X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=apps%2Fgendsa.c;h=c44311b536733b706e5ab6776feb0135ce6a3bd6;hp=2be3b9a0550e2216b08798689a320d4dc3d6b7de;hb=b1ceb439f234a998db84f27a3a245dab95d322ab;hpb=846e33c729311169d9c988ceba29484b3783f244 diff --git a/apps/gendsa.c b/apps/gendsa.c index 2be3b9a055..c44311b536 100644 --- a/apps/gendsa.c +++ b/apps/gendsa.c @@ -1,7 +1,7 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -17,6 +17,7 @@ NON_EMPTY_TRANSLATION_UNIT # include # include # include "apps.h" +# include "progs.h" # include # include # include @@ -26,17 +27,17 @@ NON_EMPTY_TRANSLATION_UNIT typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, - OPT_OUT, OPT_PASSOUT, OPT_ENGINE, OPT_RAND, OPT_CIPHER + OPT_OUT, OPT_PASSOUT, OPT_ENGINE, OPT_CIPHER, + OPT_R_ENUM } OPTION_CHOICE; -OPTIONS gendsa_options[] = { +const OPTIONS gendsa_options[] = { {OPT_HELP_STR, 1, '-', "Usage: %s [args] dsaparam-file\n"}, {OPT_HELP_STR, 1, '-', "Valid options are:\n"}, {"help", OPT_HELP, '-', "Display this summary"}, {"out", OPT_OUT, '>', "Output the key to the specified file"}, - {"passout", OPT_PASSOUT, 's'}, - {"rand", OPT_RAND, 's', - "Load the file(s) into the random number generator"}, + {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, + OPT_R_OPTIONS, {"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"}, # ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, @@ -46,14 +47,15 @@ OPTIONS gendsa_options[] = { int gendsa_main(int argc, char **argv) { + ENGINE *e = NULL; BIO *out = NULL, *in = NULL; DSA *dsa = NULL; const EVP_CIPHER *enc = NULL; - char *inrand = NULL, *dsaparams = NULL; + char *dsaparams = NULL; char *outfile = NULL, *passoutarg = NULL, *passout = NULL, *prog; OPTION_CHOICE o; int ret = 1, private = 0; - BIGNUM *p = NULL; + const BIGNUM *p = NULL; prog = opt_init(argc, argv, gendsa_options); while ((o = opt_next()) != OPT_EOF) { @@ -74,10 +76,11 @@ int gendsa_main(int argc, char **argv) passoutarg = opt_arg(); break; case OPT_ENGINE: - (void)setup_engine(opt_arg(), 0); + e = setup_engine(opt_arg(), 0); break; - case OPT_RAND: - inrand = opt_arg(); + case OPT_R_CASES: + if (!opt_rand(o)) + goto end; break; case OPT_CIPHER: if (!opt_cipher(opt_unknown(), &enc)) @@ -113,21 +116,18 @@ int gendsa_main(int argc, char **argv) if (out == NULL) goto end2; - if (!app_RAND_load_file(NULL, 1) && inrand == NULL) { + DSA_get0_pqg(dsa, &p, NULL, NULL); + + if (BN_num_bits(p) > OPENSSL_DSA_MAX_MODULUS_BITS) BIO_printf(bio_err, - "warning, not much extra random data, consider using the -rand option\n"); - } - if (inrand != NULL) - BIO_printf(bio_err, "%ld semi-random bytes loaded\n", - app_RAND_load_files(inrand)); + "Warning: It is not recommended to use more than %d bit for DSA keys.\n" + " Your key size is %d! Larger key size may behave not as expected.\n", + OPENSSL_DSA_MAX_MODULUS_BITS, BN_num_bits(p)); - DSA_get0_pqg(dsa, &p, NULL, NULL); BIO_printf(bio_err, "Generating DSA key, %d bits\n", BN_num_bits(p)); if (!DSA_generate_key(dsa)) goto end; - app_RAND_write_file(NULL); - assert(private); if (!PEM_write_bio_DSAPrivateKey(out, dsa, enc, NULL, 0, NULL, passout)) goto end; @@ -139,7 +139,8 @@ int gendsa_main(int argc, char **argv) BIO_free(in); BIO_free_all(out); DSA_free(dsa); + release_engine(e); OPENSSL_free(passout); - return (ret); + return ret; } #endif