diff options
| -rw-r--r-- | lib/libssl/Makefile | 3 | ||||
| -rw-r--r-- | lib/libssl/s3_lib.c | 20 | ||||
| -rw-r--r-- | lib/libssl/ssl_locl.h | 8 | ||||
| -rw-r--r-- | lib/libssl/ssl_tlsext.c | 109 | ||||
| -rw-r--r-- | lib/libssl/tls13_client.c | 21 | ||||
| -rw-r--r-- | lib/libssl/tls13_internal.h | 24 | ||||
| -rw-r--r-- | lib/libssl/tls13_key_share.c | 224 | ||||
| -rw-r--r-- | lib/libssl/tls13_server.c | 20 |
8 files changed, 299 insertions, 130 deletions
diff --git a/lib/libssl/Makefile b/lib/libssl/Makefile index 489c4fd2171..afbd6d148eb 100644 --- a/lib/libssl/Makefile +++ b/lib/libssl/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.61 2020/01/30 16:25:09 jsing Exp $ +# $OpenBSD: Makefile,v 1.62 2020/01/30 17:09:23 jsing Exp $ .include <bsd.own.mk> .ifndef NOMAN @@ -73,6 +73,7 @@ SRCS= \ tls13_handshake.c \ tls13_handshake_msg.c \ tls13_key_schedule.c \ + tls13_key_share.c \ tls13_lib.c \ tls13_record.c \ tls13_record_layer.c \ diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c index 252242e053b..2832ef4a93a 100644 --- a/lib/libssl/s3_lib.c +++ b/lib/libssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.189 2020/01/23 10:40:59 jsing Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.190 2020/01/30 17:09:23 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1564,12 +1564,8 @@ ssl3_free(SSL *s) DH_free(S3I(s)->tmp.dh); EC_KEY_free(S3I(s)->tmp.ecdh); - freezero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH); - + tls13_key_share_free(S3I(s)->hs_tls13.key_share); tls13_secrets_destroy(S3I(s)->hs_tls13.secrets); - freezero(S3I(s)->hs_tls13.x25519_private, X25519_KEY_LENGTH); - freezero(S3I(s)->hs_tls13.x25519_public, X25519_KEY_LENGTH); - freezero(S3I(s)->hs_tls13.x25519_peer_public, X25519_KEY_LENGTH); freezero(S3I(s)->hs_tls13.cookie, S3I(s)->hs_tls13.cookie_len); sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free); @@ -1599,21 +1595,17 @@ ssl3_clear(SSL *s) S3I(s)->tmp.dh = NULL; EC_KEY_free(S3I(s)->tmp.ecdh); S3I(s)->tmp.ecdh = NULL; + S3I(s)->tmp.ecdh_nid = NID_undef; + freezero(S3I(s)->hs.sigalgs, S3I(s)->hs.sigalgs_len); S3I(s)->hs.sigalgs = NULL; S3I(s)->hs.sigalgs_len = 0; - freezero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH); - S3I(s)->tmp.x25519 = NULL; + tls13_key_share_free(S3I(s)->hs_tls13.key_share); + S3I(s)->hs_tls13.key_share = NULL; tls13_secrets_destroy(S3I(s)->hs_tls13.secrets); S3I(s)->hs_tls13.secrets = NULL; - freezero(S3I(s)->hs_tls13.x25519_private, X25519_KEY_LENGTH); - S3I(s)->hs_tls13.x25519_private = NULL; - freezero(S3I(s)->hs_tls13.x25519_public, X25519_KEY_LENGTH); - S3I(s)->hs_tls13.x25519_public = NULL; - freezero(S3I(s)->hs_tls13.x25519_peer_public, X25519_KEY_LENGTH); - S3I(s)->hs_tls13.x25519_peer_public = NULL; freezero(S3I(s)->hs_tls13.cookie, S3I(s)->hs_tls13.cookie_len); S3I(s)->hs_tls13.cookie = NULL; S3I(s)->hs_tls13.cookie_len = 0; diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index 5ff6f39b455..476381c1651 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.258 2020/01/30 16:25:09 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.259 2020/01/30 17:09:23 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -458,11 +458,7 @@ typedef struct ssl_handshake_tls13_st { /* Version proposed by peer server. */ uint16_t server_version; - /* X25519 key share. */ - uint8_t *x25519_public; - uint8_t *x25519_private; - uint8_t *x25519_peer_public; - + struct tls13_key_share *key_share; struct tls13_secrets *secrets; uint8_t *cookie; diff --git a/lib/libssl/ssl_tlsext.c b/lib/libssl/ssl_tlsext.c index 5cebd1d6309..46f30aa47e3 100644 --- a/lib/libssl/ssl_tlsext.c +++ b/lib/libssl/ssl_tlsext.