{"schema":"libjg2-1", "vpath":"/git/", "avatar":"/git/avatar/", "alang":"", "gen_ut":1747283279, "reponame":"openssl", "desc":"OpenSSL", "owner": { "name": "Andy Green", "email": "andy@warmcat.com", "md5": "c50933ca2aa61e0fe2c43d46bb6b59cb" },"url":"https://warmcat.com/repo/openssl", "f":3, "items": [ {"schema":"libjg2-1", "cid":"ee625585c21a62ca39cb3dca0c353981", "commit": {"type":"commit", "time": 1528214881, "time_ofs": 120, "oid_tree": { "oid": "02fa8e84b24a147a48580777445f56f1dc12f1da", "alias": []}, "oid":{ "oid": "0336df2fa316a3e08b8f0d2d0e8d4bc175e46634", "alias": []}, "msg": "Issue warnings for large DSA and RSA keys", "sig_commit": { "git_time": { "time": 1528214881, "offset": 120 }, "name": "Dr. Matthias St. Pierre", "email": "Matthias.St.Pierre@ncp-e.com", "md5": "7d700d548b38974b2492f8ff219793b3" }, "sig_author": { "git_time": { "time": 1527723759, "offset": 120 }, "name": "Georg Schmidt", "email": "gs-develop@gs-sys.de", "md5": "b4162d394450bbf74b1a1e2850979dc6" }}, "body": "Issue warnings for large DSA and RSA keys\n\nIssue a warning when generating DSA or RSA keys of size greater than\nOPENSSL_DSA_MAX_MODULUS_BITS resp. OPENSSL_RSA_MAX_MODULUS_BITS.\n\nReviewed-by: Paul Dale \u003cpaul.dale@oracle.com\u003e\nReviewed-by: Rich Salz \u003crsalz@openssl.org\u003e\nReviewed-by: Matthias St. Pierre \u003cMatthias.St.Pierre@ncp-e.com\u003e\n(Merged from https://github.com/openssl/openssl/pull/6380)\n" , "diff": "diff --git a/apps/dsaparam.c b/apps/dsaparam.c\nindex 341480b..8e33ffd 100644\n--- a/apps/dsaparam.c\n+++ b/apps/dsaparam.c\n@@ -128,6 +128,12 @@ int dsaparam_main(int argc, char **argv)\n goto end;\n \n if (numbits \u003e 0) {\n+ if (numbits \u003e OPENSSL_DSA_MAX_MODULUS_BITS)\n+ BIO_printf(bio_err,\n+ \u0022Warning: It is not recommended to use more than %d bit for DSA keys.\u005cn\u0022\n+ \u0022 Your key size is %d! Larger key size may behave not as expected.\u005cn\u0022,\n+ OPENSSL_DSA_MAX_MODULUS_BITS, numbits);\n+\n cb \u003d BN_GENCB_new();\n if (cb \u003d\u003d NULL) {\n BIO_printf(bio_err, \u0022Error allocating BN_GENCB object\u005cn\u0022);\ndiff --git a/apps/gendsa.c b/apps/gendsa.c\nindex 06e3792..4013754 100644\n--- a/apps/gendsa.c\n+++ b/apps/gendsa.c\n@@ -117,6 +117,13 @@ int gendsa_main(int argc, char **argv)\n goto end2;\n \n DSA_get0_pqg(dsa, \u0026p, NULL, NULL);\n+\n+ if (BN_num_bits(p) \u003e OPENSSL_DSA_MAX_MODULUS_BITS)\n+ BIO_printf(bio_err,\n+ \u0022Warning: It is not recommended to use more than %d bit for DSA keys.\u005cn\u0022\n+ \u0022 Your key size is %d! Larger key size may behave not as expected.\u005cn\u0022,\n+ OPENSSL_DSA_MAX_MODULUS_BITS, BN_num_bits(p));\n+\n BIO_printf(bio_err, \u0022Generating DSA key, %d bits\u005cn\u0022, BN_num_bits(p));\n if (!DSA_generate_key(dsa))\n goto end;\ndiff --git a/apps/genrsa.c b/apps/genrsa.c\nindex 2bc8fa0..c17cd14 100644\n--- a/apps/genrsa.c\n+++ b/apps/genrsa.c\n@@ -123,6 +123,11 @@ opthelp:\n if (argc \u003d\u003d 1) {\n if (!opt_int(argv[0], \u0026num) || num \u003c\u003d 0)\n goto end;\n+ if (num \u003e OPENSSL_RSA_MAX_MODULUS_BITS)\n+ BIO_printf(bio_err,\n+ \u0022Warning: It is not recommended to use more than %d bit for RSA keys.\u005cn\u0022\n+ \u0022 Your key size is %d! Larger key size may behave not as expected.\u005cn\u0022,\n+ OPENSSL_RSA_MAX_MODULUS_BITS, num);\n } else if (argc \u003e 0) {\n BIO_printf(bio_err, \u0022Extra arguments given.\u005cn\u0022);\n goto opthelp;\ndiff --git a/apps/req.c b/apps/req.c\nindex ca4b7ec..59baa89 100644\n--- a/apps/req.c\n+++ b/apps/req.c\n@@ -517,6 +517,18 @@ int req_main(int argc, char **argv)\n goto end;\n }\n \n+ if (pkey_type \u003d\u003d EVP_PKEY_RSA \u0026\u0026 newkey \u003e OPENSSL_RSA_MAX_MODULUS_BITS)\n+ BIO_printf(bio_err,\n+ \u0022Warning: It is not recommended to use more than %d bit for RSA keys.\u005cn\u0022\n+ \u0022 Your key size is %ld! Larger key size may behave not as expected.\u005cn\u0022,\n+ OPENSSL_RSA_MAX_MODULUS_BITS, newkey);\n+\n+ if (pkey_type \u003d\u003d EVP_PKEY_DSA \u0026\u0026 newkey \u003e OPENSSL_DSA_MAX_MODULUS_BITS)\n+ BIO_printf(bio_err,\n+ \u0022Warning: It is not recommended to use more than %d bit for DSA keys.\u005cn\u0022\n+ \u0022 Your key size is %ld! Larger key size may behave not as expected.\u005cn\u0022,\n+ OPENSSL_DSA_MAX_MODULUS_BITS, newkey);\n+\n if (genctx \u003d\u003d NULL) {\n genctx \u003d set_keygen_ctx(NULL, \u0026pkey_type, \u0026newkey,\n \u0026keyalgstr, gen_eng);\n","s":{"c":1747283279,"u": 37452}} ],"g": 39250,"chitpc": 0,"ehitpc": 0,"indexed":0 , "ab": 0, "si": 0, "db":0, "di":0, "sat":0, "lfc": "0000"}