mozilla-nss/nss-fips-stricter-dh.patch

commit 3ab80b72e85583bd727730bc5b57f91e07b89710
Author: Hans Petter Jansson <hpj@cl.no>
Date:   Fri Sep 4 13:41:34 2020 +0200

    Patch 38: nss-fips-stricter-dh.patch

diff --git a/lib/freebl/dh.c b/lib/freebl/dh.c
--- a/lib/freebl/dh.c
+++ b/lib/freebl/dh.c
@@ -445,41 +445,53 @@ KEA_PrimeCheck(SECItem *prime)
 cleanup:
     mp_clear(&p);
     return err ? PR_FALSE : PR_TRUE;
 }
 
 PRBool
 KEA_Verify(SECItem *Y, SECItem *prime, SECItem *subPrime)
 {
-    mp_int p, q, y, r;
+    mp_int p, q, y, r, psub1;
     mp_err err;
     int cmp = 1; /* default is false */
     if (!Y || !prime || !subPrime) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return SECFailure;
     }
     MP_DIGITS(&p) = 0;
     MP_DIGITS(&q) = 0;
     MP_DIGITS(&y) = 0;
     MP_DIGITS(&r) = 0;
+    MP_DIGITS(&psub1) = 0;
     CHECK_MPI_OK(mp_init(&p));
     CHECK_MPI_OK(mp_init(&q));
     CHECK_MPI_OK(mp_init(&y));
     CHECK_MPI_OK(mp_init(&r));
+    CHECK_MPI_OK(mp_init(&psub1));
     SECITEM_TO_MPINT(*prime, &p);
     SECITEM_TO_MPINT(*subPrime, &q);
     SECITEM_TO_MPINT(*Y, &y);
+
+    CHECK_MPI_OK(mp_sub_d(&p, 1, &psub1));
+
+    if (mp_cmp_d(&y, 1) <= 0 ||
+        mp_cmp(&y, &psub1) >= 0) {
+        err = MP_BADARG;
+        goto cleanup;
+    }
+
     /* compute r = y**q mod p */
     CHECK_MPI_OK(mp_exptmod(&y, &q, &p, &r));
     /* compare to 1 */
     cmp = mp_cmp_d(&r, 1);
 cleanup:
     mp_clear(&p);
     mp_clear(&q);
     mp_clear(&y);
     mp_clear(&r);
+    mp_clear(&psub1);
     if (err) {
         MP_TO_SEC_ERROR(err);
         return PR_FALSE;
     }
     return (cmp == 0) ? PR_TRUE : PR_FALSE;
 }