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_tlsext.c,v 1.57 2020/01/26 03:29:30 beck Exp $ */ +/* $OpenBSD: ssl_tlsext.c,v 1.58 2020/01/30 17:09:23 jsing Exp $ */ /* * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> @@ -16,6 +16,7 @@ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + #include <openssl/curve25519.h> #include <openssl/ocsp.h> @@ -1255,82 +1256,46 @@ tlsext_keyshare_client_needs(SSL *s) int tlsext_keyshare_client_build(SSL *s, CBB *cbb) { - uint8_t *public_key = NULL, *private_key = NULL; - CBB client_shares, key_exchange; + CBB client_shares; - /* Generate and provide key shares. */ if (!CBB_add_u16_length_prefixed(cbb, &client_shares)) return 0; - /* XXX - other groups. */ - - /* Generate X25519 key pair. */ - if ((public_key = malloc(X25519_KEY_LENGTH)) == NULL) - goto err; - if ((private_key = malloc(X25519_KEY_LENGTH)) == NULL) - goto err; - X25519_keypair(public_key, private_key); - - /* Add the group and serialize the public key. */ - if (!CBB_add_u16(&client_shares, tls1_ec_nid2curve_id(NID_X25519))) - goto err; - if (!CBB_add_u16_length_prefixed(&client_shares, &key_exchange)) - goto err; - if (!CBB_add_bytes(&key_exchange, public_key, X25519_KEY_LENGTH)) - goto err; + if (!tls13_key_share_public(S3I(s)->hs_tls13.key_share, + &client_shares)) + return 0; if (!CBB_flush(cbb)) - goto err; - - S3I(s)->hs_tls13.x25519_public = public_key; - S3I(s)->hs_tls13.x25519_private = private_key; + return 0; return 1; - - err: - freezero(public_key, X25519_KEY_LENGTH); - freezero(private_key, X25519_KEY_LENGTH); - - return 0; } int tlsext_keyshare_server_parse(SSL *s, CBS *cbs, int *alert) { CBS client_shares; - CBS key_exchange; uint16_t group; - size_t out_len; if (!CBS_get_u16_length_prefixed(cbs, &client_shares)) goto err; - if (CBS_len(cbs) != 0) - goto err; - while (CBS_len(&client_shares) > 0) { /* Unpack client share. */ if (!CBS_get_u16(&client_shares, &group)) goto err; - if (!CBS_get_u16_length_prefixed(&client_shares, &key_exchange)) - goto err; - /* - * Skip this client share if not X25519 * XXX support other groups later. * XXX enforce group can only appear once. */ - if (S3I(s)->hs_tls13.x25519_peer_public != NULL || - group != tls1_ec_nid2curve_id(NID_X25519)) + if (S3I(s)->hs_tls13.key_share == NULL || + tls13_key_share_group(S3I(s)->hs_tls13.key_share) != group) continue; - if (CBS_len(&key_exchange) != X25519_KEY_LENGTH) - goto err; - - if (!CBS_stow(&key_exchange, &S3I(s)->hs_tls13.x25519_peer_public, - &out_len)) + if (!tls13_key_share_peer_public(S3I(s)->hs_tls13.key_share, + group, &client_shares)) goto err; } @@ -1353,68 +1318,28 @@ tlsext_keyshare_server_needs(SSL *s) int tlsext_keyshare_server_build(SSL *s, CBB *cbb) { - uint8_t *public_key = NULL, *private_key = NULL; - CBB key_exchange; - - /* XXX deduplicate with client code */ - - /* X25519 */ - if (S3I(s)->hs_tls13.x25519_peer_public == NULL) + if (S3I(s)->hs_tls13.key_share == NULL) return 0; - /* Generate X25519 key pair. */ - if ((public_key = malloc(X25519_KEY_LENGTH)) == NULL) - goto err; - if ((private_key = malloc(X25519_KEY_LENGTH)) == NULL) - goto err; - X25519_keypair(public_key, private_key); - - /* Add the group and serialize the public key. */ - if (!CBB_add_u16(cbb, tls1_ec_nid2curve_id(NID_X25519))) - goto err; - if (!CBB_add_u16_length_prefixed(cbb, &key_exchange)) - goto err; - if (!CBB_add_bytes(&key_exchange, public_key, X25519_KEY_LENGTH)) - goto err; - - if (!CBB_flush(cbb)) - goto err; - - S3I(s)->hs_tls13.x25519_public = public_key; - S3I(s)->hs_tls13.x25519_private = private_key; + if (!tls13_key_share_public(S3I(s)->hs_tls13.key_share, cbb)) + return 0; return 1; - - err: - freezero(public_key, X25519_KEY_LENGTH); - freezero(private_key, X25519_KEY_LENGTH); - - return 0; } int tlsext_keyshare_client_parse(SSL *s, CBS *cbs, int *alert) { - CBS key_exchange; uint16_t group; - size_t out_len; /* Unpack server share. */ if (!CBS_get_u16(cbs, &group)) goto err; - /* Handle other groups and verify that they're valid. */ - if (group != tls1_ec_nid2curve_id(NID_X25519)) - goto err; - - if (!CBS_get_u16_length_prefixed(cbs, &key_exchange)) - goto err; - - if (CBS_len(&key_exchange) != X25519_KEY_LENGTH) - goto err; + /* XXX - Handle other groups and verify that they're valid. */ - if (!CBS_stow(&key_exchange, &S3I(s)->hs_tls13.x25519_peer_public, - &out_len)) + if (!tls13_key_share_peer_public(S3I(s)->hs_tls13.key_share, + group, cbs)) goto err; return 1; diff --git a/lib/libssl/tls13_client.c b/lib/libssl/tls13_client.c index 3c55be6e680..69e75558dc1 100644 --- a/lib/libssl/tls13_client.c +++ b/lib/libssl/tls13_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_client.c,v 1.38 2020/01/29 17:03:58 jsing Exp $ */ +/* $OpenBSD: tls13_client.c,v 1.39 2020/01/30 17:09:23 jsing Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> * @@ -52,6 +52,11 @@ tls13_client_init(struct tls13_ctx *ctx) if (!tls1_transcript_init(s)) return 0; + if ((ctx->hs->key_share = tls13_key_share_new(NID_X25519)) == NULL) + return 0; + if (!tls13_key_share_generate(ctx->hs->key_share)) + return 0; + arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE); return 1; @@ -394,6 +399,7 @@ tls13_server_hello_recv(struct tls13_ctx *ctx, CBS *cbs) struct tls13_secret context; unsigned char buf[EVP_MAX_MD_SIZE]; uint8_t *shared_key = NULL; + size_t shared_key_len = 0; size_t hash_len; SSL *s = ctx->ssl; int ret = 0; @@ -406,14 +412,12 @@ tls13_server_hello_recv(struct tls13_ctx *ctx, CBS *cbs) return 1; /* XXX - handle other key share types. */ - if (ctx->hs->x25519_peer_public == NULL) { + if (ctx->hs->key_share == NULL) { /* XXX - alert. */ goto err; } - if ((shared_key = malloc(X25519_KEY_LENGTH)) == NULL) - goto err; - if (!X25519(shared_key, ctx->hs->x25519_private, - ctx->hs->x25519_peer_public)) + if (!tls13_key_share_derive(ctx->hs->key_share, &shared_key, + &shared_key_len)) goto err; s->session->cipher = S3I(s)->hs.new_cipher; @@ -443,7 +447,7 @@ tls13_server_hello_recv(struct tls13_ctx *ctx, CBS *cbs) /* Handshake secrets. */ if (!tls13_derive_handshake_secrets(ctx->hs->secrets, shared_key, - X25519_KEY_LENGTH, &context)) + shared_key_len, &context)) goto err; tls13_record_layer_set_aead(ctx->rl, ctx->aead); @@ -460,7 +464,8 @@ tls13_server_hello_recv(struct tls13_ctx *ctx, CBS *cbs) ret = 1; err: - freezero(shared_key, X25519_KEY_LENGTH); + freezero(shared_key, shared_key_len); + return ret; } diff --git a/lib/libssl/tls13_internal.h b/lib/libssl/tls13_internal.h index ec58525c2bb..00035ea36ea 100644 --- a/lib/libssl/tls13_internal.h +++ b/lib/libssl/tls13_internal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_internal.h,v 1.57 2020/01/26 02:45:27 beck Exp $ */ +/* $OpenBSD: tls13_internal.h,v 1.58 2020/01/30 17:09:23 jsing Exp $ */ /* * Copyright (c) 2018 Bob Beck <beck@openbsd.org> * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> @@ -52,6 +52,9 @@ typedef ssize_t (*tls13_write_cb)(const void *_buf, size_t _buflen, void *_cb_arg); typedef void (*tls13_handshake_message_cb)(void *_cb_arg, CBS *_cbs); +/* + * Buffers. + */ struct