From f1d6670840b08104646713f464a6ef42e2cf1c2a Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Fri, 23 Oct 2020 12:35:00 +0100
Subject: [PATCH] Swap to FIPS186-2 DSA generation outside of the FIPS module

Inside the FIPS module we continue to use FIPS186-4. We prefer FIPS186-2
in the default provider for backwards compatibility reasons.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13228)
---
 doc/man3/EVP_PKEY_CTX_ctrl.pod                | 7 ++++---
 providers/implementations/keymgmt/build.info  | 4 ++--
 providers/implementations/keymgmt/dsa_kmgmt.c | 8 ++++++++
 test/dsatest.c                                | 1 +
 test/recipes/15-test_gendsa.t                 | 1 +
 5 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/doc/man3/EVP_PKEY_CTX_ctrl.pod b/doc/man3/EVP_PKEY_CTX_ctrl.pod
index 8b06a49d06..1de332c3b3 100644
--- a/doc/man3/EVP_PKEY_CTX_ctrl.pod
+++ b/doc/man3/EVP_PKEY_CTX_ctrl.pod
@@ -455,9 +455,10 @@ Uses a safe prime generator g (PKCS#3 format).
 
 =back
 
-The default is B<DH_PARAMGEN_TYPE_GENERATOR> in the default provider for the
-"DH" keytype, and B<DH_PARAMGEN_TYPE_FIPS_186_4> in the FIPS provider and for
-the "DHX" keytype in the default provider.
+The default in the default provider is B<DH_PARAMGEN_TYPE_GENERATOR> for the
+"DH" keytype, and B<DH_PARAMGEN_TYPE_FIPS_186_2> for the "DHX" keytype. In the
+FIPS provider the default value is B<DH_PARAMGEN_TYPE_GROUP> for the "DH"
+keytype and <B<DH_PARAMGEN_TYPE_FIPS_186_4> for the "DHX" keytype.
 
 EVP_PKEY_CTX_set_dh_paramgen_gindex() sets the I<gindex> used by the generator G.
 The default value is -1 which uses unverifiable g, otherwise a positive value
diff --git a/providers/implementations/keymgmt/build.info b/providers/implementations/keymgmt/build.info
index d55f0b3c18..75f61a6de1 100644
--- a/providers/implementations/keymgmt/build.info
+++ b/providers/implementations/keymgmt/build.info
@@ -1,7 +1,6 @@
 # We make separate GOAL variables for each algorithm, to make it easy to
 # switch each to the Legacy provider when needed.
 
-$DSA_GOAL=../../libimplementations.a
 $EC_GOAL=../../libimplementations.a
 $ECX_GOAL=../../libimplementations.a
 $KDF_GOAL=../../libimplementations.a
@@ -11,7 +10,8 @@ IF[{- !$disabled{dh} -}]
   SOURCE[../../libnonfips.a]=dh_kmgmt.c
 ENDIF
 IF[{- !$disabled{dsa} -}]
-  SOURCE[$DSA_GOAL]=dsa_kmgmt.c
+  SOURCE[../../libfips.a]=dsa_kmgmt.c
+  SOURCE[../../libnonfips.a]=dsa_kmgmt.c
 ENDIF
 IF[{- !$disabled{ec} -}]
   SOURCE[$EC_GOAL]=ec_kmgmt.c
diff --git a/providers/implementations/keymgmt/dsa_kmgmt.c b/providers/implementations/keymgmt/dsa_kmgmt.c
index c3f178d34c..6dbd450386 100644
--- a/providers/implementations/keymgmt/dsa_kmgmt.c
+++ b/providers/implementations/keymgmt/dsa_kmgmt.c
@@ -75,7 +75,11 @@ typedef struct dh_name2id_st{
 
 static const DSA_GENTYPE_NAME2ID dsatype2id[]=
 {
+#ifdef FIPS_MODULE
     { "default", DSA_PARAMGEN_TYPE_FIPS_186_4 },
+#else
+    { "default", DSA_PARAMGEN_TYPE_FIPS_186_2 },
+#endif
     { "fips186_4", DSA_PARAMGEN_TYPE_FIPS_186_4 },
     { "fips186_2", DSA_PARAMGEN_TYPE_FIPS_186_2 },
 };
@@ -374,7 +378,11 @@ static void *dsa_gen_init(void *provctx, int selection)
         gctx->libctx = libctx;
         gctx->pbits = 2048;
         gctx->qbits = 224;
+#ifdef FIPS_MODULE
         gctx->gen_type = DSA_PARAMGEN_TYPE_FIPS_186_4;
+#else
+        gctx->gen_type = DSA_PARAMGEN_TYPE_FIPS_186_2;
+#endif
         gctx->gindex = -1;
         gctx->pcounter = -1;
         gctx->hindex = 0;
diff --git a/test/dsatest.c b/test/dsatest.c
index 614a8ea1d8..962946602e 100644
--- a/test/dsatest.c
+++ b/test/dsatest.c
@@ -249,6 +249,7 @@ static int dsa_keygen_test(void)
         || !TEST_ptr(settables = EVP_PKEY_CTX_settable_params(pg_ctx))
         || !TEST_ptr(OSSL_PARAM_locate_const(settables,
                                              OSSL_PKEY_PARAM_FFC_PBITS))
+        || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_type(pg_ctx, "fips186_4"))
         || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(pg_ctx, 2048))
         || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(pg_ctx, 224))
         || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_seed(pg_ctx, seed_data,
diff --git a/test/recipes/15-test_gendsa.t b/test/recipes/15-test_gendsa.t
index 4dc387cac5..910cc7da56 100644
--- a/test/recipes/15-test_gendsa.t
+++ b/test/recipes/15-test_gendsa.t
@@ -79,6 +79,7 @@ ok(run(app([ 'openssl', 'genpkey',
 # Just put some dummy ones in to show it works.
 ok(run(app([ 'openssl', 'genpkey',
              '-paramfile', 'dsagen.der',
+             '-pkeyopt', 'type:fips186_4',
              '-pkeyopt', 'gindex:1',
              '-pkeyopt', 'hexseed:0102030405060708090A0B0C0D0E0F1011121314',
              '-pkeyopt', 'pcounter:25',