From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 25 Aug 2020 15:13:17 +0000 (+0200)
Subject: tls-crypto: Destroy HKDF instance if keys are derived multiple times
X-Git-Tag: 5.9.2rc1~23^2~78
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=64e63c68c86049c4979df405d6e362e8c9f20598;p=thirdparty%2Fstrongswan.git

tls-crypto: Destroy HKDF instance if keys are derived multiple times

This will be the case during a retry.
---

diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c
index 494a6930a7..04fe4ef0f4 100644
--- a/src/libtls/tls_crypto.c
+++ b/src/libtls/tls_crypto.c
@@ -1270,6 +1270,7 @@ static void destroy_aeads(private_tls_crypto_t *this)
 static bool create_ciphers(private_tls_crypto_t *this, suite_algs_t *algs)
 {
 	destroy_aeads(this);
+	DESTROY_IF(this->hkdf);
 	DESTROY_IF(this->prf);
 	if (this->tls->get_version_max(this->tls) < TLS_1_3)
 	{