File 0003-Add-plumbing-to-handle-Q-parameter-in-DH-exchanges.patch of Package gnutls.17880

From 12d98928e776ddc09f78d3e2c5b615872576c720 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Fri, 17 May 2019 14:05:37 -0400
Subject: [PATCH 3/6] Add plumbing to handle Q parameter in DH exchanges

Signed-off-by: Simo Sorce <simo@redhat.com>
---
 symbols.last                |   6 +
 doc/Makefile.am                   |   2 +
 doc/manpages/Makefile.am          |   1 +
 doc/scripts/getfuncs-map.pl       |   5 +
 lib/dh-primes.c                   | 468 +++++++++++++++++++++++++++++-
 lib/dh.c                          |  74 ++++-
 lib/gnutls_int.h                  |   4 +-
 lib/includes/gnutls/gnutls.h.in   |   9 +
 lib/libgnutls.map                 |   6 +
 lib/nettle/pk.c                   |   4 +-
 tests/dh-compute.c                |  60 ++--
 12 files changed, 610 insertions(+), 47 deletions(-)

Index: gnutls-3.6.7/symbols.last
===================================================================
--- gnutls-3.6.7.orig/symbols.last	2020-09-03 15:20:32.799924448 +0200
+++ gnutls-3.6.7/symbols.last	2020-09-03 15:20:34.019932137 +0200
@@ -174,6 +174,7 @@ gnutls_dh_params_generate2@GNUTLS_3_4
 gnutls_dh_params_import_dsa@GNUTLS_3_4
 gnutls_dh_params_import_pkcs3@GNUTLS_3_4
 gnutls_dh_params_import_raw2@GNUTLS_3_4
+gnutls_dh_params_import_raw3@GNUTLS_3_6_8
 gnutls_dh_params_import_raw@GNUTLS_3_4
 gnutls_dh_params_init@GNUTLS_3_4
 gnutls_dh_set_prime_bits@GNUTLS_3_4
@@ -211,18 +212,23 @@ gnutls_ext_register@GNUTLS_3_4
 gnutls_ext_set_data@GNUTLS_3_4
 gnutls_ffdhe_2048_group_generator@GNUTLS_3_4
 gnutls_ffdhe_2048_group_prime@GNUTLS_3_4
+gnutls_ffdhe_2048_group_q@GNUTLS_3_6_8
 gnutls_ffdhe_2048_key_bits@GNUTLS_3_4
 gnutls_ffdhe_3072_group_generator@GNUTLS_3_4
 gnutls_ffdhe_3072_group_prime@GNUTLS_3_4
+gnutls_ffdhe_3072_group_q@GNUTLS_3_6_8
 gnutls_ffdhe_3072_key_bits@GNUTLS_3_4
 gnutls_ffdhe_4096_group_generator@GNUTLS_3_4
 gnutls_ffdhe_4096_group_prime@GNUTLS_3_4
+gnutls_ffdhe_4096_group_q@GNUTLS_3_6_8
 gnutls_ffdhe_4096_key_bits@GNUTLS_3_4
 gnutls_ffdhe_6144_group_generator@GNUTLS_3_6_4
 gnutls_ffdhe_6144_group_prime@GNUTLS_3_6_4
+gnutls_ffdhe_6144_group_q@GNUTLS_3_6_8
 gnutls_ffdhe_6144_key_bits@GNUTLS_3_6_4
 gnutls_ffdhe_8192_group_generator@GNUTLS_3_4
 gnutls_ffdhe_8192_group_prime@GNUTLS_3_4
+gnutls_ffdhe_8192_group_q@GNUTLS_3_6_8
 gnutls_ffdhe_8192_key_bits@GNUTLS_3_4
 gnutls_fingerprint@GNUTLS_3_4
 gnutls_fips140_mode_enabled@GNUTLS_3_4
Index: gnutls-3.6.7/doc/Makefile.am
===================================================================
--- gnutls-3.6.7.orig/doc/Makefile.am	2020-09-03 15:20:32.803924472 +0200
+++ gnutls-3.6.7/doc/Makefile.am	2020-09-03 15:20:34.019932137 +0200
@@ -951,6 +951,8 @@ FUNCS += functions/gnutls_dh_params_impo
 FUNCS += functions/gnutls_dh_params_import_raw.short
 FUNCS += functions/gnutls_dh_params_import_raw2
 FUNCS += functions/gnutls_dh_params_import_raw2.short
+FUNCS += functions/gnutls_dh_params_import_raw3
+FUNCS += functions/gnutls_dh_params_import_raw3.short
 FUNCS += functions/gnutls_dh_params_init
 FUNCS += functions/gnutls_dh_params_init.short
 FUNCS += functions/gnutls_dh_set_prime_bits
Index: gnutls-3.6.7/doc/manpages/Makefile.am
===================================================================
--- gnutls-3.6.7.orig/doc/manpages/Makefile.am	2020-09-03 15:20:32.803924472 +0200
+++ gnutls-3.6.7/doc/manpages/Makefile.am	2020-09-03 15:20:34.019932137 +0200
@@ -277,6 +277,7 @@ APIMANS += gnutls_dh_params_import_dsa.3
 APIMANS += gnutls_dh_params_import_pkcs3.3
 APIMANS += gnutls_dh_params_import_raw.3
 APIMANS += gnutls_dh_params_import_raw2.3
+APIMANS += gnutls_dh_params_import_raw3.3
 APIMANS += gnutls_dh_params_init.3
 APIMANS += gnutls_dh_set_prime_bits.3
 APIMANS += gnutls_digest_get_id.3
Index: gnutls-3.6.7/doc/scripts/getfuncs-map.pl
===================================================================
--- gnutls-3.6.7.orig/doc/scripts/getfuncs-map.pl	2020-09-03 15:20:32.803924472 +0200
+++ gnutls-3.6.7/doc/scripts/getfuncs-map.pl	2020-09-03 15:20:34.019932137 +0200
@@ -36,18 +36,23 @@ my %known_false_positives = (
 	'gnutls_srp_8192_group_prime' => 1,
 	'gnutls_ffdhe_2048_group_generator' => 1,
 	'gnutls_ffdhe_2048_group_prime' => 1,
+	'gnutls_ffdhe_2048_group_q' => 1,
 	'gnutls_ffdhe_2048_key_bits' => 1,
 	'gnutls_ffdhe_3072_group_generator' => 1,
 	'gnutls_ffdhe_3072_group_prime' => 1,
+	'gnutls_ffdhe_3072_group_q' => 1,
 	'gnutls_ffdhe_3072_key_bits' => 1,
 	'gnutls_ffdhe_4096_group_generator' => 1,
 	'gnutls_ffdhe_4096_group_prime' => 1,
+	'gnutls_ffdhe_4096_group_q' => 1,
 	'gnutls_ffdhe_4096_key_bits' => 1,
 	'gnutls_ffdhe_6144_group_generator' => 1,
 	'gnutls_ffdhe_6144_group_prime' => 1,
+	'gnutls_ffdhe_6144_group_q' => 1,
 	'gnutls_ffdhe_6144_key_bits' => 1,
 	'gnutls_ffdhe_8192_group_generator' => 1,
 	'gnutls_ffdhe_8192_group_prime' => 1,
+	'gnutls_ffdhe_8192_group_q' => 1,
 	'gnutls_ffdhe_8192_key_bits' => 1,
 	'gnutls_transport_set_int' => 1,
 	'gnutls_strdup' => 1,
Index: gnutls-3.6.7/lib/dh-primes.c
===================================================================
--- gnutls-3.6.7.orig/lib/dh-primes.c	2020-09-03 15:20:32.803924472 +0200
+++ gnutls-3.6.7/lib/dh-primes.c	2020-09-03 15:20:34.019932137 +0200
@@ -27,6 +27,8 @@
 
 #include "dh.h"
 
+static const unsigned char ffdhe_generator = 0x02;
+
 static const unsigned char ffdhe_params_2048[] = {
 	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 
 	0xFF, 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 
@@ -67,12 +69,52 @@ static const unsigned char ffdhe_params_
 	0xFF, 0xFF, 0xFF, 0xFF
 };
 
