1 /* 2 * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <openssl/opensslconf.h> 11 12 #include <stdio.h> 13 #include <string.h> 14 #include <sys/types.h> 15 #include <sys/stat.h> 16 #include "apps.h" 17 #include "progs.h" 18 #include <openssl/bio.h> 19 #include <openssl/err.h> 20 #include <openssl/bn.h> 21 #include <openssl/dsa.h> 22 #include <openssl/x509.h> 23 #include <openssl/pem.h> 24 25 typedef enum OPTION_choice { 26 OPT_COMMON, 27 OPT_OUT, OPT_PASSOUT, OPT_ENGINE, OPT_CIPHER, OPT_VERBOSE, 28 OPT_R_ENUM, OPT_PROV_ENUM 29 } OPTION_CHOICE; 30 31 const OPTIONS gendsa_options[] = { 32 {OPT_HELP_STR, 1, '-', "Usage: %s [options] dsaparam-file\n"}, 33 34 OPT_SECTION("General"), 35 {"help", OPT_HELP, '-', "Display this summary"}, 36 #ifndef OPENSSL_NO_ENGINE 37 {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, 38 #endif 39 40 OPT_SECTION("Output"), 41 {"out", OPT_OUT, '>', "Output the key to the specified file"}, 42 {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, 43 OPT_R_OPTIONS, 44 OPT_PROV_OPTIONS, 45 {"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"}, 46 {"verbose", OPT_VERBOSE, '-', "Verbose output"}, 47 48 OPT_PARAMETERS(), 49 {"dsaparam-file", 0, 0, "File containing DSA parameters"}, 50 {NULL} 51 }; 52 53 int gendsa_main(int argc, char **argv) 54 { 55 ENGINE *e = NULL; 56 BIO *out = NULL, *in = NULL; 57 EVP_PKEY *pkey = NULL; 58 EVP_PKEY_CTX *ctx = NULL; 59 EVP_CIPHER *enc = NULL; 60 char *dsaparams = NULL, *ciphername = NULL; 61 char *outfile = NULL, *passoutarg = NULL, *passout = NULL, *prog; 62 OPTION_CHOICE o; 63 int ret = 1, private = 0, verbose = 0, nbits; 64 65 prog = opt_init(argc, argv, gendsa_options); 66 while ((o = opt_next()) != OPT_EOF) { 67 switch (o) { 68 case OPT_EOF: 69 case OPT_ERR: 70 opthelp: 71 BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); 72 goto end; 73 case OPT_HELP: 74 ret = 0; 75 opt_help(gendsa_options); 76 goto end; 77 case OPT_OUT: 78 outfile = opt_arg(); 79 break; 80 case OPT_PASSOUT: 81 passoutarg = opt_arg(); 82 break; 83 case OPT_ENGINE: 84 e = setup_engine(opt_arg(), 0); 85 break; 86 case OPT_R_CASES: 87 if (!opt_rand(o)) 88 goto end; 89 break; 90 case OPT_PROV_CASES: 91 if (!opt_provider(o)) 92 goto end; 93 break; 94 case OPT_CIPHER: 95 ciphername = opt_unknown(); 96 break; 97 case OPT_VERBOSE: 98 verbose = 1; 99 break; 100 } 101 } 102 103 /* One argument, the params file. */ 104 argc = opt_num_rest(); 105 argv = opt_rest(); 106 if (argc != 1) 107 goto opthelp; 108 dsaparams = argv[0]; 109 110 if (!app_RAND_load()) 111 goto end; 112 113 if (ciphername != NULL) { 114 if (!opt_cipher(ciphername, &enc)) 115 goto end; 116 } 117 private = 1; 118 119 if (!app_passwd(NULL, passoutarg, NULL, &passout)) { 120 BIO_printf(bio_err, "Error getting password\n"); 121 goto end; 122 } 123 124 pkey = load_keyparams(dsaparams, FORMAT_UNDEF, 1, "DSA", "DSA parameters"); 125 126 out = bio_open_owner(outfile, FORMAT_PEM, private); 127 if (out == NULL) 128 goto end2; 129 130 nbits = EVP_PKEY_get_bits(pkey); 131 if (nbits > OPENSSL_DSA_MAX_MODULUS_BITS) 132 BIO_printf(bio_err, 133 "Warning: It is not recommended to use more than %d bit for DSA keys.\n" 134 " Your key size is %d! Larger key size may behave not as expected.\n", 135 OPENSSL_DSA_MAX_MODULUS_BITS, EVP_PKEY_get_bits(pkey)); 136 137 ctx = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(), pkey, app_get0_propq()); 138 if (ctx == NULL) { 139 BIO_printf(bio_err, "unable to create PKEY context\n"); 140 goto end; 141 } 142 EVP_PKEY_free(pkey); 143 pkey = NULL; 144 if (EVP_PKEY_keygen_init(ctx) <= 0) { 145 BIO_printf(bio_err, "unable to set up for key generation\n"); 146 goto end; 147 } 148 pkey = app_keygen(ctx, "DSA", nbits, verbose); 149 if (pkey == NULL) 150 goto end; 151 152 assert(private); 153 if (!PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, passout)) { 154 BIO_printf(bio_err, "unable to output generated key\n"); 155 goto end; 156 } 157 ret = 0; 158 end: 159 if (ret != 0) 160 ERR_print_errors(bio_err); 161 end2: 162 BIO_free(in); 163 BIO_free_all(out); 164 EVP_PKEY_free(pkey); 165 EVP_PKEY_CTX_free(ctx); 166 EVP_CIPHER_free(enc); 167 release_engine(e); 168 OPENSSL_free(passout); 169 return ret; 170 } 171
Indexes created Sat Feb 28 05:31:39 UTC 2026