OPT_PARAMETERS(),
{"numbits", 0, 0, "Number of bits if generating parameters (optional)"},
+ {"numqbits", 0, 0, "Number of bits in the subprime parameter q if generating parameters (optional)"},
{NULL}
};
BIO *out = NULL;
EVP_PKEY *params = NULL, *pkey = NULL;
EVP_PKEY_CTX *ctx = NULL;
- int numbits = -1, num = 0, genkey = 0;
+ int numbits = -1, numqbits = -1, num = 0, genkey = 0;
int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, noout = 0;
int ret = 1, i, text = 0, private = 0;
char *infile = NULL, *outfile = NULL, *prog;
}
}
- /* Optional arg is bitsize. */
+ /* Optional args are bitsize and q bitsize. */
argc = opt_num_rest();
argv = opt_rest();
- if (argc == 1) {
+ if (argc == 2) {
+ if (!opt_int(argv[0], &num) || num < 0)
+ goto opthelp;
+ if (!opt_int(argv[1], &numqbits) || numqbits < 0)
+ goto opthelp;
+ } else if (argc == 1) {
if (!opt_int(argv[0], &num) || num < 0)
goto opthelp;
} else if (!opt_check_rest_arg(NULL)) {
"Error, DSA key generation setting bit length failed\n");
goto end;
}
+ if (numqbits > 0) {
+ if (EVP_PKEY_CTX_set_dsa_paramgen_q_bits(ctx, numqbits) <= 0) {
+ BIO_printf(bio_err,
+ "Error, DSA key generation setting subprime bit length failed\n");
+ goto end;
+ }
+ }
params = app_paramgen(ctx, "DSA");
} else {
params = load_keyparams(infile, informat, 1, "DSA", "DSA parameters");
{- $OpenSSL::safe::opt_r_synopsis -}
{- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -}
[I<numbits>]
+[I<numqbits>]
=head1 DESCRIPTION
=item I<numbits>
-This option specifies that a parameter set should be generated of size
-I<numbits>. It must be the last option. If this option is included then
-the input file (if any) is ignored.
+This optional argument specifies that a parameter set should be generated of
+size I<numbits>. If this argument is included then the input file (if any) is
+ignored.
+
+=item I<numqbits>
+
+This optional argument specifies that a parameter set should be generated with
+a subprime parameter q of size I<numqbits>. It must be the last argument. If
+this argument is included then the input file (if any) is ignored.
{- $OpenSSL::safe::opt_provider_item -}