+static const unsigned char ffdhe_q_2048[] = {
+	0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+	0xFF, 0xD6, 0xFC, 0x2A, 0x2C, 0x51, 0x5D,
+	0xA5, 0x4D, 0x57, 0xEE, 0x2B, 0x10, 0x13,
+	0x9E, 0x9E, 0x78, 0xEC, 0x5C, 0xE2, 0xC1,
+	0xE7, 0x16, 0x9B, 0x4A, 0xD4, 0xF0, 0x9B,
+	0x20, 0x8A, 0x32, 0x19, 0xFD, 0xE6, 0x49,
+	0xCE, 0xE7, 0x12, 0x4D, 0x9F, 0x7C, 0xBE,
+	0x97, 0xF1, 0xB1, 0xB1, 0x86, 0x3A, 0xEC,
+	0x7B, 0x40, 0xD9, 0x01, 0x57, 0x62, 0x30,
+	0xBD, 0x69, 0xEF, 0x8F, 0x6A, 0xEA, 0xFE,
+	0xB2, 0xB0, 0x92, 0x19, 0xFA, 0x8F, 0xAF,
+	0x83, 0x37, 0x68, 0x42, 0xB1, 0xB2, 0xAA,
+	0x9E, 0xF6, 0x8D, 0x79, 0xDA, 0xAB, 0x89,
+	0xAF, 0x3F, 0xAB, 0xE4, 0x9A, 0xCC, 0x27,
+	0x86, 0x38, 0x70, 0x73, 0x45, 0xBB, 0xF1,
+	0x53, 0x44, 0xED, 0x79, 0xF7, 0xF4, 0x39,
+	0x0E, 0xF8, 0xAC, 0x50, 0x9B, 0x56, 0xF3,
+	0x9A, 0x98, 0x56, 0x65, 0x27, 0xA4, 0x1D,
+	0x3C, 0xBD, 0x5E, 0x05, 0x58, 0xC1, 0x59,
+	0x92, 0x7D, 0xB0, 0xE8, 0x84, 0x54, 0xA5,
+	0xD9, 0x64, 0x71, 0xFD, 0xDC, 0xB5, 0x6D,
+	0x5B, 0xB0, 0x6B, 0xFA, 0x34, 0x0E, 0xA7,
+	0xA1, 0x51, 0xEF, 0x1C, 0xA6, 0xFA, 0x57,
+	0x2B, 0x76, 0xF3, 0xB1, 0xB9, 0x5D, 0x8C,
+	0x85, 0x83, 0xD3, 0xE4, 0x77, 0x05, 0x36,
+	0xB8, 0x4F, 0x01, 0x7E, 0x70, 0xE6, 0xFB,
+	0xF1, 0x76, 0x60, 0x1A, 0x02, 0x66, 0x94,
+	0x1A, 0x17, 0xB0, 0xC8, 0xB9, 0x7F, 0x4E,
+	0x74, 0xC2, 0xC1, 0xFF, 0xC7, 0x27, 0x89,
+	0x19, 0x77, 0x79, 0x40, 0xC1, 0xE1, 0xFF,
+	0x1D, 0x8D, 0xA6, 0x37, 0xD6, 0xB9, 0x9D,
+	0xDA, 0xFE, 0x5E, 0x17, 0x61, 0x10, 0x02,
+	0xE2, 0xC7, 0x78, 0xC1, 0xBE, 0x8B, 0x41,
+	0xD9, 0x63, 0x79, 0xA5, 0x13, 0x60, 0xD9,
+	0x77, 0xFD, 0x44, 0x35, 0xA1, 0x1C, 0x30,
+	0x94, 0x2E, 0x4B, 0xFF, 0xFF, 0xFF, 0xFF,
+	0xFF, 0xFF, 0xFF, 0xFF
+};
+
 const gnutls_datum_t gnutls_ffdhe_2048_group_prime = {
 	(void *) ffdhe_params_2048, sizeof(ffdhe_params_2048)
 };
-
-static const unsigned char ffdhe_generator = 0x02;
-
+const gnutls_datum_t gnutls_ffdhe_2048_group_q = {
+	(void *) ffdhe_q_2048, sizeof(ffdhe_q_2048)
+};
 const gnutls_datum_t gnutls_ffdhe_2048_group_generator = {
 	(void *) &ffdhe_generator, sizeof(ffdhe_generator)
 };
@@ -136,13 +178,73 @@ static const unsigned char ffdhe_params_
 	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
 };
 
-const gnutls_datum_t gnutls_ffdhe_3072_group_generator = {
-	(void *) &ffdhe_generator, sizeof(ffdhe_generator)
+static const unsigned char ffdhe_q_3072[] = {
+	0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+	0xFF, 0xD6, 0xFC, 0x2A, 0x2C, 0x51, 0x5D,
+	0xA5, 0x4D, 0x57, 0xEE, 0x2B, 0x10, 0x13,
+	0x9E, 0x9E, 0x78, 0xEC, 0x5C, 0xE2, 0xC1,
+	0xE7, 0x16, 0x9B, 0x4A, 0xD4, 0xF0, 0x9B,
+	0x20, 0x8A, 0x32, 0x19, 0xFD, 0xE6, 0x49,
+	0xCE, 0xE7, 0x12, 0x4D, 0x9F, 0x7C, 0xBE,
+	0x97, 0xF1, 0xB1, 0xB1, 0x86, 0x3A, 0xEC,
+	0x7B, 0x40, 0xD9, 0x01, 0x57, 0x62, 0x30,
+	0xBD, 0x69, 0xEF, 0x8F, 0x6A, 0xEA, 0xFE,
+	0xB2, 0xB0, 0x92, 0x19, 0xFA, 0x8F, 0xAF,
+	0x83, 0x37, 0x68, 0x42, 0xB1, 0xB2, 0xAA,
+	0x9E, 0xF6, 0x8D, 0x79, 0xDA, 0xAB, 0x89,
+	0xAF, 0x3F, 0xAB, 0xE4, 0x9A, 0xCC, 0x27,
+	0x86, 0x38, 0x70, 0x73, 0x45, 0xBB, 0xF1,
+	0x53, 0x44, 0xED, 0x79, 0xF7, 0xF4, 0x39,
+	0x0E, 0xF8, 0xAC, 0x50, 0x9B, 0x56, 0xF3,
+	0x9A, 0x98, 0x56, 0x65, 0x27, 0xA4, 0x1D,
+	0x3C, 0xBD, 0x5E, 0x05, 0x58, 0xC1, 0x59,
+	0x92, 0x7D, 0xB0, 0xE8, 0x84, 0x54, 0xA5,
+	0xD9, 0x64, 0x71, 0xFD, 0xDC, 0xB5, 0x6D,
+	0x5B, 0xB0, 0x6B, 0xFA, 0x34, 0x0E, 0xA7,
+	0xA1, 0x51, 0xEF, 0x1C, 0xA6, 0xFA, 0x57,
+	0x2B, 0x76, 0xF3, 0xB1, 0xB9, 0x5D, 0x8C,
+	0x85, 0x83, 0xD3, 0xE4, 0x77, 0x05, 0x36,
+	0xB8, 0x4F, 0x01, 0x7E, 0x70, 0xE6, 0xFB,
+	0xF1, 0x76, 0x60, 0x1A, 0x02, 0x66, 0x94,
+	0x1A, 0x17, 0xB0, 0xC8, 0xB9, 0x7F, 0x4E,
+	0x74, 0xC2, 0xC1, 0xFF, 0xC7, 0x27, 0x89,
+	0x19, 0x77, 0x79, 0x40, 0xC1, 0xE1, 0xFF,
+	0x1D, 0x8D, 0xA6, 0x37, 0xD6, 0xB9, 0x9D,
+	0xDA, 0xFE, 0x5E, 0x17, 0x61, 0x10, 0x02,
+	0xE2, 0xC7, 0x78, 0xC1, 0xBE, 0x8B, 0x41,
+	0xD9, 0x63, 0x79, 0xA5, 0x13, 0x60, 0xD9,
+	0x77, 0xFD, 0x44, 0x35, 0xA1, 0x1C, 0x30,
+	0x8F, 0xE7, 0xEE, 0x6F, 0x1A, 0xAD, 0x9D,
+	0xB2, 0x8C, 0x81, 0xAD, 0xDE, 0x1A, 0x7A,
+	0x6F, 0x7C, 0xCE, 0x01, 0x1C, 0x30, 0xDA,
+	0x37, 0xE4, 0xEB, 0x73, 0x64, 0x83, 0xBD,
+	0x6C, 0x8E, 0x93, 0x48, 0xFB, 0xFB, 0xF7,
+	0x2C, 0xC6, 0x58, 0x7D, 0x60, 0xC3, 0x6C,
+	0x8E, 0x57, 0x7F, 0x09, 0x84, 0xC2, 0x89,
+	0xC9, 0x38, 0x5A, 0x09, 0x86, 0x49, 0xDE,
+	0x21, 0xBC, 0xA2, 0x7A, 0x7E, 0xA2, 0x29,
+	0x71, 0x6B, 0xA6, 0xE9, 0xB2, 0x79, 0x71,
+	0x0F, 0x38, 0xFA, 0xA5, 0xFF, 0xAE, 0x57,
+	0x41, 0x55, 0xCE, 0x4E, 0xFB, 0x4F, 0x74,
+	0x36, 0x95, 0xE2, 0x91, 0x1B, 0x1D, 0x06,
+	0xD5, 0xE2, 0x90, 0xCB, 0xCD, 0x86, 0xF5,
+	0x6D, 0x0E, 0xDF, 0xCD, 0x21, 0x6A, 0xE2,
+	0x24, 0x27, 0x05, 0x5E, 0x68, 0x35, 0xFD,
+	0x29, 0xEE, 0xF7, 0x9E, 0x0D, 0x90, 0x77,
+	0x1F, 0xEA, 0xCE, 0xBE, 0x12, 0xF2, 0x0E,
+	0x95, 0xB3, 0x63, 0x17, 0x1B, 0xFF, 0xFF,
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
 };
 
