mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-30 14:01:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

Issue warnings for large DSA and RSA keys

Browse Source 
Issue a warning when generating DSA or RSA keys of size greater than
OPENSSL_DSA_MAX_MODULUS_BITS resp. OPENSSL_RSA_MAX_MODULUS_BITS.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/6380)
This commit is contained in:
Georg Schmidt 2018-05-31 01:42:39 +02:00 committed by Dr. Matthias St. Pierre
parent 630fe1da88
commit 0336df2fa3
4 changed files with 30 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
apps/dsaparam.c
View File

@ -128,6 +128,12 @@ int dsaparam_main(int argc, char **argv)
goto end; goto end;
if (numbits > 0) { if (numbits > 0) {
if (numbits > OPENSSL_DSA_MAX_MODULUS_BITS)
BIO_printf(bio_err,
"Warning: It is not recommended to use more than %d bit for DSA keys.\n"
" Your key size is %d! Larger key size may behave not as expected.\n",
OPENSSL_DSA_MAX_MODULUS_BITS, numbits);
cb = BN_GENCB_new(); cb = BN_GENCB_new();
if (cb == NULL) { if (cb == NULL) {
BIO_printf(bio_err, "Error allocating BN_GENCB object\n"); BIO_printf(bio_err, "Error allocating BN_GENCB object\n");

7
apps/gendsa.c
View File

@ -117,6 +117,13 @@ int gendsa_main(int argc, char **argv)
goto end2; goto end2;
DSA_get0_pqg(dsa, &p, NULL, NULL); DSA_get0_pqg(dsa, &p, NULL, NULL);
if (BN_num_bits(p) > OPENSSL_DSA_MAX_MODULUS_BITS)
BIO_printf(bio_err,
"Warning: It is not recommended to use more than %d bit for DSA keys.\n"
" Your key size is %d! Larger key size may behave not as expected.\n",
OPENSSL_DSA_MAX_MODULUS_BITS, BN_num_bits(p));
BIO_printf(bio_err, "Generating DSA key, %d bits\n", BN_num_bits(p)); BIO_printf(bio_err, "Generating DSA key, %d bits\n", BN_num_bits(p));
if (!DSA_generate_key(dsa)) if (!DSA_generate_key(dsa))
goto end; goto end;

5
apps/genrsa.c
View File

@ -123,6 +123,11 @@ opthelp:
if (argc == 1) { if (argc == 1) {
if (!opt_int(argv[0], &num) || num <= 0) if (!opt_int(argv[0], &num) || num <= 0)
goto end; goto end;
if (num > OPENSSL_RSA_MAX_MODULUS_BITS)
BIO_printf(bio_err,
"Warning: It is not recommended to use more than %d bit for RSA keys.\n"
" Your key size is %d! Larger key size may behave not as expected.\n",
OPENSSL_RSA_MAX_MODULUS_BITS, num);
} else if (argc > 0) { } else if (argc > 0) {
BIO_printf(bio_err, "Extra arguments given.\n"); BIO_printf(bio_err, "Extra arguments given.\n");
goto opthelp; goto opthelp;

12
apps/req.c
View File

@ -517,6 +517,18 @@ int req_main(int argc, char **argv)
goto end; goto end;
} }
if (pkey_type == EVP_PKEY_RSA && newkey > OPENSSL_RSA_MAX_MODULUS_BITS)
BIO_printf(bio_err,
"Warning: It is not recommended to use more than %d bit for RSA keys.\n"
" Your key size is %ld! Larger key size may behave not as expected.\n",
OPENSSL_RSA_MAX_MODULUS_BITS, newkey);
if (pkey_type == EVP_PKEY_DSA && newkey > OPENSSL_DSA_MAX_MODULUS_BITS)
BIO_printf(bio_err,
"Warning: It is not recommended to use more than %d bit for DSA keys.\n"
" Your key size is %ld! Larger key size may behave not as expected.\n",
OPENSSL_DSA_MAX_MODULUS_BITS, newkey);
if (genctx == NULL) { if (genctx == NULL) {
genctx = set_keygen_ctx(NULL, &pkey_type, &newkey, genctx = set_keygen_ctx(NULL, &pkey_type, &newkey,
&keyalgstr, gen_eng); &keyalgstr, gen_eng);