diff options
author | Georg Schmidt <gs-develop@gs-sys.de> | 2018-05-31 01:42:39 +0200 |
---|---|---|
committer | Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> | 2018-06-05 18:08:01 +0200 |
commit | 0336df2fa316a3e08b8f0d2d0e8d4bc175e46634 (patch) | |
tree | 02fa8e84b24a147a48580777445f56f1dc12f1da /apps/dsaparam.c | |
parent | 630fe1da888490b7dfef3fe0928b813ddff5d51a (diff) | |
download | openssl-0336df2fa316a3e08b8f0d2d0e8d4bc175e46634.tar.gz |
Issue warnings for large DSA and RSA keys
Issue a warning when generating DSA or RSA keys of size greater than
OPENSSL_DSA_MAX_MODULUS_BITS resp. OPENSSL_RSA_MAX_MODULUS_BITS.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/6380)
Diffstat (limited to 'apps/dsaparam.c')
-rw-r--r-- | apps/dsaparam.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/apps/dsaparam.c b/apps/dsaparam.c index 341480b818..8e33ffd6b0 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -128,6 +128,12 @@ int dsaparam_main(int argc, char **argv) goto end; if (numbits > 0) { + if (numbits > OPENSSL_DSA_MAX_MODULUS_BITS) + BIO_printf(bio_err, + "Warning: It is not recommended to use more than %d bit for DSA keys.\n" + " Your key size is %d! Larger key size may behave not as expected.\n", + OPENSSL_DSA_MAX_MODULUS_BITS, numbits); + cb = BN_GENCB_new(); if (cb == NULL) { BIO_printf(bio_err, "Error allocating BN_GENCB object\n"); |