From: jsing <jsing@openbsd.org>
Date: Thu, 6 Jan 2022 18:18:13 +0000 (+0000)
Subject: Allocate and free the EVP_AEAD_CTX struct in tls13_record_protection.
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=9115c013a940c9fd229f5f3e680aa67f602859ba;p=openbsd

Allocate and free the EVP_AEAD_CTX struct in tls13_record_protection.

This brings the code more in line with the tls12_record_layer and reduces
the effort needed to make EVP_AEAD_CTX opaque.

Prompted by and ok tb@
---

diff --git a/lib/libssl/tls13_record_layer.c b/lib/libssl/tls13_record_layer.c
index 40ac9b7cd42..b49d237951e 100644
--- a/lib/libssl/tls13_record_layer.c
+++ b/lib/libssl/tls13_record_layer.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_record_layer.c,v 1.65 2021/12/15 17:57:45 jsing Exp $ */
+/* $OpenBSD: tls13_record_layer.c,v 1.66 2022/01/06 18:18:13 jsing Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  *
@@ -25,7 +25,7 @@ static ssize_t tls13_record_layer_write_record(struct tls13_record_layer *rl,
     uint8_t content_type, const uint8_t *content, size_t content_len);
 
 struct tls13_record_protection {
-	EVP_AEAD_CTX aead_ctx;
+	EVP_AEAD_CTX *aead_ctx;
 	struct tls13_secret iv;
 	struct tls13_secret nonce;
 	uint8_t seq_num[TLS13_RECORD_SEQ_NUM_LEN];
@@ -40,12 +40,15 @@ tls13_record_protection_new(void)
 void
 tls13_record_protection_clear(struct tls13_record_protection *rp)
 {
-	EVP_AEAD_CTX_cleanup(&rp->aead_ctx);
+	if (rp->aead_ctx != NULL) {
+		EVP_AEAD_CTX_cleanup(rp->aead_ctx);
+		freezero(rp->aead_ctx, sizeof(*rp->aead_ctx));
+	}
 
 	tls13_secret_cleanup(&rp->iv);
 	tls13_secret_cleanup(&rp->nonce);
 
-	memset(rp->seq_num, 0, sizeof(rp->seq_num));
+	memset(rp, 0, sizeof(*rp));
 }
 
 void
@@ -458,6 +461,9 @@ tls13_record_layer_set_traffic_key(const EVP_AEAD *aead, const EVP_MD *hash,
 
 	tls13_record_protection_clear(rp);
 
+	if ((rp->aead_ctx = calloc(1, sizeof(*rp->aead_ctx))) == NULL)
+		return 0;
+
 	if (!tls13_secret_init(&rp->iv, EVP_AEAD_nonce_length(aead)))
 		goto err;
 	if (!tls13_secret_init(&rp->nonce, EVP_AEAD_nonce_length(aead)))
@@ -470,7 +476,7 @@ tls13_record_layer_set_traffic_key(const EVP_AEAD *aead, const EVP_MD *hash,
 	if (!tls13_hkdf_expand_label(&key, hash, traffic_key, "key", &context))
 		goto err;
 
-	if (!EVP_AEAD_CTX_init(&rp->aead_ctx, aead, key.data, key.len,
+	if (!EVP_AEAD_CTX_init(rp->aead_ctx, aead, key.data, key.len,
 	    EVP_AEAD_DEFAULT_TAG_LENGTH, NULL))
 		goto err;
 
@@ -550,7 +556,7 @@ tls13_record_layer_open_record_protected(struct tls13_record_layer *rl)
 	    rl->read->seq_num))
 		goto err;
 
-	if (!EVP_AEAD_CTX_open(&rl->read->aead_ctx,
+	if (!EVP_AEAD_CTX_open(rl->read->aead_ctx,
 	    content, &out_len, content_len,
 	    rl->read->nonce.data, rl->read->nonce.len,
 	    CBS_data(&enc_record), CBS_len(&enc_record),
@@ -728,7 +734,7 @@ tls13_record_layer_seal_record_protected(struct tls13_record_layer *rl,
 	 * this would avoid a copy since the inner would be passed as two
 	 * separate pieces.
 	 */
-	if (!EVP_AEAD_CTX_seal(&rl->write->aead_ctx,
+	if (!EVP_AEAD_CTX_seal(rl->write->aead_ctx,
 	    enc_record, &out_len, enc_record_len,
 	    rl->write->nonce.data, rl->write->nonce.len,
 	    inner, inner_len, header, header_len))