gnutls_session_get_flags: introduced GNUTLS_SFLAGS_RFC7919

This allows checking whether the DHE parameters used were negotiated
using RFC7919.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

1 files changed, 6 insertions, 5 deletions

diff --git a/lib/auth/dh_common.c b/lib/auth/dh_common.c
index df57747183..6d6a7e5648 100644
--- a/lib/auth/dh_common.c
+++ b/lib/auth/dh_common.c
@@ -188,8 +188,9 @@ _gnutls_proc_dh_common_server_kx(gnutls_session_t session,
 	int i, bits, ret, p_bits;
 	unsigned j;
 	ssize_t data_size = _data_size;
-	unsigned used_ffdhe = 0;
-	
+
+	session->internals.used_ffdhe = 0;
+
 	/* just in case we are resuming a session */
 	gnutls_pk_params_release(&session->key.dh_params);
 
@@ -242,14 +243,14 @@ _gnutls_proc_dh_common_server_kx(gnutls_session_t session,
 			    memcmp(session->internals.priorities->groups.entry[j]->prime->data,
 				   data_p, n_p) == 0) {
 
-				used_ffdhe = 1;
+				session->internals.used_ffdhe = 1;
 				_gnutls_session_group_set(session, session->internals.priorities->groups.entry[j]);
 				session->key.dh_params.qbits = *session->internals.priorities->groups.entry[j]->q_bits;
 				break;
 			}
 		}
 
-		if (!used_ffdhe) {
+		if (!session->internals.used_ffdhe) {
 			_gnutls_audit_log(session, "FFDHE groups advertised, but server didn't support it; falling back to server's choice\n");
 		}
 	}
@@ -269,7 +270,7 @@ _gnutls_proc_dh_common_server_kx(gnutls_session_t session,
 	session->key.dh_params.params_nr = 3; /* include empty q */
 	session->key.dh_params.algo = GNUTLS_PK_DH;
 
-	if (used_ffdhe == 0) {
+	if (session->internals.used_ffdhe == 0) {
 		bits = _gnutls_dh_get_min_prime_bits(session);
 		if (bits < 0) {
 			gnutls_assert();