Branch data Line data Source code
1 : : /*
2 : : * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
3 : : *
4 : : * Licensed under the Apache License, Version 2.0 (the "License").
5 : : * You may not use this file except in compliance with the License.
6 : : * A copy of the License is located at
7 : : *
8 : : * http://aws.amazon.com/apache2.0
9 : : *
10 : : * or in the "license" file accompanying this file. This file is distributed
11 : : * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
12 : : * express or implied. See the License for the specific language governing
13 : : * permissions and limitations under the License.
14 : : */
15 : :
16 : : #include "crypto/s2n_dhe.h"
17 : :
18 : : #include <openssl/bn.h>
19 : : #include <openssl/dh.h>
20 : : #include <openssl/evp.h>
21 : : #include <stdint.h>
22 : :
23 : : #include "crypto/s2n_openssl.h"
24 : : #include "error/s2n_errno.h"
25 : : #include "stuffer/s2n_stuffer.h"
26 : : #include "utils/s2n_blob.h"
27 : : #include "utils/s2n_mem.h"
28 : : #include "utils/s2n_safety.h"
29 : :
30 : : #define S2N_MIN_DH_PRIME_SIZE_BYTES (2048 / 8)
31 : :
32 : : /* Caller is not responsible for freeing values returned by these accessors
33 : : * Per https://www.openssl.org/docs/man1.1.0/crypto/DH_get0_pqg.html
34 : : */
35 : : static const BIGNUM *s2n_get_Ys_dh_param(struct s2n_dh_params *dh_params)
36 : 151 : {
37 : 151 : const BIGNUM *Ys = NULL;
38 : :
39 : : /* DH made opaque in Openssl 1.1.0 */
40 : 151 : #if S2N_OPENSSL_VERSION_AT_LEAST(1, 1, 0)
41 : 151 : DH_get0_key(dh_params->dh, &Ys, NULL);
42 : : #else
43 : : Ys = dh_params->dh->pub_key;
44 : : #endif
45 : :
46 : 151 : return Ys;
47 : 151 : }
48 : :
49 : : static const BIGNUM *s2n_get_p_dh_param(struct s2n_dh_params *dh_params)
50 : 362 : {
51 : 362 : const BIGNUM *p = NULL;
52 : 362 : #if S2N_OPENSSL_VERSION_AT_LEAST(1, 1, 0)
53 : 362 : DH_get0_pqg(dh_params->dh, &p, NULL, NULL);
54 : : #else
55 : : p = dh_params->dh->p;
56 : : #endif
57 : :
58 : 362 : return p;
59 : 362 : }
60 : :
61 : : /* Pad the shared secret with leading zeros to a constant length equal to
62 : : * expected_size. DH_compute_key may return fewer bytes when the result has
63 : : * leading zeros, and a variable-length output could theoretically leak
64 : : * information about the shared secret via timing.
65 : : *
66 : : * DH_compute_key_padded exists to handle this, but is only available in
67 : : * certain libcrypto implementations (OpenSSL 1.1.0+). We pad manually
68 : : * for portability across all supported libcryptos.
