From 9115c013a940c9fd229f5f3e680aa67f602859ba Mon Sep 17 00:00:00 2001 From: jsing Date: Thu, 6 Jan 2022 18:18:13 +0000 Subject: [PATCH] Allocate and free the EVP_AEAD_CTX struct in tls13_record_protection. This brings the code more in line with the tls12_record_layer and reduces the effort needed to make EVP_AEAD_CTX opaque. Prompted by and ok tb@ --- lib/libssl/tls13_record_layer.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/lib/libssl/tls13_record_layer.c b/lib/libssl/tls13_record_layer.c index 40ac9b7cd42..b49d237951e 100644 --- a/lib/libssl/tls13_record_layer.c +++ b/lib/libssl/tls13_record_layer.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_record_layer.c,v 1.65 2021/12/15 17:57:45 jsing Exp $ */ +/* $OpenBSD: tls13_record_layer.c,v 1.66 2022/01/06 18:18:13 jsing Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing * @@ -25,7 +25,7 @@ static ssize_t tls13_record_layer_write_record(struct tls13_record_layer *rl, uint8_t content_type, const uint8_t *content, size_t content_len); struct tls13_record_protection { - EVP_AEAD_CTX aead_ctx; + EVP_AEAD_CTX *aead_ctx; struct tls13_secret iv; struct tls13_secret nonce; uint8_t seq_num[TLS13_RECORD_SEQ_NUM_LEN]; @@ -40,12 +40,15 @@ tls13_record_protection_new(void) void tls13_record_protection_clear(struct tls13_record_protection *rp) { - EVP_AEAD_CTX_cleanup(&rp->aead_ctx); + if (rp->aead_ctx != NULL) { + EVP_AEAD_CTX_cleanup(rp->aead_ctx); + freezero(rp->aead_ctx, sizeof(*rp->aead_ctx)); + } tls13_secret_cleanup(&rp->iv); tls13_secret_cleanup(&rp->nonce); - memset(rp->seq_num, 0, sizeof(rp->seq_num)); + memset(rp, 0, sizeof(*rp)); } void @@ -458,6 +461,9 @@ tls13_record_layer_set_traffic_key(const EVP_AEAD *aead, const EVP_MD *hash, tls13_record_protection_clear(rp); + if ((rp->aead_ctx = calloc(1, sizeof(*rp->aead_ctx))) == NULL) + return 0; + if (!tls13_secret_init(&rp->iv, EVP_AEAD_nonce_length(aead))) goto err; if (!tls13_secret_init(&rp->nonce, EVP_AEAD_nonce_length(aead))) @@ -470,7 +476,7 @@ tls13_record_layer_set_traffic_key(const EVP_AEAD *aead, const EVP_MD *hash, if (!tls13_hkdf_expand_label(&key, hash, traffic_key, "key", &context)) goto err; - if (!EVP_AEAD_CTX_init(&rp->aead_ctx, aead, key.data, key.len, + if (!EVP_AEAD_CTX_init(rp->aead_ctx, aead, key.data, key.len, EVP_AEAD_DEFAULT_TAG_LENGTH, NULL)) goto err; @@ -550,7 +556,7 @@ tls13_record_layer_open_record_protected(struct tls13_record_layer *rl) rl->read->seq_num)) goto err; - if (!EVP_AEAD_CTX_open(&rl->read->aead_ctx, + if (!EVP_AEAD_CTX_open(rl->read->aead_ctx, content, &out_len, content_len, rl->read->nonce.data, rl->read->nonce.len, CBS_data(&enc_record), CBS_len(&enc_record), @@ -728,7 +734,7 @@ tls13_record_layer_seal_record_protected(struct tls13_record_layer *rl, * this would avoid a copy since the inner would be passed as two * separate pieces. */ - if (!EVP_AEAD_CTX_seal(&rl->write->aead_ctx, + if (!EVP_AEAD_CTX_seal(rl->write->aead_ctx, enc_record, &out_len, enc_record_len, rl->write->nonce.data, rl->write->nonce.len, inner, inner_len, header, header_len)) -- 2.20.1