diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-10-11 16:42:28 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2016-10-14 22:54:39 +0200 |
| commit | 68124e32acac2a23d2ef969ae81c6ac16b4ef707 (patch) | |
| tree | 71033decb07270bffb8da839425c2a5db5be7be3 /lib/psk.c | |
| parent | e3d2d37fa0670288202f539c1c2df0e15aadaf00 (diff) | |
| download | gnutls-68124e32acac2a23d2ef969ae81c6ac16b4ef707.tar.gz | |
DH: introduced gnutls_*_set_known_dh_params()
That is, the functions gnutls_certificate_set_known_dh_params(),
gnutls_anon_set_server_known_dh_params(),
gnutls_psk_set_server_known_dh_params().
These functions allow to statically set the DH parameters, based
on the RFC7919 FFDHE parameters. This can simplify server configuration
by allowing DH without loading parameters from file.
Relates #37
Diffstat (limited to 'lib/psk.c')
| -rw-r--r-- | lib/psk.c | 41 |
1 files changed, 41 insertions, 0 deletions
@@ -34,6 +34,7 @@ #include <file.h> #include <datum.h> #include "debug.h" +#include "dh.h" /** * gnutls_psk_free_client_credentials: @@ -154,6 +155,10 @@ gnutls_psk_set_client_credentials(gnutls_psk_client_credentials_t res, **/ void gnutls_psk_free_server_credentials(gnutls_psk_server_credentials_t sc) { + if (sc->deinit_dh_params) { + gnutls_dh_params_deinit(sc->dh_params); + } + gnutls_free(sc->password_file); gnutls_free(sc->hint); gnutls_free(sc); @@ -375,6 +380,42 @@ gnutls_psk_set_server_dh_params(gnutls_psk_server_credentials_t res, } /** + * gnutls_psk_set_server_known_dh_params: + * @res: is a gnutls_psk_server_credentials_t type + * @sec_param: is an option of the %gnutls_sec_param_t enumeration + * + * This function will set the Diffie-Hellman parameters for a + * PSK server to use. These parameters will be used in + * Ephemeral Diffie-Hellman cipher suites and will be selected from + * the FFDHE set of RFC7919 according to the security level provided. + * + * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a + * negative error value. + * + * Since: 3.5.6 + **/ +int +gnutls_psk_set_server_known_dh_params(gnutls_psk_server_credentials_t res, + gnutls_sec_param_t sec_param) +{ + int ret; + + if (res->deinit_dh_params) { + res->deinit_dh_params = 0; + gnutls_dh_params_deinit(res->dh_params); + res->dh_params = NULL; + } + + ret = _gnutls_set_cred_dh_params(&res->dh_params, sec_param); + if (ret < 0) + return gnutls_assert_val(ret); + + res->deinit_dh_params = 1; + + return 0; +} + +/** * gnutls_psk_set_server_params_function: * @res: is a #gnutls_certificate_credentials_t type * @func: is the function to be called |