commit 5cfa568f0d1a8d722a0385819ef7175451c79f3e
Author: Ingo Franzki <ifranzki@linux.ibm.com>
Date:   Mon Jun 8 09:50:05 2020 +0200

    Fix dh_pkcs_derive mechanism parameter checking
    
    PKCS #11 does not impose any parameter length restrictions for
    mechanism CKM_DH_PKCS_DERIVE (peer public data). Thus, do not
    check the parameter length, other than that it should be > 0.
    
    Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>

diff --git a/usr/lib/common/mech_dh.c b/usr/lib/common/mech_dh.c
index 6733075c..7fc4ec89 100644
--- a/usr/lib/common/mech_dh.c
+++ b/usr/lib/common/mech_dh.c
@@ -62,11 +62,7 @@ CK_RV dh_pkcs_derive(STDLL_TokData_t *tokdata,
 
     // Perform DH checking of parameters
     // Check the existance of the public-value in mechanism
-    if ((!mech->pParameter) ||
-        ((mech->ulParameterLen != 64) &&
-         (mech->ulParameterLen != 96) &&
-         (mech->ulParameterLen != 128) &&
-         (mech->ulParameterLen != 192) && (mech->ulParameterLen != 256))) {
+    if (mech->pParameter == NULL || mech->ulParameterLen == 0) {
         TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));
         return (CKR_MECHANISM_PARAM_INVALID);
     }