EVP_PKEY_CTX_set_dsa_paramgen_type() sets the generation type to use FIPS186-4
generation if I<name> is "fips186_4", or FIPS186-2 generation if I<name> is
-"fips186_2". The default value is "fips186_4".
+"fips186_2". The default value for the default provider is "fips186_2". The
+default value for the FIPS provider is "fips186_4".
=head2 DH parameters
=back
-The default is B<DH_PARAMGEN_TYPE_GENERATOR>.
+The default is B<DH_PARAMGEN_TYPE_GENERATOR> in the default provider for the
+"DH" keytype, and B<DH_PARAMGEN_TYPE_FIPS_186_4> in the FIPS provider and for
+the "DHX" keytype in the default provider.
EVP_PKEY_CTX_set_dh_paramgen_gindex() sets the I<gindex> used by the generator G.
The default value is -1 which uses unverifiable g, otherwise a positive value
# We make separate GOAL variables for each algorithm, to make it easy to
# switch each to the Legacy provider when needed.
-$DH_GOAL=../../libimplementations.a
$DSA_GOAL=../../libimplementations.a
$EC_GOAL=../../libimplementations.a
$ECX_GOAL=../../libimplementations.a
$KDF_GOAL=../../libimplementations.a
IF[{- !$disabled{dh} -}]
- SOURCE[$DH_GOAL]=dh_kmgmt.c
+ SOURCE[../../libfips.a]=dh_kmgmt.c
+ SOURCE[../../libnonfips.a]=dh_kmgmt.c
ENDIF
IF[{- !$disabled{dsa} -}]
SOURCE[$DSA_GOAL]=dsa_kmgmt.c
static const DH_GENTYPE_NAME2ID dhtype2id[]=
{
- { "default", DH_PARAMGEN_TYPE_FIPS_186_4 },
{ "fips186_4", DH_PARAMGEN_TYPE_FIPS_186_4 },
{ "fips186_2", DH_PARAMGEN_TYPE_FIPS_186_2 },
{ "group", DH_PARAMGEN_TYPE_GROUP },
return NULL;
}
-static int dh_gen_type_name2id(const char *name)
+static int dh_gen_type_name2id(const char *name, int type)
{
size_t i;
+ if (strcmp(name, "default") == 0) {
+#ifdef FIPS_MODULE
+ if (type == DH_FLAG_TYPE_DHX)
+ return DH_PARAMGEN_TYPE_FIPS_186_4;
+
+ return DH_PARAMGEN_TYPE_GROUP;
+#else
+ if (type == DH_FLAG_TYPE_DHX)
+ return DH_PARAMGEN_TYPE_FIPS_186_2;
+
+ return DH_PARAMGEN_TYPE_GENERATOR;
+#endif
+ }
+
for (i = 0; i < OSSL_NELEM(dhtype2id); ++i) {
if (strcmp(dhtype2id[i].name, name) == 0)
return dhtype2id[i].id;
gctx->pbits = 2048;
gctx->qbits = 224;
gctx->mdname = NULL;
- gctx->gen_type = DH_PARAMGEN_TYPE_FIPS_186_4;
+#ifdef FIPS_MODULE
+ gctx->gen_type = (type == DH_FLAG_TYPE_DHX)
+ ? DH_PARAMGEN_TYPE_FIPS_186_4
+ : DH_PARAMGEN_TYPE_GROUP;
+#else
+ gctx->gen_type = (type == DH_FLAG_TYPE_DHX)
+ ? DH_PARAMGEN_TYPE_FIPS_186_2
+ : DH_PARAMGEN_TYPE_GENERATOR;
+#endif
gctx->gindex = -1;
gctx->hindex = 0;
gctx->pcounter = -1;
p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_TYPE);
if (p != NULL) {
if (p->data_type != OSSL_PARAM_UTF8_STRING
- || ((gctx->gen_type = dh_gen_type_name2id(p->data)) == -1)) {
+ || ((gctx->gen_type = dh_gen_type_name2id(p->data,
+ gctx->dh_type)) == -1)) {
ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);
return 0;
}
return NULL;
/* For parameter generation - If there is a group name just create it */
- if (gctx->gen_type == DH_PARAMGEN_TYPE_GROUP) {
+ if (gctx->gen_type == DH_PARAMGEN_TYPE_GROUP
+ && gctx->ffc_params == NULL) {
/* Select a named group if there is not one already */
if (gctx->group_nid == NID_undef)
gctx->group_nid = dh_get_named_group_uid_from_size(gctx->pbits);
projects / thirdparty / openssl.git / commitdiff
