Fix DSA EVP_PKEY_param_check() when defaults are used for param generation.

Fixes #14480

An internal flag that is set during param gen was not being tested, so
the wrong type was used to select the dsa domain param validation method.

In the default provider - if no gen_type is set then by default the fips186_4 gentype
will be selected when pbits >=2048 otherwise it selects fips186_2.
The fips provider ignores the gen_type and always uses fips186_4.

Before this change dsa used fips186_2 by default in the default
provider.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14508)

diff --git a/crypto/ffc/ffc_params_validate.c b/crypto/ffc/ffc_params_validate.c
index 0abbad28012df4ef567a3dae672c29eb0b9df6ce..c1b4cf05d200bf1c0c0b297c98d95171a44d50eb 100644 (file)
--- a/crypto/ffc/ffc_params_validate.c
+++ b/crypto/ffc/ffc_params_validate.c
@@ -152,8 +152,12 @@ int ossl_ffc_params_full_validate(OSSL_LIB_CTX *libctx, const FFC_PARAMS *params
                                               res, NULL);
 #else
     if (params->seed != NULL) {
-        return ossl_ffc_params_FIPS186_4_validate(libctx, params, paramstype,
-                                                  res, NULL);
+        if (params->flags & FFC_PARAM_FLAG_VALIDATE_LEGACY)
+            return ossl_ffc_params_FIPS186_2_validate(libctx, params, paramstype,
+                                                      res, NULL);
+        else
+            return ossl_ffc_params_FIPS186_4_validate(libctx, params, paramstype,
+                                                      res, NULL);
     } else {
         int ret = 0;
 

diff --git a/doc/man7/EVP_PKEY-FFC.pod b/doc/man7/EVP_PKEY-FFC.pod
index e97a1c6bc403185a68ef93f1785c3f8bdf9e859e..bf409c3b0aa14d8e47a1d1f8d66dab987dc3a7c4 100644 (file)
--- a/doc/man7/EVP_PKEY-FFC.pod
+++ b/doc/man7/EVP_PKEY-FFC.pod
@@ -100,7 +100,7 @@ Sets the type of parameter generation. The shared valid values are:
 
 =item "fips186_4"
 
-The current standard. This is the default value.
+The current standard.
 
 =item "fips186_2"
 
@@ -108,8 +108,8 @@ The old standard that should only be used for legacy purposes.
 
 =item "default"
 
-This is an alias to use the latest implemented standard.
-It is currently set to "fips186_4".
+This can choose one of "fips186_4" or "fips186_2" depending on other
+parameters set for parameter generation.
 
 =back
 

diff --git a/include/crypto/dsa.h b/include/crypto/dsa.h
index 331baf320ef302876a5030c7281097f6e1a97875..0c15c51da0b126c52a764a9bbe8d879f0596ddd6 100644 (file)
--- a/include/crypto/dsa.h
+++ b/include/crypto/dsa.h
@@ -17,6 +17,7 @@
 
 #define DSA_PARAMGEN_TYPE_FIPS_186_4   0   /* Use FIPS186-4 standard */
 #define DSA_PARAMGEN_TYPE_FIPS_186_2   1   /* Use legacy FIPS186-2 standard */
+#define DSA_PARAMGEN_TYPE_FIPS_DEFAULT 2
 
 DSA *ossl_dsa_new(OSSL_LIB_CTX *libctx);
 void ossl_dsa_set0_libctx(DSA *d, OSSL_LIB_CTX *libctx);

diff --git a/providers/implementations/keymgmt/dsa_kmgmt.c b/providers/implementations/keymgmt/dsa_kmgmt.c
index e6e9a5139712097464fef92170a9e7d269ddf90a..f37982c2785da82d18b708d3b3b1084f04aa5e49 100644 (file)
--- a/providers/implementations/keymgmt/dsa_kmgmt.c
+++ b/providers/implementations/keymgmt/dsa_kmgmt.c
@@ -78,7 +78,7 @@ static const DSA_GENTYPE_NAME2ID dsatype2id[]=
 #ifdef FIPS_MODULE
     { "default", DSA_PARAMGEN_TYPE_FIPS_186_4 },
 #else
-    { "default", DSA_PARAMGEN_TYPE_FIPS_186_2 },
+    { "default", DSA_PARAMGEN_TYPE_FIPS_DEFAULT },
 #endif
     { "fips186_4", DSA_PARAMGEN_TYPE_FIPS_186_4 },
     { "fips186_2", DSA_PARAMGEN_TYPE_FIPS_186_2 },
@@ -382,7 +382,7 @@ static void *dsa_gen_init(void *provctx, int selection,
 #ifdef FIPS_MODULE
         gctx->gen_type = DSA_PARAMGEN_TYPE_FIPS_186_4;
 #else
-        gctx->gen_type = DSA_PARAMGEN_TYPE_FIPS_186_2;
+        gctx->gen_type = DSA_PARAMGEN_TYPE_FIPS_DEFAULT;
 #endif
         gctx->gindex = -1;
         gctx->pcounter = -1;
@@ -527,6 +527,10 @@ static void *dsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
     if (dsa == NULL)
         return NULL;
 
+    if (gctx->gen_type == DSA_PARAMGEN_TYPE_FIPS_DEFAULT)
+        gctx->gen_type = (gctx->pbits >= 2048 ? DSA_PARAMGEN_TYPE_FIPS_186_4 :
+                                                DSA_PARAMGEN_TYPE_FIPS_186_2);
+
     gctx->cb = osslcb;
     gctx->cbarg = cbarg;
     gencb = BN_GENCB_new();

diff --git a/test/dsatest.c b/test/dsatest.c
index 962946602e5ad1e9de933bb4b5357873effb5b8b..2b65e199dffdbec7c3167cb4955c96cd34826762 100644 (file)
--- a/test/dsatest.c
+++ b/test/dsatest.c
@@ -302,6 +302,27 @@ end:
     return ret;
 }
 
+static int test_dsa_default_paramgen_validate(int i)
+{
+    int ret;
+    EVP_PKEY_CTX *gen_ctx = NULL;
+    EVP_PKEY_CTX *check_ctx = NULL;
+    EVP_PKEY *params = NULL;
+
+    ret = TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL))
+          && TEST_int_gt(EVP_PKEY_paramgen_init(gen_ctx), 0)
+          && (i == 0
+              || TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(gen_ctx, 512)))
+          && TEST_int_gt(EVP_PKEY_gen(gen_ctx, &params), 0)
+          && TEST_ptr(check_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, params, NULL))
+          && TEST_int_gt(EVP_PKEY_param_check(check_ctx), 0);
+
+    EVP_PKEY_free(params);
+    EVP_PKEY_CTX_free(check_ctx);
+    EVP_PKEY_CTX_free(gen_ctx);
+    return ret;
+}
+
 #endif /* OPENSSL_NO_DSA */
 
 int setup_tests(void)
@@ -309,6 +330,7 @@ int setup_tests(void)
 #ifndef OPENSSL_NO_DSA
     ADD_TEST(dsa_test);
     ADD_TEST(dsa_keygen_test);
+    ADD_ALL_TESTS(test_dsa_default_paramgen_validate, 2);
 #endif
     return 1;
 }