Skip to content

Commit

Permalink
Introduce s2n_record_algorithm
Browse files Browse the repository at this point in the history 
This change adds a wrapper around cipher/hmac_alg in s2n_cipher_suite.
Logic is also added to select an "s2n_record_algorithm" for every cipher
suite during s2n_init().

What do we gain?
- Selection of optimal cipher suite implementation. For example, we'll
  prefer to use composite ciphers for AES-CBC suites.
- Seamless fallback to less performant implementations.
- Disable cipher suites when no implementations are available. This
  allows us to add code for new suites(i.e. ChaCha20-based suites)
  without breaking compatibility when s2n is built with an older
  libcrypto.
- Foundation for divorcing TLS-specific parameters from core crypto
  code(I'm looking at you s2n_aead_aes_gcm.c).
- Foundation to add more cipher suite implementations. All of our
  current implementations are libcrypto-based, but this needn't
  always be true.

What sucks?
- Dynamic state(record_alg) is added and must be initialized at runtime.
  Previously all s2n_cipher_suite fields were basically constant.
- A new layer of abstraction is added:
  - Compare cipher_suite->record_alg->cipher vs cipher_suite->cipher
- More verbose accessors for cipher/hmac
  • Loading branch information
@raycoll
raycoll committed Nov 30, 2016
1 parent d1b672a commit b3721cb
Show file tree
Hide file tree
Showing 17 changed files with 624 additions and 215 deletions.
15 changes: 7 additions & 8 deletions tests/unit/s2n_3des_test.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,12 +49,11 @@ int main(int argc, char **argv)
conn->client = &conn->secure;

/* test the 3des cipher with a SHA1 hash */
conn->secure.cipher_suite->cipher = &s2n_3des;
conn->secure.cipher_suite->hmac_alg = S2N_HMAC_SHA1;
EXPECT_SUCCESS(conn->secure.cipher_suite->cipher->init(&conn->secure.server_key));
EXPECT_SUCCESS(conn->secure.cipher_suite->cipher->init(&conn->secure.client_key));
EXPECT_SUCCESS(conn->secure.cipher_suite->cipher->set_encryption_key(&conn->secure.server_key, &des3));
EXPECT_SUCCESS(conn->secure.cipher_suite->cipher->set_decryption_key(&conn->secure.client_key, &des3));
conn->secure.cipher_suite->record_alg = &s2n_record_alg_3des_sha;
EXPECT_SUCCESS(conn->secure.cipher_suite->record_alg->cipher->init(&conn->secure.server_key));
EXPECT_SUCCESS(conn->secure.cipher_suite->record_alg->cipher->init(&conn->secure.client_key));
EXPECT_SUCCESS(conn->secure.cipher_suite->record_alg->cipher->set_encryption_key(&conn->secure.server_key, &des3));
EXPECT_SUCCESS(conn->secure.cipher_suite->record_alg->cipher->set_decryption_key(&conn->secure.client_key, &des3));
EXPECT_SUCCESS(s2n_hmac_init(&conn->secure.client_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key)));
EXPECT_SUCCESS(s2n_hmac_init(&conn->secure.server_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key)));
conn->actual_protocol_version = S2N_TLS11;
Expand Down Expand Up @@ -106,8 +105,8 @@ int main(int argc, char **argv)
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->in));
}

EXPECT_SUCCESS(conn->secure.cipher_suite->cipher->destroy_key(&conn->secure.server_key));
EXPECT_SUCCESS(conn->secure.cipher_suite->cipher->destroy_key(&conn->secure.client_key));
EXPECT_SUCCESS(conn->secure.cipher_suite->record_alg->cipher->destroy_key(&conn->secure.server_key));
EXPECT_SUCCESS(conn->secure.cipher_suite->record_alg->cipher->destroy_key(&conn->secure.client_key));
EXPECT_SUCCESS(s2n_connection_free(conn));

