SECStatus
cmmf_CopyCertifiedKeyPair(PLArenaPool *poolp, CMMFCertifiedKeyPair *dest,
CMMFCertifiedKeyPair *src)
{
SECStatus rv;
rv = cmmf_CopyCertOrEncCert(poolp, &dest->certOrEncCert,
&src->certOrEncCert);
if (rv != SECSuccess) {
return rv;
}
if (src->privateKey != NULL) {
CRMFEncryptedValue *encVal;
encVal = (poolp == NULL) ? PORT_ZNew(CRMFEncryptedValue) :
PORT_ArenaZNew(poolp, CRMFEncryptedValue);
if (encVal == NULL) {
return SECFailure;
}
rv = crmf_copy_encryptedvalue(poolp, src->privateKey,
encVal);
if (rv != SECSuccess) {
if (!poolp) {
crmf_destroy_encrypted_value(encVal, PR_TRUE);
}
return rv;
}
dest->privateKey = encVal;
}
rv = cmmf_copy_secitem(poolp, &dest->derPublicationInfo,
&src->derPublicationInfo);
return rv;
}
SECAlgorithmID *
CRMF_POPOSigningKeyGetAlgID(CRMFPOPOSigningKey *inSignKey)
{
SECAlgorithmID *newAlgId = NULL;
SECStatus rv;
PORT_Assert(inSignKey != NULL);
if (inSignKey == NULL) {
return NULL;
}
newAlgId = PORT_ZNew(SECAlgorithmID);
if (newAlgId == NULL) {
goto loser;
}
rv = SECOID_CopyAlgorithmID(NULL, newAlgId,
inSignKey->algorithmIdentifier);
if (rv != SECSuccess) {
goto loser;
}
return newAlgId;
loser:
if (newAlgId != NULL) {
SECOID_DestroyAlgorithmID(newAlgId, PR_TRUE);
}
return NULL;
}
static CRMFPKIArchiveOptions *
crmf_create_encr_pivkey_option(CRMFEncryptedKey *inEncryptedKey)
{
CRMFPKIArchiveOptions *newArchOpt;
SECStatus rv;
newArchOpt = PORT_ZNew(CRMFPKIArchiveOptions);
if (newArchOpt == NULL) {
goto loser;
}
rv = crmf_copy_encryptedkey(NULL, inEncryptedKey,
&newArchOpt->option.encryptedKey);
if (rv != SECSuccess) {
goto loser;
}
newArchOpt->archOption = crmfEncryptedPrivateKey;
return newArchOpt;
loser:
if (newArchOpt != NULL) {
CRMF_DestroyPKIArchiveOptions(newArchOpt);
}
return NULL;
}
static CRMFPKIArchiveOptions *
crmf_create_arch_rem_gen_privkey(PRBool archiveRemGenPrivKey)
{
unsigned char value;
SECItem *dummy;
CRMFPKIArchiveOptions *newArchOptions;
value = (archiveRemGenPrivKey) ? hexTrue : hexFalse;
newArchOptions = PORT_ZNew(CRMFPKIArchiveOptions);
if (newArchOptions == NULL) {
goto loser;
}
dummy = SEC_ASN1EncodeItem(NULL,
&newArchOptions->option.archiveRemGenPrivKey,
&value, SEC_ASN1_GET(SEC_BooleanTemplate));
PORT_Assert(dummy == &newArchOptions->option.archiveRemGenPrivKey);
if (dummy != &newArchOptions->option.archiveRemGenPrivKey) {
SECITEM_FreeItem(dummy, PR_TRUE);
goto loser;
}
newArchOptions->archOption = crmfArchiveRemGenPrivKey;
return newArchOptions;
loser:
if (newArchOptions != NULL) {
CRMF_DestroyPKIArchiveOptions(newArchOptions);
}
return NULL;
}
static SECItem *
crmf_get_iv(CK_MECHANISM_TYPE mechType)
{
int iv_size = PK11_GetIVLength(mechType);
SECItem *iv;
SECStatus rv;
iv = PORT_ZNew(SECItem);
if (iv == NULL) {
return NULL;
}
if (iv_size == 0) {
iv->data = NULL;
iv->len = 0;
return iv;
}
iv->data = PORT_NewArray(unsigned char, iv_size);
if (iv->data == NULL) {
iv->len = 0;
return iv;
}
iv->len = iv_size;
rv = PK11_GenerateRandom(iv->data, iv->len);
if (rv != SECSuccess) {
PORT_Free(iv->data);
iv->data = NULL;
iv->len = 0;
}
return iv;
}
SECStatus
crmf_copy_encryptedvalue_secalg(PLArenaPool *poolp,
SECAlgorithmID *srcAlgId,
SECAlgorithmID **destAlgId)