 const gnutls_datum_t gnutls_ffdhe_3072_group_prime = {
 	(void *) ffdhe_params_3072, sizeof(ffdhe_params_3072)
 };
+const gnutls_datum_t gnutls_ffdhe_3072_group_q = {
+	(void *) ffdhe_q_3072, sizeof(ffdhe_q_3072)
+};
+const gnutls_datum_t gnutls_ffdhe_3072_group_generator = {
+	(void *) &ffdhe_generator, sizeof(ffdhe_generator)
+};
 const unsigned int gnutls_ffdhe_3072_key_bits = 276;
 
 static const unsigned char ffdhe_params_4096[] = {
@@ -222,13 +324,92 @@ static const unsigned char ffdhe_params_
 	0xFF
 };
 
-const gnutls_datum_t gnutls_ffdhe_4096_group_generator = {
-	(void *) &ffdhe_generator, sizeof(ffdhe_generator)
+static const unsigned char ffdhe_q_4096[] = {
+	0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+	0xFF, 0xD6, 0xFC, 0x2A, 0x2C, 0x51, 0x5D,
+	0xA5, 0x4D, 0x57, 0xEE, 0x2B, 0x10, 0x13,
+	0x9E, 0x9E, 0x78, 0xEC, 0x5C, 0xE2, 0xC1,
+	0xE7, 0x16, 0x9B, 0x4A, 0xD4, 0xF0, 0x9B,
+	0x20, 0x8A, 0x32, 0x19, 0xFD, 0xE6, 0x49,
+	0xCE, 0xE7, 0x12, 0x4D, 0x9F, 0x7C, 0xBE,
+	0x97, 0xF1, 0xB1, 0xB1, 0x86, 0x3A, 0xEC,
+	0x7B, 0x40, 0xD9, 0x01, 0x57, 0x62, 0x30,
+	0xBD, 0x69, 0xEF, 0x8F, 0x6A, 0xEA, 0xFE,
+	0xB2, 0xB0, 0x92, 0x19, 0xFA, 0x8F, 0xAF,
+	0x83, 0x37, 0x68, 0x42, 0xB1, 0xB2, 0xAA,
+	0x9E, 0xF6, 0x8D, 0x79, 0xDA, 0xAB, 0x89,
+	0xAF, 0x3F, 0xAB, 0xE4, 0x9A, 0xCC, 0x27,
+	0x86, 0x38, 0x70, 0x73, 0x45, 0xBB, 0xF1,
+	0x53, 0x44, 0xED, 0x79, 0xF7, 0xF4, 0x39,
+	0x0E, 0xF8, 0xAC, 0x50, 0x9B, 0x56, 0xF3,
+	0x9A, 0x98, 0x56, 0x65, 0x27, 0xA4, 0x1D,
+	0x3C, 0xBD, 0x5E, 0x05, 0x58, 0xC1, 0x59,
+	0x92, 0x7D, 0xB0, 0xE8, 0x84, 0x54, 0xA5,
+	0xD9, 0x64, 0x71, 0xFD, 0xDC, 0xB5, 0x6D,
+	0x5B, 0xB0, 0x6B, 0xFA, 0x34, 0x0E, 0xA7,
+	0xA1, 0x51, 0xEF, 0x1C, 0xA6, 0xFA, 0x57,
+	0x2B, 0x76, 0xF3, 0xB1, 0xB9, 0x5D, 0x8C,
+	0x85, 0x83, 0xD3, 0xE4, 0x77, 0x05, 0x36,
+	0xB8, 0x4F, 0x01, 0x7E, 0x70, 0xE6, 0xFB,
+	0xF1, 0x76, 0x60, 0x1A, 0x02, 0x66, 0x94,
+	0x1A, 0x17, 0xB0, 0xC8, 0xB9, 0x7F, 0x4E,
+	0x74, 0xC2, 0xC1, 0xFF, 0xC7, 0x27, 0x89,
+	0x19, 0x77, 0x79, 0x40, 0xC1, 0xE1, 0xFF,
+	0x1D, 0x8D, 0xA6, 0x37, 0xD6, 0xB9, 0x9D,
+	0xDA, 0xFE, 0x5E, 0x17, 0x61, 0x10, 0x02,
+	0xE2, 0xC7, 0x78, 0xC1, 0xBE, 0x8B, 0x41,
+	0xD9, 0x63, 0x79, 0xA5, 0x13, 0x60, 0xD9,
+	0x77, 0xFD, 0x44, 0x35, 0xA1, 0x1C, 0x30,
+	0x8F, 0xE7, 0xEE, 0x6F, 0x1A, 0xAD, 0x9D,
+	0xB2, 0x8C, 0x81, 0xAD, 0xDE, 0x1A, 0x7A,
+	0x6F, 0x7C, 0xCE, 0x01, 0x1C, 0x30, 0xDA,
+	0x37, 0xE4, 0xEB, 0x73, 0x64, 0x83, 0xBD,
+	0x6C, 0x8E, 0x93, 0x48, 0xFB, 0xFB, 0xF7,
+	0x2C, 0xC6, 0x58, 0x7D, 0x60, 0xC3, 0x6C,
+	0x8E, 0x57, 0x7F, 0x09, 0x84, 0xC2, 0x89,
+	0xC9, 0x38, 0x5A, 0x09, 0x86, 0x49, 0xDE,
+	0x21, 0xBC, 0xA2, 0x7A, 0x7E, 0xA2, 0x29,
+	0x71, 0x6B, 0xA6, 0xE9, 0xB2, 0x79, 0x71,
+	0x0F, 0x38, 0xFA, 0xA5, 0xFF, 0xAE, 0x57,
+	0x41, 0x55, 0xCE, 0x4E, 0xFB, 0x4F, 0x74,
+	0x36, 0x95, 0xE2, 0x91, 0x1B, 0x1D, 0x06,
+	0xD5, 0xE2, 0x90, 0xCB, 0xCD, 0x86, 0xF5,
+	0x6D, 0x0E, 0xDF, 0xCD, 0x21, 0x6A, 0xE2,
+	0x24, 0x27, 0x05, 0x5E, 0x68, 0x35, 0xFD,
+	0x29, 0xEE, 0xF7, 0x9E, 0x0D, 0x90, 0x77,
+	0x1F, 0xEA, 0xCE, 0xBE, 0x12, 0xF2, 0x0E,
+	0x95, 0xB3, 0x4F, 0x0F, 0x78, 0xB7, 0x37,
+	0xA9, 0x61, 0x8B, 0x26, 0xFA, 0x7D, 0xBC,
+	0x98, 0x74, 0xF2, 0x72, 0xC4, 0x2B, 0xDB,
+	0x56, 0x3E, 0xAF, 0xA1, 0x6B, 0x4F, 0xB6,
+	0x8C, 0x3B, 0xB1, 0xE7, 0x8E, 0xAA, 0x81,
+	0xA0, 0x02, 0x43, 0xFA, 0xAD, 0xD2, 0xBF,
+	0x18, 0xE6, 0x3D, 0x38, 0x9A, 0xE4, 0x43,
+	0x77, 0xDA, 0x18, 0xC5, 0x76, 0xB5, 0x0F,
+	0x00, 0x96, 0xCF, 0x34, 0x19, 0x54, 0x83,
+	0xB0, 0x05, 0x48, 0xC0, 0x98, 0x62, 0x36,
+	0xE3, 0xBC, 0x7C, 0xB8, 0xD6, 0x80, 0x1C,
+	0x04, 0x94, 0xCC, 0xD1, 0x99, 0xE5, 0xC5,
+	0xBD, 0x0D, 0x0E, 0xDC, 0x9E, 0xB8, 0xA0,
+	0x00, 0x1E, 0x15, 0x27, 0x67, 0x54, 0xFC,
+	0xC6, 0x85, 0x66, 0x05, 0x41, 0x48, 0xE6,
+	0xE7, 0x64, 0xBE, 0xE7, 0xC7, 0x64, 0xDA,
+	0xAD, 0x3F, 0xC4, 0x52, 0x35, 0xA6, 0xDA,
+	0xD4, 0x28, 0xFA, 0x20, 0xC1, 0x70, 0xE3,
+	0x45, 0x00, 0x3F, 0x2F, 0x32, 0xAF, 0xB5,
+	0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+	0xFF
 };
 
 const gnutls_datum_t gnutls_ffdhe_4096_group_prime = {
 	(void *) ffdhe_params_4096, sizeof(ffdhe_params_4096)
 };
+const gnutls_datum_t gnutls_ffdhe_4096_group_q = {
+	(void *) ffdhe_q_4096, sizeof(ffdhe_q_4096)
+};
+const gnutls_datum_t gnutls_ffdhe_4096_group_generator = {
+	(void *) &ffdhe_generator, sizeof(ffdhe_generator)
+};
 const unsigned int gnutls_ffdhe_4096_key_bits = 336;
 
 static const unsigned char ffdhe_params_6144[] = {
@@ -344,10 +525,125 @@ static const unsigned char ffdhe_params_
 	0xFF, 0xFF, 0xFF, 0xFF, 0xFF
 };
 