tls13_buffer; struct tls13_buffer *tls13_buffer_new(size_t init_size); @@ -63,6 +66,9 @@ void tls13_buffer_cbs(struct tls13_buffer *buf, CBS *cbs); int tls13_buffer_finish(struct tls13_buffer *buf, uint8_t **out, size_t *out_len); +/* + * Secrets. + */ struct tls13_secret { uint8_t *data; size_t len; @@ -113,6 +119,22 @@ int tls13_update_client_traffic_secret(struct tls13_secrets *secrets); int tls13_update_server_traffic_secret(struct tls13_secrets *secrets); /* + * Key shares. + */ +struct tls13_key_share; + +struct tls13_key_share *tls13_key_share_new(int nid); +void tls13_key_share_free(struct tls13_key_share *ks); + +uint16_t tls13_key_share_group(struct tls13_key_share *ks); +int tls13_key_share_generate(struct tls13_key_share *ks); +int tls13_key_share_public(struct tls13_key_share *ks, CBB *cbb); +int tls13_key_share_peer_public(struct tls13_key_share *ks, uint16_t group, + CBS *cbs); +int tls13_key_share_derive(struct tls13_key_share *ks, uint8_t **shared_key, + size_t *shared_key_len); + +/* * Record Layer. */ struct tls13_record_layer; diff --git a/lib/libssl/tls13_key_share.c b/lib/libssl/tls13_key_share.c new file mode 100644 index 00000000000..9a83b9f9f71 --- /dev/null +++ b/lib/libssl/tls13_key_share.c @@ -0,0 +1,224 @@ +/* $OpenBSD: tls13_key_share.c,v 1.1 2020/01/30 17:09:23 jsing Exp $ */ +/* + * Copyright (c) 2020 Joel Sing <jsing@openbsd.org> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include <stdlib.h> + +#include <openssl/curve25519.h> + +#include "bytestring.h" +#include "ssl_locl.h" +#include "tls13_internal.h" + +struct tls13_key_share { + int nid; + uint16_t group_id; + + uint8_t *x25519_public; + uint8_t *x25519_private; + uint8_t *x25519_peer_public; +}; + +struct tls13_key_share * +tls13_key_share_new(int nid) +{ + struct tls13_key_share *ks; + + if ((ks = calloc(1, sizeof(struct tls13_key_share))) == NULL) + goto err; + + if ((ks->group_id = tls1_ec_nid2curve_id(nid)) == 0) + goto err; + + ks->nid = nid; + + return ks; + + err: + tls13_key_share_free(ks); + + return NULL; +} + +void +tls13_key_share_free(struct tls13_key_share *ks) +{ + if (ks == NULL) + return; + + freezero(ks->x25519_public, X25519_KEY_LENGTH); + freezero(ks->x25519_private, X25519_KEY_LENGTH); + freezero(ks->x25519_peer_public, X25519_KEY_LENGTH); + + freezero(ks, sizeof(*ks)); +} + +uint16_t +tls13_key_share_group(struct tls13_key_share *ks) +{ + return ks->group_id; +} + +static int +tls13_key_share_generate_x25519(struct tls13_key_share *ks) +{ + uint8_t *public = NULL, *private = NULL; + int ret = 0; + + if (ks->x25519_public != NULL || ks->x25519_private != NULL) + goto err; + + if ((public = calloc(1, X25519_KEY_LENGTH)) == NULL) + goto err; + if ((private = calloc(1, X25519_KEY_LENGTH)) == NULL) + goto err; + + X25519_keypair(public, private); + + ks->x25519_public = public; + ks->x25519_private = private; + public = NULL; + private = NULL; + + ret = 1; + + err: + freezero(public, X25519_KEY_LENGTH); + freezero(private, X25519_KEY_LENGTH); + + return ret; +} + +int +tls13_key_share_generate(struct tls13_key_share *ks) +{ + if (ks->nid == NID_X25519) + return tls13_key_share_generate_x25519(ks); + + return 0; +} + +static int +tls13_key_share_public_x25519(struct tls13_key_share *ks, CBB *cbb) +{ + if (ks->x25519_public == NULL) + return 0; + + return CBB_add_bytes(cbb, ks->x25519_public, X25519_KEY_LENGTH); +} + +int +tls13_key_share_public(struct tls13_key_share *ks, CBB *cbb) +{ + CBB key_exchange; + + if (!CBB_add_u16(cbb, ks->group_id)) + goto err; + if (!CBB_add_u16_length_prefixed(cbb, &key_exchange)) + goto