87 lines
4.2 KiB
Diff
87 lines
4.2 KiB
Diff
|
diff -up ./gtests/softoken_gtest/softoken_dh_vectors.h.orig ./gtests/softoken_gtest/softoken_dh_vectors.h
|
||
|
--- ./gtests/softoken_gtest/softoken_dh_vectors.h.orig 2021-06-02 16:57:50.557008790 -0700
|
||
|
+++ ./gtests/softoken_gtest/softoken_dh_vectors.h 2021-06-02 16:59:52.781735096 -0700
|
||
|
@@ -2872,7 +2872,7 @@ static const DhTestVector DH_TEST_VECTOR
|
||
|
{siBuffer, (unsigned char *)g2, sizeof(g2)},
|
||
|
{siBuffer, NULL, 0},
|
||
|
{siBuffer, NULL, 0},
|
||
|
- IKE_APPROVED,
|
||
|
+ SAFE_PRIME,
|
||
|
CLASS_1536},
|
||
|
{"IKE 2048",
|
||
|
{siBuffer, (unsigned char *)prime_ike_2048, sizeof(prime_ike_2048)},
|
||
|
@@ -2952,7 +2952,7 @@ static const DhTestVector DH_TEST_VECTOR
|
||
|
{siBuffer, (unsigned char *)sub2_prime_ike_1536,
|
||
|
sizeof(sub2_prime_ike_1536)},
|
||
|
{siBuffer, NULL, 0},
|
||
|
- IKE_APPROVED,
|
||
|
+ SAFE_PRIME,
|
||
|
CLASS_1536},
|
||
|
{"IKE 2048 with subprime",
|
||
|
{siBuffer, (unsigned char *)prime_ike_2048, sizeof(prime_ike_2048)},
|
||
|
diff -up ./lib/softoken/pkcs11c.c.orig ./lib/softoken/pkcs11c.c
|
||
|
--- ./lib/softoken/pkcs11c.c.orig 2021-05-28 02:50:43.000000000 -0700
|
||
|
+++ ./lib/softoken/pkcs11c.c 2021-06-02 16:52:01.196932757 -0700
|
||
|
@@ -5193,7 +5193,7 @@ sftk_PairwiseConsistencyCheck(CK_SESSION
|
||
|
/* subprime not supplied, In this case look it up.
|
||
|
* This only works with approved primes, but in FIPS mode
|
||
|
* that's the only kine of prime that will get here */
|
||
|
- subPrimePtr = sftk_VerifyDH_Prime(&prime);
|
||
|
+ subPrimePtr = sftk_VerifyDH_Prime(&prime,isFIPS);
|
||
|
if (subPrimePtr == NULL) {
|
||
|
crv = CKR_GENERAL_ERROR;
|
||
|
goto done;
|
||
|
@@ -8351,7 +8351,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
|
||
|
|
||
|
/* if the prime is an approved prime, we can skip all the other
|
||
|
* checks. */
|
||
|
- subPrime = sftk_VerifyDH_Prime(&dhPrime);
|
||
|
+ subPrime = sftk_VerifyDH_Prime(&dhPrime,isFIPS);
|
||
|
if (subPrime == NULL) {
|
||
|
SECItem dhSubPrime;
|
||
|
/* If the caller set the subprime value, it means that
|
||
|
diff -up ./lib/softoken/pkcs11i.h.orig ./lib/softoken/pkcs11i.h
|
||
|
--- ./lib/softoken/pkcs11i.h.orig 2021-06-02 16:52:01.196932757 -0700
|
||
|
+++ ./lib/softoken/pkcs11i.h 2021-06-02 16:52:54.281248207 -0700
|
||
|
@@ -946,7 +946,7 @@ char **NSC_ModuleDBFunc(unsigned long fu
|
||
|
/* dh verify functions */
|
||
|
/* verify that dhPrime matches one of our known primes, and if so return
|
||
|
* it's subprime value */
|
||
|
-const SECItem *sftk_VerifyDH_Prime(SECItem *dhPrime);
|
||
|
+const SECItem *sftk_VerifyDH_Prime(SECItem *dhPrime, PRBool isFIPS);
|
||
|
/* check if dhSubPrime claims dhPrime is a safe prime. */
|
||
|
SECStatus sftk_IsSafePrime(SECItem *dhPrime, SECItem *dhSubPrime, PRBool *isSafe);
|
||
|
/* map an operation Attribute to a Mechanism flag */
|
||
|
diff -up ./lib/softoken/pkcs11u.c.orig ./lib/softoken/pkcs11u.c
|
||
|
--- ./lib/softoken/pkcs11u.c.orig 2021-06-02 16:54:23.387777705 -0700
|
||
|
+++ ./lib/softoken/pkcs11u.c 2021-06-02 16:54:51.012941866 -0700
|
||
|
@@ -2312,7 +2312,7 @@ sftk_handleSpecial(SFTKSlot *slot, CK_ME
|
||
|
if (crv != CKR_OK) {
|
||
|
return PR_FALSE;
|
||
|
}
|
||
|
- dhSubPrime = sftk_VerifyDH_Prime(&dhPrime);
|
||
|
+ dhSubPrime = sftk_VerifyDH_Prime(&dhPrime, PR_TRUE);
|
||
|
SECITEM_ZfreeItem(&dhPrime, PR_FALSE);
|
||
|
return (dhSubPrime) ? PR_TRUE : PR_FALSE;
|
||
|
}
|
||
|
diff -up ./lib/softoken/sftkdhverify.c.orig ./lib/softoken/sftkdhverify.c
|
||
|
--- ./lib/softoken/sftkdhverify.c.orig 2021-05-28 02:50:43.000000000 -0700
|
||
|
+++ ./lib/softoken/sftkdhverify.c 2021-06-02 16:52:01.196932757 -0700
|
||
|
@@ -1171,11 +1171,15 @@ static const SECItem subprime_tls_8192 =
|
||
|
* verify that dhPrime matches one of our known primes
|
||
|
*/
|
||
|
const SECItem *
|
||
|
-sftk_VerifyDH_Prime(SECItem *dhPrime)
|
||
|
+sftk_VerifyDH_Prime(SECItem *dhPrime, PRBool isFIPS)
|
||
|
{
|
||
|
/* use the length to decide which primes to check */
|
||
|
switch (dhPrime->len) {
|
||
|
case 1536 / PR_BITS_PER_BYTE:
|
||
|
+ /* don't accept 1536 bit primes in FIPS mode */
|
||
|
+ if (isFIPS) {
|
||
|
+ break;
|
||
|
+ }
|
||
|
if (PORT_Memcmp(dhPrime->data, prime_ike_1536,
|
||
|
sizeof(prime_ike_1536)) == 0) {
|
||
|
return &subprime_ike_1536;
|