69 : : */
70 : : static void s2n_dh_pad_shared_secret(struct s2n_blob *shared_key, int computed_size, int expected_size)
71 : 48 : {
72 : 48 : int padding = expected_size - computed_size;
73 : 48 : memmove(shared_key->data + padding, shared_key->data, computed_size);
74 : 48 : memset(shared_key->data, 0, padding);
75 : 48 : shared_key->size = expected_size;
76 : 48 : }
77 : :
78 : : static const BIGNUM *s2n_get_g_dh_param(struct s2n_dh_params *dh_params)
79 : 285 : {
80 : 285 : const BIGNUM *g = NULL;
81 : 285 : #if S2N_OPENSSL_VERSION_AT_LEAST(1, 1, 0)
82 : 285 : DH_get0_pqg(dh_params->dh, NULL, NULL, &g);
83 : : #else
84 : : g = dh_params->dh->g;
85 : : #endif
86 : :
87 : 285 : return g;
88 : 285 : }
89 : :
90 : : static int s2n_check_p_g_dh_params(struct s2n_dh_params *dh_params)
91 : 260 : {
92 [ - + ][ # # ]: 260 : POSIX_ENSURE_REF(dh_params);
93 [ - + ][ # # ]: 260 : POSIX_ENSURE_REF(dh_params->dh);
94 : :
95 : 260 : const BIGNUM *p = s2n_get_p_dh_param(dh_params);
96 : 260 : const BIGNUM *g = s2n_get_g_dh_param(dh_params);
97 : :
98 [ - + ][ # # ]: 260 : POSIX_ENSURE_REF(g);
99 [ # # ][ - + ]: 260 : POSIX_ENSURE_REF(p);
100 : :
101 [ - + ][ # # ]: 260 : S2N_ERROR_IF(DH_size(dh_params->dh) < S2N_MIN_DH_PRIME_SIZE_BYTES, S2N_ERR_DH_PARAMS_CREATE);
102 [ - + ][ # # ]: 260 : S2N_ERROR_IF(BN_is_zero(g), S2N_ERR_DH_PARAMS_CREATE);
103 [ - + ][ # # ]: 260 : S2N_ERROR_IF(BN_is_zero(p), S2N_ERR_DH_PARAMS_CREATE);
104 : :
105 : 260 : return S2N_SUCCESS;
106 : 260 : }
107 : :
108 : : static int s2n_check_pub_key_dh_params(struct s2n_dh_params *dh_params)
109 : 78 : {
110 : 78 : const BIGNUM *pub_key = s2n_get_Ys_dh_param(dh_params);
111 [ # # ][ - + ]: 78 : POSIX_ENSURE_REF(pub_key);
112 : :
113 : : /*
114 : : * https://www.rfc-editor.org/rfc/rfc2631#section-2.1.5
115 : : *
116 : : * The following algorithm MAY be used to validate a received public
117 : : * key y.
118 : : *
119 : : * 1. Verify that y lies within the interval [2,p-1].
120 : : * If it does not, the key is invalid.
121 : : *
122 : : * This check is optional per the RFC, but applied here as
123 : : * defense-in-depth to reject degenerate public key values.
124 : : */
125 [ - + ][ # # ]: 78 : S2N_ERROR_IF(BN_is_zero(pub_key), S2N_ERR_DH_PARAMS_CREATE);
126 [ + + ][ + - ]: 78 : S2N_ERROR_IF(BN_is_one(pub_key), S2N_ERR_DH_PARAMS_CREATE);
127 : :
128 : 77 : const BIGNUM *p = s2n_get_p_dh_param(dh_params);
129 [ # # ][ - + ]: 77 : POSIX_ENSURE_REF(p);
130 : :
131 : 77 : BIGNUM *p_minus_one = BN_dup(p);
132 [ - + ][ # # ]: 77 : POSIX_ENSURE_REF(p_minus_one);
133 [ - + ]: 77 : if (!BN_sub_word(p_minus_one, 1)) {
134 : 0 : BN_free(p_minus_one);
135 [ # # ]: 0 : POSIX_BAIL(S2N_ERR_DH_PARAMS_CREATE);
136 : 0 : }
137 : 77 : int cmp = BN_cmp(pub_key, p_minus_one);
138 : 77 : BN_free(p_minus_one);
139 [ + + ][ + - ]: 77 : S2N_ERROR_IF(cmp > 0, S2N_ERR_DH_PARAMS_CREATE);
140 : :
141 : 76 : return S2N_SUCCESS;
142 : 77 : }
143 : :
144 : : static int s2n_set_p_g_Ys_dh_params(struct s2n_dh_params *dh_params, struct s2n_blob *p, struct s2n_blob *g,
145 : : struct s2n_blob *Ys)
146 : 28 : {
147 [ - + ][ # # ]: 28 : POSIX_ENSURE(p->size <= INT_MAX, S2N_ERR_INTEGER_OVERFLOW);
148 [ - + ][ # # ]: 28 : POSIX_ENSURE(g->size <= INT_MAX, S2N_ERR_INTEGER_OVERFLOW);
149 [ # # ][ - + ]: 28 : POSIX_ENSURE(Ys->size <= INT_MAX, S2N_ERR_INTEGER_OVERFLOW);
150 : 28 : BIGNUM *bn_p = BN_bin2bn((const unsigned char *) p->data, p->size, NULL);
151 : 28 : BIGNUM *bn_g = BN_bin2bn((const unsigned char *) g->data, g->size, NULL);
152 : 28 : BIGNUM *bn_Ys = BN_bin2bn((const unsigned char *) Ys->data, Ys->size, NULL);
153 : :
154 : 28 : #if S2N_OPENSSL_VERSION_AT_LEAST(1, 1, 0)
155 : : /* Per https://www.openssl.org/docs/man1.1.0/crypto/DH_get0_pqg.html:
156 : : * values that have been passed in should not be freed directly after this function has been called
157 : : */
158 [ - + ][ # # ]: 28 : POSIX_GUARD_OSSL(DH_set0_pqg(dh_params->dh, bn_p, NULL, bn_g), S2N_ERR_DH_PARAMS_CREATE);
159 : :
160 : : /* Same as DH_set0_pqg */
161 [ - + ][ # # ]: 28 : POSIX_GUARD_OSSL(DH_set0_key(dh_params->dh, bn_Ys, NULL), S2N_ERR_DH_PARAMS_CREATE);
162 : : #else
163 : : dh_params->dh->p = bn_p;
164 : : dh_params->dh->g = bn_g;
165 : : dh_params->dh->pub_key = bn_Ys;
166 : : #endif
167 : :
168 : 28 : return S2N_SUCCESS;
169 : 28 : }
170 : :
171 : : int s2n_check_all_dh_params(struct s2n_dh_params *dh_params)
172 : 78 : {
173 [ - + ]: 78 : POSIX_GUARD(s2n_check_p_g_dh_params(dh_params));
174 [ + + ]: 78 : POSIX_GUARD(s2n_check_pub_key_dh_params(dh_params));
175 : :
176 : 76 : return S2N_SUCCESS;
177 : 78 : }
178 : :
179 : : int s2n_pkcs3_to_dh_params(struct s2n_dh_params *dh_params, struct s2n_blob *pkcs3)
180 : 84 : {
181 [ # # ][ - + ]: 84 : POSIX_ENSURE_REF(dh_params);
182 [ - + ][ + - ]: 84 : POSIX_PRECONDITION(s2n_blob_validate(pkcs3));
183 : 84 : DEFER_CLEANUP(struct s2n_dh_params temp_dh_params = { 0 }, s2n_dh_params_free);
184 : :
185 : 84 : uint8_t *original_ptr = pkcs3->data;
186 : 84 : temp_dh_params.dh = d2i_DHparams(NULL, (const unsigned char **) (void *) &pkcs3->data, pkcs3->size);
187 : :
188 [ - + ]: 84 : POSIX_GUARD(s2n_check_p_g_dh_params(&temp_dh_params));
189 : :
190 [ + - ]: 84 : if (pkcs3->data) {
191 [ - + ][ # # ]: 84 : POSIX_ENSURE_GTE(pkcs3->data, original_ptr);
192 [ - + ][ # # ]: 84 : POSIX_ENSURE((uint32_t) (pkcs3->data - original_ptr) == pkcs3->size, S2N_ERR_INVALID_PKCS3);
193 : 84 : }
194 : :
195 : 84 : pkcs3->data = original_ptr;
196 : :
197 : : /* Require at least 2048 bits for the DH size */
198 [ - + ][ # # ]: 84 : POSIX_ENSURE(DH_size(temp_dh_params.dh) >= S2N_MIN_DH_PRIME_SIZE_BYTES, S2N_ERR_DH_TOO_SMALL);
199 : :
200 : : /* Check the generator and prime */
201 [ - + ]: 84 : POSIX_GUARD(s2n_dh_params_check(&temp_dh_params));
202 : :
203 : 84 : dh_params->dh = temp_dh_params.dh;
204 : :
205 : 84 : ZERO_TO_DISABLE_DEFER_CLEANUP(temp_dh_params);
206 : :
207 : 84 : return S2N_SUCCESS;
208 : 84 : }
209 : :
