diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-08-18 11:31:52 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-08-18 11:56:30 +0200 |
commit | 6f62adb1ce12262111a9fdcb2a75040d5c23c3cb (patch) | |
tree | c6e119ba2ffc9cdbcb4c52ad88d2befe0726cec6 /lib/auth/dh_common.c | |
parent | aa86ea26580aafacfe2a338078587a47d15d01ad (diff) | |
download | gnutls-6f62adb1ce12262111a9fdcb2a75040d5c23c3cb.tar.gz |
gnutls_session_get_flags: introduced GNUTLS_SFLAGS_RFC7919
This allows checking whether the DHE parameters used were negotiated
using RFC7919.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'lib/auth/dh_common.c')
-rw-r--r-- | lib/auth/dh_common.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/lib/auth/dh_common.c b/lib/auth/dh_common.c index df57747183..6d6a7e5648 100644 --- a/lib/auth/dh_common.c +++ b/lib/auth/dh_common.c @@ -188,8 +188,9 @@ _gnutls_proc_dh_common_server_kx(gnutls_session_t session, int i, bits, ret, p_bits; unsigned j; ssize_t data_size = _data_size; - unsigned used_ffdhe = 0; - + + session->internals.used_ffdhe = 0; + /* just in case we are resuming a session */ gnutls_pk_params_release(&session->key.dh_params); @@ -242,14 +243,14 @@ _gnutls_proc_dh_common_server_kx(gnutls_session_t session, memcmp(session->internals.priorities->groups.entry[j]->prime->data, data_p, n_p) == 0) { - used_ffdhe = 1; + session->internals.used_ffdhe = 1; _gnutls_session_group_set(session, session->internals.priorities->groups.entry[j]); session->key.dh_params.qbits = *session->internals.priorities->groups.entry[j]->q_bits; break; } } - if (!used_ffdhe) { + if (!session->internals.used_ffdhe) { _gnutls_audit_log(session, "FFDHE groups advertised, but server didn't support it; falling back to server's choice\n"); } } @@ -269,7 +270,7 @@ _gnutls_proc_dh_common_server_kx(gnutls_session_t session, session->key.dh_params.params_nr = 3; /* include empty q */ session->key.dh_params.algo = GNUTLS_PK_DH; - if (used_ffdhe == 0) { + if (session->internals.used_ffdhe == 0) { bits = _gnutls_dh_get_min_prime_bits(session); if (bits < 0) { gnutls_assert(); |