diff options
author | Aleksey Sanin <aleksey@aleksey.com> | 2022-12-13 09:27:05 -0500 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2023-03-23 11:09:17 +1100 |
commit | 535ddd37524217143eb710bc880ee8c60b7a6cf8 (patch) | |
tree | c9db7bfd1743e6e0cf3e093922e68b9298e83e3f /apps | |
parent | 8bdc3708964814ea0b7002df020fbd459e3a813f (diff) | |
download | openssl-new-535ddd37524217143eb710bc880ee8c60b7a6cf8.tar.gz |
Add an option to specify number of bits in the subprime (q) when generating DSA keys
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19898)
Diffstat (limited to 'apps')
-rw-r--r-- | apps/dsaparam.c | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/apps/dsaparam.c b/apps/dsaparam.c index 54b4cd848b..adeeb095a0 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -58,6 +58,7 @@ const OPTIONS dsaparam_options[] = { OPT_PARAMETERS(), {"numbits", 0, 0, "Number of bits if generating parameters (optional)"}, + {"numqbits", 0, 0, "Number of bits in the subprime parameter q if generating parameters (optional)"}, {NULL} }; @@ -67,7 +68,7 @@ int dsaparam_main(int argc, char **argv) BIO *out = NULL; EVP_PKEY *params = NULL, *pkey = NULL; EVP_PKEY_CTX *ctx = NULL; - int numbits = -1, num = 0, genkey = 0; + int numbits = -1, numqbits = -1, num = 0, genkey = 0; int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, noout = 0; int ret = 1, i, text = 0, private = 0; char *infile = NULL, *outfile = NULL, *prog; @@ -128,10 +129,15 @@ int dsaparam_main(int argc, char **argv) } } - /* Optional arg is bitsize. */ + /* Optional args are bitsize and q bitsize. */ argc = opt_num_rest(); argv = opt_rest(); - if (argc == 1) { + if (argc == 2) { + if (!opt_int(argv[0], &num) || num < 0) + goto opthelp; + if (!opt_int(argv[1], &numqbits) || numqbits < 0) + goto opthelp; + } else if (argc == 1) { if (!opt_int(argv[0], &num) || num < 0) goto opthelp; } else if (!opt_check_rest_arg(NULL)) { @@ -178,6 +184,13 @@ int dsaparam_main(int argc, char **argv) "Error, DSA key generation setting bit length failed\n"); goto end; } + if (numqbits > 0) { + if (EVP_PKEY_CTX_set_dsa_paramgen_q_bits(ctx, numqbits) <= 0) { + BIO_printf(bio_err, + "Error, DSA key generation setting subprime bit length failed\n"); + goto end; + } + } params = app_paramgen(ctx, "DSA"); } else { params = load_keyparams(infile, informat, 1, "DSA", "DSA parameters"); |