From: Tomas Mraz <tomas@openssl.org>
Date: Mon, 9 Aug 2021 08:42:46 +0000 (+0200)
Subject: Set FFC_PARAM_FLAG_VALIDATE_LEGACY on params generated with FIPS 186-2 gen
X-Git-Tag: openssl-3.0.0~127
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=aa5098021be2df0fd33bd5e8b1325c49dc519433;p=thirdparty%2Fopenssl.git

Set FFC_PARAM_FLAG_VALIDATE_LEGACY on params generated with FIPS 186-2 gen

Fixes #16261

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16268)
---

diff --git a/crypto/ffc/ffc_params_generate.c b/crypto/ffc/ffc_params_generate.c
index 36b5a873a71..f0601e1644c 100644
--- a/crypto/ffc/ffc_params_generate.c
+++ b/crypto/ffc/ffc_params_generate.c
@@ -1047,7 +1047,11 @@ int ossl_ffc_params_FIPS186_2_generate(OSSL_LIB_CTX *libctx, FFC_PARAMS *params,
                                        int type, size_t L, size_t N,
                                        int *res, BN_GENCB *cb)
 {
-    return ossl_ffc_params_FIPS186_2_gen_verify(libctx, params,
-                                                FFC_PARAM_MODE_GENERATE,
-                                                type, L, N, res, cb);
+    if (!ossl_ffc_params_FIPS186_2_gen_verify(libctx, params,
+                                              FFC_PARAM_MODE_GENERATE,
+                                              type, L, N, res, cb))
+        return 0;
+
+    ossl_ffc_params_enable_flags(params, FFC_PARAM_FLAG_VALIDATE_LEGACY, 1);
+    return 1;
 }