From 0336df2fa316a3e08b8f0d2d0e8d4bc175e46634 Mon Sep 17 00:00:00 2001
From: Georg Schmidt <gs-develop@gs-sys.de>
Date: Thu, 31 May 2018 01:42:39 +0200
Subject: Issue warnings for large DSA and RSA keys

Issue a warning when generating DSA or RSA keys of size greater than
OPENSSL_DSA_MAX_MODULUS_BITS resp. OPENSSL_RSA_MAX_MODULUS_BITS.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/6380)
---
 apps/dsaparam.c | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'apps/dsaparam.c')

diff --git a/apps/dsaparam.c b/apps/dsaparam.c
index 341480b818..8e33ffd6b0 100644
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -128,6 +128,12 @@ int dsaparam_main(int argc, char **argv)
         goto end;
 
     if (numbits > 0) {
+        if (numbits > OPENSSL_DSA_MAX_MODULUS_BITS)
+            BIO_printf(bio_err,
+                       "Warning: It is not recommended to use more than %d bit for DSA keys.\n"
+                       "         Your key size is %d! Larger key size may behave not as expected.\n",
+                       OPENSSL_DSA_MAX_MODULUS_BITS, numbits);
+
         cb = BN_GENCB_new();
         if (cb == NULL) {
             BIO_printf(bio_err, "Error allocating BN_GENCB object\n");
-- 
cgit v1.2.3