commit 3ab80b72e85583bd727730bc5b57f91e07b89710 Author: Hans Petter Jansson Date: Fri Sep 4 13:41:34 2020 +0200 Patch 38: nss-fips-stricter-dh.patch diff --git a/lib/freebl/dh.c b/lib/freebl/dh.c --- a/lib/freebl/dh.c +++ b/lib/freebl/dh.c @@ -445,41 +445,53 @@ KEA_PrimeCheck(SECItem *prime) cleanup: mp_clear(&p); return err ? PR_FALSE : PR_TRUE; } PRBool KEA_Verify(SECItem *Y, SECItem *prime, SECItem *subPrime) { - mp_int p, q, y, r; + mp_int p, q, y, r, psub1; mp_err err; int cmp = 1; /* default is false */ if (!Y || !prime || !subPrime) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } MP_DIGITS(&p) = 0; MP_DIGITS(&q) = 0; MP_DIGITS(&y) = 0; MP_DIGITS(&r) = 0; + MP_DIGITS(&psub1) = 0; CHECK_MPI_OK(mp_init(&p)); CHECK_MPI_OK(mp_init(&q)); CHECK_MPI_OK(mp_init(&y)); CHECK_MPI_OK(mp_init(&r)); + CHECK_MPI_OK(mp_init(&psub1)); SECITEM_TO_MPINT(*prime, &p); SECITEM_TO_MPINT(*subPrime, &q); SECITEM_TO_MPINT(*Y, &y); + + CHECK_MPI_OK(mp_sub_d(&p, 1, &psub1)); + + if (mp_cmp_d(&y, 1) <= 0 || + mp_cmp(&y, &psub1) >= 0) { + err = MP_BADARG; + goto cleanup; + } + /* compute r = y**q mod p */ CHECK_MPI_OK(mp_exptmod(&y, &q, &p, &r)); /* compare to 1 */ cmp = mp_cmp_d(&r, 1); cleanup: mp_clear(&p); mp_clear(&q); mp_clear(&y); mp_clear(&r); + mp_clear(&psub1); if (err) { MP_TO_SEC_ERROR(err); return PR_FALSE; } return (cmp == 0) ? PR_TRUE : PR_FALSE; }