ext/key_share: check the validity of server key shares

That is, when generating the public key based on the server's key share, ensure that the algorithms match completely with the key shares the client initially sent. This was detected by the updated traces for TLS1.3 fuzzying. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2018-07-27 11:58:38 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2018-07-27 14:13:35 +0200
commit: cb702bd6bc44959760c5a9c837506b0e85e3cd78 (patch)
tree: 3f953890f0451174b193a107a43b51793503db3e /lib/crypto-backend.h
parent: af86011e4dac677da991c9585ebeb0f1da528cc3 (diff)
download: gnutls-cb702bd6bc44959760c5a9c837506b0e85e3cd78.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/crypto-backend.h b/lib/crypto-backend.h
index e410af03e3..ff8f39616e 100644
--- a/lib/crypto-backend.h
+++ b/lib/crypto-backend.h
@@ -194,6 +194,7 @@ typedef struct {
 	unsigned int pkflags; /* gnutls_pk_flag_t */
 	unsigned int qbits; /* GNUTLS_PK_DH */
 	gnutls_ecc_curve_t curve; /* GNUTLS_PK_EC, GNUTLS_PK_ED25519, GNUTLS_PK_GOST* */
+	gnutls_group_t dh_group; /* GNUTLS_PK_DH - used by ext/key_share */
 	gnutls_gost_paramset_t gost_params; /* GNUTLS_PK_GOST_* */
 	gnutls_datum_t raw_pub; /* used by x25519 */
 	gnutls_datum_t raw_priv;
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2018-07-27 11:58:38 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2018-07-27 14:13:35 +0200
commit	cb702bd6bc44959760c5a9c837506b0e85e3cd78 (patch)
tree	3f953890f0451174b193a107a43b51793503db3e /lib/crypto-backend.h
parent	af86011e4dac677da991c9585ebeb0f1da528cc3 (diff)
download	gnutls-cb702bd6bc44959760c5a9c837506b0e85e3cd78.tar.gz