From c2bd8d27835186b9fc4c7e4e12a3f6d81bac0544 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Thu, 22 Oct 2020 13:54:11 +0100
Subject: [PATCH] Swap to DH_PARAMGEN_TYPE_GENERATOR as the default outside of
 the FIPS module

The documentation claimed this was already the default but it wasn't. This
was causing the dhparam application to change behaviour when compared to
1.1.1

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13228)
---
 doc/man3/EVP_PKEY_CTX_ctrl.pod               |  7 +++--
 providers/implementations/keymgmt/build.info |  4 +--
 providers/implementations/keymgmt/dh_kmgmt.c | 33 +++++++++++++++++---
 3 files changed, 35 insertions(+), 9 deletions(-)

diff --git a/doc/man3/EVP_PKEY_CTX_ctrl.pod b/doc/man3/EVP_PKEY_CTX_ctrl.pod
index 7159d8885c..8b06a49d06 100644
--- a/doc/man3/EVP_PKEY_CTX_ctrl.pod
+++ b/doc/man3/EVP_PKEY_CTX_ctrl.pod
@@ -414,7 +414,8 @@ p, q, and verifiable g are required, since it is not part of a persisted key.
 
 EVP_PKEY_CTX_set_dsa_paramgen_type() sets the generation type to use FIPS186-4
 generation if I<name> is "fips186_4", or FIPS186-2 generation if I<name> is
-"fips186_2". The default value is "fips186_4".
+"fips186_2". The default value for the default provider is "fips186_2". The
+default value for the FIPS provider is "fips186_4".
 
 =head2 DH parameters
 
@@ -454,7 +455,9 @@ Uses a safe prime generator g (PKCS#3 format).
 
 =back
 
-The default is B<DH_PARAMGEN_TYPE_GENERATOR>.
+The default is B<DH_PARAMGEN_TYPE_GENERATOR> in the default provider for the
+"DH" keytype, and B<DH_PARAMGEN_TYPE_FIPS_186_4> in the FIPS provider and for
+the "DHX" keytype in the default provider.
 
 EVP_PKEY_CTX_set_dh_paramgen_gindex() sets the I<gindex> used by the generator G.
 The default value is -1 which uses unverifiable g, otherwise a positive value
diff --git a/providers/implementations/keymgmt/build.info b/providers/implementations/keymgmt/build.info
index 978cd706ae..d55f0b3c18 100644
--- a/providers/implementations/keymgmt/build.info
+++ b/providers/implementations/keymgmt/build.info
@@ -1,14 +1,14 @@
 # We make separate GOAL variables for each algorithm, to make it easy to
 # switch each to the Legacy provider when needed.
 
-$DH_GOAL=../../libimplementations.a
 $DSA_GOAL=../../libimplementations.a
 $EC_GOAL=../../libimplementations.a
 $ECX_GOAL=../../libimplementations.a
 $KDF_GOAL=../../libimplementations.a
 
 IF[{- !$disabled{dh} -}]
-  SOURCE[$DH_GOAL]=dh_kmgmt.c
+  SOURCE[../../libfips.a]=dh_kmgmt.c
+  SOURCE[../../libnonfips.a]=dh_kmgmt.c
 ENDIF
 IF[{- !$disabled{dsa} -}]
   SOURCE[$DSA_GOAL]=dsa_kmgmt.c
diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c
index d8ca4cc9dd..927246167e 100644
--- a/providers/implementations/keymgmt/dh_kmgmt.c
+++ b/providers/implementations/keymgmt/dh_kmgmt.c
@@ -83,7 +83,6 @@ typedef struct dh_name2id_st{
 
 static const DH_GENTYPE_NAME2ID dhtype2id[]=
 {
-    { "default", DH_PARAMGEN_TYPE_FIPS_186_4 },
     { "fips186_4", DH_PARAMGEN_TYPE_FIPS_186_4 },
     { "fips186_2", DH_PARAMGEN_TYPE_FIPS_186_2 },
     { "group", DH_PARAMGEN_TYPE_GROUP },
@@ -101,10 +100,24 @@ const char *dh_gen_type_id2name(int id)
     return NULL;
 }
 
-static int dh_gen_type_name2id(const char *name)
+static int dh_gen_type_name2id(const char *name, int type)
 {
     size_t i;
 
+    if (strcmp(name, "default") == 0) {
+#ifdef FIPS_MODULE
+        if (type == DH_FLAG_TYPE_DHX)
+            return DH_PARAMGEN_TYPE_FIPS_186_4;
+
+        return DH_PARAMGEN_TYPE_GROUP;
+#else
+        if (type == DH_FLAG_TYPE_DHX)
+            return DH_PARAMGEN_TYPE_FIPS_186_2;
+
+        return DH_PARAMGEN_TYPE_GENERATOR;
+#endif
+    }
+
     for (i = 0; i < OSSL_NELEM(dhtype2id); ++i) {
         if (strcmp(dhtype2id[i].name, name) == 0)
             return dhtype2id[i].id;
@@ -428,7 +441,15 @@ static void *dh_gen_init_base(void *provctx, int selection, int type)
         gctx->pbits = 2048;
         gctx->qbits = 224;
         gctx->mdname = NULL;
-        gctx->gen_type = DH_PARAMGEN_TYPE_FIPS_186_4;
+#ifdef FIPS_MODULE
+        gctx->gen_type = (type == DH_FLAG_TYPE_DHX)
+                         ? DH_PARAMGEN_TYPE_FIPS_186_4
+                         : DH_PARAMGEN_TYPE_GROUP;
+#else
+        gctx->gen_type = (type == DH_FLAG_TYPE_DHX)
+                         ? DH_PARAMGEN_TYPE_FIPS_186_2
+                         : DH_PARAMGEN_TYPE_GENERATOR;
+#endif
         gctx->gindex = -1;
         gctx->hindex = 0;
         gctx->pcounter = -1;
@@ -485,7 +506,8 @@ static int dh_gen_set_params(void *genctx, const OSSL_PARAM params[])
     p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_TYPE);
     if (p != NULL) {
         if (p->data_type != OSSL_PARAM_UTF8_STRING
-            || ((gctx->gen_type = dh_gen_type_name2id(p->data)) == -1)) {
+            || ((gctx->gen_type = dh_gen_type_name2id(p->data,
+                                                      gctx->dh_type)) == -1)) {
             ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);
             return 0;
         }
@@ -584,7 +606,8 @@ static void *dh_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
         return NULL;
 
     /* For parameter generation - If there is a group name just create it */
-    if (gctx->gen_type == DH_PARAMGEN_TYPE_GROUP) {
+    if (gctx->gen_type == DH_PARAMGEN_TYPE_GROUP
+            && gctx->ffc_params == NULL) {
         /* Select a named group if there is not one already */
         if (gctx->group_nid == NID_undef)
             gctx->group_nid = dh_get_named_group_uid_from_size(gctx->pbits);