rpms / gnutls

Clone
Source Code
GIT

Files

  1.   873a72c7757a2e5444b4713a02ba3ef7adaf2dd7
  2.   SOURCES
  3.   gnutls-3.3.8-fips140-dsa1024.patch
Blob Blame History Raw 
diff --git a/lib/nettle/int/dsa-fips.h b/lib/nettle/int/dsa-fips.h
index 08fac25..82d545e 100644
--- a/lib/nettle/int/dsa-fips.h
+++ b/lib/nettle/int/dsa-fips.h
@@ -80,7 +80,7 @@ int
 _dsa_validate_dss_g(struct dsa_public_key *pub,
 		    unsigned domain_seed_size, const uint8_t *domain_seed, unsigned index);
 
-unsigned _dsa_check_qp_sizes(unsigned q_bits, unsigned p_bits);
+unsigned _dsa_check_qp_sizes(unsigned q_bits, unsigned p_bits, unsigned generate);
 
 /* The following low-level functions can be used for DH key exchange as well 
  */
diff --git a/lib/nettle/int/dsa-keygen-fips186.c b/lib/nettle/int/dsa-keygen-fips186.c
index 2712ddb..1ac9441 100644
--- a/lib/nettle/int/dsa-keygen-fips186.c
+++ b/lib/nettle/int/dsa-keygen-fips186.c
@@ -36,11 +36,11 @@
 
 #include <nettle/bignum.h>
 
-unsigned _dsa_check_qp_sizes(unsigned q_bits, unsigned p_bits)
+unsigned _dsa_check_qp_sizes(unsigned q_bits, unsigned p_bits, unsigned generate)
 {
 	switch (q_bits) {
 	case 160:
-		if (_gnutls_fips_mode_enabled() != 0)
+		if (_gnutls_fips_mode_enabled() != 0 && generate != 0)
 			return 0;
 
 		if (p_bits != 1024)
@@ -77,7 +77,7 @@ _dsa_generate_dss_pq(struct dsa_public_key *pub,
 	uint8_t *storage = NULL;
 	unsigned storage_length = 0;
 
-	ret = _dsa_check_qp_sizes(q_bits, p_bits);
+	ret = _dsa_check_qp_sizes(q_bits, p_bits, 1);
 	if (ret == 0) {
 		return 0;
 	}
@@ -375,7 +375,7 @@ dsa_generate_dss_pqg(struct dsa_public_key *pub,
 	uint8_t domain_seed[MAX_PVP_SEED_SIZE*3];
 	unsigned domain_seed_size = 0;
 
-	ret = _dsa_check_qp_sizes(q_bits, p_bits);
+	ret = _dsa_check_qp_sizes(q_bits, p_bits, 1);
 	if (ret == 0)
 		return 0;
 
diff --git a/lib/nettle/int/dsa-validate.c b/lib/nettle/int/dsa-validate.c
index 3f55755..daa39da 100644
--- a/lib/nettle/int/dsa-validate.c
+++ b/lib/nettle/int/dsa-validate.c
@@ -83,7 +83,7 @@ _dsa_validate_dss_g(struct dsa_public_key *pub,
 	p_bits = mpz_sizeinbase(pub->p, 2);
 	q_bits = mpz_sizeinbase(pub->q, 2);
 
-	ret = _dsa_check_qp_sizes(q_bits, p_bits);
+	ret = _dsa_check_qp_sizes(q_bits, p_bits, 0);
 	if (ret == 0) {
 		return 0;
 	}
@@ -151,7 +151,7 @@ _dsa_validate_dss_pq(struct dsa_public_key *pub,
 	p_bits = mpz_sizeinbase(pub->p, 2);
 	q_bits = mpz_sizeinbase(pub->q, 2);
 
-	ret = _dsa_check_qp_sizes(q_bits, p_bits);
+	ret = _dsa_check_qp_sizes(q_bits, p_bits, 0);
 	if (ret == 0) {
 		return 0;
 	}

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation