|
 |
1b57e1 |
diff -up ./gtests/softoken_gtest/softoken_dh_vectors.h.orig ./gtests/softoken_gtest/softoken_dh_vectors.h
|
|
|
1b57e1 |
--- ./gtests/softoken_gtest/softoken_dh_vectors.h.orig 2021-06-02 16:57:50.557008790 -0700
|
|
|
1b57e1 |
+++ ./gtests/softoken_gtest/softoken_dh_vectors.h 2021-06-02 16:59:52.781735096 -0700
|
|
|
1b57e1 |
@@ -2872,7 +2872,7 @@ static const DhTestVector DH_TEST_VECTOR
|
|
|
1b57e1 |
{siBuffer, (unsigned char *)g2, sizeof(g2)},
|
|
|
1b57e1 |
{siBuffer, NULL, 0},
|
|
|
1b57e1 |
{siBuffer, NULL, 0},
|
|
|
1b57e1 |
- IKE_APPROVED,
|
|
|
1b57e1 |
+ SAFE_PRIME,
|
|
|
1b57e1 |
CLASS_1536},
|
|
|
1b57e1 |
{"IKE 2048",
|
|
|
1b57e1 |
{siBuffer, (unsigned char *)prime_ike_2048, sizeof(prime_ike_2048)},
|
|
|
1b57e1 |
@@ -2952,7 +2952,7 @@ static const DhTestVector DH_TEST_VECTOR
|
|
|
1b57e1 |
{siBuffer, (unsigned char *)sub2_prime_ike_1536,
|
|
|
1b57e1 |
sizeof(sub2_prime_ike_1536)},
|
|
|
1b57e1 |
{siBuffer, NULL, 0},
|
|
|
1b57e1 |
- IKE_APPROVED,
|
|
|
1b57e1 |
+ SAFE_PRIME,
|
|
|
1b57e1 |
CLASS_1536},
|
|
|
1b57e1 |
{"IKE 2048 with subprime",
|
|
|
1b57e1 |
{siBuffer, (unsigned char *)prime_ike_2048, sizeof(prime_ike_2048)},
|
|
|
5f43a7 |
diff -up ./lib/softoken/pkcs11c.c.orig ./lib/softoken/pkcs11c.c
|
|
|
1b57e1 |
--- ./lib/softoken/pkcs11c.c.orig 2021-05-28 02:50:43.000000000 -0700
|
|
|
1b57e1 |
+++ ./lib/softoken/pkcs11c.c 2021-06-02 16:52:01.196932757 -0700
|
|
|
1b57e1 |
@@ -5193,7 +5193,7 @@ sftk_PairwiseConsistencyCheck(CK_SESSION
|
|
|
1b57e1 |
/* subprime not supplied, In this case look it up.
|
|
|
5f43a7 |
* This only works with approved primes, but in FIPS mode
|
|
|
5f43a7 |
* that's the only kine of prime that will get here */
|
|
|
5f43a7 |
- subPrimePtr = sftk_VerifyDH_Prime(&prime);
|
|
|
5f43a7 |
+ subPrimePtr = sftk_VerifyDH_Prime(&prime,isFIPS);
|
|
|
5f43a7 |
if (subPrimePtr == NULL) {
|
|
|
5f43a7 |
crv = CKR_GENERAL_ERROR;
|
|
|
5f43a7 |
goto done;
|
|
|
1b57e1 |
@@ -8351,7 +8351,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
|
|
|
5f43a7 |
|
|
|
5f43a7 |
/* if the prime is an approved prime, we can skip all the other
|
|
|
5f43a7 |
* checks. */
|
|
|
5f43a7 |
- subPrime = sftk_VerifyDH_Prime(&dhPrime);
|
|
|
5f43a7 |
+ subPrime = sftk_VerifyDH_Prime(&dhPrime,isFIPS);
|
|
|
5f43a7 |
if (subPrime == NULL) {
|
|
|
5f43a7 |
SECItem dhSubPrime;
|
|
|
1b57e1 |
/* If the caller set the subprime value, it means that
|
|
|
5f43a7 |
diff -up ./lib/softoken/pkcs11i.h.orig ./lib/softoken/pkcs11i.h
|
|
|
1b57e1 |
--- ./lib/softoken/pkcs11i.h.orig 2021-06-02 16:52:01.196932757 -0700
|
|
|
1b57e1 |
+++ ./lib/softoken/pkcs11i.h 2021-06-02 16:52:54.281248207 -0700
|
|
|
1b57e1 |
@@ -946,7 +946,7 @@ char **NSC_ModuleDBFunc(unsigned long fu
|
|
|
5f43a7 |
/* dh verify functions */
|
|
|
5f43a7 |
/* verify that dhPrime matches one of our known primes, and if so return
|
|
|
5f43a7 |
* it's subprime value */
|
|
|
1b57e1 |
-const SECItem *sftk_VerifyDH_Prime(SECItem *dhPrime);
|
|
|
1b57e1 |
+const SECItem *sftk_VerifyDH_Prime(SECItem *dhPrime, PRBool isFIPS);
|
|
|
5f43a7 |
/* check if dhSubPrime claims dhPrime is a safe prime. */
|
|
|
5f43a7 |
SECStatus sftk_IsSafePrime(SECItem *dhPrime, SECItem *dhSubPrime, PRBool *isSafe);
|
|
|
1b57e1 |
/* map an operation Attribute to a Mechanism flag */
|
|
|
1b57e1 |
diff -up ./lib/softoken/pkcs11u.c.orig ./lib/softoken/pkcs11u.c
|
|
|
1b57e1 |
--- ./lib/softoken/pkcs11u.c.orig 2021-06-02 16:54:23.387777705 -0700
|
|
|
1b57e1 |
+++ ./lib/softoken/pkcs11u.c 2021-06-02 16:54:51.012941866 -0700
|
|
|
1b57e1 |
@@ -2312,7 +2312,7 @@ sftk_handleSpecial(SFTKSlot *slot, CK_ME
|
|
|
1b57e1 |
if (crv != CKR_OK) {
|
|
|
1b57e1 |
return PR_FALSE;
|
|
|
1b57e1 |
}
|
|
|
1b57e1 |
- dhSubPrime = sftk_VerifyDH_Prime(&dhPrime);
|
|
|
1b57e1 |
+ dhSubPrime = sftk_VerifyDH_Prime(&dhPrime, PR_TRUE);
|
|
|
1b57e1 |
SECITEM_ZfreeItem(&dhPrime, PR_FALSE);
|
|
|
1b57e1 |
return (dhSubPrime) ? PR_TRUE : PR_FALSE;
|
|
|
1b57e1 |
}
|
|
|
5f43a7 |
diff -up ./lib/softoken/sftkdhverify.c.orig ./lib/softoken/sftkdhverify.c
|
|
|
1b57e1 |
--- ./lib/softoken/sftkdhverify.c.orig 2021-05-28 02:50:43.000000000 -0700
|
|
|
1b57e1 |
+++ ./lib/softoken/sftkdhverify.c 2021-06-02 16:52:01.196932757 -0700
|
|
|
1b57e1 |
@@ -1171,11 +1171,15 @@ static const SECItem subprime_tls_8192 =
|
|
|
5f43a7 |
* verify that dhPrime matches one of our known primes
|
|
|
5f43a7 |
*/
|
|
|
5f43a7 |
const SECItem *
|
|
|
5f43a7 |
-sftk_VerifyDH_Prime(SECItem *dhPrime)
|
|
|
5f43a7 |
+sftk_VerifyDH_Prime(SECItem *dhPrime, PRBool isFIPS)
|
|
|
5f43a7 |
{
|
|
|
5f43a7 |
/* use the length to decide which primes to check */
|
|
|
5f43a7 |
switch (dhPrime->len) {
|
|
|
5f43a7 |
case 1536 / PR_BITS_PER_BYTE:
|
|
|
5f43a7 |
+ /* don't accept 1536 bit primes in FIPS mode */
|
|
|
5f43a7 |
+ if (isFIPS) {
|
|
|
5f43a7 |
+ break;
|
|
|
5f43a7 |
+ }
|
|
|
5f43a7 |
if (PORT_Memcmp(dhPrime->data, prime_ike_1536,
|
|
|
5f43a7 |
sizeof(prime_ike_1536)) == 0) {
|
|
|
5f43a7 |
return &subprime_ike_1536;
|