diff options
| author | Shane Lontis <shane.lontis@oracle.com> | 2021-03-11 13:36:27 +1000 |
|---|---|---|
| committer | Shane Lontis <shane.lontis@oracle.com> | 2021-03-15 09:01:51 +1000 |
| commit | 3a37ddde911fe735c73121a8a561451cc719fc91 (patch) | |
| tree | 36c5f038fa4efbf166358a48e465744bd3c965ca /doc/man7 | |
| parent | 91bd45eb9ac26daf87abc2c21cb03143a745a420 (diff) | |
Fix DSA EVP_PKEY_param_check() when defaults are used for param generation.
Fixes #14480
An internal flag that is set during param gen was not being tested, so
the wrong type was used to select the dsa domain param validation method.
In the default provider - if no gen_type is set then by default the fips186_4 gentype
will be selected when pbits >=2048 otherwise it selects fips186_2.
The fips provider ignores the gen_type and always uses fips186_4.
Before this change dsa used fips186_2 by default in the default
provider.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14508)
Diffstat (limited to 'doc/man7')
| -rw-r--r-- | doc/man7/EVP_PKEY-FFC.pod | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/doc/man7/EVP_PKEY-FFC.pod b/doc/man7/EVP_PKEY-FFC.pod index e97a1c6bc4..bf409c3b0a 100644 --- a/doc/man7/EVP_PKEY-FFC.pod +++ b/doc/man7/EVP_PKEY-FFC.pod @@ -100,7 +100,7 @@ Sets the type of parameter generation. The shared valid values are: =item "fips186_4" -The current standard. This is the default value. +The current standard. =item "fips186_2" @@ -108,8 +108,8 @@ The old standard that should only be used for legacy purposes. =item "default" -This is an alias to use the latest implemented standard. -It is currently set to "fips186_4". +This can choose one of "fips186_4" or "fips186_2" depending on other +parameters set for parameter generation. =back |