X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~mdw/git/secnet/blobdiff_plain/5f679c36ccb3e125ee6e8372a60d0f2e8bf410fe..3f488f14527df0f3da6616bcc26c2cf69f627df9:/site.c

diff --git a/site.c b/site.c
index 2ca333b..0b2e2d0 100644
--- a/site.c
+++ b/site.c
@@ -369,7 +369,6 @@ struct site {
     uint64_t timeout; /* Timeout for current state */
     uint8_t *dhsecret;
     uint8_t *sharedsecret;
-    uint32_t sharedsecretlen, sharedsecretallocd;
     struct transform_inst_if *new_transform; /* For key setup/verify */
 };
 
@@ -550,26 +549,16 @@ static _Bool set_new_transform(struct site *st, char *pk)
 {
     _Bool ok;
 
-    /* Make room for the shared key */
-    st->sharedsecretlen=st->chosen_transform->keylen?:st->dh->shared_len;
-    assert(st->sharedsecretlen);
-    if (st->sharedsecretlen > st->sharedsecretallocd) {
-	st->sharedsecretallocd=st->sharedsecretlen;
-	st->sharedsecret=safe_realloc_ary(st->sharedsecret,1,
-					  st->sharedsecretallocd,
-					  "site:sharedsecret");
-    }
-
     /* Generate the shared key */
     if (!st->dh->makeshared(st->dh->st,st->dhsecret,st->dh->secret_len,
-			    pk, st->sharedsecret,st->sharedsecretlen))
+			    pk, st->sharedsecret,st->dh->shared_len))
 	return False;
 
     /* Set up the transform */
     struct transform_if *generator=st->chosen_transform;
     struct transform_inst_if *generated=generator->create(generator->st);
     ok = generated->setkey(generated->st,st->sharedsecret,
-			   st->sharedsecretlen,st->our_name_later);
+			   st->dh->shared_len,st->our_name_later);
 
     dispose_transform(&st->new_transform);
     if (!ok) return False;
@@ -1503,7 +1492,7 @@ static void enter_state_run(struct site *st)
     FILLZERO(st->remoteN);
     dispose_transform(&st->new_transform);
     memset(st->dhsecret,0,st->dh->secret_len);
-    if (st->sharedsecret) memset(st->sharedsecret,0,st->sharedsecretlen);
+    memset(st->sharedsecret,0,st->dh->shared_len);
     set_link_quality(st);
 
     if (st->keepalive && !current_valid(st))
@@ -2242,8 +2231,7 @@ static list_t *site_apply(closure_t *self, struct cloc loc, dict_t *context,
     transport_peers_clear(st,&st->setup_peers);
     /* XXX mlock these */
     st->dhsecret=safe_malloc(st->dh->secret_len,"site:dhsecret");
-    st->sharedsecretlen=st->sharedsecretallocd=0;
-    st->sharedsecret=0;
+    st->sharedsecret=safe_malloc(st->dh->shared_len, "site:sharedsecret");
 
 #define SET_CAPBIT(bit) do {						\
     uint32_t capflag = 1UL << (bit);					\