210 : : int s2n_dh_p_g_Ys_to_dh_params(struct s2n_dh_params *server_dh_params, struct s2n_blob *p, struct s2n_blob *g,
211 : : struct s2n_blob *Ys)
212 : 28 : {
213 [ # # ][ - + ]: 28 : POSIX_ENSURE_REF(server_dh_params);
214 [ - + ][ + - ]: 28 : POSIX_PRECONDITION(s2n_blob_validate(p));
215 [ - + ][ + - ]: 28 : POSIX_PRECONDITION(s2n_blob_validate(g));
216 [ - + ][ + - ]: 28 : POSIX_PRECONDITION(s2n_blob_validate(Ys));
217 : :
218 : 28 : server_dh_params->dh = DH_new();
219 [ - + ][ # # ]: 28 : POSIX_ENSURE(server_dh_params->dh != NULL, S2N_ERR_DH_PARAMS_CREATE);
220 : :
221 [ - + ]: 28 : POSIX_GUARD(s2n_set_p_g_Ys_dh_params(server_dh_params, p, g, Ys));
222 [ + + ]: 28 : POSIX_GUARD(s2n_check_all_dh_params(server_dh_params));
223 : :
224 : 26 : return S2N_SUCCESS;
225 : 28 : }
226 : :
227 : : int s2n_dh_params_to_p_g_Ys(struct s2n_dh_params *server_dh_params, struct s2n_stuffer *out, struct s2n_blob *output)
228 : 25 : {
229 [ - + ]: 25 : POSIX_GUARD(s2n_check_all_dh_params(server_dh_params));
230 [ - + ][ + - ]: 25 : POSIX_PRECONDITION(s2n_stuffer_validate(out));
231 [ - + ][ + - ]: 25 : POSIX_PRECONDITION(s2n_blob_validate(output));
232 : :
233 : 25 : const BIGNUM *bn_p = s2n_get_p_dh_param(server_dh_params);
234 : 25 : const BIGNUM *bn_g = s2n_get_g_dh_param(server_dh_params);
235 : 25 : const BIGNUM *bn_Ys = s2n_get_Ys_dh_param(server_dh_params);
236 : :
237 : 25 : uint16_t p_size = BN_num_bytes(bn_p);
238 : 25 : uint16_t g_size = BN_num_bytes(bn_g);
239 : 25 : uint16_t Ys_size = BN_num_bytes(bn_Ys);
240 : 25 : uint8_t *p = NULL;
241 : 25 : uint8_t *g = NULL;
242 : 25 : uint8_t *Ys = NULL;
243 : :
244 : 25 : output->data = s2n_stuffer_raw_write(out, 0);
245 [ - + ][ # # ]: 25 : POSIX_ENSURE_REF(output->data);
246 : :
247 [ - + ]: 25 : POSIX_GUARD(s2n_stuffer_write_uint16(out, p_size));
248 : 25 : p = s2n_stuffer_raw_write(out, p_size);
249 [ - + ][ # # ]: 25 : POSIX_ENSURE_REF(p);
250 [ # # ][ - + ]: 25 : POSIX_ENSURE(BN_bn2bin(bn_p, p) == p_size, S2N_ERR_DH_SERIALIZING);
251 : :
252 [ - + ]: 25 : POSIX_GUARD(s2n_stuffer_write_uint16(out, g_size));
253 : 25 : g = s2n_stuffer_raw_write(out, g_size);
254 [ - + ][ # # ]: 25 : POSIX_ENSURE_REF(g);
255 [ # # ][ - + ]: 25 : POSIX_ENSURE(BN_bn2bin(bn_g, g) == g_size, S2N_ERR_DH_SERIALIZING);
256 : :
257 [ - + ]: 25 : POSIX_GUARD(s2n_stuffer_write_uint16(out, Ys_size));
258 : 25 : Ys = s2n_stuffer_raw_write(out, Ys_size);
259 [ - + ][ # # ]: 25 : POSIX_ENSURE_REF(Ys);
260 [ # # ][ - + ]: 25 : POSIX_ENSURE(BN_bn2bin(bn_Ys, Ys) == Ys_size, S2N_ERR_DH_SERIALIZING);
261 : :
262 : 25 : output->size = p_size + 2 + g_size + 2 + Ys_size + 2;
263 : :
264 : 25 : return S2N_SUCCESS;
265 : 25 : }
266 : :
267 : : int s2n_dh_compute_shared_secret_as_client(struct s2n_dh_params *server_dh_params, struct s2n_stuffer *Yc_out,
268 : : struct s2n_blob *shared_key)
269 : 24 : {
270 : 24 : struct s2n_dh_params client_params = { 0 };
271 : 24 : uint8_t *client_pub_key = NULL;
272 : 24 : uint16_t client_pub_key_size = 0;