{
SECAlgorithmID *newAlgId;
SECStatus rv;
newAlgId = (poolp != NULL) ? PORT_ArenaZNew(poolp, SECAlgorithmID) :
PORT_ZNew(SECAlgorithmID);
if (newAlgId == NULL) {
return SECFailure;
}
rv = SECOID_CopyAlgorithmID(poolp, newAlgId, srcAlgId);
if (rv != SECSuccess) {
if (!poolp) {
SECOID_DestroyAlgorithmID(newAlgId, PR_TRUE);
}
return rv;
}
*destAlgId = newAlgId;
return rv;
}
static SECStatus
cmmf_CopyCertOrEncCert(PLArenaPool *poolp, CMMFCertOrEncCert *dest,
CMMFCertOrEncCert *src)
{
SECStatus rv = SECSuccess;
CRMFEncryptedValue *encVal;
dest->choice = src->choice;
rv = cmmf_copy_secitem(poolp, &dest->derValue, &src->derValue);
switch (src->choice) {
case cmmfCertificate:
dest->cert.certificate = CERT_DupCertificate(src->cert.certificate);
break;
case cmmfEncryptedCert:
encVal = (poolp == NULL) ? PORT_ZNew(CRMFEncryptedValue) :
PORT_ArenaZNew(poolp, CRMFEncryptedValue);
if (encVal == NULL) {
return SECFailure;
}
rv = crmf_copy_encryptedvalue(poolp, src->cert.encryptedCert, encVal);
if (rv != SECSuccess) {
if (!poolp) {
crmf_destroy_encrypted_value(encVal, PR_TRUE);
}
return rv;
}
dest->cert.encryptedCert = encVal;
break;
default:
rv = SECFailure;
}
return rv;
}
SECStatus
CMMF_CertResponseSetCertificate(CMMFCertResponse *inCertResp,
CERTCertificate *inCertificate)
{
CMMFCertifiedKeyPair *keyPair = NULL;
SECStatus rv = SECFailure;
PORT_Assert(inCertResp != NULL && inCertificate != NULL);
if (inCertResp == NULL || inCertificate == NULL) {
return SECFailure;
}
if (inCertResp->certifiedKeyPair == NULL) {
keyPair = inCertResp->certifiedKeyPair =
PORT_ZNew(CMMFCertifiedKeyPair);
} else {
keyPair = inCertResp->certifiedKeyPair;
}
if (keyPair == NULL) {
goto loser;
}
rv = cmmf_CertOrEncCertSetCertificate(&keyPair->certOrEncCert, NULL,
inCertificate);
if (rv != SECSuccess) {
goto loser;
}
return SECSuccess;
loser:
if (keyPair) {
if (keyPair->certOrEncCert.derValue.data) {
PORT_Free(keyPair->certOrEncCert.derValue.data);
}
PORT_Free(keyPair);
}
return rv;
}
CRMFPKIArchiveOptions *
CRMF_ControlGetPKIArchiveOptions(CRMFControl *inControl)
{
CRMFPKIArchiveOptions *newOpt = NULL;
SECStatus rv;
PORT_Assert(inControl != NULL);
if (inControl == NULL ||
CRMF_ControlGetControlType(inControl) != crmfPKIArchiveOptionsControl) {
goto loser;
}
newOpt = PORT_ZNew(CRMFPKIArchiveOptions);
if (newOpt == NULL) {
goto loser;
}
rv = crmf_copy_pkiarchiveoptions(NULL, newOpt,
&inControl->value.archiveOptions);
if (rv != SECSuccess) {
goto loser;
}
loser:
if (newOpt != NULL) {
CRMF_DestroyPKIArchiveOptions(newOpt);
}
return NULL;
}
CRMFEncryptedKey *
CRMF_PKIArchiveOptionsGetEncryptedPrivKey(CRMFPKIArchiveOptions *inOpts)
{
CRMFEncryptedKey *newEncrKey = NULL;
SECStatus rv;
PORT_Assert(inOpts != NULL);
if (inOpts == NULL ||
CRMF_PKIArchiveOptionsGetOptionType(inOpts) != crmfEncryptedPrivateKey) {
return NULL;
}
newEncrKey = PORT_ZNew(CRMFEncryptedKey);
if (newEncrKey == NULL) {
goto loser;
}
rv = crmf_copy_encryptedkey(NULL, &inOpts->option.encryptedKey,
newEncrKey);
if (rv != SECSuccess) {
goto loser;
}
return newEncrKey;
loser:
if (newEncrKey != NULL) {
CRMF_DestroyEncryptedKey(newEncrKey);
}
return NULL;
}
SECItem *