err; + + if (ks->nid == NID_X25519) { + if (!tls13_key_share_public_x25519(ks, &key_exchange)) + goto err; + } else { + goto err; + } + + if (!CBB_flush(cbb)) + goto err; + + return 1; + + err: + return 0; +} + +static int +tls13_key_share_peer_public_x25519(struct tls13_key_share *ks, CBS *cbs) +{ + size_t out_len; + + if (CBS_len(cbs) != X25519_KEY_LENGTH) + return 0; + + return CBS_stow(cbs, &ks->x25519_peer_public, &out_len); +} + +int +tls13_key_share_peer_public(struct tls13_key_share *ks, uint16_t group, + CBS *cbs) +{ + CBS key_exchange; + + if (ks->group_id != group) + return 0; + + if (!CBS_get_u16_length_prefixed(cbs, &key_exchange)) + return 0; + + if (ks->nid == NID_X25519) { + if (!tls13_key_share_peer_public_x25519(ks, &key_exchange)) + return 0; + } + + if (CBS_len(cbs) != 0) + return 0; + + return 1; +} + +static int +tls13_key_share_derive_x25519(struct tls13_key_share *ks, + uint8_t **shared_key, size_t *shared_key_len) +{ + uint8_t *sk = NULL; + int ret = 0; + + if (ks->x25519_private == NULL || ks->x25519_peer_public == NULL) + goto err; + + if ((sk = calloc(1, X25519_KEY_LENGTH)) == NULL) + goto err; + if (!X25519(sk, ks->x25519_private, ks->x25519_peer_public)) + goto err; + + *shared_key = sk; + *shared_key_len = X25519_KEY_LENGTH; + sk = NULL; + + ret = 1; + + err: + freezero(sk, X25519_KEY_LENGTH); + + return ret; +} + +int +tls13_key_share_derive(struct tls13_key_share *ks, uint8_t **shared_key, + size_t *shared_key_len) +{ + if (*shared_key != NULL) + return 0; + + *shared_key_len = 0; + + if (ks->nid == NID_X25519) + return tls13_key_share_derive_x25519(ks, shared_key, + shared_key_len); + + return 0; +} diff --git a/lib/libssl/tls13_server.c b/lib/libssl/tls13_server.c index a559e032195..1f17fe4ab0b 100644 --- a/lib/libssl/tls13_server.c +++ b/lib/libssl/tls13_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_server.c,v 1.21 2020/01/29 17:03:58 jsing Exp $ */ +/* $OpenBSD: tls13_server.c,v 1.22 2020/01/30 17:09:23 jsing Exp $ */ /* * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> * Copyright (c) 2020 Bob Beck <beck@openbsd.org> @@ -51,6 +51,11 @@ tls13_server_init(struct tls13_ctx *ctx) if ((s->session = SSL_SESSION_new()) == NULL) return 0; + if ((ctx->hs->key_share = tls13_key_share_new(NID_X25519)) == NULL) + return 0; + if (!tls13_key_share_generate(ctx->hs->key_share)) + return 0; + arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE); return 1; @@ -552,19 +557,18 @@ tls13_server_hello_sent(struct tls13_ctx *ctx) struct tls13_secret context; unsigned char buf[EVP_MAX_MD_SIZE]; uint8_t *shared_key = NULL; + size_t shared_key_len = 0; size_t hash_len; SSL *s = ctx->ssl; int ret = 0; /* XXX - handle other key share types. */ - if (ctx->hs->x25519_peer_public == NULL) { + if (ctx->hs->key_share == NULL) { /* XXX - alert. */ goto err; } - if ((shared_key = malloc(X25519_KEY_LENGTH)) == NULL) - goto err; - if (!X25519(shared_key, ctx->hs->x25519_private, - ctx->hs->x25519_peer_public)) + if (!tls13_key_share_derive(ctx->hs->key_share, + &shared_key, &shared_key_len)) goto err; s->session->cipher = S3I(s)->hs.new_cipher; @@ -594,7 +598,7 @@ tls13_server_hello_sent(struct tls13_ctx *ctx) /* Handshake secrets. */ if (!tls13_derive_handshake_secrets(ctx->hs->secrets, shared_key, - X25519_KEY_LENGTH, &context)) + shared_key_len, &context)) goto err; tls13_record_layer_set_aead(ctx->rl, ctx->aead); @@ -614,7 +618,7 @@ tls13_server_hello_sent(struct tls13_ctx *ctx) ret = 1; err: - freezero(shared_key, X25519_KEY_LENGTH); + freezero(shared_key, shared_key_len); return ret; } |