273 : 24 : int shared_key_size = 0;
274 : :
275 [ - + ]: 24 : POSIX_GUARD(s2n_dh_params_check(server_dh_params));
276 [ - + ]: 24 : POSIX_GUARD(s2n_dh_params_copy(server_dh_params, &client_params));
277 [ - + ]: 24 : POSIX_GUARD(s2n_dh_generate_ephemeral_key(&client_params));
278 [ - + ]: 24 : POSIX_GUARD(s2n_alloc(shared_key, DH_size(server_dh_params->dh)));
279 : :
280 : 24 : const BIGNUM *client_pub_key_bn = s2n_get_Ys_dh_param(&client_params);
281 [ - + ][ # # ]: 24 : POSIX_ENSURE_REF(client_pub_key_bn);
282 : 24 : client_pub_key_size = BN_num_bytes(client_pub_key_bn);
283 [ - + ]: 24 : POSIX_GUARD(s2n_stuffer_write_uint16(Yc_out, client_pub_key_size));
284 : 24 : client_pub_key = s2n_stuffer_raw_write(Yc_out, client_pub_key_size);
285 [ - + ]: 24 : if (client_pub_key == NULL) {
286 [ # # ]: 0 : POSIX_GUARD(s2n_free(shared_key));
287 [ # # ]: 0 : POSIX_GUARD(s2n_dh_params_free(&client_params));
288 [ # # ]: 0 : POSIX_BAIL(S2N_ERR_DH_WRITING_PUBLIC_KEY);
289 : 0 : }
290 : :
291 [ - + ]: 24 : if (BN_bn2bin(client_pub_key_bn, client_pub_key) != client_pub_key_size) {
292 [ # # ]: 0 : POSIX_GUARD(s2n_free(shared_key));
293 [ # # ]: 0 : POSIX_GUARD(s2n_dh_params_free(&client_params));
294 [ # # ]: 0 : POSIX_BAIL(S2N_ERR_DH_COPYING_PUBLIC_KEY);
295 : 0 : }
296 : :
297 : : /* server_dh_params already validated */
298 : 24 : const BIGNUM *server_pub_key_bn = s2n_get_Ys_dh_param(server_dh_params);
299 : 24 : int server_dh_params_size = DH_size(server_dh_params->dh);
300 : 24 : shared_key_size = DH_compute_key(shared_key->data, server_pub_key_bn, client_params.dh);
301 [ - + ]: 24 : if (shared_key_size < 0) {
302 [ # # ]: 0 : POSIX_GUARD(s2n_free(shared_key));
303 [ # # ]: 0 : POSIX_GUARD(s2n_dh_params_free(&client_params));
304 [ # # ]: 0 : POSIX_BAIL(S2N_ERR_DH_SHARED_SECRET);
305 : 0 : }
306 : :
307 : 24 : s2n_dh_pad_shared_secret(shared_key, shared_key_size, server_dh_params_size);
308 : :
309 [ - + ]: 24 : POSIX_GUARD(s2n_dh_params_free(&client_params));
310 : :
311 : 24 : return S2N_SUCCESS;
312 : 24 : }
313 : :
314 : : int s2n_dh_compute_shared_secret_as_server(struct s2n_dh_params *server_dh_params, struct s2n_stuffer *Yc_in,
315 : : struct s2n_blob *shared_key)
316 : 25 : {
317 : 25 : uint16_t Yc_length = 0;
318 : 25 : struct s2n_blob Yc = { 0 };
319 : 25 : int shared_key_size = 0;
320 : 25 : BIGNUM *pub_key = NULL;
321 : :
322 [ - + ]: 25 : POSIX_GUARD(s2n_check_all_dh_params(server_dh_params));
323 : 25 : int server_dh_params_size = DH_size(server_dh_params->dh);
324 [ - + ][ # # ]: 25 : POSIX_ENSURE(server_dh_params_size <= INT32_MAX, S2N_ERR_INTEGER_OVERFLOW);
325 : :
326 : : /*
327 : : * As defined in https://www.rfc-editor.org/rfc/rfc5246#section-7.4.7.2,
328 : : * the client's DH public value (Yc) is sent as a variable-length opaque value.
329 : : * Validate that Yc_length does not exceed the DH group size to prevent
330 : : * unnecessary computation and memory allocation on oversized keys.
