TLS: introduced support for RFC7919 groups

That replaces the EC curve extension negotiation with
the negotiated groups extensions, introduces handling
for groups as priority strings, as well as using and
checking of RFC7919 DH parameters once negotiated.

Resolves: #37

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

1 files changed, 8 insertions, 13 deletions

diff --git a/lib/psk.c b/lib/psk.c
index ba2e4874d3..b8c27ee3e0 100644
--- a/lib/psk.c
+++ b/lib/psk.c
@@ -376,7 +376,14 @@ void
 gnutls_psk_set_server_dh_params(gnutls_psk_server_credentials_t res,
 				gnutls_dh_params_t dh_params)
 {
+	if (res->deinit_dh_params) {
+		res->deinit_dh_params = 0;
+		gnutls_dh_params_deinit(res->dh_params);
+		res->dh_params = NULL;
+	}
+
 	res->dh_params = dh_params;
+	res->dh_sec_param = gnutls_pk_bits_to_sec_param(GNUTLS_PK_DH, _gnutls_mpi_get_nbits(dh_params->params[0]));
 }
 
 /**
@@ -398,19 +405,7 @@ int
 gnutls_psk_set_server_known_dh_params(gnutls_psk_server_credentials_t res,
 				       gnutls_sec_param_t sec_param)
 {
-	int ret;
-
-	if (res->deinit_dh_params) {
-		res->deinit_dh_params = 0;
-		gnutls_dh_params_deinit(res->dh_params);
-		res->dh_params = NULL;
-	}
-
-	ret = _gnutls_set_cred_dh_params(&res->dh_params, sec_param);
-	if (ret < 0)
-		return gnutls_assert_val(ret);
-
-	res->deinit_dh_params = 1;
+	res->dh_sec_param = sec_param;
 
 	return 0;
 }