diff -up ./nss/lib/softoken/pkcs11c.c.no-small-primes ./nss/lib/softoken/pkcs11c.c --- ./nss/lib/softoken/pkcs11c.c.no-small-primes 2020-09-11 13:41:59.364630218 -0700 +++ ./nss/lib/softoken/pkcs11c.c 2020-09-11 13:44:19.722377883 -0700 @@ -5103,7 +5103,7 @@ sftk_PairwiseConsistencyCheck(CK_SESSION /* subprime not supplied, In this case look it up. * This only works with approved primes, but in FIPS mode * that's the only kine of prime that will get here */ - subPrimePtr = sftk_VerifyDH_Prime(&prime); + subPrimePtr = sftk_VerifyDH_Prime(&prime,isFIPS); if (subPrimePtr == NULL) { crv = CKR_GENERAL_ERROR; goto done; @@ -8332,7 +8332,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession /* if the prime is an approved prime, we can skip all the other * checks. */ - subPrime = sftk_VerifyDH_Prime(&dhPrime); + subPrime = sftk_VerifyDH_Prime(&dhPrime,isFIPS); if (subPrime == NULL) { SECItem dhSubPrime; /* In FIPS mode we only accept approved primes */ diff -up ./nss/lib/softoken/pkcs11i.h.no-small-primes ./nss/lib/softoken/pkcs11i.h --- ./nss/lib/softoken/pkcs11i.h.no-small-primes 2020-09-11 13:42:10.056687173 -0700 +++ ./nss/lib/softoken/pkcs11i.h 2020-09-11 13:44:52.361551747 -0700 @@ -926,7 +926,7 @@ char **NSC_ModuleDBFunc(unsigned long fu /* dh verify functions */ /* verify that dhPrime matches one of our known primes, and if so return * it's subprime value */ -const SECItem *sftk_VerifyDH_Prime(SECItem *dhPrime); +const SECItem *sftk_VerifyDH_Prime(SECItem *dhPrime, PRBool isFIPS); /* check if dhSubPrime claims dhPrime is a safe prime. */ SECStatus sftk_IsSafePrime(SECItem *dhPrime, SECItem *dhSubPrime, PRBool *isSafe); diff -up ./nss/lib/softoken/sftkdhverify.c.no-small-primes ./nss/lib/softoken/sftkdhverify.c --- ./nss/lib/softoken/sftkdhverify.c.no-small-primes 2020-09-11 13:42:25.216767929 -0700 +++ ./nss/lib/softoken/sftkdhverify.c 2020-09-11 13:46:59.570229369 -0700 @@ -1171,11 +1171,15 @@ static const SECItem subprime_tls_8192= * verify that dhPrime matches one of our known primes */ const SECItem * -sftk_VerifyDH_Prime(SECItem *dhPrime) +sftk_VerifyDH_Prime(SECItem *dhPrime, PRBool isFIPS) { /* use the length to decide which primes to check */ switch (dhPrime->len) { case 1536 / PR_BITS_PER_BYTE: + /* don't accept 1536 bit primes in FIPS mode */ + if (isFIPS) { + break; + } if (PORT_Memcmp(dhPrime->data, prime_ike_1536, sizeof(prime_ike_1536)) == 0) { return &subprime_ike_1536;