+static const unsigned char ffdhe_q_6144[] = {
+	0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+	0xFF, 0xD6, 0xFC, 0x2A, 0x2C, 0x51, 0x5D,
+	0xA5, 0x4D, 0x57, 0xEE, 0x2B, 0x10, 0x13,
+	0x9E, 0x9E, 0x78, 0xEC, 0x5C, 0xE2, 0xC1,
+	0xE7, 0x16, 0x9B, 0x4A, 0xD4, 0xF0, 0x9B,
+	0x20, 0x8A, 0x32, 0x19, 0xFD, 0xE6, 0x49,
+	0xCE, 0xE7, 0x12, 0x4D, 0x9F, 0x7C, 0xBE,
+	0x97, 0xF1, 0xB1, 0xB1, 0x86, 0x3A, 0xEC,
+	0x7B, 0x40, 0xD9, 0x01, 0x57, 0x62, 0x30,
+	0xBD, 0x69, 0xEF, 0x8F, 0x6A, 0xEA, 0xFE,
+	0xB2, 0xB0, 0x92, 0x19, 0xFA, 0x8F, 0xAF,
+	0x83, 0x37, 0x68, 0x42, 0xB1, 0xB2, 0xAA,
+	0x9E, 0xF6, 0x8D, 0x79, 0xDA, 0xAB, 0x89,
+	0xAF, 0x3F, 0xAB, 0xE4, 0x9A, 0xCC, 0x27,
+	0x86, 0x38, 0x70, 0x73, 0x45, 0xBB, 0xF1,
+	0x53, 0x44, 0xED, 0x79, 0xF7, 0xF4, 0x39,
+	0x0E, 0xF8, 0xAC, 0x50, 0x9B, 0x56, 0xF3,
+	0x9A, 0x98, 0x56, 0x65, 0x27, 0xA4, 0x1D,
+	0x3C, 0xBD, 0x5E, 0x05, 0x58, 0xC1, 0x59,
+	0x92, 0x7D, 0xB0, 0xE8, 0x84, 0x54, 0xA5,
+	0xD9, 0x64, 0x71, 0xFD, 0xDC, 0xB5, 0x6D,
+	0x5B, 0xB0, 0x6B, 0xFA, 0x34, 0x0E, 0xA7,
+	0xA1, 0x51, 0xEF, 0x1C, 0xA6, 0xFA, 0x57,
+	0x2B, 0x76, 0xF3, 0xB1, 0xB9, 0x5D, 0x8C,
+	0x85, 0x83, 0xD3, 0xE4, 0x77, 0x05, 0x36,
+	0xB8, 0x4F, 0x01, 0x7E, 0x70, 0xE6, 0xFB,
+	0xF1, 0x76, 0x60, 0x1A, 0x02, 0x66, 0x94,
+	0x1A, 0x17, 0xB0, 0xC8, 0xB9, 0x7F, 0x4E,
+	0x74, 0xC2, 0xC1, 0xFF, 0xC7, 0x27, 0x89,
+	0x19, 0x77, 0x79, 0x40, 0xC1, 0xE1, 0xFF,
+	0x1D, 0x8D, 0xA6, 0x37, 0xD6, 0xB9, 0x9D,
+	0xDA, 0xFE, 0x5E, 0x17, 0x61, 0x10, 0x02,
+	0xE2, 0xC7, 0x78, 0xC1, 0xBE, 0x8B, 0x41,
+	0xD9, 0x63, 0x79, 0xA5, 0x13, 0x60, 0xD9,
+	0x77, 0xFD, 0x44, 0x35, 0xA1, 0x1C, 0x30,
+	0x8F, 0xE7, 0xEE, 0x6F, 0x1A, 0xAD, 0x9D,
+	0xB2, 0x8C, 0x81, 0xAD, 0xDE, 0x1A, 0x7A,
+	0x6F, 0x7C, 0xCE, 0x01, 0x1C, 0x30, 0xDA,
+	0x37, 0xE4, 0xEB, 0x73, 0x64, 0x83, 0xBD,
+	0x6C, 0x8E, 0x93, 0x48, 0xFB, 0xFB, 0xF7,
+	0x2C, 0xC6, 0x58, 0x7D, 0x60, 0xC3, 0x6C,
+	0x8E, 0x57, 0x7F, 0x09, 0x84, 0xC2, 0x89,
+	0xC9, 0x38, 0x5A, 0x09, 0x86, 0x49, 0xDE,
+	0x21, 0xBC, 0xA2, 0x7A, 0x7E, 0xA2, 0x29,
+	0x71, 0x6B, 0xA6, 0xE9, 0xB2, 0x79, 0x71,
+	0x0F, 0x38, 0xFA, 0xA5, 0xFF, 0xAE, 0x57,
+	0x41, 0x55, 0xCE, 0x4E, 0xFB, 0x4F, 0x74,
+	0x36, 0x95, 0xE2, 0x91, 0x1B, 0x1D, 0x06,
+	0xD5, 0xE2, 0x90, 0xCB, 0xCD, 0x86, 0xF5,
+	0x6D, 0x0E, 0xDF, 0xCD, 0x21, 0x6A, 0xE2,
+	0x24, 0x27, 0x05, 0x5E, 0x68, 0x35, 0xFD,
+	0x29, 0xEE, 0xF7, 0x9E, 0x0D, 0x90, 0x77,
+	0x1F, 0xEA, 0xCE, 0xBE, 0x12, 0xF2, 0x0E,
+	0x95, 0xB3, 0x4F, 0x0F, 0x78, 0xB7, 0x37,
+	0xA9, 0x61, 0x8B, 0x26, 0xFA, 0x7D, 0xBC,
+	0x98, 0x74, 0xF2, 0x72, 0xC4, 0x2B, 0xDB,
+	0x56, 0x3E, 0xAF, 0xA1, 0x6B, 0x4F, 0xB6,
+	0x8C, 0x3B, 0xB1, 0xE7, 0x8E, 0xAA, 0x81,
+	0xA0, 0x02, 0x43, 0xFA, 0xAD, 0xD2, 0xBF,
+	0x18, 0xE6, 0x3D, 0x38, 0x9A, 0xE4, 0x43,
+	0x77, 0xDA, 0x18, 0xC5, 0x76, 0xB5, 0x0F,
+	0x00, 0x96, 0xCF, 0x34, 0x19, 0x54, 0x83,
+	0xB0, 0x05, 0x48, 0xC0, 0x98, 0x62, 0x36,
+	0xE3, 0xBC, 0x7C, 0xB8, 0xD6, 0x80, 0x1C,
+	0x04, 0x94, 0xCC, 0xD1, 0x99, 0xE5, 0xC5,
+	0xBD, 0x0D, 0x0E, 0xDC, 0x9E, 0xB8, 0xA0,
+	0x00, 0x1E, 0x15, 0x27, 0x67, 0x54, 0xFC,
+	0xC6, 0x85, 0x66, 0x05, 0x41, 0x48, 0xE6,
+	0xE7, 0x64, 0xBE, 0xE7, 0xC7, 0x64, 0xDA,
+	0xAD, 0x3F, 0xC4, 0x52, 0x35, 0xA6, 0xDA,
+	0xD4, 0x28, 0xFA, 0x20, 0xC1, 0x70, 0xE3,
+	0x45, 0x00, 0x3F, 0x2F, 0x06, 0xEC, 0x81,
+	0x05, 0xFE, 0xB2, 0x5B, 0x22, 0x81, 0xB6,
+	0x3D, 0x27, 0x33, 0xBE, 0x96, 0x1C, 0x29,
+	0x95, 0x1D, 0x11, 0xDD, 0x22, 0x21, 0x65,
+	0x7A, 0x9F, 0x53, 0x1D, 0xDA, 0x2A, 0x19,
+	0x4D, 0xBB, 0x12, 0x64, 0x48, 0xBD, 0xEE,
+	0xB2, 0x58, 0xE0, 0x7E, 0xA6, 0x59, 0xC7,
+	0x46, 0x19, 0xA6, 0x38, 0x0E, 0x1D, 0x66,
+	0xD6, 0x83, 0x2B, 0xFE, 0x67, 0xF6, 0x38,
+	0xCD, 0x8F, 0xAE, 0x1F, 0x27, 0x23, 0x02,
+	0x0F, 0x9C, 0x40, 0xA3, 0xFD, 0xA6, 0x7E,
+	0xDA, 0x3B, 0xD2, 0x92, 0x38, 0xFB, 0xD4,
+	0xD4, 0xB4, 0x88, 0x5C, 0x2A, 0x99, 0x17,
+	0x6D, 0xB1, 0xA0, 0x6C, 0x50, 0x07, 0x78,
+	0x49, 0x1A, 0x82, 0x88, 0xF1, 0x85, 0x5F,
+	0x60, 0xFF, 0xFC, 0xF1, 0xD1, 0x37, 0x3F,
+	0xD9, 0x4F, 0xC6, 0x0C, 0x18, 0x11, 0xE1,
+	0xAC, 0x3F, 0x1C, 0x6D, 0x00, 0x3B, 0xEC,
+	0xDA, 0x3B, 0x1F, 0x27, 0x25, 0xCA, 0x59,
+	0x5D, 0xE0, 0xCA, 0x63, 0x32, 0x8F, 0x3B,
+	0xE5, 0x7C, 0xC9, 0x77, 0x55, 0x60, 0x11,
+	0x95, 0x14, 0x0D, 0xFB, 0x59, 0xD3, 0x9C,
+	0xE0, 0x91, 0x30, 0x8B, 0x41, 0x05, 0x74,
+	0x6D, 0xAC, 0x23, 0xD3, 0x3E, 0x5F, 0x7C,
+	0xE4, 0x84, 0x8D, 0xA3, 0x16, 0xA9, 0xC6,
+	0x6B, 0x95, 0x81, 0xBA, 0x35, 0x73, 0xBF,
+	0xAF, 0x31, 0x14, 0x96, 0x18, 0x8A, 0xB1,
+	0x54, 0x23, 0x28, 0x2E, 0xE4, 0x16, 0xDC,
+	0x2A, 0x19, 0xC5, 0x72, 0x4F, 0xA9, 0x1A,
+	0xE4, 0xAD, 0xC8, 0x8B, 0xC6, 0x67, 0x96,
+	0xEA, 0xE5, 0x67, 0x7A, 0x01, 0xF6, 0x4E,
+	0x8C, 0x08, 0x63, 0x13, 0x95, 0x82, 0x2D,
+	0x9D, 0xB8, 0xFC, 0xEE, 0x35, 0xC0, 0x6B,
+	0x1F, 0xEE, 0xA5, 0x47, 0x4D, 0x6D, 0x8F,
+	0x34, 0xB1, 0x53, 0x4A, 0x93, 0x6A, 0x18,
+	0xB0, 0xE0, 0xD2, 0x0E, 0xAB, 0x86, 0xBC,
+	0x9C, 0x6D, 0x6A, 0x52, 0x07, 0x19, 0x4E,
+	0x68, 0x72, 0x07, 0x32, 0xFF, 0xFF, 0xFF,
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF
+};
+
 const gnutls_datum_t gnutls_ffdhe_6144_group_prime = {
 	(void *) ffdhe_params_6144, sizeof(ffdhe_params_6144)
 };
-
+const gnutls_datum_t gnutls_ffdhe_6144_group_q = {
+	(void *) ffdhe_q_6144, sizeof(ffdhe_q_6144)
+};
 const gnutls_datum_t gnutls_ffdhe_6144_group_generator = {
 	(void *) &ffdhe_generator, sizeof(ffdhe_generator)
 };
@@ -503,13 +799,165 @@ static const unsigned char ffdhe_params_
 	0xFF, 0xFF
 };
 
