tls-crypto: Move AEAD ownership to the protection layer

author Pascal Knecht <pascal.knecht@hsr.ch>

Wed, 28 Oct 2020 20:54:09 +0000 (21:54 +0100)

committer Tobias Brunner <tobias@strongswan.org>

Fri, 12 Feb 2021 13:35:23 +0000 (14:35 +0100)
author Pascal Knecht <pascal.knecht@hsr.ch>
Wed, 28 Oct 2020 20:54:09 +0000 (21:54 +0100)
committer Tobias Brunner <tobias@strongswan.org>
Fri, 12 Feb 2021 13:35:23 +0000 (14:35 +0100)
diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c

index 2d04752..78d9a50 100644 (file)
--- a/src/libtls/tls_crypto.c
+++ b/src/libtls/tls_crypto.c
@@ -2162,8 +2162,17 @@ static bool derive_labeled_keys(private_tls_crypto_t *this,
                                                                 tls_hkdf_label_t client_label,
                                                                 tls_hkdf_label_t server_label)
  {
-       tls_aead_t *aead_c = this->aead_out, *aead_s = this->aead_in;
+       tls_aead_t *aead_c, *aead_s;
+       suite_algs_t *algs;
  
+       algs = find_suite(this->suite);
+       destroy_aeads(this);
+       if (!create_aead(this, algs))
+       {
+               return FALSE;
+       }
+       aead_c = this->aead_out;
+       aead_s = this->aead_in;
         if (this->tls->is_server(this->tls))
         {
                 aead_c = this->aead_in;
@@ -2209,8 +2218,15 @@ METHOD(tls_crypto_t, derive_app_keys, bool,
  METHOD(tls_crypto_t, update_app_keys, bool,
         private_tls_crypto_t *this, bool inbound)
  {
+       suite_algs_t *algs;
         tls_hkdf_label_t label = TLS_HKDF_UPD_C_TRAFFIC;
  
+       algs = find_suite(this->suite);
+       destroy_aeads(this);
+       if (!create_aead(this, algs))
+       {
+               return FALSE;
+       }
         if (this->tls->is_server(this->tls) != inbound)
         {
                 label = TLS_HKDF_UPD_S_TRAFFIC;
@@ -2264,10 +2280,12 @@ METHOD(tls_crypto_t, change_cipher, void,
                 if (inbound)
                 {
                         this->protection->set_cipher(this->protection, TRUE, this->aead_in);
+                       this->aead_in = NULL;
                 }
                 else
                 {
                         this->protection->set_cipher(this->protection, FALSE, this->aead_out);
+                       this->aead_out = NULL;
                 }
         }
  }
diff --git a/src/libtls/tls_protection.c b/src/libtls/tls_protection.c

index 3d0ec48..2dcca4e 100644 (file)
--- a/src/libtls/tls_protection.c
+++ b/src/libtls/tls_protection.c
@@ -123,11 +123,13 @@ METHOD(tls_protection_t, set_cipher, void,
  {
         if (inbound)
         {
+               DESTROY_IF(this->aead_in);
                 this->aead_in = aead;
                 this->seq_in = 0;
         }
         else
         {
+               DESTROY_IF(this->aead_out);
                 this->aead_out = aead;
                 this->seq_out = 0;
         }
@@ -142,6 +144,8 @@ METHOD(tls_protection_t, set_version, void,
  METHOD(tls_protection_t, destroy, void,
         private_tls_protection_t *this)
  {
+       DESTROY_IF(this->aead_in);
+       DESTROY_IF(this->aead_out);
         free(this);
  }
author	Pascal Knecht <pascal.knecht@hsr.ch>
	Wed, 28 Oct 2020 20:54:09 +0000 (21:54 +0100)
committer	Tobias Brunner <tobias@strongswan.org>
	Fri, 12 Feb 2021 13:35:23 +0000 (14:35 +0100)
src/libtls/tls_crypto.c		patch \| blob \| history
src/libtls/tls_protection.c		patch \| blob \| history