Using a parameter EVP_PKEY for key generation with EVP_PKEY routines
works a little differently than the raw DSA routines that were used
before.
While fixing that, clean away all remaining use of the DSA type, which
simplifies the code a bit more.
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/12048)
int dsaparam_main(int argc, char **argv)
{
ENGINE *e = NULL;
int dsaparam_main(int argc, char **argv)
{
ENGINE *e = NULL;
BIO *in = NULL, *out = NULL;
BIO *in = NULL, *out = NULL;
+ EVP_PKEY *params = NULL, *pkey = NULL;
EVP_PKEY_CTX *ctx = NULL;
int numbits = -1, num = 0, genkey = 0;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, noout = 0, C = 0;
EVP_PKEY_CTX *ctx = NULL;
int numbits = -1, num = 0, genkey = 0;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, noout = 0, C = 0;
"Error, DSA key generation setting bit length failed\n");
goto end;
}
"Error, DSA key generation setting bit length failed\n");
goto end;
}
- if (EVP_PKEY_paramgen(ctx, &pkey) <= 0) {
+ if (EVP_PKEY_paramgen(ctx, ¶ms) <= 0) {
ERR_print_errors(bio_err);
BIO_printf(bio_err, "Error, DSA key generation failed\n");
goto end;
}
ERR_print_errors(bio_err);
BIO_printf(bio_err, "Error, DSA key generation failed\n");
goto end;
}
- dsa = EVP_PKEY_get1_DSA(pkey);
- if (dsa == NULL) {
- ERR_print_errors(bio_err);
- BIO_printf(bio_err, "Error, DSA key extraction failed\n");
- goto end;
- }
} else if (informat == FORMAT_ASN1) {
} else if (informat == FORMAT_ASN1) {
- dsa = d2i_DSAparams_bio(in, NULL);
+ params = d2i_KeyParams_bio(EVP_PKEY_DSA, NULL, in);
- dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL);
+ params = PEM_read_bio_Parameters(in, NULL);
BIO_printf(bio_err, "unable to load DSA parameters\n");
ERR_print_errors(bio_err);
goto end;
}
BIO_printf(bio_err, "unable to load DSA parameters\n");
ERR_print_errors(bio_err);
goto end;
}
- if (pkey == NULL) {
- pkey = EVP_PKEY_new();
- if (pkey == NULL) {
- BIO_printf(bio_err, "Error, unable to allocate PKEY object\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- if (!EVP_PKEY_set1_DSA(pkey, dsa)) {
- BIO_printf(bio_err, "Error, unable to set DSA parameters\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- }
- EVP_PKEY_print_params(out, pkey, 0, NULL);
+ EVP_PKEY_print_params(out, params, 0, NULL);
- const BIGNUM *p = NULL, *q = NULL, *g = NULL;
+ BIGNUM *p = NULL, *q = NULL, *g = NULL;
unsigned char *data;
int len, bits_p;
unsigned char *data;
int len, bits_p;
- DSA_get0_pqg(dsa, &p, &q, &g);
+ EVP_PKEY_get_bn_param(params, "p", &p);
+ EVP_PKEY_get_bn_param(params, "q", &q);
+ EVP_PKEY_get_bn_param(params, "g", &g);
len = BN_num_bytes(p);
bits_p = BN_num_bits(p);
len = BN_num_bytes(p);
bits_p = BN_num_bits(p);
if (!noout) {
if (outformat == FORMAT_ASN1)
if (!noout) {
if (outformat == FORMAT_ASN1)
- i = i2d_DSAparams_bio(out, dsa);
+ i = i2d_KeyParams_bio(out, params);
- i = PEM_write_bio_DSAparams(out, dsa);
+ i = PEM_write_bio_Parameters(out, params);
if (!i) {
BIO_printf(bio_err, "unable to write DSA parameters\n");
ERR_print_errors(bio_err);
if (!i) {
BIO_printf(bio_err, "unable to write DSA parameters\n");
ERR_print_errors(bio_err);
- ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL);
+ ctx = EVP_PKEY_CTX_new(params, NULL);
if (ctx == NULL) {
ERR_print_errors(bio_err);
BIO_printf(bio_err,
if (ctx == NULL) {
ERR_print_errors(bio_err);
BIO_printf(bio_err,
ERR_print_errors(bio_err);
goto end;
}
ERR_print_errors(bio_err);
goto end;
}
- dsakey = EVP_PKEY_get0_DSA(pkey);
- if (dsakey == NULL) {
- BIO_printf(bio_err, "unable to extract generated key\n");
- ERR_print_errors(bio_err);
- goto end;
- }
assert(private);
if (outformat == FORMAT_ASN1)
assert(private);
if (outformat == FORMAT_ASN1)
- i = i2d_DSAPrivateKey_bio(out, dsakey);
+ i = i2d_PrivateKey_bio(out, pkey);
- i = PEM_write_bio_DSAPrivateKey(out, dsakey, NULL, NULL, 0, NULL,
- NULL);
+ i = PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, NULL);
BIO_free_all(out);
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(pkey);
BIO_free_all(out);
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(pkey);
release_engine(e);
return ret;
}
release_engine(e);
return ret;
}