-const gnutls_datum_t gnutls_ffdhe_8192_group_generator = {
-	(void *) &ffdhe_generator, sizeof(ffdhe_generator)
+static const unsigned char ffdhe_q_8192[] = {
+	0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+	0xFF, 0xD6, 0xFC, 0x2A, 0x2C, 0x51, 0x5D,
+	0xA5, 0x4D, 0x57, 0xEE, 0x2B, 0x10, 0x13,
+	0x9E, 0x9E, 0x78, 0xEC, 0x5C, 0xE2, 0xC1,
+	0xE7, 0x16, 0x9B, 0x4A, 0xD4, 0xF0, 0x9B,
+	0x20, 0x8A, 0x32, 0x19, 0xFD, 0xE6, 0x49,
+	0xCE, 0xE7, 0x12, 0x4D, 0x9F, 0x7C, 0xBE,
+	0x97, 0xF1, 0xB1, 0xB1, 0x86, 0x3A, 0xEC,
+	0x7B, 0x40, 0xD9, 0x01, 0x57, 0x62, 0x30,
+	0xBD, 0x69, 0xEF, 0x8F, 0x6A, 0xEA, 0xFE,
+	0xB2, 0xB0, 0x92, 0x19, 0xFA, 0x8F, 0xAF,
+	0x83, 0x37, 0x68, 0x42, 0xB1, 0xB2, 0xAA,
+	0x9E, 0xF6, 0x8D, 0x79, 0xDA, 0xAB, 0x89,
+	0xAF, 0x3F, 0xAB, 0xE4, 0x9A, 0xCC, 0x27,
+	0x86, 0x38, 0x70, 0x73, 0x45, 0xBB, 0xF1,
+	0x53, 0x44, 0xED, 0x79, 0xF7, 0xF4, 0x39,
+	0x0E, 0xF8, 0xAC, 0x50, 0x9B, 0x56, 0xF3,
+	0x9A, 0x98, 0x56, 0x65, 0x27, 0xA4, 0x1D,
+	0x3C, 0xBD, 0x5E, 0x05, 0x58, 0xC1, 0x59,
+	0x92, 0x7D, 0xB0, 0xE8, 0x84, 0x54, 0xA5,
+	0xD9, 0x64, 0x71, 0xFD, 0xDC, 0xB5, 0x6D,
+	0x5B, 0xB0, 0x6B, 0xFA, 0x34, 0x0E, 0xA7,
+	0xA1, 0x51, 0xEF, 0x1C, 0xA6, 0xFA, 0x57,
+	0x2B, 0x76, 0xF3, 0xB1, 0xB9, 0x5D, 0x8C,
+	0x85, 0x83, 0xD3, 0xE4, 0x77, 0x05, 0x36,
+	0xB8, 0x4F, 0x01, 0x7E, 0x70, 0xE6, 0xFB,
+	0xF1, 0x76, 0x60, 0x1A, 0x02, 0x66, 0x94,
+	0x1A, 0x17, 0xB0, 0xC8, 0xB9, 0x7F, 0x4E,
+	0x74, 0xC2, 0xC1, 0xFF, 0xC7, 0x27, 0x89,
+	0x19, 0x77, 0x79, 0x40, 0xC1, 0xE1, 0xFF,
+	0x1D, 0x8D, 0xA6, 0x37, 0xD6, 0xB9, 0x9D,
+	0xDA, 0xFE, 0x5E, 0x17, 0x61, 0x10, 0x02,
+	0xE2, 0xC7, 0x78, 0xC1, 0xBE, 0x8B, 0x41,
+	0xD9, 0x63, 0x79, 0xA5, 0x13, 0x60, 0xD9,
+	0x77, 0xFD, 0x44, 0x35, 0xA1, 0x1C, 0x30,
+	0x8F, 0xE7, 0xEE, 0x6F, 0x1A, 0xAD, 0x9D,
+	0xB2, 0x8C, 0x81, 0xAD, 0xDE, 0x1A, 0x7A,
+	0x6F, 0x7C, 0xCE, 0x01, 0x1C, 0x30, 0xDA,
+	0x37, 0xE4, 0xEB, 0x73, 0x64, 0x83, 0xBD,
+	0x6C, 0x8E, 0x93, 0x48, 0xFB, 0xFB, 0xF7,
+	0x2C, 0xC6, 0x58, 0x7D, 0x60, 0xC3, 0x6C,
+	0x8E, 0x57, 0x7F, 0x09, 0x84, 0xC2, 0x89,
+	0xC9, 0x38, 0x5A, 0x09, 0x86, 0x49, 0xDE,
+	0x21, 0xBC, 0xA2, 0x7A, 0x7E, 0xA2, 0x29,
+	0x71, 0x6B, 0xA6, 0xE9, 0xB2, 0x79, 0x71,
+	0x0F, 0x38, 0xFA, 0xA5, 0xFF, 0xAE, 0x57,
+	0x41, 0x55, 0xCE, 0x4E, 0xFB, 0x4F, 0x74,
+	0x36, 0x95, 0xE2, 0x91, 0x1B, 0x1D, 0x06,
+	0xD5, 0xE2, 0x90, 0xCB, 0xCD, 0x86, 0xF5,
+	0x6D, 0x0E, 0xDF, 0xCD, 0x21, 0x6A, 0xE2,
+	0x24, 0x27, 0x05, 0x5E, 0x68, 0x35, 0xFD,
+	0x29, 0xEE, 0xF7, 0x9E, 0x0D, 0x90, 0x77,
+	0x1F, 0xEA, 0xCE, 0xBE, 0x12, 0xF2, 0x0E,
+	0x95, 0xB3, 0x4F, 0x0F, 0x78, 0xB7, 0x37,
+	0xA9, 0x61, 0x8B, 0x26, 0xFA, 0x7D, 0xBC,
+	0x98, 0x74, 0xF2, 0x72, 0xC4, 0x2B, 0xDB,
+	0x56, 0x3E, 0xAF, 0xA1, 0x6B, 0x4F, 0xB6,
+	0x8C, 0x3B, 0xB1, 0xE7, 0x8E, 0xAA, 0x81,
+	0xA0, 0x02, 0x43, 0xFA, 0xAD, 0xD2, 0xBF,
+	0x18, 0xE6, 0x3D, 0x38, 0x9A, 0xE4, 0x43,
+	0x77, 0xDA, 0x18, 0xC5, 0x76, 0xB5, 0x0F,
+	0x00, 0x96, 0xCF, 0x34, 0x19, 0x54, 0x83,
+	0xB0, 0x05, 0x48, 0xC0, 0x98, 0x62, 0x36,
+	0xE3, 0xBC, 0x7C, 0xB8, 0xD6, 0x80, 0x1C,
+	0x04, 0x94, 0xCC, 0xD1, 0x99, 0xE5, 0xC5,
+	0xBD, 0x0D, 0x0E, 0xDC, 0x9E, 0xB8, 0xA0,
+	0x00, 0x1E, 0x15, 0x27, 0x67, 0x54, 0xFC,
+	0xC6, 0x85, 0x66, 0x05, 0x41, 0x48, 0xE6,
+	0xE7, 0x64, 0xBE, 0xE7, 0xC7, 0x64, 0xDA,
+	0xAD, 0x3F, 0xC4, 0x52, 0x35, 0xA6, 0xDA,
+	0xD4, 0x28, 0xFA, 0x20, 0xC1, 0x70, 0xE3,