END_TEST();
Expand Down
60 changes: 24 additions & 36 deletions tests/unit/s2n_aead_aes_test.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,10 +33,10 @@

static int setup_server_keys(struct s2n_connection *server_conn, struct s2n_blob *key)
{
GUARD(server_conn->initial.cipher_suite->cipher->init(&server_conn->initial.server_key));
GUARD(server_conn->initial.cipher_suite->cipher->init(&server_conn->initial.client_key));
GUARD(server_conn->initial.cipher_suite->cipher->set_encryption_key(&server_conn->initial.server_key, key));
GUARD(server_conn->initial.cipher_suite->cipher->set_decryption_key(&server_conn->initial.client_key, key));
GUARD(server_conn->initial.cipher_suite->record_alg->cipher->init(&server_conn->initial.server_key));
GUARD(server_conn->initial.cipher_suite->record_alg->cipher->init(&server_conn->initial.client_key));
GUARD(server_conn->initial.cipher_suite->record_alg->cipher->set_encryption_key(&server_conn->initial.server_key, key));
GUARD(server_conn->initial.cipher_suite->record_alg->cipher->set_decryption_key(&server_conn->initial.client_key, key));

return 0;
}
Expand All @@ -61,8 +61,7 @@ int main(int argc, char **argv)
conn->client = &conn->initial;

/* test the AES128 cipher */
conn->initial.cipher_suite->cipher = &s2n_aes128_gcm;
conn->initial.cipher_suite->hmac_alg = S2N_HMAC_NONE;
conn->initial.cipher_suite->record_alg = &s2n_record_alg_aes128_gcm;
EXPECT_SUCCESS(setup_server_keys(conn, &aes128));

int max_fragment = S2N_SMALL_FRAGMENT_LENGTH;
Expand All @@ -76,8 +75,7 @@ int main(int argc, char **argv)
conn->actual_protocol_version = S2N_TLS12;
conn->server = &conn->initial;
conn->client = &conn->initial;
conn->initial.cipher_suite->cipher = &s2n_aes128_gcm;
conn->initial.cipher_suite->hmac_alg = S2N_HMAC_NONE;
conn->initial.cipher_suite->record_alg = &s2n_record_alg_aes128_gcm;
EXPECT_SUCCESS(setup_server_keys(conn, &aes128));
EXPECT_SUCCESS(bytes_written = s2n_record_write(conn, TLS_APPLICATION_DATA, &in));

Expand All @@ -90,8 +88,8 @@ int main(int argc, char **argv)
}

uint16_t predicted_length = bytes_written;
predicted_length += conn->initial.cipher_suite->cipher->io.aead.record_iv_size;
predicted_length += conn->initial.cipher_suite->cipher->io.aead.tag_size;
predicted_length += conn->initial.cipher_suite->record_alg->cipher->io.aead.record_iv_size;
predicted_length += conn->initial.cipher_suite->record_alg->cipher->io.aead.tag_size;

EXPECT_EQUAL(conn->out.blob.data[0], TLS_APPLICATION_DATA);
EXPECT_EQUAL(conn->out.blob.data[1], 3);
Expand Down Expand Up @@ -126,8 +124,7 @@ int main(int argc, char **argv)
conn->server_protocol_version = S2N_TLS12;
conn->client_protocol_version = S2N_TLS12;
conn->actual_protocol_version = S2N_TLS12;
conn->initial.cipher_suite->cipher = &s2n_aes128_gcm;
conn->initial.cipher_suite->hmac_alg = S2N_HMAC_NONE;
conn->initial.cipher_suite->record_alg = &s2n_record_alg_aes128_gcm;
EXPECT_SUCCESS(setup_server_keys(conn, &aes128));
EXPECT_SUCCESS(s2n_record_write(conn, TLS_APPLICATION_DATA, &in));

Expand All @@ -153,8 +150,7 @@ int main(int argc, char **argv)
conn->server_protocol_version = S2N_TLS12;
conn->client_protocol_version = S2N_TLS12;
conn->actual_protocol_version = S2N_TLS12;
conn->initial.cipher_suite->cipher = &s2n_aes128_gcm;
conn->initial.cipher_suite->hmac_alg = S2N_HMAC_NONE;
conn->initial.cipher_suite->record_alg = &s2n_record_alg_aes128_gcm;
EXPECT_SUCCESS(setup_server_keys(conn, &aes128));
EXPECT_SUCCESS(s2n_record_write(conn, TLS_APPLICATION_DATA, &in));

Expand All @@ -178,8 +174,7 @@ int main(int argc, char **argv)
conn->server_protocol_version = S2N_TLS12;
conn->client_protocol_version = S2N_TLS12;
conn->actual_protocol_version = S2N_TLS12;
conn->initial.cipher_suite->cipher = &s2n_aes128_gcm;
conn->initial.cipher_suite->hmac_alg = S2N_HMAC_NONE;
conn->initial.cipher_suite->record_alg = &s2n_record_alg_aes128_gcm;
EXPECT_SUCCESS(setup_server_keys(conn, &aes128));
EXPECT_SUCCESS(s2n_record_write(conn, TLS_APPLICATION_DATA, &in));