CRMF_POPOSigningKeyGetSignature(CRMFPOPOSigningKey *inSignKey)
{
SECItem *newSig = NULL;
SECStatus rv;
PORT_Assert(inSignKey != NULL);
if (inSignKey == NULL) {
return NULL;
}
newSig = PORT_ZNew(SECItem);
if (newSig == NULL) {
goto loser;
}
rv = crmf_make_bitstring_copy(NULL, newSig, &inSignKey->signature);
if (rv != SECSuccess) {
goto loser;
}
return newSig;
loser:
if (newSig != NULL) {
SECITEM_FreeItem(newSig, PR_TRUE);
}
return NULL;
}
CRMFEncryptedValue *
CRMF_EncryptedKeyGetEncryptedValue(CRMFEncryptedKey *inEncrKey)
{
CRMFEncryptedValue *newEncrValue = NULL;
SECStatus rv;
PORT_Assert(inEncrKey != NULL);
if (inEncrKey == NULL ||
CRMF_EncryptedKeyGetChoice(inEncrKey) != crmfEncryptedValueChoice) {
goto loser;
}
newEncrValue = PORT_ZNew(CRMFEncryptedValue);
if (newEncrValue == NULL) {
goto loser;
}
rv = crmf_copy_encryptedvalue(NULL, &inEncrKey->value.encryptedValue,
newEncrValue);
if (rv != SECSuccess) {
goto loser;
}
return newEncrValue;
loser:
if (newEncrValue != NULL) {
CRMF_DestroyEncryptedValue(newEncrValue);
}
return NULL;
}
SECStatus
crmf_template_add_public_key(PLArenaPool *poolp,
CERTSubjectPublicKeyInfo **dest,
CERTSubjectPublicKeyInfo *pubKey)
{
CERTSubjectPublicKeyInfo *spki;
SECStatus rv;
*dest = spki = (poolp == NULL) ?
PORT_ZNew(CERTSubjectPublicKeyInfo) :
PORT_ArenaZNew (poolp, CERTSubjectPublicKeyInfo);
if (spki == NULL) {
goto loser;
}
rv = SECKEY_CopySubjectPublicKeyInfo (poolp, spki, pubKey);
if (rv != SECSuccess) {
goto loser;
}
return SECSuccess;
loser:
if (poolp == NULL && spki != NULL) {
SECKEY_DestroySubjectPublicKeyInfo(spki);
}
*dest = NULL;
return SECFailure;
}
NSSLOWHASHContext *
NSSLOWHASH_NewContext(NSSLOWInitContext *initContext,
HASH_HashType hashType)
{
NSSLOWHASHContext *context;
if (post_failed) {
PORT_SetError(SEC_ERROR_PKCS11_DEVICE_ERROR);
return NULL;
}
if (initContext != &dummyContext) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return (NULL);
}
context = PORT_ZNew(NSSLOWHASHContext);
if (!context) {
return NULL;
}
context->hashObj = HASH_GetRawHashObject(hashType);
if (!context->hashObj) {
PORT_Free(context);
return NULL;
}
context->hashCtxt = context->hashObj->create();
if (!context->hashCtxt) {
PORT_Free(context);
return NULL;
}
return context;
}
SECStatus
SSLExp_InstallExtensionHooks(PRFileDesc *fd, PRUint16 extension,
SSLExtensionWriter writer, void *writerArg,
SSLExtensionHandler handler, void *handlerArg)
{
sslSocket *ss = ssl_FindSocket(fd);
PRCList *cursor;
sslCustomExtensionHooks *hook;
if (!ss) {
return SECFailure; /* Code already set. */
}
/* Need to specify both or neither, but not just one. */
if ((writer && !handler) || (!writer && handler)) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
if (ssl_GetExtensionSupport(extension) == ssl_ext_native_only) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
if (ss->firstHsDone || ((ss->ssl3.hs.ws != idle_handshake) &&
(ss->ssl3.hs.ws != wait_client_hello))) {
PORT_SetError(PR_INVALID_STATE_ERROR);
return SECFailure;
}
/* Remove any old handler. */
for (cursor = PR_NEXT_LINK(&ss->extensionHooks);
cursor != &ss->extensionHooks;
cursor = PR_NEXT_LINK(cursor)) {
hook = (sslCustomExtensionHooks *)cursor;
