From f1ffaaeece5efb7d2f4859a59e3164edf9b4b769 Mon Sep 17 00:00:00 2001
From: Shane Lontis <shane.lontis@oracle.com>
Date: Thu, 15 Apr 2021 18:25:17 +1000
Subject: Fixes related to separation of DH and DHX types

Fix dh_rfc5114 option in genpkey.

Fixes #14145
Fixes #13956
Fixes #13952
Fixes #13871
Fixes #14054
Fixes #14444

Updated documentation for app to indicate what options are available for
DH and DHX keys.

DH and DHX now have different keymanager gen_set_params() methods.

Added CHANGES entry to indicate the breaking change.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14883)
---
 test/recipes/15-test_gendh.t | 33 +++------------------------------
 1 file changed, 3 insertions(+), 30 deletions(-)

(limited to 'test/recipes/15-test_gendh.t')

diff --git a/test/recipes/15-test_gendh.t b/test/recipes/15-test_gendh.t
index 87dd73f438..39112f1bfe 100644
--- a/test/recipes/15-test_gendh.t
+++ b/test/recipes/15-test_gendh.t
@@ -18,34 +18,7 @@ setup("test_gendh");
 
 plan skip_all => "This test is unsupported in a no-dh build" if disabled("dh");
 
-plan tests => 13;
-
-ok(run(app([ 'openssl', 'genpkey', '-genparam',
-             '-algorithm', 'DH',
-             '-pkeyopt', 'gindex:1',
-             '-pkeyopt', 'type:fips186_4',
-             '-text'])),
-   "genpkey DH params fips186_4 with verifiable g");
-
-ok(run(app([ 'openssl', 'genpkey', '-genparam',
-             '-algorithm', 'DH',
-             '-pkeyopt', 'type:fips186_4',
-             '-text'])),
-   "genpkey DH params fips186_4 with unverifiable g");
-
-ok(run(app([ 'openssl', 'genpkey', '-genparam',
-             '-algorithm', 'DH',
-             '-pkeyopt', 'pbits:2048',
-             '-pkeyopt', 'qbits:224',
-             '-pkeyopt', 'digest:SHA512-224',
-             '-pkeyopt', 'type:fips186_4'])),
-   "genpkey DH params fips186_4 with truncated SHA");
-
-ok(run(app([ 'openssl', 'genpkey', '-genparam',
-             '-algorithm', 'DH',
-             '-pkeyopt', 'type:fips186_2',
-             '-text'])),
-   "genpkey DH params fips186_2");
+plan tests => 9;
 
 ok(run(app([ 'openssl', 'genpkey', '-algorithm', 'DH',
              '-pkeyopt', 'type:group',
@@ -59,7 +32,7 @@ ok(run(app([ 'openssl', 'genpkey', '-algorithm', 'DH',
    "genpkey DH group ffdhe2048");
 
 ok(run(app([ 'openssl', 'genpkey', '-genparam',
-             '-algorithm', 'DH',
+             '-algorithm', 'DHX',
              '-pkeyopt', 'gindex:1',
              '-pkeyopt', 'type:fips186_4',
              '-out', 'dhgen.pem' ])),
@@ -70,7 +43,7 @@ ok(run(app([ 'openssl', 'genpkey', '-genparam',
 ok(run(app([ 'openssl', 'genpkey',
              '-paramfile', 'dhgen.pem',
              '-pkeyopt', 'gindex:1',
-             '-pkeyopt', 'hexseed:0102030405060708090A0B0C0D0E0F1011121314',
+             '-pkeyopt', 'hexseed:ed2927f2139eb61495d6641efda1243f93ebe482b5bfc2c755a53825',
              '-pkeyopt', 'pcounter:25',
              '-text' ])),
    "genpkey DH fips186_4 with PEM params");
-- 
cgit v1.2.3