File nss-fips-pairwise-consistency-check.patch of Package mozilla-nss.14856

From 2a162c34b7aad7399f33069cd9930fd92714861c Mon Sep 17 00:00:00 2001
From: Hans Petter Jansson <hpj@cl.no>
Date: Tue, 19 Nov 2019 05:39:31 +0100
Subject: [PATCH 07/22] 15

---
 nss/lib/softoken/pkcs11c.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/nss/lib/softoken/pkcs11c.c b/nss/lib/softoken/pkcs11c.c
index d9b7e9c..6afb0ee 100644
--- a/nss/lib/softoken/pkcs11c.c
+++ b/nss/lib/softoken/pkcs11c.c
@@ -4496,8 +4496,8 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSession,
     return crv;
 }
 
-#define PAIRWISE_DIGEST_LENGTH SHA1_LENGTH /* 160-bits */
-#define PAIRWISE_MESSAGE_LENGTH 20         /* 160-bits */
+#define PAIRWISE_DIGEST_LENGTH SHA224_LENGTH /* 224-bits */
+#define PAIRWISE_MESSAGE_LENGTH 20           /* 160-bits */
 
 /*
  * FIPS 140-2 pairwise consistency check utilized to validate key pair.
@@ -5357,6 +5357,7 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hSession,
                             (PRUint32)crv);
                 sftk_LogAuditMessage(NSS_AUDIT_ERROR, NSS_AUDIT_SELF_TEST, msg);
             }
+            sftk_fatalError = PR_TRUE;
         }
     }
 
-- 
2.21.0
openSUSE Build Service is sponsored by