OPENSSL_NO_DSA -NON_EMPTY_TRANSLATION_UNIT -#else - -# include -# include -# include -# include -# include "apps.h" -# include -# include -# include -# include -# include -# include + +#include +#include +#include +#include +#include "apps.h" +#include "progs.h" +#include +#include +#include +#include +#include +#include typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, - OPT_OUT, OPT_PASSOUT, OPT_ENGINE, OPT_RAND, OPT_CIPHER + OPT_OUT, OPT_PASSOUT, OPT_ENGINE, OPT_CIPHER, OPT_VERBOSE, + OPT_R_ENUM, OPT_PROV_ENUM } OPTION_CHOICE; const OPTIONS gendsa_options[] = { - {OPT_HELP_STR, 1, '-', "Usage: %s [args] dsaparam-file\n"}, - {OPT_HELP_STR, 1, '-', "Valid options are:\n"}, + {OPT_HELP_STR, 1, '-', "Usage: %s [options] dsaparam-file\n"}, + + OPT_SECTION("General"), {"help", OPT_HELP, '-', "Display this summary"}, +#ifndef OPENSSL_NO_ENGINE + {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, +#endif + + OPT_SECTION("Output"), {"out", OPT_OUT, '>', "Output the key to the specified file"}, {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, - {"rand", OPT_RAND, 's', - "Load the file(s) into the random number generator"}, + OPT_R_OPTIONS, + OPT_PROV_OPTIONS, {"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"}, -# ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -# endif + {"verbose", OPT_VERBOSE, '-', "Verbose output"}, + + OPT_PARAMETERS(), + {"dsaparam-file", 0, 0, "File containing DSA parameters"}, {NULL} }; @@ -49,11 +55,13 @@ int gendsa_main(int argc, char **argv) ENGINE *e = NULL; BIO *out = NULL, *in = NULL; DSA *dsa = NULL; + EVP_PKEY *pkey = NULL; + EVP_PKEY_CTX *ctx = NULL; const EVP_CIPHER *enc = NULL; - char *inrand = NULL, *dsaparams = NULL; + char *dsaparams = NULL; char *outfile = NULL, *passoutarg = NULL, *passout = NULL, *prog; OPTION_CHOICE o; - int ret = 1, private = 0; + int ret = 1, private = 0, verbose = 0; const BIGNUM *p = NULL; prog = opt_init(argc, argv, gendsa_options); @@ -77,13 +85,21 @@ int gendsa_main(int argc, char **argv) case OPT_ENGINE: e = setup_engine(opt_arg(), 0); break; - case OPT_RAND: - inrand = opt_arg(); + case OPT_R_CASES: + if (!opt_rand(o)) + goto end; + break; + case OPT_PROV_CASES: + if (!opt_provider(o)) + goto end; break; case OPT_CIPHER: if (!opt_cipher(opt_unknown(), &enc)) goto end; break; + case OPT_VERBOSE: + verbose = 1; + break; } } argc = opt_num_rest(); @@ -114,24 +130,46 @@ int gendsa_main(int argc, char **argv) if (out == NULL) goto end2; - if (!app_RAND_load_file(NULL, 1) && inrand == NULL) { + DSA_get0_pqg(dsa, &p, NULL, NULL); + + if (BN_num_bits(p) > OPENSSL_DSA_MAX_MODULUS_BITS) BIO_printf(bio_err, - "warning, not much extra random data, consider using the -rand option\n"); - } - if (inrand != NULL) - BIO_printf(bio_err, "%ld semi-random bytes loaded\n", - app_RAND_load_files(inrand)); + "Warning: It is not recommended to use more than %d bit for DSA keys.\n" + " Your key size is %d! Larger key size may behave not as expected.\n", + OPENSSL_DSA_MAX_MODULUS_BITS, BN_num_bits(p)); - DSA_get0_pqg(dsa, &p, NULL, NULL); - BIO_printf(bio_err, "Generating DSA key, %d bits\n", BN_num_bits(p)); - if (!DSA_generate_key(dsa)) + pkey = EVP_PKEY_new(); + if (pkey == NULL) { + BIO_printf(bio_err, "unable to allocate PKEY\n"); goto end; - - app_RAND_write_file(NULL); + } + if (!EVP_PKEY_set1_DSA(pkey, dsa)) { + BIO_printf(bio_err, "unable to associate DSA parameters with PKEY\n"); + goto end; + } + ctx = EVP_PKEY_CTX_new(pkey, NULL); + if (ctx == NULL) { + BIO_printf(bio_err, "unable to create PKEY context\n"); + goto end; + } + EVP_PKEY_free(pkey); + pkey = NULL; + if (EVP_PKEY_keygen_init(ctx) <= 0) { + BIO_printf(bio_err, "unable to set up for key generation\n"); + goto end; + } + if (verbose) + BIO_printf(bio_err, "Generating DSA key, %d bits\n", BN_num_bits(p)); + if (EVP_PKEY_keygen(ctx, &pkey) <= 0) { + BIO_printf(bio_err, "unable to generate key\n"); + goto end; + } assert(private); - if (!PEM_write_bio_DSAPrivateKey(out, dsa, enc, NULL, 0, NULL, passout)) + if (!PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, passout)) { + BIO_printf(bio_err, "unable to output generated key\n"); goto end; + } ret = 0; end: if (ret != 0) @@ -140,8 +178,9 @@ int gendsa_main(int argc, char **argv) BIO_free(in); BIO_free_all(out); DSA_free(dsa); + EVP_PKEY_free(pkey); + EVP_PKEY_CTX_free(ctx); release_engine(e); OPENSSL_free(passout); - return (ret); + return ret; } -#endif