44 lines
1.3 KiB
Diff
44 lines
1.3 KiB
Diff
|
From 5b4467a2c47e6de814e69ec3eb4c3e7a4632119c Mon Sep 17 00:00:00 2001
|
||
|
From: Robbie Harwood <rharwood@redhat.com>
|
||
|
Date: Mon, 1 Apr 2019 13:13:09 -0400
|
||
|
Subject: [PATCH] FIPS-aware SPAKE group negotiation
|
||
|
|
||
|
(cherry picked from commit 59269fca96168aa89dc32834d188a54eea8953ac)
|
||
|
---
|
||
|
src/plugins/preauth/spake/groups.c | 8 ++++++++
|
||
|
1 file changed, 8 insertions(+)
|
||
|
|
||
|
diff --git a/src/plugins/preauth/spake/groups.c b/src/plugins/preauth/spake/groups.c
|
||
|
index a195cc195..8a913cb5a 100644
|
||
|
--- a/src/plugins/preauth/spake/groups.c
|
||
|
+++ b/src/plugins/preauth/spake/groups.c
|
||
|
@@ -56,6 +56,8 @@
|
||
|
#include "trace.h"
|
||
|
#include "groups.h"
|
||
|
|
||
|
+#include <openssl/crypto.h>
|
||
|
+
|
||
|
#define DEFAULT_GROUPS_CLIENT "edwards25519"
|
||
|
#define DEFAULT_GROUPS_KDC ""
|
||
|
|
||
|
@@ -102,6 +104,9 @@ find_gdef(int32_t group)
|
||
|
{
|
||
|
size_t i;
|
||
|
|
||
|
+ if (group == builtin_edwards25519.reg->id && FIPS_mode())
|
||
|
+ return NULL;
|
||
|
+
|
||
|
for (i = 0; groupdefs[i] != NULL; i++) {
|
||
|
if (groupdefs[i]->reg->id == group)
|
||
|
return groupdefs[i];
|
||
|
@@ -116,6 +121,9 @@ find_gnum(const char *name)
|
||
|
{
|
||
|
size_t i;
|
||
|
|
||
|
+ if (strcasecmp(name, builtin_edwards25519.reg->name) == 0 && FIPS_mode())
|
||
|
+ return 0;
|
||
|
+
|
||
|
for (i = 0; groupdefs[i] != NULL; i++) {
|
||
|
if (strcasecmp(name, groupdefs[i]->reg->name) == 0)
|
||
|
return groupdefs[i]->reg->id;
|