Issue warnings for large DSA and RSA keys

Issue a warning when generating DSA or RSA keys of size greater than OPENSSL_DSA_MAX_MODULUS_BITS resp. OPENSSL_RSA_MAX_MODULUS_BITS. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/6380)
author: Georg Schmidt <gs-develop@gs-sys.de> 2018-05-31 01:42:39 +0200
committer: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> 2018-06-05 18:08:01 +0200
commit: 0336df2fa316a3e08b8f0d2d0e8d4bc175e46634 (patch)
tree: 02fa8e84b24a147a48580777445f56f1dc12f1da /apps/gendsa.c
parent: 630fe1da888490b7dfef3fe0928b813ddff5d51a (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/apps/gendsa.c b/apps/gendsa.c
index 06e37924e4..401375420b 100644
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@@ -117,6 +117,13 @@ int gendsa_main(int argc, char **argv)
         goto end2;
 
     DSA_get0_pqg(dsa, &p, NULL, NULL);
+
+    if (BN_num_bits(p) > OPENSSL_DSA_MAX_MODULUS_BITS)
+        BIO_printf(bio_err,
+                   "Warning: It is not recommended to use more than %d bit for DSA keys.\n"
+                   "         Your key size is %d! Larger key size may behave not as expected.\n",
+                   OPENSSL_DSA_MAX_MODULUS_BITS, BN_num_bits(p));
+
     BIO_printf(bio_err, "Generating DSA key, %d bits\n", BN_num_bits(p));
     if (!DSA_generate_key(dsa))
         goto end;
author	Georg Schmidt <gs-develop@gs-sys.de>	2018-05-31 01:42:39 +0200
committer	Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>	2018-06-05 18:08:01 +0200
commit	0336df2fa316a3e08b8f0d2d0e8d4bc175e46634 (patch)
tree	02fa8e84b24a147a48580777445f56f1dc12f1da /apps/gendsa.c
parent	630fe1da888490b7dfef3fe0928b813ddff5d51a (diff)