diff options
author | Shane Lontis <shane.lontis@oracle.com> | 2021-05-10 10:27:42 +1000 |
---|---|---|
committer | Shane Lontis <shane.lontis@oracle.com> | 2021-05-13 09:49:18 +1000 |
commit | b98f752ec330cdc81d1f27a9506e6dcc8c00af5a (patch) | |
tree | 5cb469c545da743d0751cddf4bfce15e41e483bd /doc/man7 | |
parent | 466cab4758289f91215eada905cf334d334830fa (diff) |
Export/import flags for FFC params changed to seperate fields.
An extra field got added to the ffc flags related to FIPS-186-2 key validation, but this field was
not handled by the export/import since the flags were done as string combinations.
To keep this consistent with other object flags they are now passed as seperate OSSL_PARAM fields.
Fixes 'no-cached-fetch' build which uses export/import.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15210)
Diffstat (limited to 'doc/man7')
-rw-r--r-- | doc/man7/EVP_PKEY-FFC.pod | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/doc/man7/EVP_PKEY-FFC.pod b/doc/man7/EVP_PKEY-FFC.pod index 9de066a865..3ab243f45a 100644 --- a/doc/man7/EVP_PKEY-FFC.pod +++ b/doc/man7/EVP_PKEY-FFC.pod @@ -100,6 +100,23 @@ satisfies g = h^j mod p (where g != 1 and "j" is the cofactor). An optional informational cofactor parameter that should equal to (p - 1) / q. +=item "validate-pq" (B<OSSL_PKEY_PARAM_FFC_VALIDATE_PQ>) <unsigned integer> + +=item "validate-g" (B<OSSL_PKEY_PARAM_FFC_VALIDATE_G>) <unsigned integer> + +These boolean values are used during FIPS186-4 or FIPS186-2 key validation checks +(See L<EVP_PKEY_param_check(3)>) to select validation options. By default +I<validate-pq> and I<validate-g> are both set to 1 to check that p,q and g are +valid. Either of these may be set to 0 to skip a test, which is mainly useful +for testing purposes. + +=item "validate-legacy" (B<OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY>) <unsigned integer> + +This boolean value is used during key validation checks +(See L<EVP_PKEY_param_check(3)>) to select the validation type. The default +value of 0 selects FIPS186-4 validation. Setting this value to 1 selects +FIPS186-2 validation. + =back =head2 FFC key generation parameters |