#include <openssl/opensslconf.h> /* for OPENSSL_NO_DSA */
#ifndef OPENSSL_NO_DSA
-# include <assert.h>
# include <stdio.h>
# include <stdlib.h>
# include <time.h>
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_TEXT, OPT_C,
- OPT_NOOUT, OPT_GENKEY, OPT_RAND, OPT_NON_FIPS_ALLOW, OPT_ENGINE,
+ OPT_NOOUT, OPT_GENKEY, OPT_RAND, OPT_ENGINE,
OPT_TIMEBOMB
} OPTION_CHOICE;
{"noout", OPT_NOOUT, '-', "No output"},
{"genkey", OPT_GENKEY, '-', "Generate a DSA key"},
{"rand", OPT_RAND, 's', "Files to use for random number input"},
- {"non-fips-allow", OPT_NON_FIPS_ALLOW, '-'},
-# ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
-# endif
# ifdef GENCB_TEST
{"timebomb", OPT_TIMEBOMB, 'p', "Interrupt keygen after 'pnum' seconds"},
+# endif
+# ifndef OPENSSL_NO_ENGINE
+ {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
# endif
{NULL}
};
DSA *dsa = NULL;
BIO *in = NULL, *out = NULL;
BN_GENCB *cb = NULL;
- int numbits = -1, num, genkey = 0, need_rand = 0, non_fips_allow = 0;
- int informat = FORMAT_PEM, outformat = FORMAT_PEM, noout = 0, C = 0, ret =
- 1;
- int i, text = 0;
+ int numbits = -1, num = 0, genkey = 0, need_rand = 0;
+ int informat = FORMAT_PEM, outformat = FORMAT_PEM, noout = 0, C = 0;
+ int ret = 1, i, text = 0, private = 0;
# ifdef GENCB_TEST
int timebomb = 0;
# endif
case OPT_NOOUT:
noout = 1;
break;
- case OPT_NON_FIPS_ALLOW:
- non_fips_allow = 1;
- break;
}
}
argc = opt_num_rest();
argv = opt_rest();
if (argc == 1) {
- if (!opt_int(argv[0], &num))
+ if (!opt_int(argv[0], &num) || num < 0)
goto end;
/* generate a key */
numbits = num;
need_rand = 1;
}
+ private = genkey ? 1 : 0;
- in = bio_open_default(infile, "r");
+ in = bio_open_default(infile, 'r', informat);
if (in == NULL)
goto end;
- out = bio_open_default(outfile, "w");
+ out = bio_open_owner(outfile, outformat, private);
if (out == NULL)
goto end;
if (numbits > 0) {
cb = BN_GENCB_new();
- if (!cb) {
+ if (cb == NULL) {
BIO_printf(bio_err, "Error allocating BN_GENCB object\n");
goto end;
}
BN_GENCB_set(cb, dsa_cb, bio_err);
assert(need_rand);
dsa = DSA_new();
- if (!dsa) {
+ if (dsa == NULL) {
BIO_printf(bio_err, "Error allocating DSA object\n");
goto end;
}
- if (non_fips_allow)
- dsa->flags |= DSA_FLAG_NON_FIPS_ALLOW;
BIO_printf(bio_err, "Generating DSA parameters, %d bit long prime\n",
num);
BIO_printf(bio_err, "This could take some time\n");
assert(need_rand);
if ((dsakey = DSAparams_dup(dsa)) == NULL)
goto end;
- if (non_fips_allow)
- dsakey->flags |= DSA_FLAG_NON_FIPS_ALLOW;
if (!DSA_generate_key(dsakey)) {
ERR_print_errors(bio_err);
DSA_free(dsakey);
goto end;
}
+ assert(private);
if (outformat == FORMAT_ASN1)
i = i2d_DSAPrivateKey_bio(out, dsakey);
else
app_RAND_write_file(NULL);
ret = 0;
end:
- if (cb != NULL)
- BN_GENCB_free(cb);
+ BN_GENCB_free(cb);
BIO_free(in);
BIO_free_all(out);
DSA_free(dsa);