if (hook->type == extension) {
PR_REMOVE_LINK(&hook->link);
PORT_Free(hook);
break;
}
}
if (!writer && !handler) {
return SECSuccess;
}
hook = PORT_ZNew(sslCustomExtensionHooks);
if (!hook) {
return SECFailure; /* This removed the old one, oh well. */
}
hook->type = extension;
hook->writer = writer;
hook->writerArg = writerArg;
hook->handler = handler;
hook->handlerArg = handlerArg;
PR_APPEND_LINK(&hook->link, &ss->extensionHooks);
return SECSuccess;
}
/*
* NSS_CMSContentInfo_Create - create a content info
*
* version is set in the _Finalize procedures for each content type
*/
SECStatus
NSS_CMSContentInfo_Private_Init(NSSCMSContentInfo *cinfo)
{
if (cinfo->privateInfo) {
return SECSuccess;
}
cinfo->privateInfo = PORT_ZNew(NSSCMSContentInfoPrivate);
return (cinfo->privateInfo) ? SECSuccess : SECFailure;
}
DESContext *
DES_CreateContext(const BYTE * key, const BYTE *iv, int mode, PRBool encrypt)
{
DESContext *cx = PORT_ZNew(DESContext);
SECStatus rv = DES_InitContext(cx, key, 0, iv, mode, encrypt, 0);
if (rv != SECSuccess) {
PORT_ZFree(cx, sizeof *cx);
cx = NULL;
}
return cx;
}
/* Go through hello extensions in |b| and deserialize
* them into the list in |ss->ssl3.hs.remoteExtensions|.
* The only checking we do in this point is for duplicates.
*
* IMPORTANT: This list just contains pointers to the incoming
* buffer so they can only be used during ClientHello processing.
*/
SECStatus
ssl3_ParseExtensions(sslSocket *ss, PRUint8 **b, PRUint32 *length)
{
/* Clean out the extensions list. */
ssl3_DestroyRemoteExtensions(&ss->ssl3.hs.remoteExtensions);
while (*length) {
SECStatus rv;
PRUint32 extension_type;
SECItem extension_data = { siBuffer, NULL, 0 };
TLSExtension *extension;
PRCList *cursor;
/* Get the extension's type field */
rv = ssl3_ConsumeHandshakeNumber(ss, &extension_type, 2, b, length);
if (rv != SECSuccess) {
return SECFailure; /* alert already sent */
}
/* Check whether an extension has been sent multiple times. */
for (cursor = PR_NEXT_LINK(&ss->ssl3.hs.remoteExtensions);
cursor != &ss->ssl3.hs.remoteExtensions;
cursor = PR_NEXT_LINK(cursor)) {
if (((TLSExtension *)cursor)->type == extension_type) {
(void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter);
PORT_SetError(SSL_ERROR_RX_UNEXPECTED_EXTENSION);
return SECFailure;
}
}
/* Get the data for this extension, so we can pass it or skip it. */
rv = ssl3_ConsumeHandshakeVariable(ss, &extension_data, 2, b, length);
if (rv != SECSuccess) {
return rv; /* alert already sent */
}
SSL_TRC(10, ("%d: SSL3[%d]: parsed extension %d len=%u",
SSL_GETPID(), ss->fd, extension_type, extension_data.len));
extension = PORT_ZNew(TLSExtension);
if (!extension) {
return SECFailure;
}
extension->type = (PRUint16)extension_type;
extension->data = extension_data;
PR_APPEND_LINK(&extension->link, &ss->ssl3.hs.remoteExtensions);
}
return SECSuccess;
}
sslServerCert *
ssl_NewServerCert(const sslServerCertType *certType)
{
sslServerCert *sc = PORT_ZNew(sslServerCert);
if (!sc) {
return NULL;
}
memcpy(&sc->certType, certType, sizeof(sc->certType));
sc->serverCert = NULL;
sc->serverCertChain = NULL;
sc->certStatusArray = NULL;
sc->signedCertTimestamps.len = 0;
return sc;
