43 lines
1.2 KiB
Diff
43 lines
1.2 KiB
Diff
From 59269fca96168aa89dc32834d188a54eea8953ac Mon Sep 17 00:00:00 2001
|
|
From: Robbie Harwood <rharwood@redhat.com>
|
|
Date: Mon, 1 Apr 2019 13:13:09 -0400
|
|
Subject: [PATCH] FIPS-aware SPAKE group negotiation
|
|
|
|
---
|
|
src/plugins/preauth/spake/groups.c | 8 ++++++++
|
|
1 file changed, 8 insertions(+)
|
|
|
|
diff --git a/src/plugins/preauth/spake/groups.c b/src/plugins/preauth/spake/groups.c
|
|
index a195cc195..8a913cb5a 100644
|
|
--- a/src/plugins/preauth/spake/groups.c
|
|
+++ b/src/plugins/preauth/spake/groups.c
|
|
@@ -56,6 +56,8 @@
|
|
#include "trace.h"
|
|
#include "groups.h"
|
|
|
|
+#include <openssl/crypto.h>
|
|
+
|
|
#define DEFAULT_GROUPS_CLIENT "edwards25519"
|
|
#define DEFAULT_GROUPS_KDC ""
|
|
|
|
@@ -102,6 +104,9 @@ find_gdef(int32_t group)
|
|
{
|
|
size_t i;
|
|
|
|
+ if (group == builtin_edwards25519.reg->id && FIPS_mode())
|
|
+ return NULL;
|
|
+
|
|
for (i = 0; groupdefs[i] != NULL; i++) {
|
|
if (groupdefs[i]->reg->id == group)
|
|
return groupdefs[i];
|
|
@@ -116,6 +121,9 @@ find_gnum(const char *name)
|
|
{
|
|
size_t i;
|
|
|
|
+ if (strcasecmp(name, builtin_edwards25519.reg->name) == 0 && FIPS_mode())
|
|
+ return 0;
|
|
+
|
|
for (i = 0; groupdefs[i] != NULL; i++) {
|
|
if (strcasecmp(name, groupdefs[i]->reg->name) == 0)
|
|
return groupdefs[i]->reg->id;
|