+	0x45, 0x00, 0x3F, 0x2F, 0x06, 0xEC, 0x81,
+	0x05, 0xFE, 0xB2, 0x5B, 0x22, 0x81, 0xB6,
+	0x3D, 0x27, 0x33, 0xBE, 0x96, 0x1C, 0x29,
+	0x95, 0x1D, 0x11, 0xDD, 0x22, 0x21, 0x65,
+	0x7A, 0x9F, 0x53, 0x1D, 0xDA, 0x2A, 0x19,
+	0x4D, 0xBB, 0x12, 0x64, 0x48, 0xBD, 0xEE,
+	0xB2, 0x58, 0xE0, 0x7E, 0xA6, 0x59, 0xC7,
+	0x46, 0x19, 0xA6, 0x38, 0x0E, 0x1D, 0x66,
+	0xD6, 0x83, 0x2B, 0xFE, 0x67, 0xF6, 0x38,
+	0xCD, 0x8F, 0xAE, 0x1F, 0x27, 0x23, 0x02,
+	0x0F, 0x9C, 0x40, 0xA3, 0xFD, 0xA6, 0x7E,
+	0xDA, 0x3B, 0xD2, 0x92, 0x38, 0xFB, 0xD4,
+	0xD4, 0xB4, 0x88, 0x5C, 0x2A, 0x99, 0x17,
+	0x6D, 0xB1, 0xA0, 0x6C, 0x50, 0x07, 0x78,
+	0x49, 0x1A, 0x82, 0x88, 0xF1, 0x85, 0x5F,
+	0x60, 0xFF, 0xFC, 0xF1, 0xD1, 0x37, 0x3F,
+	0xD9, 0x4F, 0xC6, 0x0C, 0x18, 0x11, 0xE1,
+	0xAC, 0x3F, 0x1C, 0x6D, 0x00, 0x3B, 0xEC,
+	0xDA, 0x3B, 0x1F, 0x27, 0x25, 0xCA, 0x59,
+	0x5D, 0xE0, 0xCA, 0x63, 0x32, 0x8F, 0x3B,
+	0xE5, 0x7C, 0xC9, 0x77, 0x55, 0x60, 0x11,
+	0x95, 0x14, 0x0D, 0xFB, 0x59, 0xD3, 0x9C,
+	0xE0, 0x91, 0x30, 0x8B, 0x41, 0x05, 0x74,
+	0x6D, 0xAC, 0x23, 0xD3, 0x3E, 0x5F, 0x7C,
+	0xE4, 0x84, 0x8D, 0xA3, 0x16, 0xA9, 0xC6,
+	0x6B, 0x95, 0x81, 0xBA, 0x35, 0x73, 0xBF,
+	0xAF, 0x31, 0x14, 0x96, 0x18, 0x8A, 0xB1,
+	0x54, 0x23, 0x28, 0x2E, 0xE4, 0x16, 0xDC,
+	0x2A, 0x19, 0xC5, 0x72, 0x4F, 0xA9, 0x1A,
+	0xE4, 0xAD, 0xC8, 0x8B, 0xC6, 0x67, 0x96,
+	0xEA, 0xE5, 0x67, 0x7A, 0x01, 0xF6, 0x4E,
+	0x8C, 0x08, 0x63, 0x13, 0x95, 0x82, 0x2D,
+	0x9D, 0xB8, 0xFC, 0xEE, 0x35, 0xC0, 0x6B,
+	0x1F, 0xEE, 0xA5, 0x47, 0x4D, 0x6D, 0x8F,
+	0x34, 0xB1, 0x53, 0x4A, 0x93, 0x6A, 0x18,
+	0xB0, 0xE0, 0xD2, 0x0E, 0xAB, 0x86, 0xBC,
+	0x9C, 0x6D, 0x6A, 0x52, 0x07, 0x19, 0x4E,
+	0x67, 0xFA, 0x35, 0x55, 0x1B, 0x56, 0x80,
+	0x26, 0x7B, 0x00, 0x64, 0x1C, 0x0F, 0x21,
+	0x2D, 0x18, 0xEC, 0xA8, 0xD7, 0x32, 0x7E,
+	0xD9, 0x1F, 0xE7, 0x64, 0xA8, 0x4E, 0xA1,
+	0xB4, 0x3F, 0xF5, 0xB4, 0xF6, 0xE8, 0xE6,
+	0x2F, 0x05, 0xC6, 0x61, 0xDE, 0xFB, 0x25,
+	0x88, 0x77, 0xC3, 0x5B, 0x18, 0xA1, 0x51,
+	0xD5, 0xC4, 0x14, 0xAA, 0xAD, 0x97, 0xBA,
+	0x3E, 0x49, 0x93, 0x32, 0xE5, 0x96, 0x07,
+	0x8E, 0x60, 0x0D, 0xEB, 0x81, 0x14, 0x9C,
+	0x44, 0x1C, 0xE9, 0x57, 0x82, 0xF2, 0x2A,
+	0x28, 0x25, 0x63, 0xC5, 0xBA, 0xC1, 0x41,
+	0x14, 0x23, 0x60, 0x5D, 0x1A, 0xE1, 0xAF,
+	0xAE, 0x2C, 0x8B, 0x06, 0x60, 0x23, 0x7E,
+	0xC1, 0x28, 0xAA, 0x0F, 0xE3, 0x46, 0x4E,
+	0x43, 0x58, 0x11, 0x5D, 0xB8, 0x4C, 0xC3,
+	0xB5, 0x23, 0x07, 0x3A, 0x28, 0xD4, 0x54,
+	0x98, 0x84, 0xB8, 0x1F, 0xF7, 0x0E, 0x10,
+	0xBF, 0x36, 0x1C, 0x13, 0x72, 0x96, 0x28,
+	0xD5, 0x34, 0x8F, 0x07, 0x21, 0x1E, 0x7E,
+	0x4C, 0xF4, 0xF1, 0x8B, 0x28, 0x60, 0x90,
+	0xBD, 0xB1, 0x24, 0x0B, 0x66, 0xD6, 0xCD,
+	0x4A, 0xFC, 0xEA, 0xDC, 0x00, 0xCA, 0x44,
+	0x6C, 0xE0, 0x50, 0x50, 0xFF, 0x18, 0x3A,
+	0xD2, 0xBB, 0xF1, 0x18, 0xC1, 0xFC, 0x0E,
+	0xA5, 0x1F, 0x97, 0xD2, 0x2B, 0x8F, 0x7E,
+	0x46, 0x70, 0x5D, 0x45, 0x27, 0xF4, 0x5B,
+	0x42, 0xAE, 0xFF, 0x39, 0x58, 0x53, 0x37,
+	0x6F, 0x69, 0x7D, 0xD5, 0xFD, 0xF2, 0xC5,
+	0x18, 0x7D, 0x7D, 0x5F, 0x0E, 0x2E, 0xB8,
+	0xD4, 0x3F, 0x17, 0xBA, 0x0F, 0x7C, 0x60,
+	0xFF, 0x43, 0x7F, 0x53, 0x5D, 0xFE, 0xF2,
+	0x98, 0x33, 0xBF, 0x86, 0xCB, 0xE8, 0x8E,
+	0xA4, 0xFB, 0xD4, 0x22, 0x1E, 0x84, 0x11,
+	0x72, 0x83, 0x54, 0xFA, 0x30, 0xA7, 0x00,
+	0x8F, 0x15, 0x4A, 0x41, 0xC7, 0xFC, 0x46,
+	0x6B, 0x46, 0x45, 0xDB, 0xE2, 0xE3, 0x21,
+	0x26, 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+	0xFF, 0xFF
 };
 
