diff options
| author | Matt Caswell <matt@openssl.org> | 2020-10-23 12:35:00 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2020-11-18 14:54:18 +0000 |
| commit | f1d6670840b08104646713f464a6ef42e2cf1c2a (patch) | |
| tree | 5548329237ea84a4a4f67dfce768b708f2d62056 /test | |
| parent | c2bd8d27835186b9fc4c7e4e12a3f6d81bac0544 (diff) | |
Swap to FIPS186-2 DSA generation outside of the FIPS module
Inside the FIPS module we continue to use FIPS186-4. We prefer FIPS186-2
in the default provider for backwards compatibility reasons.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13228)
Diffstat (limited to 'test')
| -rw-r--r-- | test/dsatest.c | 1 | ||||
| -rw-r--r-- | test/recipes/15-test_gendsa.t | 1 |
2 files changed, 2 insertions, 0 deletions
diff --git a/test/dsatest.c b/test/dsatest.c index 614a8ea1d8..962946602e 100644 --- a/test/dsatest.c +++ b/test/dsatest.c @@ -249,6 +249,7 @@ static int dsa_keygen_test(void) || !TEST_ptr(settables = EVP_PKEY_CTX_settable_params(pg_ctx)) || !TEST_ptr(OSSL_PARAM_locate_const(settables, OSSL_PKEY_PARAM_FFC_PBITS)) + || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_type(pg_ctx, "fips186_4")) || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(pg_ctx, 2048)) || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(pg_ctx, 224)) || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_seed(pg_ctx, seed_data, diff --git a/test/recipes/15-test_gendsa.t b/test/recipes/15-test_gendsa.t index 4dc387cac5..910cc7da56 100644 --- a/test/recipes/15-test_gendsa.t +++ b/test/recipes/15-test_gendsa.t @@ -79,6 +79,7 @@ ok(run(app([ 'openssl', 'genpkey', # Just put some dummy ones in to show it works. ok(run(app([ 'openssl', 'genpkey', '-paramfile', 'dsagen.der', + '-pkeyopt', 'type:fips186_4', '-pkeyopt', 'gindex:1', '-pkeyopt', 'hexseed:0102030405060708090A0B0C0D0E0F1011121314', '-pkeyopt', 'pcounter:25', |