You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
42 lines
1.6 KiB
42 lines
1.6 KiB
diff --git a/lib/softoken/sftkmessage.c b/lib/softoken/sftkmessage.c |
|
--- a/lib/softoken/sftkmessage.c |
|
+++ b/lib/softoken/sftkmessage.c |
|
@@ -146,16 +146,38 @@ sftk_CryptMessage(CK_SESSION_HANDLE hSes |
|
|
|
CHECK_FORK(); |
|
|
|
/* make sure we're legal */ |
|
crv = sftk_GetContext(hSession, &context, contextType, PR_TRUE, NULL); |
|
if (crv != CKR_OK) |
|
return crv; |
|
|
|
+ if (context->isFIPS && (contextType == CKA_ENCRYPT)) { |
|
+ if ((pParameter == NULL) || (ulParameterLen != sizeof(CK_GCM_MESSAGE_PARAMS))) { |
|
+ context->isFIPS = PR_FALSE; |
|
+ } else { |
|
+ CK_GCM_MESSAGE_PARAMS *p = (CK_GCM_MESSAGE_PARAMS *)pParameter; |
|
+ switch (p->ivGenerator) { |
|
+ case CKG_NO_GENERATE: |
|
+ context->isFIPS = PR_FALSE; |
|
+ break; |
|
+ case CKG_GENERATE_RANDOM: |
|
+ if ((p->ulIvLen < 12) || (p->ulIvFixedBits != 0)) { |
|
+ context->isFIPS = PR_FALSE; |
|
+ } |
|
+ break; |
|
+ default: |
|
+ if ((p->ulIvLen < 12) || (p->ulIvFixedBits < 32)) { |
|
+ context->isFIPS = PR_FALSE; |
|
+ } |
|
+ } |
|
+ } |
|
+ } |
|
+ |
|
if (!pOuttext) { |
|
*pulOuttextLen = ulIntextLen; |
|
return CKR_OK; |
|
} |
|
rv = (*context->aeadUpdate)(context->cipherInfo, pOuttext, &outlen, |
|
maxout, pIntext, ulIntextLen, |
|
pParameter, ulParameterLen, |
|
pAssociatedData, ulAssociatedDataLen);
|
|
|