From: Aleksey Sanin Date: Tue, 13 Dec 2022 14:27:05 +0000 (-0500) Subject: Add an option to specify number of bits in the subprime (q) when generating DSA keys X-Git-Tag: openssl-3.2.0-alpha1~1109 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=535ddd37524217143eb710bc880ee8c60b7a6cf8;p=thirdparty%2Fopenssl.git Add an option to specify number of bits in the subprime (q) when generating DSA keys Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/19898) --- diff --git a/apps/dsaparam.c b/apps/dsaparam.c index 54b4cd848b9..adeeb095a0c 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -58,6 +58,7 @@ const OPTIONS dsaparam_options[] = { OPT_PARAMETERS(), {"numbits", 0, 0, "Number of bits if generating parameters (optional)"}, + {"numqbits", 0, 0, "Number of bits in the subprime parameter q if generating parameters (optional)"}, {NULL} }; @@ -67,7 +68,7 @@ int dsaparam_main(int argc, char **argv) BIO *out = NULL; EVP_PKEY *params = NULL, *pkey = NULL; EVP_PKEY_CTX *ctx = NULL; - int numbits = -1, num = 0, genkey = 0; + int numbits = -1, numqbits = -1, num = 0, genkey = 0; int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, noout = 0; int ret = 1, i, text = 0, private = 0; char *infile = NULL, *outfile = NULL, *prog; @@ -128,10 +129,15 @@ int dsaparam_main(int argc, char **argv) } } - /* Optional arg is bitsize. */ + /* Optional args are bitsize and q bitsize. */ argc = opt_num_rest(); argv = opt_rest(); - if (argc == 1) { + if (argc == 2) { + if (!opt_int(argv[0], &num) || num < 0) + goto opthelp; + if (!opt_int(argv[1], &numqbits) || numqbits < 0) + goto opthelp; + } else if (argc == 1) { if (!opt_int(argv[0], &num) || num < 0) goto opthelp; } else if (!opt_check_rest_arg(NULL)) { @@ -178,6 +184,13 @@ int dsaparam_main(int argc, char **argv) "Error, DSA key generation setting bit length failed\n"); goto end; } + if (numqbits > 0) { + if (EVP_PKEY_CTX_set_dsa_paramgen_q_bits(ctx, numqbits) <= 0) { + BIO_printf(bio_err, + "Error, DSA key generation setting subprime bit length failed\n"); + goto end; + } + } params = app_paramgen(ctx, "DSA"); } else { params = load_keyparams(infile, informat, 1, "DSA", "DSA parameters"); diff --git a/doc/man1/openssl-dsaparam.pod.in b/doc/man1/openssl-dsaparam.pod.in index 88ba90299d0..87fc97ff5f2 100644 --- a/doc/man1/openssl-dsaparam.pod.in +++ b/doc/man1/openssl-dsaparam.pod.in @@ -21,6 +21,7 @@ B {- $OpenSSL::safe::opt_r_synopsis -} {- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -} [I] +[I] =head1 DESCRIPTION @@ -91,9 +92,15 @@ be handy during batch scripts and pipelines. =item I -This option specifies that a parameter set should be generated of size -I. It must be the last option. If this option is included then -the input file (if any) is ignored. +This optional argument specifies that a parameter set should be generated of +size I. If this argument is included then the input file (if any) is +ignored. + +=item I + +This optional argument specifies that a parameter set should be generated with +a subprime parameter q of size I. It must be the last argument. If +this argument is included then the input file (if any) is ignored. {- $OpenSSL::safe::opt_provider_item -}