 const gnutls_datum_t gnutls_ffdhe_8192_group_prime = {
 	(void *) ffdhe_params_8192, sizeof(ffdhe_params_8192)
 };
+const gnutls_datum_t gnutls_ffdhe_8192_group_q = {
+	(void *) ffdhe_q_8192, sizeof(ffdhe_q_8192)
+};
+const gnutls_datum_t gnutls_ffdhe_8192_group_generator = {
+	(void *) &ffdhe_generator, sizeof(ffdhe_generator)
+};
 const unsigned int gnutls_ffdhe_8192_key_bits = 512;
 
 #endif
Index: gnutls-3.6.7/lib/dh.c
===================================================================
--- gnutls-3.6.7.orig/lib/dh.c	2020-09-03 15:20:32.803924472 +0200
+++ gnutls-3.6.7/lib/dh.c	2020-09-03 15:20:34.019932137 +0200
@@ -224,25 +224,14 @@ int
 gnutls_dh_params_import_dsa(gnutls_dh_params_t dh_params, gnutls_x509_privkey_t key)
 {
 	gnutls_datum_t p, g, q;
-	bigint_t tmp_q;
 	int ret;
 
 	ret = gnutls_x509_privkey_export_dsa_raw(key, &p, &q, &g, NULL, NULL);
 	if (ret < 0)
 		return gnutls_assert_val(ret);
 
-	ret = _gnutls_mpi_init_scan_nz(&tmp_q, q.data, q.size);
-	if (ret < 0) {
-		gnutls_assert();
-		ret = GNUTLS_E_MPI_SCAN_FAILED;
-		goto cleanup;
-	}
-
-	ret = gnutls_dh_params_import_raw2(dh_params, &p, &g, _gnutls_mpi_get_nbits(tmp_q));
+	ret = gnutls_dh_params_import_raw3(dh_params, &p, &q, &g);
 
-	_gnutls_mpi_release(&tmp_q);
-
- cleanup:
 	gnutls_free(p.data);
 	gnutls_free(g.data);
 	gnutls_free(q.data);
@@ -296,6 +285,64 @@ gnutls_dh_params_import_raw2(gnutls_dh_p
 }
 
 /**
+ * gnutls_dh_params_import_raw3:
+ * @dh_params: The parameters
+ * @prime: holds the new prime
+ * @q: holds the subgroup if available, otherwise NULL
+ * @generator: holds the new generator
+ *
+ * This function will replace the pair of prime and generator for use
+ * in the Diffie-Hellman key exchange.  The new parameters should be
+ * stored in the appropriate gnutls_datum.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned,
+ *   otherwise a negative error code is returned.
+ **/
+int
+gnutls_dh_params_import_raw3(gnutls_dh_params_t dh_params,
+			     const gnutls_datum_t * prime,
+			     const gnutls_datum_t * q,
+			     const gnutls_datum_t * generator)
+{
+	bigint_t tmp_p, tmp_g, tmp_q = NULL;
+
+	if (_gnutls_mpi_init_scan_nz(&tmp_p, prime->data, prime->size)) {
+		gnutls_assert();
+		return GNUTLS_E_MPI_SCAN_FAILED;
+	}
+
+	if (_gnutls_mpi_init_scan_nz(&tmp_g, generator->data,
+				     generator->size)) {
+		_gnutls_mpi_release(&tmp_p);
+		gnutls_assert();
+		return GNUTLS_E_MPI_SCAN_FAILED;
+	}
+
+	if (q) {
+		if (_gnutls_mpi_init_scan_nz(&tmp_q, q->data, q->size)) {
+			_gnutls_mpi_release(&tmp_p);
+			_gnutls_mpi_release(&tmp_g);
+			gnutls_assert();
+			return GNUTLS_E_MPI_SCAN_FAILED;
+		}
+	} else if (_gnutls_fips_mode_enabled()) {
+		/* Mandatory in FIPS mode */
+		gnutls_assert();
+		return GNUTLS_E_DH_PRIME_UNACCEPTABLE;
+	}
+
+	/* store the generated values
+	 */
+	dh_params->params[0] = tmp_p;
+	dh_params->params[1] = tmp_g;
+	dh_params->params[2] = tmp_q;
+	if (tmp_q)
+		dh_params->q_bits = _gnutls_mpi_get_nbits(tmp_q);
+
+	return 0;
+}
+
+/**
  * gnutls_dh_params_init:
  * @dh_params: The parameters
  *
@@ -330,6 +377,7 @@ void gnutls_dh_params_deinit(gnutls_dh_p
 
 	_gnutls_mpi_release(&dh_params->params[0]);
 	_gnutls_mpi_release(&dh_params->params[1]);
+	_gnutls_mpi_release(&dh_params->params[2]);
 
 	gnutls_free(dh_params);
 
@@ -353,6 +401,8 @@ int gnutls_dh_params_cpy(gnutls_dh_param
 
 	dst->params[0] = _gnutls_mpi_copy(src->params[0]);
 	dst->params[1] = _gnutls_mpi_copy(src->params[1]);
+	if (src->params[2])
+		dst->params[2] = _gnutls_mpi_copy(src->params[2]);
 	dst->q_bits = src->q_bits;
 
 	if (dst->params[0] == NULL || dst->params[1] == NULL)
Index: gnutls-3.6.7/lib/gnutls_int.h
===================================================================
--- gnutls-3.6.7.orig/lib/gnutls_int.h	2020-09-03 15:20:32.803924472 +0200
+++ gnutls-3.6.7/lib/gnutls_int.h	2020-09-03 15:20:34.019932137 +0200
@@ -997,9 +997,9 @@ struct gnutls_priority_st {
 /* DH and RSA parameters types.
  */
 typedef struct gnutls_dh_params_int {
-	/* [0] is the prime, [1] is the generator.
+	/* [0] is the prime, [1] is the generator, [2] is Q if available.
 	 */
-	bigint_t params[2];
+	bigint_t params[3];
 	int q_bits;		/* length of q in bits. If zero then length is unknown.
 				 */
 } dh_params_st;
Index: gnutls-3.6.7/lib/includes/gnutls/gnutls.h.in
===================================================================
--- gnutls-3.6.7.orig/lib/includes/gnutls/gnutls.h.in	2020-09-03 15:20:32.803924472 +0200
+++ gnutls-3.6.7/lib/includes/gnutls/gnutls.h.in	2020-09-03 15:20:34.019932137 +0200
@@ -2234,6 +2234,10 @@ int gnutls_dh_params_import_raw2(gnutls_
 				 const gnutls_datum_t * prime,
 				 const gnutls_datum_t * generator,
 				 unsigned key_bits);
+int gnutls_dh_params_import_raw3(gnutls_dh_params_t dh_params,
+				 const gnutls_datum_t * prime,
+				 const gnutls_datum_t * q,
+				 const gnutls_datum_t * generator);
 int gnutls_dh_params_import_pkcs3(gnutls_dh_params_t params,
 				  const gnutls_datum_t * pkcs3_params,
 				  gnutls_x509_crt_fmt_t format);
@@ -2406,22 +2410,27 @@ extern _SYM_EXPORT const gnutls_datum_t
  */
 
 extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_8192_group_prime;
+extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_8192_group_q;
 extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_8192_group_generator;
 extern _SYM_EXPORT const unsigned int gnutls_ffdhe_8192_key_bits;
 
 extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_6144_group_prime;
+extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_6144_group_q;
 extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_6144_group_generator;
 extern _SYM_EXPORT const unsigned int gnutls_ffdhe_6144_key_bits;
 
 extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_4096_group_prime;
+extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_4096_group_q;
 extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_4096_group_generator;
 extern _SYM_EXPORT const unsigned int gnutls_ffdhe_4096_key_bits;
 
 extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_3072_group_prime;
+extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_3072_group_q;
 extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_3072_group_generator;
 extern _SYM_EXPORT const unsigned int gnutls_ffdhe_3072_key_bits;
 
 extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_2048_group_prime;
+extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_2048_group_q;
 extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_2048_group_generator;
 extern _SYM_EXPORT const unsigned int gnutls_ffdhe_2048_key_bits;
 
