Pass down Q for FFDHE in al pre TLS1.3 as well

Signed-off-by: Simo Sorce <simo@redhat.com>
author: Simo Sorce <simo@redhat.com> 2019-05-22 15:08:45 -0400
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2019-05-23 11:35:12 +0200
commit: e07061b29a75ff94f0dbf85ec44f7ad6c04761fa (patch)
tree: 28020d5c0eb41e5fa6bf1822a45577deace8cce1
parent: f5136909695e3c88f195828831fe5700fa2a1059 (diff)
download: gnutls-e07061b29a75ff94f0dbf85ec44f7ad6c04761fa.tar.gz
2 files changed, 38 insertions, 6 deletions
diff --git a/lib/auth/dh_common.c b/lib/auth/dh_common.c
index 2058d81e59..19c205bbe8 100644
--- a/lib/auth/dh_common.c
+++ b/lib/auth/dh_common.c
@@ -182,10 +182,11 @@ _gnutls_proc_dh_common_server_kx(gnutls_session_t session,
 				 uint8_t * data, size_t _data_size)
 {
 	uint16_t n_Y, n_g, n_p;
-	size_t _n_Y, _n_g, _n_p;
+	size_t _n_Y, _n_g, _n_p, _n_q;
 	uint8_t *data_p;
 	uint8_t *data_g;
 	uint8_t *data_Y;
+	uint8_t *data_q = NULL;
 	int i, bits, ret, p_bits;
 	unsigned j;
 	ssize_t data_size = _data_size;
@@ -245,6 +246,8 @@ _gnutls_proc_dh_common_server_kx(gnutls_session_t session,
 				session->internals.hsk_flags |= HSK_USED_FFDHE;
 				_gnutls_session_group_set(session, session->internals.priorities->groups.entry[j]);
 				session->key.proto.tls12.dh.params.qbits = *session->internals.priorities->groups.entry[j]->q_bits;
+				data_q = session->internals.priorities->groups.entry[j]->q->data;
+				_n_q = session->internals.priorities->groups.entry[j]->q->size;
 				break;
 			}
 		}
@@ -265,8 +268,19 @@ _gnutls_proc_dh_common_server_kx(gnutls_session_t session,
 		_gnutls_mpi_release(&session->key.proto.tls12.dh.params.params[DH_G]);
 		return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
 	}
+	if (data_q && _gnutls_mpi_init_scan_nz(
+			    &session->key.proto.tls12.dh.params.params[DH_Q],
+			    data_q, _n_q) != 0) {
+		/* we release now because params_nr is not yet set */
+		_gnutls_mpi_release(
+			&session->key.proto.tls12.dh.params.params[DH_P]);
+		_gnutls_mpi_release(
+			&session->key.proto.tls12.dh.params.params[DH_G]);
+		return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+	}
 
-	session->key.proto.tls12.dh.params.params_nr = 3; /* include empty q */
+	/* include, possibly empty, q */
+	session->key.proto.tls12.dh.params.params_nr = 3;
 	session->key.proto.tls12.dh.params.algo = GNUTLS_PK_DH;
 
 	if (!(session->internals.hsk_flags & HSK_USED_FFDHE)) {
diff --git a/lib/dh.c b/lib/dh.c
index 06bc2e1be4..ded939d0d4 100644
--- a/lib/dh.c
+++ b/lib/dh.c
@@ -37,7 +37,7 @@
 
 static
 int set_dh_pk_params(gnutls_session_t session, bigint_t g, bigint_t p,
-			unsigned q_bits)
+		     bigint_t q, unsigned q_bits)
 {
 	/* just in case we are resuming a session */
 	gnutls_pk_params_release(&session->key.proto.tls12.dh.params);
@@ -54,7 +54,16 @@ int set_dh_pk_params(gnutls_session_t session, bigint_t g, bigint_t p,
 		return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
 	}
 
-	session->key.proto.tls12.dh.params.params_nr = 3; /* include empty q */
+	if (q) {
+		session->key.proto.tls12.dh.params.params[DH_Q] = _gnutls_mpi_copy(q);
+		if (session->key.proto.tls12.dh.params.params[DH_Q] == NULL) {
+			_gnutls_mpi_release(&session->key.proto.tls12.dh.params.params[DH_P]);
+			_gnutls_mpi_release(&session->key.proto.tls12.dh.params.params[DH_G]);
+			return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+		}
+	}
+	/* include, possibly empty, q */
+	session->key.proto.tls12.dh.params.params_nr = 3;
 	session->key.proto.tls12.dh.params.algo = GNUTLS_PK_DH;
 	session->key.proto.tls12.dh.params.qbits = q_bits;
 
@@ -70,7 +79,7 @@ _gnutls_figure_dh_params(gnutls_session_t session, gnutls_dh_params_t dh_params,
 		      gnutls_params_function * func, gnutls_sec_param_t sec_param)
 {
 	gnutls_params_st params;
-	bigint_t p, g;
+	bigint_t p, g, q = NULL;
 	unsigned free_pg = 0;
 	int ret;
 	unsigned q_bits = 0, i;
@@ -100,6 +109,14 @@ _gnutls_figure_dh_params(gnutls_session_t session, gnutls_dh_params_t dh_params,
 					goto cleanup;
 				}
 
+				ret = _gnutls_mpi_init_scan_nz(&q,
+						session->internals.priorities->groups.entry[i]->q->data,
+						session->internals.priorities->groups.entry[i]->q->size);
+				if (ret < 0) {
+					gnutls_assert();
+					goto cleanup;
+				}
+
 				session->internals.hsk_flags |= HSK_USED_FFDHE;
 				q_bits = *session->internals.priorities->groups.entry[i]->q_bits;
 				goto finished;
@@ -158,7 +175,7 @@ _gnutls_figure_dh_params(gnutls_session_t session, gnutls_dh_params_t dh_params,
  finished:
 	_gnutls_dh_save_group(session, g, p);
 
-	ret = set_dh_pk_params(session, g, p, q_bits);
+	ret = set_dh_pk_params(session, g, p, q, q_bits);
 	if (ret < 0) {
 		gnutls_assert();
 	}
@@ -166,6 +183,7 @@ _gnutls_figure_dh_params(gnutls_session_t session, gnutls_dh_params_t dh_params,
  cleanup:
 	if (free_pg) {
 		_gnutls_mpi_release(&p);
+		_gnutls_mpi_release(&q);
 		_gnutls_mpi_release(&g);
 	}
 	if (params.deinit && params.type == GNUTLS_PARAMS_DH)
author	Simo Sorce <simo@redhat.com>	2019-05-22 15:08:45 -0400
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2019-05-23 11:35:12 +0200
commit	e07061b29a75ff94f0dbf85ec44f7ad6c04761fa (patch)
tree	28020d5c0eb41e5fa6bf1822a45577deace8cce1
parent	f5136909695e3c88f195828831fe5700fa2a1059 (diff)
download	gnutls-e07061b29a75ff94f0dbf85ec44f7ad6c04761fa.tar.gz