tls-crypto: Move AEAD ownership to the protection layer

This separates key derivation from key switching.

src/libtls/tls_crypto.c

@@ -2162,8 +2162,17 @@ static bool derive_labeled_keys(private_tls_crypto_t *this,
 								tls_hkdf_label_t client_label,
 								tls_hkdf_label_t server_label)
 {
-	tls_aead_t *aead_c = this->aead_out, *aead_s = this->aead_in;
+	tls_aead_t *aead_c, *aead_s;
+	suite_algs_t *algs;
 
+	algs = find_suite(this->suite);
+	destroy_aeads(this);
+	if (!create_aead(this, algs))
+	{
+		return FALSE;
+	}
+	aead_c = this->aead_out;
+	aead_s = this->aead_in;
 	if (this->tls->is_server(this->tls))
 	{
 		aead_c = this->aead_in;
@@ -2209,8 +2218,15 @@ METHOD(tls_crypto_t, derive_app_keys, bool,
 METHOD(tls_crypto_t, update_app_keys, bool,
 	private_tls_crypto_t *this, bool inbound)
 {
+	suite_algs_t *algs;
 	tls_hkdf_label_t label = TLS_HKDF_UPD_C_TRAFFIC;
 
+	algs = find_suite(this->suite);
+	destroy_aeads(this);
+	if (!create_aead(this, algs))
+	{
+		return FALSE;
+	}
 	if (this->tls->is_server(this->tls) != inbound)
 	{
 		label = TLS_HKDF_UPD_S_TRAFFIC;
@@ -2264,10 +2280,12 @@ METHOD(tls_crypto_t, change_cipher, void,
 		if (inbound)
 		{
 			this->protection->set_cipher(this->protection, TRUE, this->aead_in);
+			this->aead_in = NULL;
 		}
 		else
 		{
 			this->protection->set_cipher(this->protection, FALSE, this->aead_out);
+			this->aead_out = NULL;
 		}
 	}
 }

src/libtls/tls_protection.c

@@ -123,11 +123,13 @@ METHOD(tls_protection_t, set_cipher, void,
 {
 	if (inbound)
 	{
+		DESTROY_IF(this->aead_in);
 		this->aead_in = aead;
 		this->seq_in = 0;
 	}
 	else
 	{
+		DESTROY_IF(this->aead_out);
 		this->aead_out = aead;
 		this->seq_out = 0;
 	}
@@ -142,6 +144,8 @@ METHOD(tls_protection_t, set_version, void,
 METHOD(tls_protection_t, destroy, void,
 	private_tls_protection_t *this)
 {
+	DESTROY_IF(this->aead_in);
+	DESTROY_IF(this->aead_out);
 	free(this);
 }