dhe: check if DH params in SKE match the FIPS approved algorithmstmp-sp800-56ar3

SP800-56A rev. 3 restricts the FIPS compliant clients to use only approved DH parameters, defined in RFC 7919 and RFC 3526. This adds a check in the handling of ServerKeyExchange if DHE is negotiated. Signed-off-by: Daiki Ueno <ueno@gnu.org>
author: Daiki Ueno <ueno@gnu.org> 2020-06-26 10:21:26 +0200
committer: Daiki Ueno <ueno@gnu.org> 2020-06-27 12:57:09 +0200
commit: 3f4532862bf9140976d970ab14e102cede61d1c7 (patch)
tree: e7f66327cb9a9dd1463b24a3446cb673b14a6a1f /doc/credentials/dhparams/rfc5054-2048.pem
parent: 481e48f3236be42ff1fcb96f96c4efcbb2b69242 (diff)
download: gnutls-tmp-sp800-56ar3.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/doc/credentials/dhparams/rfc5054-2048.pem b/doc/credentials/dhparams/rfc5054-2048.pem
new file mode 100644
index 0000000000..814e70ce6a
--- /dev/null
+++ b/doc/credentials/dhparams/rfc5054-2048.pem
@@ -0,0 +1,8 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEArGvbQTJKmpvxZt5eE4lYL69ytmUZh+4H/DGSlD21YFCjcynLtKCZ
+7YGT4HV3Z6E91SMSq0sDMQ3Nf0ip2gT9UOgIOWntt2ewz2CVF5oWOrNmGgX71fqq
+6CkYqZYvC5O4Vfl5k+yXXuqoDXQK2/T/dHNZ0EHVwz6nHSgeRGsUdzvKl7Q6I/uA
+Fna9IHpDbGSB8dK5B4cXRhpbnTLmiPh3SFRFI7UksNV9Xqd6J3XS7PoDLPvb9S+z
+eGFgJ5AE5Xrmr4dOcwPOUymczAQce8MI2CpWmPOo0MOCca41+Onb+7aUtcgD2J96
+5DXeI21SX1R1m2XjcvzWjvIPpxEfnkr/cwIBAg==
+-----END DH PARAMETERS-----
author	Daiki Ueno <ueno@gnu.org>	2020-06-26 10:21:26 +0200
committer	Daiki Ueno <ueno@gnu.org>	2020-06-27 12:57:09 +0200
commit	3f4532862bf9140976d970ab14e102cede61d1c7 (patch)
tree	e7f66327cb9a9dd1463b24a3446cb673b14a6a1f /doc/credentials/dhparams/rfc5054-2048.pem
parent	481e48f3236be42ff1fcb96f96c4efcbb2b69242 (diff)
download	gnutls-tmp-sp800-56ar3.tar.gz