diff options
author | Daiki Ueno <ueno@gnu.org> | 2020-09-03 14:16:08 +0000 |
---|---|---|
committer | Daiki Ueno <ueno@gnu.org> | 2020-09-03 14:16:08 +0000 |
commit | 999525211e1a5a22194411a4b078259137f5fe19 (patch) | |
tree | 3927532d2baa80554b30d4d446d5250868f988a2 /lib/auth/dh_common.c | |
parent | 3c137c9f2888334596fb9f4313d4389d39afe8fd (diff) | |
parent | b0be5d7c39d4a5f7d29db4630926a4cef7c3edce (diff) | |
download | gnutls-999525211e1a5a22194411a4b078259137f5fe19.tar.gz |
Merge branch 'tmp-backport-3.6' into 'gnutls_3_6_x'
Backport bug fixes from master to gnutls_3_6_x
See merge request gnutls/gnutls!1317
Diffstat (limited to 'lib/auth/dh_common.c')
-rw-r--r-- | lib/auth/dh_common.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/auth/dh_common.c b/lib/auth/dh_common.c index 19c205bbe8..fcd696d4d6 100644 --- a/lib/auth/dh_common.c +++ b/lib/auth/dh_common.c @@ -257,6 +257,14 @@ _gnutls_proc_dh_common_server_kx(gnutls_session_t session, } } +#ifdef ENABLE_FIPS140 + if (gnutls_fips140_mode_enabled() && + !_gnutls_dh_prime_match_fips_approved(data_p, n_p, data_g, n_g, NULL, NULL)) { + gnutls_assert(); + return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; + } +#endif + if (_gnutls_mpi_init_scan_nz(&session->key.proto.tls12.dh.params.params[DH_G], data_g, _n_g) != 0) { gnutls_assert(); return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; |