ProvTlsServer should use custom DH groups when configured

ottoka · peterdettman · commit 22513e73cac5 · 2024-05-30T13:20:40.000+07:00
(cherry picked from commit 2a5b885)
diff --git a/tls/src/main/java/org/bouncycastle/jsse/provider/ProvTlsServer.java b/tls/src/main/java/org/bouncycastle/jsse/provider/ProvTlsServer.java
@@ -7,6 +7,7 @@
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
+import java.util.Comparator;
 import java.util.HashSet;
 import java.util.Hashtable;
 import java.util.LinkedHashMap;
@@ -45,6 +46,7 @@
 import org.bouncycastle.tls.TlsUtils;
 import org.bouncycastle.tls.TrustedAuthority;
 import org.bouncycastle.tls.crypto.DHGroup;
+import org.bouncycastle.tls.crypto.TlsDHConfig;
 import org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCrypto;
 import org.bouncycastle.util.Arrays;
 import org.bouncycastle.util.encoders.Hex;
@@ -64,7 +66,6 @@ class ProvTlsServer
      * TODO[jsse] Does this selection override the restriction from 'jdk.tls.ephemeralDHKeySize'?
      * TODO[fips] Probably should be ignored in fips mode?
      */
-    @SuppressWarnings("unused")
     private static final DHGroup[] provServerDefaultDHEParameters = getDefaultDHEParameters();
 
     private static final boolean provServerEnableCA = PropertyUtils
@@ -153,6 +154,14 @@ else if (!p.isProbablePrime(120))
             outerComma = closeBrace + 1;
             if (outerComma >= limit)
             {
+                result.sort(new Comparator<DHGroup>()
+                {
+                    @Override
+                    public int compare(DHGroup a, DHGroup b)
+                    {
+                        return a.getP().bitLength() - b.getP().bitLength();
+                    }
+                });
                 return result.toArray(new DHGroup[result.size()]);
             }
         }
@@ -324,6 +333,25 @@ protected boolean selectCipherSuite(int cipherSuite) throws IOException
         return result;
     }
 
+    @Override
+    public TlsDHConfig getDHConfig() throws IOException
+    {
+        if (provServerDefaultDHEParameters != null)
+        {
+            int minimumFiniteFieldBits = Math.max(
+                TlsDHUtils.getMinimumFiniteFieldBits(selectedCipherSuite), provEphemeralDHKeySize);
+
+            for (DHGroup group: provServerDefaultDHEParameters)
+            {
+                if (group.getP().bitLength() >= minimumFiniteFieldBits)
+                {
+                    return new TlsDHConfig(group);
+                }
+            }
+        }
+        return super.getDHConfig();
+    }
+
     @Override
     protected int selectDH(int minimumFiniteFieldBits)
     {