Expand All @@ -203,8 +198,7 @@ int main(int argc, char **argv)
conn->server_protocol_version = S2N_TLS12;
conn->client_protocol_version = S2N_TLS12;
conn->actual_protocol_version = S2N_TLS12;
conn->initial.cipher_suite->cipher = &s2n_aes128_gcm;
conn->initial.cipher_suite->hmac_alg = S2N_HMAC_NONE;
conn->initial.cipher_suite->record_alg = &s2n_record_alg_aes128_gcm;
EXPECT_SUCCESS(setup_server_keys(conn, &aes128));
EXPECT_SUCCESS(s2n_record_write(conn, TLS_APPLICATION_DATA, &in));

Expand All @@ -222,14 +216,13 @@ int main(int argc, char **argv)
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->in));
}
}
EXPECT_SUCCESS(conn->initial.cipher_suite->cipher->destroy_key(&conn->initial.server_key));
EXPECT_SUCCESS(conn->initial.cipher_suite->cipher->destroy_key(&conn->initial.client_key));
EXPECT_SUCCESS(conn->initial.cipher_suite->record_alg->cipher->destroy_key(&conn->initial.server_key));
EXPECT_SUCCESS(conn->initial.cipher_suite->record_alg->cipher->destroy_key(&conn->initial.client_key));
EXPECT_SUCCESS(s2n_connection_free(conn));

/* test the AES256 cipher */
EXPECT_NOT_NULL(conn = s2n_connection_new(S2N_SERVER));
conn->initial.cipher_suite->cipher = &s2n_aes256_gcm;
conn->initial.cipher_suite->hmac_alg = S2N_HMAC_NONE;
conn->initial.cipher_suite->record_alg = &s2n_record_alg_aes256_gcm;
EXPECT_SUCCESS(setup_server_keys(conn, &aes256));
conn->actual_protocol_version = S2N_TLS12;

Expand All @@ -241,8 +234,7 @@ int main(int argc, char **argv)
conn->server_protocol_version = S2N_TLS12;
conn->client_protocol_version = S2N_TLS12;
conn->actual_protocol_version = S2N_TLS12;
conn->initial.cipher_suite->cipher = &s2n_aes256_gcm;
conn->initial.cipher_suite->hmac_alg = S2N_HMAC_NONE;
conn->initial.cipher_suite->record_alg = &s2n_record_alg_aes256_gcm;
EXPECT_SUCCESS(setup_server_keys(conn, &aes256));
conn->actual_protocol_version = S2N_TLS12;
EXPECT_SUCCESS(bytes_written = s2n_record_write(conn, TLS_APPLICATION_DATA, &in));
Expand All @@ -256,8 +248,8 @@ int main(int argc, char **argv)
}

uint16_t predicted_length = bytes_written;
predicted_length += conn->initial.cipher_suite->cipher->io.aead.record_iv_size;
predicted_length += conn->initial.cipher_suite->cipher->io.aead.tag_size;
predicted_length += conn->initial.cipher_suite->record_alg->cipher->io.aead.record_iv_size;
predicted_length += conn->initial.cipher_suite->record_alg->cipher->io.aead.tag_size;

