git.openssl.org Git - openssl.git/commit

author	Shane Lontis <shane.lontis@oracle.com>
	Thu, 11 Mar 2021 03:36:27 +0000 (13:36 +1000)
committer	Shane Lontis <shane.lontis@oracle.com>
	Sun, 14 Mar 2021 23:01:51 +0000 (09:01 +1000)
commit	3a37ddde911fe735c73121a8a561451cc719fc91
tree	36c5f038fa4efbf166358a48e465744bd3c965ca	tree \| snapshot
parent	91bd45eb9ac26daf87abc2c21cb03143a745a420	commit \| diff

Fix DSA EVP_PKEY_param_check() when defaults are used for param generation.

Fixes #14480

An internal flag that is set during param gen was not being tested, so
the wrong type was used to select the dsa domain param validation method.

In the default provider - if no gen_type is set then by default the fips186_4 gentype
will be selected when pbits >=2048 otherwise it selects fips186_2.
The fips provider ignores the gen_type and always uses fips186_4.

Before this change dsa used fips186_2 by default in the default
provider.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14508)

crypto/ffc/ffc_params_validate.c		diff \| blob \| history
doc/man7/EVP_PKEY-FFC.pod		diff \| blob \| history
include/crypto/dsa.h		diff \| blob \| history
providers/implementations/keymgmt/dsa_kmgmt.c		diff \| blob \| history
test/dsatest.c		diff \| blob \| history