}
/*
** Create a new RC2 context suitable for RC2 encryption/decryption.
** "key" raw key data
** "len" the number of bytes of key data
** "iv" is the CBC initialization vector (if mode is NSS_RC2_CBC)
** "mode" one of NSS_RC2 or NSS_RC2_CBC
** "effectiveKeyLen" in bytes, not bits.
**
** When mode is set to NSS_RC2_CBC the RC2 cipher is run in "cipher block
** chaining" mode.
*/
RC2Context *
RC2_CreateContext(const unsigned char *key, unsigned int len,
const unsigned char *iv, int mode, unsigned efLen8)
{
RC2Context *cx = PORT_ZNew(RC2Context);
if (cx) {
SECStatus rv = RC2_InitContext(cx, key, len, iv, mode, efLen8, 0);
if (rv != SECSuccess) {
RC2_DestroyContext(cx, PR_TRUE);
cx = NULL;
}
}
return cx;
}
ssl3CipherSpec *
ssl_CreateCipherSpec(sslSocket *ss, CipherSpecDirection direction)
{
ssl3CipherSpec *spec = PORT_ZNew(ssl3CipherSpec);
if (!spec) {
return NULL;
}
spec->refCt = 1;
spec->version = ss->version;
spec->direction = direction;
SSL_TRC(10, ("%d: SSL[%d]: new %s spec %d ct=%d",
SSL_GETPID(), ss->fd, SPEC_DIR(spec), spec,
spec->refCt));
return spec;
}
PK11RSAGenParams *
GetRSAParams(void)
{
PK11RSAGenParams *rsaParams;
rsaParams = PORT_ZNew(PK11RSAGenParams);
if (rsaParams == NULL)
return NULL;
rsaParams->keySizeInBits = MAX_KEY_LEN;
rsaParams->pe = 0x10001;
return rsaParams;
}
CRMFEncryptedKey *
CRMF_CreateEncryptedKeyWithEncryptedValue(SECKEYPrivateKey *inPrivKey,
CERTCertificate *inCACert)
{
SECKEYPublicKey *caPubKey = NULL;
CRMFEncryptedKey *encKey = NULL;
PORT_Assert(inPrivKey != NULL && inCACert != NULL);
if (inPrivKey == NULL || inCACert == NULL) {
return NULL;
}
caPubKey = CERT_ExtractPublicKey(inCACert);
if (caPubKey == NULL) {
goto loser;
}
encKey = PORT_ZNew(CRMFEncryptedKey);
if (encKey == NULL) {
goto loser;
}
#ifdef DEBUG
{
CRMFEncryptedValue *dummy =
crmf_create_encrypted_value_wrapped_privkey(
inPrivKey, caPubKey, &encKey->value.encryptedValue);
PORT_Assert(dummy == &encKey->value.encryptedValue);
}
#else
crmf_create_encrypted_value_wrapped_privkey(
inPrivKey, caPubKey, &encKey->value.encryptedValue);
#endif
/* We won't add the der value here, but rather when it
* becomes part of a certificate request.
