File gnutls-3.6.7-fips_DH_ECDH_key_tests.patch of Package gnutls.15330

Index: gnutls-3.6.7/lib/nettle/pk.c
===================================================================
--- gnutls-3.6.7.orig/lib/nettle/pk.c
+++ gnutls-3.6.7/lib/nettle/pk.c
@@ -240,15 +240,16 @@ static int _wrap_nettle_pk_derive(gnutls
 
 	switch (algo) {
 	case GNUTLS_PK_DH: {
-		bigint_t f, x, prime;
-		bigint_t k = NULL, ff = NULL;
+		bigint_t f, x, q, prime;
+		bigint_t k = NULL, ff = NULL, r = NULL;
 		unsigned int bits;
 
 		f = pub->params[DH_Y];
 		x = priv->params[DH_X];
+		q = priv->params[DH_Q];
 		prime = priv->params[DH_P];
 
-		ret = _gnutls_mpi_init_multi(&k, &ff, NULL);
+		ret = _gnutls_mpi_init_multi(&k, &ff, &r, NULL);
 		if (ret < 0)
 			return gnutls_assert_val(ret);
 
@@ -268,6 +269,21 @@ static int _wrap_nettle_pk_derive(gnutls
 			goto dh_cleanup;
 		}
 
+		/* if we have Q check that y ^ q mod p == 1 */
+		if (q != NULL) {
+			ret = _gnutls_mpi_powm(r, f, q, prime);
+			if (ret < 0) {
+				gnutls_assert();
+				goto dh_cleanup;
+			}
+			ret = _gnutls_mpi_cmp_ui(r, 1);
+			if (ret != 0) {
+				gnutls_assert();
+				ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+				goto dh_cleanup;
+			}
+		}
+
 		/* prevent denial of service */
 		bits = _gnutls_mpi_get_nbits(prime);
 		if (bits == 0 || bits > MAX_DH_BITS) {
@@ -298,6 +314,7 @@ static int _wrap_nettle_pk_derive(gnutls
 
 		ret = 0;
 dh_cleanup:
+		_gnutls_mpi_release(&r);
 		_gnutls_mpi_release(&ff);
 		zrelease_temp_mpi_key(&k);
 		if (ret < 0)