Index: gnutls-3.6.7/lib/libgnutls.map
===================================================================
--- gnutls-3.6.7.orig/lib/libgnutls.map	2020-09-03 15:20:34.019932137 +0200
+++ gnutls-3.6.7/lib/libgnutls.map	2020-09-03 15:21:44.356375627 +0200
@@ -1271,6 +1271,12 @@ GNUTLS_3_6_6
 	gnutls_certificate_set_rawpk_key_file;
 	gnutls_pcert_import_rawpk;
 	gnutls_pcert_import_rawpk_raw;
+	gnutls_dh_params_import_raw3;
+	gnutls_ffdhe_2048_group_q;
+	gnutls_ffdhe_3072_group_q;
+	gnutls_ffdhe_4096_group_q;
+	gnutls_ffdhe_6144_group_q;
+	gnutls_ffdhe_8192_group_q;
 } GNUTLS_3_6_5;
 
 GNUTLS_FIPS140_3_4 {
Index: gnutls-3.6.7/lib/nettle/pk.c
===================================================================
--- gnutls-3.6.7.orig/lib/nettle/pk.c	2020-09-03 15:20:32.847924749 +0200
+++ gnutls-3.6.7/lib/nettle/pk.c	2020-09-03 15:20:34.023932162 +0200
@@ -1533,6 +1533,8 @@ int _gnutls_dh_compute_key(gnutls_dh_par
 
 	priv.params[DH_P] = _gnutls_mpi_copy(dh_params->params[0]);
 	priv.params[DH_G] = _gnutls_mpi_copy(dh_params->params[1]);
+	if (dh_params->params[2])
+		priv.params[DH_Q] = _gnutls_mpi_copy(dh_params->params[2]);
 
 	if (_gnutls_mpi_init_scan_nz
 		    (&priv.params[DH_X], priv_key->data,
@@ -1542,7 +1544,7 @@ int _gnutls_dh_compute_key(gnutls_dh_par
 		goto cleanup;
 	}
 
-	priv.params_nr = 3; /* include empty q */
+	priv.params_nr = 3; /* include, possibly empty, q */
 	priv.algo = GNUTLS_PK_DH;
 
 	Z->data = NULL;
Index: gnutls-3.6.7/tests/dh-compute.c
===================================================================
--- gnutls-3.6.7.orig/tests/dh-compute.c	2020-09-03 15:20:32.847924749 +0200
+++ gnutls-3.6.7/tests/dh-compute.c	2020-09-03 15:20:34.023932162 +0200
@@ -41,8 +41,8 @@ int _gnutls_dh_compute_key(gnutls_dh_par
 			   const gnutls_datum_t *pub_key,
 			   const gnutls_datum_t *peer_key, gnutls_datum_t *Z);
 
-static void params(gnutls_dh_params_t *dh_params, unsigned int key_bits,
-		   const gnutls_datum_t *p, const gnutls_datum_t *g)
+static void params(gnutls_dh_params_t *dh_params, const gnutls_datum_t *p,
+		   const gnutls_datum_t *q, const gnutls_datum_t *g)
 {
 	int ret;
 
@@ -50,7 +50,7 @@ static void params(gnutls_dh_params_t *d
 	if (ret != 0)
 		fail("error\n");
 
-	ret = gnutls_dh_params_import_raw2(*dh_params, p, g, key_bits);
+	ret = gnutls_dh_params_import_raw3(*dh_params, p, q, g);
 	if (ret != 0)
 		fail("error\n");
 }
@@ -65,32 +65,33 @@ static void genkey(gnutls_dh_params_t *d
 		fail("error\n");
 }
 
-static void compute_key(gnutls_dh_params_t *dh_params,
+static void compute_key(const char *name, gnutls_dh_params_t *dh_params,
 			gnutls_datum_t *priv_key, gnutls_datum_t *pub_key,
 			const gnutls_datum_t *peer_key, int expect_error,
 			gnutls_datum_t *result, bool expect_success)
 {
-	gnutls_datum_t Z;
+	gnutls_datum_t Z = { 0 };
 	bool success;
 	int ret;
 
 	ret = _gnutls_dh_compute_key(*dh_params, priv_key, pub_key,
 				     peer_key, &Z);
 	if (expect_error != ret)
-		fail("error (%d)\n", ret);
+		fail("%s: error %d (expected %d)\n", name, ret, expect_error);
 
 	if (result) {
 		success = (Z.size != result->size &&
 			   memcmp(Z.data, result->data, Z.size));
 		if (success != expect_success)
-			fail("error\n");
+			fail("%s: failed to match result\n", name);
 	}
 	gnutls_free(Z.data);
 }
 
 struct dh_test_data {
-	const unsigned int key_size;
+	const char *name;
 	const gnutls_datum_t prime;
+	const gnutls_datum_t q;
 	const gnutls_datum_t generator;
 	const gnutls_datum_t peer_key;
 	int expected_error;
@@ -100,45 +101,60 @@ void doit(void)
 {
 	struct dh_test_data test_data[] = {
 		{
-                        /* y == 0 */
-			gnutls_ffdhe_2048_key_bits,
+			"[y == 0]",
 			gnutls_ffdhe_2048_group_prime,
+			gnutls_ffdhe_2048_group_q,
 			gnutls_ffdhe_2048_group_generator,
 			{ (void *)"\x00", 1 },
 			GNUTLS_E_MPI_SCAN_FAILED
 		},
 		{
-                        /* y < 2 */
-			gnutls_ffdhe_2048_key_bits,
+			"[y < 2]",
 			gnutls_ffdhe_2048_group_prime,
+			gnutls_ffdhe_2048_group_q,
 			gnutls_ffdhe_2048_group_generator,
 			{ (void *)"\x01", 1 },
 			GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER
 		},
 		{
-                        /* y > p - 2 */
-			gnutls_ffdhe_2048_key_bits,
+			"[y > p - 2]",
 			gnutls_ffdhe_2048_group_prime,
+			gnutls_ffdhe_2048_group_q,
 			gnutls_ffdhe_2048_group_generator,
 			gnutls_ffdhe_2048_group_prime,
 			GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER
 		},
-		{ 0 }
+		{
+			"[y ^ q mod p == 1]",
+			gnutls_ffdhe_2048_group_prime,
+			gnutls_ffdhe_2048_group_q,
+			gnutls_ffdhe_2048_group_generator,
+			gnutls_ffdhe_2048_group_q,
+			GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER
+		},
+		{
+			"Legal Input",
+			gnutls_ffdhe_2048_group_prime,
+			gnutls_ffdhe_2048_group_q,
+			gnutls_ffdhe_2048_group_generator,
+			{ (void *)"\x02", 1 },
+			0
+		},
+		{ NULL }
 	};
 
-	for (int i = 0; test_data[i].key_size != 0; i++) {
+	for (int i = 0; test_data[i].name != NULL; i++) {
 		gnutls_datum_t priv_key, pub_key;
 		gnutls_dh_params_t dh_params;
 
-		params(&dh_params, test_data[i].key_size,
-		       &test_data[i].prime, &test_data[i].generator);
+		params(&dh_params, &test_data[i].prime, &test_data[i].q,
+		       &test_data[i].generator);
 
 		genkey(&dh_params, &priv_key, &pub_key);
 
-		compute_key(&dh_params, &priv_key, &pub_key,
-			    &test_data[i].peer_key,
-			    test_data[i].expected_error,
-			    NULL, 0);
+		compute_key(test_data[i].name, &dh_params, &priv_key,
+			    &pub_key, &test_data[i].peer_key,
+			    test_data[i].expected_error, NULL, 0);
 
 		gnutls_dh_params_deinit(dh_params);
 		gnutls_free(priv_key.data);
openSUSE Build Service is sponsored by