Introduce bssl::Array<T> and use it in SSLKeyShare.
An Array<T> is an owning Span<T>. It's similar to absl::FixedArray<T>
but plays well with OPENSSL_malloc and doesn't implement inlining. With
OPENSSL_cleanse folded into OPENSSL_free, we could go nuts with
UniquePtr<uint8_t>, but having the pointer and length tied together is
nice for other reasons. Notably, Array<T> plays great with Span<T>.
Also switch the other parameter to a Span.
Bug: 132
Change-Id: I4cdcf810cf2838208c8ba9fcc6215c1e369dffb8
Reviewed-on: https://boringssl-review.googlesource.com/20667
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/tls13_server.cc b/ssl/tls13_server.cc
index 550f3b5..ea1beae 100644
--- a/ssl/tls13_server.cc
+++ b/ssl/tls13_server.cc
@@ -74,12 +74,10 @@
}
bool found_key_share;
- uint8_t *dhe_secret;
- size_t dhe_secret_len;
+ Array<uint8_t> dhe_secret;
uint8_t alert = SSL_AD_DECODE_ERROR;
if (!ssl_ext_key_share_parse_clienthello(hs, &found_key_share, &dhe_secret,
- &dhe_secret_len, &alert,
- &key_share)) {
+ &alert, &key_share)) {
ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
return 0;
}
@@ -89,9 +87,7 @@
return 0;
}
- int ok = tls13_advance_key_schedule(hs, dhe_secret, dhe_secret_len);
- OPENSSL_free(dhe_secret);
- return ok;
+ return tls13_advance_key_schedule(hs, dhe_secret.data(), dhe_secret.size());
}
static int ssl_ext_supported_versions_add_serverhello(SSL_HANDSHAKE *hs,
