File nss-fips-pairwise-consistency-check.patch of Package mozilla-nss.14778
From 2a162c34b7aad7399f33069cd9930fd92714861c Mon Sep 17 00:00:00 2001
From: Hans Petter Jansson <hpj@cl.no>
Date: Tue, 19 Nov 2019 05:39:31 +0100
Subject: [PATCH 07/22] 15
---
nss/lib/softoken/pkcs11c.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/nss/lib/softoken/pkcs11c.c b/nss/lib/softoken/pkcs11c.c
index d9b7e9c..6afb0ee 100644
--- a/nss/lib/softoken/pkcs11c.c
+++ b/nss/lib/softoken/pkcs11c.c
@@ -4496,8 +4496,8 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSession,
return crv;
}
-#define PAIRWISE_DIGEST_LENGTH SHA1_LENGTH /* 160-bits */
-#define PAIRWISE_MESSAGE_LENGTH 20 /* 160-bits */
+#define PAIRWISE_DIGEST_LENGTH SHA224_LENGTH /* 224-bits */
+#define PAIRWISE_MESSAGE_LENGTH 20 /* 160-bits */
/*
* FIPS 140-2 pairwise consistency check utilized to validate key pair.
@@ -5357,6 +5357,7 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hSession,
(PRUint32)crv);
sftk_LogAuditMessage(NSS_AUDIT_ERROR, NSS_AUDIT_SELF_TEST, msg);
}
+ sftk_fatalError = PR_TRUE;
}
}
--
2.21.0