summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/algorithms/groups.c5
-rw-r--r--lib/ext/key_share.c14
-rw-r--r--lib/gnutls_int.h1
-rw-r--r--lib/nettle/pk.c5
4 files changed, 23 insertions, 2 deletions
diff --git a/lib/algorithms/groups.c b/lib/algorithms/groups.c
index c5adb063ba..25195c121c 100644
--- a/lib/algorithms/groups.c
+++ b/lib/algorithms/groups.c
@@ -79,6 +79,7 @@ static const gnutls_group_entry_st supported_groups[] = {
.id = GNUTLS_GROUP_FFDHE2048,
.generator = &gnutls_ffdhe_2048_group_generator,
.prime = &gnutls_ffdhe_2048_group_prime,
+ .q = &gnutls_ffdhe_2048_group_q,
.q_bits = &gnutls_ffdhe_2048_key_bits,
.pk = GNUTLS_PK_DH,
.tls_id = 0x100
@@ -88,6 +89,7 @@ static const gnutls_group_entry_st supported_groups[] = {
.id = GNUTLS_GROUP_FFDHE3072,
.generator = &gnutls_ffdhe_3072_group_generator,
.prime = &gnutls_ffdhe_3072_group_prime,
+ .q = &gnutls_ffdhe_3072_group_q,
.q_bits = &gnutls_ffdhe_3072_key_bits,
.pk = GNUTLS_PK_DH,
.tls_id = 0x101
@@ -97,6 +99,7 @@ static const gnutls_group_entry_st supported_groups[] = {
.id = GNUTLS_GROUP_FFDHE4096,
.generator = &gnutls_ffdhe_4096_group_generator,
.prime = &gnutls_ffdhe_4096_group_prime,
+ .q = &gnutls_ffdhe_4096_group_q,
.q_bits = &gnutls_ffdhe_4096_key_bits,
.pk = GNUTLS_PK_DH,
.tls_id = 0x102
@@ -106,6 +109,7 @@ static const gnutls_group_entry_st supported_groups[] = {
.id = GNUTLS_GROUP_FFDHE6144,
.generator = &gnutls_ffdhe_6144_group_generator,
.prime = &gnutls_ffdhe_6144_group_prime,
+ .q = &gnutls_ffdhe_6144_group_q,
.q_bits = &gnutls_ffdhe_6144_key_bits,
.pk = GNUTLS_PK_DH,
.tls_id = 0x103
@@ -115,6 +119,7 @@ static const gnutls_group_entry_st supported_groups[] = {
.id = GNUTLS_GROUP_FFDHE8192,
.generator = &gnutls_ffdhe_8192_group_generator,
.prime = &gnutls_ffdhe_8192_group_prime,
+ .q = &gnutls_ffdhe_8192_group_q,
.q_bits = &gnutls_ffdhe_8192_key_bits,
.pk = GNUTLS_PK_DH,
.tls_id = 0x104
diff --git a/lib/ext/key_share.c b/lib/ext/key_share.c
index 3efc46a60c..599eff8fbc 100644
--- a/lib/ext/key_share.c
+++ b/lib/ext/key_share.c
@@ -152,10 +152,15 @@ static int client_gen_key_share(gnutls_session_t session, const gnutls_group_ent
if (ret < 0)
return gnutls_assert_val(ret);
+ ret = _gnutls_mpi_init_scan_nz(&session->key.kshare.dh_params.params[DH_Q],
+ group->q->data, group->q->size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
session->key.kshare.dh_params.algo = group->pk;
session->key.kshare.dh_params.dh_group = group->id; /* no curve in FFDH, we write the group */
session->key.kshare.dh_params.qbits = *group->q_bits;
- session->key.kshare.dh_params.params_nr = 3; /* empty q */
+ session->key.kshare.dh_params.params_nr = 3;
ret = _gnutls_pk_generate_keys(group->pk, 0, &session->key.kshare.dh_params, 1);
if (ret < 0)
@@ -350,9 +355,14 @@ server_use_key_share(gnutls_session_t session, const gnutls_group_entry_st *grou
if (ret < 0)
return gnutls_assert_val(ret);
+ ret = _gnutls_mpi_init_scan_nz(&session->key.kshare.dh_params.params[DH_Q],
+ group->q->data, group->q->size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
session->key.kshare.dh_params.algo = GNUTLS_PK_DH;
session->key.kshare.dh_params.qbits = *group->q_bits;
- session->key.kshare.dh_params.params_nr = 3; /* empty q */
+ session->key.kshare.dh_params.params_nr = 3;
/* generate our keys */
ret = _gnutls_pk_generate_keys(group->pk, 0, &session->key.kshare.dh_params, 1);
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 177a8be018..da0a92ebcb 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -664,6 +664,7 @@ typedef struct gnutls_group_entry_st {
const char *name;
gnutls_group_t id;
const gnutls_datum_t *prime;
+ const gnutls_datum_t *q;
const gnutls_datum_t *generator;
const unsigned *q_bits;
gnutls_ecc_curve_t curve;
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
index 6bb2cef877..08117c2d82 100644
--- a/lib/nettle/pk.c
+++ b/lib/nettle/pk.c
@@ -282,6 +282,11 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo,
ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
goto dh_cleanup;
}
+ } else if ((flags & PK_DERIVE_TLS13) &&
+ _gnutls_fips_mode_enabled()) {
+ /* Mandatory in FIPS mode for TLS 1.3 */
+ ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ goto dh_cleanup;
}
/* prevent denial of service */