331 : : *
332 : : * According to https://www.rfc-editor.org/rfc/rfc2631#section-2.1.5,
333 : : * the valid range of Yc is [2, p-1]. When encoding a BIGNUM to bytes,
334 : : * leading zeros are often stripped, in which case Yc_length might be
335 : : * less than server_dh_params_size.
336 : : */
337 [ - + ]: 25 : POSIX_GUARD(s2n_stuffer_read_uint16(Yc_in, &Yc_length));
338 [ # # ][ - + ]: 25 : POSIX_ENSURE(Yc_length > 0, S2N_ERR_DH_SHARED_SECRET);
339 [ + + ][ + - ]: 25 : POSIX_ENSURE((int) Yc_length <= server_dh_params_size, S2N_ERR_DH_SHARED_SECRET);
340 : :
341 : 24 : Yc.size = Yc_length;
342 : 24 : Yc.data = s2n_stuffer_raw_read(Yc_in, Yc.size);
343 [ - + ][ # # ]: 24 : POSIX_ENSURE_REF(Yc.data);
344 : :
345 : 24 : pub_key = BN_bin2bn((const unsigned char *) Yc.data, Yc.size, NULL);
346 [ - + ][ # # ]: 24 : POSIX_ENSURE_REF(pub_key);
347 [ - + ]: 24 : POSIX_GUARD(s2n_alloc(shared_key, server_dh_params_size));
348 : :
349 : 24 : shared_key_size = DH_compute_key(shared_key->data, pub_key, server_dh_params->dh);
350 [ - + ]: 24 : if (shared_key_size <= 0) {
351 : 0 : BN_free(pub_key);
352 [ # # ]: 0 : POSIX_BAIL(S2N_ERR_DH_SHARED_SECRET);
353 : 0 : }
354 : :
355 : 24 : s2n_dh_pad_shared_secret(shared_key, shared_key_size, server_dh_params_size);
356 : :
357 : 24 : BN_free(pub_key);
358 : :
359 : 24 : return S2N_SUCCESS;
360 : 24 : }
361 : :
362 : : int s2n_dh_params_check(struct s2n_dh_params *dh_params)
363 : 108 : {
364 [ # # ][ - + ]: 108 : POSIX_ENSURE_REF(dh_params);
365 [ - + ][ # # ]: 108 : POSIX_ENSURE_REF(dh_params->dh);
366 : 108 : int codes = 0;
367 : :
368 [ - + ][ # # ]: 108 : POSIX_GUARD_OSSL(DH_check(dh_params->dh, &codes), S2N_ERR_DH_PARAMETER_CHECK);
369 [ # # ][ - + ]: 108 : POSIX_ENSURE(codes == 0, S2N_ERR_DH_PARAMETER_CHECK);
370 : :
371 : 108 : return S2N_SUCCESS;
372 : 108 : }
373 : :
374 : : int s2n_dh_params_copy(struct s2n_dh_params *from, struct s2n_dh_params *to)
375 : 48 : {
376 [ - + ]: 48 : POSIX_GUARD(s2n_check_p_g_dh_params(from));
377 [ # # ][ - + ]: 48 : POSIX_ENSURE_REF(to);
378 : :
379 : 48 : to->dh = DHparams_dup(from->dh);
380 [ # # ][ - + ]: 48 : POSIX_ENSURE(to->dh != NULL, S2N_ERR_DH_COPYING_PARAMETERS);
381 : :
382 : 48 : return S2N_SUCCESS;
383 : 48 : }
384 : :
385 : : int s2n_dh_generate_ephemeral_key(struct s2n_dh_params *dh_params)
386 : 50 : {
387 [ - + ]: 50 : POSIX_GUARD(s2n_check_p_g_dh_params(dh_params));
388 : :
389 [ # # ][ - + ]: 50 : POSIX_GUARD_OSSL(DH_generate_key(dh_params->dh), S2N_ERR_DH_GENERATING_PARAMETERS);
390 : :
391 : 50 : return S2N_SUCCESS;
392 : 50 : }
393 : :
394 : : int s2n_dh_params_free(struct s2n_dh_params *dh_params)
395 : 3548924 : {
396 [ - + ][ # # ]: 3548924 : POSIX_ENSURE_REF(dh_params);
397 : 3548924 : DH_free(dh_params->dh);
398 : 3548924 : dh_params->dh = NULL;
399 : :
400 : 3548924 : return S2N_SUCCESS;
401 : 3548924 : }
|