diff options
-rw-r--r-- | lib/algorithms/groups.c | 5 | ||||
-rw-r--r-- | lib/ext/key_share.c | 14 | ||||
-rw-r--r-- | lib/gnutls_int.h | 1 | ||||
-rw-r--r-- | lib/nettle/pk.c | 5 |
4 files changed, 23 insertions, 2 deletions
diff --git a/lib/algorithms/groups.c b/lib/algorithms/groups.c index c5adb063ba..25195c121c 100644 --- a/lib/algorithms/groups.c +++ b/lib/algorithms/groups.c @@ -79,6 +79,7 @@ static const gnutls_group_entry_st supported_groups[] = { .id = GNUTLS_GROUP_FFDHE2048, .generator = &gnutls_ffdhe_2048_group_generator, .prime = &gnutls_ffdhe_2048_group_prime, + .q = &gnutls_ffdhe_2048_group_q, .q_bits = &gnutls_ffdhe_2048_key_bits, .pk = GNUTLS_PK_DH, .tls_id = 0x100 @@ -88,6 +89,7 @@ static const gnutls_group_entry_st supported_groups[] = { .id = GNUTLS_GROUP_FFDHE3072, .generator = &gnutls_ffdhe_3072_group_generator, .prime = &gnutls_ffdhe_3072_group_prime, + .q = &gnutls_ffdhe_3072_group_q, .q_bits = &gnutls_ffdhe_3072_key_bits, .pk = GNUTLS_PK_DH, .tls_id = 0x101 @@ -97,6 +99,7 @@ static const gnutls_group_entry_st supported_groups[] = { .id = GNUTLS_GROUP_FFDHE4096, .generator = &gnutls_ffdhe_4096_group_generator, .prime = &gnutls_ffdhe_4096_group_prime, + .q = &gnutls_ffdhe_4096_group_q, .q_bits = &gnutls_ffdhe_4096_key_bits, .pk = GNUTLS_PK_DH, .tls_id = 0x102 @@ -106,6 +109,7 @@ static const gnutls_group_entry_st supported_groups[] = { .id = GNUTLS_GROUP_FFDHE6144, .generator = &gnutls_ffdhe_6144_group_generator, .prime = &gnutls_ffdhe_6144_group_prime, + .q = &gnutls_ffdhe_6144_group_q, .q_bits = &gnutls_ffdhe_6144_key_bits, .pk = GNUTLS_PK_DH, .tls_id = 0x103 @@ -115,6 +119,7 @@ static const gnutls_group_entry_st supported_groups[] = { .id = GNUTLS_GROUP_FFDHE8192, .generator = &gnutls_ffdhe_8192_group_generator, .prime = &gnutls_ffdhe_8192_group_prime, + .q = &gnutls_ffdhe_8192_group_q, .q_bits = &gnutls_ffdhe_8192_key_bits, .pk = GNUTLS_PK_DH, .tls_id = 0x104 diff --git a/lib/ext/key_share.c b/lib/ext/key_share.c index 3efc46a60c..599eff8fbc 100644 --- a/lib/ext/key_share.c +++ b/lib/ext/key_share.c @@ -152,10 +152,15 @@ static int client_gen_key_share(gnutls_session_t session, const gnutls_group_ent if (ret < 0) return gnutls_assert_val(ret); + ret = _gnutls_mpi_init_scan_nz(&session->key.kshare.dh_params.params[DH_Q], + group->q->data, group->q->size); + if (ret < 0) + return gnutls_assert_val(ret); + session->key.kshare.dh_params.algo = group->pk; session->key.kshare.dh_params.dh_group = group->id; /* no curve in FFDH, we write the group */ session->key.kshare.dh_params.qbits = *group->q_bits; - session->key.kshare.dh_params.params_nr = 3; /* empty q */ + session->key.kshare.dh_params.params_nr = 3; ret = _gnutls_pk_generate_keys(group->pk, 0, &session->key.kshare.dh_params, 1); if (ret < 0) @@ -350,9 +355,14 @@ server_use_key_share(gnutls_session_t session, const gnutls_group_entry_st *grou if (ret < 0) return gnutls_assert_val(ret); + ret = _gnutls_mpi_init_scan_nz(&session->key.kshare.dh_params.params[DH_Q], + group->q->data, group->q->size); + if (ret < 0) + return gnutls_assert_val(ret); + session->key.kshare.dh_params.algo = GNUTLS_PK_DH; session->key.kshare.dh_params.qbits = *group->q_bits; - session->key.kshare.dh_params.params_nr = 3; /* empty q */ + session->key.kshare.dh_params.params_nr = 3; /* generate our keys */ ret = _gnutls_pk_generate_keys(group->pk, 0, &session->key.kshare.dh_params, 1); diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 177a8be018..da0a92ebcb 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -664,6 +664,7 @@ typedef struct gnutls_group_entry_st { const char *name; gnutls_group_t id; const gnutls_datum_t *prime; + const gnutls_datum_t *q; const gnutls_datum_t *generator; const unsigned *q_bits; gnutls_ecc_curve_t curve; diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c index 6bb2cef877..08117c2d82 100644 --- a/lib/nettle/pk.c +++ b/lib/nettle/pk.c @@ -282,6 +282,11 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo, ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; goto dh_cleanup; } + } else if ((flags & PK_DERIVE_TLS13) && + _gnutls_fips_mode_enabled()) { + /* Mandatory in FIPS mode for TLS 1.3 */ + ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; + goto dh_cleanup; } /* prevent denial of service */ |