rpms / nss-softokn

Clone
Source Code
GIT

Blame SOURCES/nss-3.90-pbkdf2-indicator.patch

c4 c5 c5-plus c6 c6-plus c7 c7-aarch64 c7-alt c7-beta c8
  1.   c7
  2.   SOURCES
  3.   nss-3.90-pbkdf2-indicator.patch
Blob History Raw
0c41dc 
diff -up ./lib/softoken/pkcs11u.c.pkcs12_indicator ./lib/softoken/pkcs11u.c
0c41dc 
--- ./lib/softoken/pkcs11u.c.pkcs12_indicator	2023-08-03 10:50:37.067109367 -0700
0c41dc 
+++ ./lib/softoken/pkcs11u.c	2023-08-03 11:41:55.641541953 -0700
0c41dc 
@@ -2429,7 +2429,7 @@ sftk_handleSpecial(SFTKSlot *slot, CK_ME
0c41dc 
             return PR_FALSE;
0c41dc 
         case SFTKFIPSECC:
0c41dc 
             /* we've already handled the curve selection in the 'getlength'
0c41dc 
-          * function */
0c41dc 
+             * function */
0c41dc 
             return PR_TRUE;
0c41dc 
         case SFTKFIPSAEAD: {
0c41dc 
             if (mech->ulParameterLen == 0) {
0c41dc 
@@ -2463,6 +2463,29 @@ sftk_handleSpecial(SFTKSlot *slot, CK_ME
0c41dc 
             }
0c41dc 
             return PR_TRUE;
0c41dc 
         }
0c41dc 
+        case SFTKFIPSPBKDF2: {
0c41dc 
+            /* PBKDF2 must have the following addition restrictions
0c41dc 
+             * (independent of keysize).
0c41dc 
+             *    1. iteration count must be at least 1000.
0c41dc 
+             *    2. salt must be at least 128 bits (16 bytes).
0c41dc 
+             *    3. password must match the length specified in the SP
0c41dc 
+             */
0c41dc 
+             CK_PKCS5_PBKD2_PARAMS *pbkdf2 = (CK_PKCS5_PBKD2_PARAMS *)
0c41dc 
+                                                    mech->pParameter;
0c41dc 
+             if (mech->ulParameterLen != sizeof(*pbkdf2)) {
0c41dc 
+                 return PR_FALSE;
0c41dc 
+             }
0c41dc 
+             if (pbkdf2->iterations < 1000) {
0c41dc 
+                 return PR_FALSE;
0c41dc 
+             }
0c41dc 
+             if (pbkdf2->ulSaltSourceDataLen < 16) {
0c41dc 
+                 return PR_FALSE;
0c41dc 
+             }
0c41dc 
+             if (*(pbkdf2->ulPasswordLen) < SFTKFIPS_PBKDF2_MIN_PW_LEN) {
0c41dc 
+                 return PR_FALSE;
0c41dc 
+             }
0c41dc 
+             return PR_TRUE;
0c41dc 
+        }
0c41dc 
         default:
0c41dc 
             break;
0c41dc 
     }

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation