X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=apps%2Fdsaparam.c;h=03e33f9f7eb0fed47f177a4ee52acb6af7368c78;hp=47d92cc10d7b65507f42ad2f60e2148d3f81cacc;hb=6b5c1d940b5a653a24b91d3c52bca935399b713c;hpb=82fc1d9c28e834549f61e4c91b3f6bbdf4c48153 diff --git a/apps/dsaparam.c b/apps/dsaparam.c index 47d92cc10d..03e33f9f7e 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -56,7 +56,14 @@ * [including the GNU Public Licence.] */ -#ifndef NO_DSA +#include /* for OPENSSL_NO_DSA */ +/* Until the key-gen callbacks are modified to use newer prototypes, we allow + * deprecated functions for openssl-internal code */ +#ifdef OPENSSL_NO_DEPRECATED +#undef OPENSSL_NO_DEPRECATED +#endif + +#ifndef OPENSSL_NO_DSA #include #include #include @@ -82,9 +89,26 @@ * -C * -noout * -genkey + * #ifdef GENCB_TEST + * -timebomb n - interrupt keygen after seconds + * #endif */ -static void MS_CALLBACK dsa_cb(int p, int n, void *arg); +#ifdef GENCB_TEST + +static int stop_keygen_flag = 0; + +static void timebomb_sigalarm(int foo) + { + stop_keygen_flag = 1; + } + +#endif + +static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb); + +int MAIN(int, char **); + int MAIN(int argc, char **argv) { DSA *dsa=NULL; @@ -94,6 +118,13 @@ int MAIN(int argc, char **argv) char *infile,*outfile,*prog,*inrand=NULL; int numbits= -1,num,genkey=0; int need_rand=0; + int non_fips_allow = 0; +#ifndef OPENSSL_NO_ENGINE + char *engine=NULL; +#endif +#ifdef GENCB_TEST + int timebomb=0; +#endif apps_startup(); @@ -101,6 +132,9 @@ int MAIN(int argc, char **argv) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + if (!load_config(bio_err, NULL)) + goto end; + infile=NULL; outfile=NULL; informat=FORMAT_PEM; @@ -131,6 +165,20 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; outfile= *(++argv); } +#ifndef OPENSSL_NO_ENGINE + else if(strcmp(*argv, "-engine") == 0) + { + if (--argc < 1) goto bad; + engine = *(++argv); + } +#endif +#ifdef GENCB_TEST + else if(strcmp(*argv, "-timebomb") == 0) + { + if (--argc < 1) goto bad; + timebomb = atoi(*(++argv)); + } +#endif else if (strcmp(*argv,"-text") == 0) text=1; else if (strcmp(*argv,"-C") == 0) @@ -148,6 +196,8 @@ int MAIN(int argc, char **argv) } else if (strcmp(*argv,"-noout") == 0) noout=1; + else if (strcmp(*argv,"-non-fips-allow") == 0) + non_fips_allow = 1; else if (sscanf(*argv,"%d",&num) == 1) { /* generate a key */ @@ -173,10 +223,17 @@ bad: BIO_printf(bio_err," -outform arg output format - DER or PEM\n"); BIO_printf(bio_err," -in arg input file\n"); BIO_printf(bio_err," -out arg output file\n"); - BIO_printf(bio_err," -text print the key in text\n"); + BIO_printf(bio_err," -text print as text\n"); BIO_printf(bio_err," -C Output C code\n"); BIO_printf(bio_err," -noout no output\n"); + BIO_printf(bio_err," -genkey generate a DSA key\n"); BIO_printf(bio_err," -rand files to use for random number input\n"); +#ifndef OPENSSL_NO_ENGINE + BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); +#endif +#ifdef GENCB_TEST + BIO_printf(bio_err," -timebomb n interrupt keygen after seconds\n"); +#endif BIO_printf(bio_err," number number of bits to use for generating private key\n"); goto end; } @@ -202,7 +259,15 @@ bad: } } if (outfile == NULL) + { BIO_set_fp(out,stdout,BIO_NOCLOSE); +#ifdef OPENSSL_SYS_VMS + { + BIO *tmpbio = BIO_new(BIO_f_linebuffer()); + out = BIO_push(tmpbio, out); + } +#endif + } else { if (BIO_write_filename(out,outfile) <= 0) @@ -212,6 +277,10 @@ bad: } } +#ifndef OPENSSL_NO_ENGINE + setup_engine(bio_err, engine, 0); +#endif + if (need_rand) { app_RAND_load_file(NULL, bio_err, (inrand != NULL)); @@ -222,10 +291,50 @@ bad: if (numbits > 0) { + BN_GENCB cb; + BN_GENCB_set(&cb, dsa_cb, bio_err); assert(need_rand); + dsa = DSA_new(); + if(!dsa) + { + BIO_printf(bio_err,"Error allocating DSA object\n"); + goto end; + } + if (non_fips_allow) + dsa->flags |= DSA_FLAG_NON_FIPS_ALLOW; BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num); BIO_printf(bio_err,"This could take some time\n"); - dsa=DSA_generate_parameters(num,NULL,0,NULL,NULL, dsa_cb,bio_err); +#ifdef GENCB_TEST + if(timebomb > 0) + { + struct sigaction act; + act.sa_handler = timebomb_sigalarm; + act.sa_flags = 0; + BIO_printf(bio_err,"(though I'll stop it if not done within %d secs)\n", + timebomb); + if(sigaction(SIGALRM, &act, NULL) != 0) + { + BIO_printf(bio_err,"Error, couldn't set SIGALRM handler\n"); + goto end; + } + alarm(timebomb); + } +#endif + if(!DSA_generate_parameters_ex(dsa,num,NULL,0,NULL,NULL, &cb)) + { +#ifdef GENCB_TEST + if(stop_keygen_flag) + { + BIO_printf(bio_err,"DSA key generation time-stopped\n"); + /* This is an asked-for behaviour! */ + ret = 0; + goto end; + } +#endif + ERR_print_errors(bio_err); + BIO_printf(bio_err,"Error, DSA key generation failed\n"); + goto end; + } } else if (informat == FORMAT_ASN1) dsa=d2i_DSAparams_bio(in,NULL); @@ -251,16 +360,14 @@ bad: if (C) { unsigned char *data; - int l,len,bits_p,bits_q,bits_g; + int l,len,bits_p; len=BN_num_bytes(dsa->p); bits_p=BN_num_bits(dsa->p); - bits_q=BN_num_bits(dsa->q); - bits_g=BN_num_bits(dsa->g); - data=(unsigned char *)Malloc(len+20); + data=(unsigned char *)OPENSSL_malloc(len+20); if (data == NULL) { - perror("Malloc"); + perror("OPENSSL_malloc"); goto end; } l=BN_bn2bin(dsa->p,data); @@ -300,7 +407,7 @@ bad: printf("\tdsa->g=BN_bin2bn(dsa%d_g,sizeof(dsa%d_g),NULL);\n", bits_p,bits_p); printf("\tif ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))\n"); - printf("\t\treturn(NULL);\n"); + printf("\t\t{ DSA_free(dsa); return(NULL); }\n"); printf("\treturn(dsa);\n\t}\n"); } @@ -317,7 +424,7 @@ bad: } if (!i) { - BIO_printf(bio_err,"unable to write DSA paramaters\n"); + BIO_printf(bio_err,"unable to write DSA parameters\n"); ERR_print_errors(bio_err); goto end; } @@ -328,13 +435,21 @@ bad: assert(need_rand); if ((dsakey=DSAparams_dup(dsa)) == NULL) goto end; - if (!DSA_generate_key(dsakey)) goto end; + if (non_fips_allow) + dsakey->flags |= DSA_FLAG_NON_FIPS_ALLOW; + if (!DSA_generate_key(dsakey)) + { + ERR_print_errors(bio_err); + DSA_free(dsakey); + goto end; + } if (outformat == FORMAT_ASN1) i=i2d_DSAPrivateKey_bio(out,dsakey); else if (outformat == FORMAT_PEM) i=PEM_write_bio_DSAPrivateKey(out,dsakey,NULL,NULL,0,NULL,NULL); else { BIO_printf(bio_err,"bad output format specified for outfile\n"); + DSA_free(dsakey); goto end; } DSA_free(dsakey); @@ -344,12 +459,13 @@ bad: ret=0; end: if (in != NULL) BIO_free(in); - if (out != NULL) BIO_free(out); + if (out != NULL) BIO_free_all(out); if (dsa != NULL) DSA_free(dsa); - EXIT(ret); + apps_shutdown(); + OPENSSL_EXIT(ret); } -static void MS_CALLBACK dsa_cb(int p, int n, void *arg) +static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb) { char c='*'; @@ -357,10 +473,21 @@ static void MS_CALLBACK dsa_cb(int p, int n, void *arg) if (p == 1) c='+'; if (p == 2) c='*'; if (p == 3) c='\n'; - BIO_write(arg,&c,1); - (void)BIO_flush(arg); + BIO_write(cb->arg,&c,1); + (void)BIO_flush(cb->arg); #ifdef LINT p=n; #endif +#ifdef GENCB_TEST + if(stop_keygen_flag) + return 0; +#endif + return 1; } +#else /* !OPENSSL_NO_DSA */ + +# if PEDANTIC +static void *dummy=&dummy; +# endif + #endif