*/
SECKEY_DestroyPublicKey(caPubKey);
encKey->encKeyChoice = crmfEncryptedValueChoice;
return encKey;
loser:
if (encKey != NULL) {
CRMF_DestroyEncryptedKey(encKey);
}
if (caPubKey != NULL) {
SECKEY_DestroyPublicKey(caPubKey);
}
return NULL;
}
void
rememberCert(CERTCertificate * cert, PRBool trusted)
{
if (trusted) {
if (!trustedCertList) {
trustedCertList = CERT_NewCertList();
}
CERT_AddCertToListTail(trustedCertList, cert);
} else {
certMem * newCertMem = PORT_ZNew(certMem);
if (newCertMem) {
newCertMem->next = theCerts;
newCertMem->cert = cert;
theCerts = newCertMem;
}
}
}
SECStatus
CRMF_CertReqMsgGetPOPKeyEncipherment(CRMFCertReqMsg *inCertReqMsg,
CRMFPOPOPrivKey **destKey)
{
PORT_Assert(inCertReqMsg != NULL && destKey != NULL);
if (inCertReqMsg == NULL || destKey == NULL ||
CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfKeyEncipherment) {
return SECFailure;
}
*destKey = PORT_ZNew(CRMFPOPOPrivKey);
if (*destKey == NULL) {
return SECFailure;
}
return crmf_copy_popoprivkey(NULL,
&inCertReqMsg->pop->popChoice.keyEncipherment,
*destKey);
}
SECStatus
CRMF_CertReqMsgGetPOPOSigningKey(CRMFCertReqMsg *inCertReqMsg,
CRMFPOPOSigningKey **destKey)
{
CRMFProofOfPossession *pop;
PORT_Assert(inCertReqMsg != NULL);
if (inCertReqMsg == NULL) {
return SECFailure;
}
pop = inCertReqMsg->pop;;
if (pop->popUsed != crmfSignature) {
return SECFailure;
}
*destKey = PORT_ZNew(CRMFPOPOSigningKey);
if (*destKey == NULL) {
return SECFailure;
}
return crmf_copy_poposigningkey(NULL,&pop->popChoice.signature, *destKey);
}
CTSContext *
CTS_CreateContext(void *context, freeblCipherFunc cipher,
const unsigned char *iv, unsigned int blocksize)
{
CTSContext *cts;
if (blocksize > MAX_BLOCK_SIZE) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return NULL;
}
cts = PORT_ZNew(CTSContext);
if (cts == NULL) {
return NULL;
}
PORT_Memcpy(cts->iv, iv, blocksize);
cts->cipher = cipher;
cts->context = context;
return cts;
}
CTRContext *
CTR_CreateContext(void *context, freeblCipherFunc cipher,
const unsigned char *param, unsigned int blocksize)
{
CTRContext *ctr;
SECStatus rv;
/* first fill in the Counter context */
ctr = PORT_ZNew(CTRContext);
if (ctr == NULL) {
return NULL;
}
rv = CTR_InitContext(ctr, context, cipher, param, blocksize);
if (rv != SECSuccess) {
CTR_DestroyContext(ctr, PR_TRUE);
ctr = NULL;
}
return ctr;
}
PLArenaPool *
PORT_NewArena(unsigned long chunksize)
{
PORTArenaPool *pool;
pool = PORT_ZNew(PORTArenaPool);
if (!pool) {
return NULL;
}
pool->magic = ARENAPOOL_MAGIC;
pool->lock = PZ_NewLock(nssILockArena);
if (!pool->lock) {
++port_allocFailures;
PORT_Free(pool);
return NULL;
}
PL_InitArenaPool(&pool->arena, "security", chunksize, sizeof(double));
return(&pool->arena);
}
static SECStatus
tls13_HandleKeyShareEntry(const sslSocket *ss, TLSExtensionData *xtnData, SECItem *data)
{
SECStatus rv;
PRUint32 group;
const sslNamedGroupDef *groupDef;
TLS13KeyShareEntry *ks = NULL;
SECItem share = { siBuffer, NULL, 0 };
rv = ssl3_ExtConsumeHandshakeNumber(ss, &group, 2, &data->data, &data->len);
if (rv != SECSuccess) {
PORT_SetError(SSL_ERROR_RX_MALFORMED_KEY_SHARE);
goto loser;
}
groupDef = ssl_LookupNamedGroup(group);
rv = ssl3_ExtConsumeHandshakeVariable(ss, &share, 2, &data->data,
&data->len);
if (rv != SECSuccess) {
goto loser;
}
/* If the group is disabled, continue. */
if (!groupDef) {
return SECSuccess;
}
ks = PORT_ZNew(TLS13KeyShareEntry);
if (!ks)
goto loser;
ks->group = groupDef;
rv = SECITEM_CopyItem(NULL, &ks->key_exchange, &share);
if (rv != SECSuccess)
goto loser;
PR_APPEND_LINK(&ks->link, &xtnData->remoteKeyShares);
return SECSuccess;
loser:
if (ks)
tls13_DestroyKeyShareEntry(ks);
return SECFailure;
}