EXPECT_EQUAL(conn->out.blob.data[0], TLS_APPLICATION_DATA);
EXPECT_EQUAL(conn->out.blob.data[1], 3);
Expand Down Expand Up @@ -291,8 +283,7 @@ int main(int argc, char **argv)
conn->server_protocol_version = S2N_TLS12;
conn->client_protocol_version = S2N_TLS12;
conn->actual_protocol_version = S2N_TLS12;
conn->initial.cipher_suite->cipher = &s2n_aes256_gcm;
conn->initial.cipher_suite->hmac_alg = S2N_HMAC_NONE;
conn->initial.cipher_suite->record_alg = &s2n_record_alg_aes256_gcm;
EXPECT_SUCCESS(setup_server_keys(conn, &aes256));
conn->actual_protocol_version = S2N_TLS12;
EXPECT_SUCCESS(s2n_record_write(conn, TLS_APPLICATION_DATA, &in));
Expand All @@ -319,8 +310,7 @@ int main(int argc, char **argv)
conn->server_protocol_version = S2N_TLS12;
conn->client_protocol_version = S2N_TLS12;
conn->actual_protocol_version = S2N_TLS12;
conn->initial.cipher_suite->cipher = &s2n_aes256_gcm;
conn->initial.cipher_suite->hmac_alg = S2N_HMAC_NONE;
conn->initial.cipher_suite->record_alg = &s2n_record_alg_aes256_gcm;
EXPECT_SUCCESS(setup_server_keys(conn, &aes256));
conn->actual_protocol_version = S2N_TLS12;
EXPECT_SUCCESS(s2n_record_write(conn, TLS_APPLICATION_DATA, &in));
Expand All @@ -345,8 +335,7 @@ int main(int argc, char **argv)
conn->server_protocol_version = S2N_TLS12;
conn->client_protocol_version = S2N_TLS12;
conn->actual_protocol_version = S2N_TLS12;
conn->initial.cipher_suite->cipher = &s2n_aes256_gcm;
conn->initial.cipher_suite->hmac_alg = S2N_HMAC_NONE;
conn->initial.cipher_suite->record_alg = &s2n_record_alg_aes256_gcm;
EXPECT_SUCCESS(setup_server_keys(conn, &aes256));
conn->actual_protocol_version = S2N_TLS12;
EXPECT_SUCCESS(s2n_record_write(conn, TLS_APPLICATION_DATA, &in));
Expand All @@ -371,8 +360,7 @@ int main(int argc, char **argv)
conn->server_protocol_version = S2N_TLS12;
conn->client_protocol_version = S2N_TLS12;
conn->actual_protocol_version = S2N_TLS12;
conn->initial.cipher_suite->cipher = &s2n_aes256_gcm;
conn->initial.cipher_suite->hmac_alg = S2N_HMAC_NONE;
conn->initial.cipher_suite->record_alg = &s2n_record_alg_aes256_gcm;
EXPECT_SUCCESS(setup_server_keys(conn, &aes256));
conn->actual_protocol_version = S2N_TLS12;
EXPECT_SUCCESS(s2n_record_write(conn, TLS_APPLICATION_DATA, &in));
Expand All @@ -391,8 +379,8 @@ int main(int argc, char **argv)
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->in));
}
}
EXPECT_SUCCESS(conn->initial.cipher_suite->cipher->destroy_key(&conn->initial.server_key));
EXPECT_SUCCESS(conn->initial.cipher_suite->cipher->destroy_key(&conn->initial.client_key));
EXPECT_SUCCESS(conn->initial.cipher_suite->record_alg->cipher->destroy_key(&conn->initial.server_key));
EXPECT_SUCCESS(conn->initial.cipher_suite->record_alg->cipher->destroy_key(&conn->initial.client_key));
EXPECT_SUCCESS(s2n_connection_free(conn));

END_TEST();
Expand Down
22 changes: 10 additions & 12 deletions tests/unit/s2n_aes_sha_composite_test.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,8 +61,7 @@ int main(int argc, char **argv)
uint8_t proto_versions[3] = { S2N_TLS10, S2N_TLS11, S2N_TLS12 };

/* test the composite AES128_SHA1 cipher */
conn->initial.cipher_suite->cipher = &s2n_aes128_sha;
conn->initial.cipher_suite->hmac_alg = S2N_HMAC_NONE;
conn->initial.cipher_suite->record_alg = &s2n_record_alg_aes128_sha_composite;

/* It's important to verify all TLS versions for the composite implementation.
* There are a few gotchas with respect to explicit IV length and payload length
Expand All @@ -74,10 +73,10 @@ int main(int argc, char **argv)

EXPECT_SUCCESS(s2n_connection_wipe(conn));

EXPECT_SUCCESS(conn->initial.cipher_suite->cipher->set_encryption_key(&conn->initial.server_key, &aes128));
EXPECT_SUCCESS(conn->initial.cipher_suite->cipher->set_decryption_key(&conn->initial.client_key, &aes128));
EXPECT_SUCCESS(conn->initial.cipher_suite->cipher->io.comp.set_mac_write_key(&conn->initial.server_key, mac_key_sha, sizeof(mac_key_sha)));
EXPECT_SUCCESS(conn->initial.cipher_suite->cipher->io.comp.set_mac_write_key(&conn->initial.client_key, mac_key_sha, sizeof(mac_key_sha)));
EXPECT_SUCCESS(conn->initial.cipher_suite->record_alg->cipher->set_encryption_key(&conn->initial.server_key, &aes128));
EXPECT_SUCCESS(conn->initial.cipher_suite->record_alg->cipher->set_decryption_key(&conn->initial.client_key, &aes128));
EXPECT_SUCCESS(conn->initial.cipher_suite->record_alg->cipher->io.comp.set_mac_write_key(&conn->initial.server_key, mac_key_sha, sizeof(mac_key_sha)));
EXPECT_SUCCESS(conn->initial.cipher_suite->record_alg->cipher->io.comp.set_mac_write_key(&conn->initial.client_key, mac_key_sha, sizeof(mac_key_sha)));

EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->out));
conn->actual_protocol_version = proto_versions[j];
Expand Down Expand Up @@ -131,19 +130,18 @@ int main(int argc, char **argv)
}

/* test the composite AES256_SHA1 cipher */
conn->initial.cipher_suite->cipher = &s2n_aes256_sha;
conn->initial.cipher_suite->hmac_alg = S2N_HMAC_NONE;
conn->initial.cipher_suite->record_alg = &s2n_record_alg_aes256_sha_composite;
for (int j = 0; j < 3; j++ ) {
for (int i = 0; i < max_aligned_fragment; i++) {
struct s2n_blob in = {.data = random_data,.size = i };
int bytes_written;

EXPECT_SUCCESS(s2n_connection_wipe(conn));

EXPECT_SUCCESS(conn->initial.cipher_suite->cipher->set_encryption_key(&conn->initial.server_key, &aes256));
EXPECT_SUCCESS(conn->initial.cipher_suite->cipher->set_decryption_key(&conn->initial.client_key, &aes256));
EXPECT_SUCCESS(conn->initial.cipher_suite->cipher->io.comp.set_mac_write_key(&conn->initial.server_key, mac_key_sha, sizeof(mac_key_sha)));
EXPECT_SUCCESS(conn->initial.cipher_suite->cipher->io.comp.set_mac_write_key(&conn->initial.client_key, mac_key_sha, sizeof(mac_key_sha)));
EXPECT_SUCCESS(conn->initial.cipher_suite->record_alg->cipher->set_encryption_key(&conn->initial.server_key, &aes256));
EXPECT_SUCCESS(conn->initial.cipher_suite->record_alg->cipher->set_decryption_key(&conn->initial.client_key, &aes256));
EXPECT_SUCCESS(conn->initial.cipher_suite->record_alg->cipher->io.comp.set_mac_write_key(&conn->initial.server_key, mac_key_sha, sizeof(mac_key_sha)));
EXPECT_SUCCESS(conn->initial.cipher_suite->record_alg->cipher->io.comp.set_mac_write_key(&conn->initial.client_key, mac_key_sha, sizeof(mac_key_sha)));

EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->out));
conn->actual_protocol_version = proto_versions[j];
Expand Down
30 changes: 14 additions & 16 deletions tests/unit/s2n_aes_test.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,12 +51,11 @@ int main(int argc, char **argv)
conn->client = &conn->secure;

/* test the AES128 cipher with a SHA1 hash */
conn->secure.cipher_suite->cipher = &s2n_aes128;
conn->secure.cipher_suite->hmac_alg = S2N_HMAC_SHA1;
EXPECT_SUCCESS(conn->secure.cipher_suite->cipher->init(&conn->secure.server_key));
EXPECT_SUCCESS(conn->secure.cipher_suite->cipher->init(&conn->secure.client_key));
EXPECT_SUCCESS(conn->secure.cipher_suite->cipher->set_encryption_key(&conn->secure.server_key, &aes128));
EXPECT_SUCCESS(conn->secure.cipher_suite->cipher->set_decryption_key(&conn->secure.client_key, &aes128));
conn->secure.cipher_suite->record_alg = &s2n_record_alg_aes128_sha;
EXPECT_SUCCESS(conn->secure.cipher_suite->record_alg->cipher->init(&conn->secure.server_key));
EXPECT_SUCCESS(conn->secure.cipher_suite->record_alg->cipher->init(&conn->secure.client_key));
EXPECT_SUCCESS(conn->secure.cipher_suite->record_alg->cipher->set_encryption_key(&conn->secure.server_key, &aes128));
EXPECT_SUCCESS(conn->secure.cipher_suite->record_alg->cipher->set_decryption_key(&conn->secure.client_key, &aes128));
EXPECT_SUCCESS(s2n_hmac_init(&conn->secure.client_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key)));
EXPECT_SUCCESS(s2n_hmac_init(&conn->secure.server_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key)));
conn->actual_protocol_version = S2N_TLS11;
Expand Down Expand Up @@ -108,20 +107,19 @@ int main(int argc, char **argv)
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->in));
}

EXPECT_SUCCESS(conn->secure.cipher_suite->cipher->destroy_key(&conn->secure.server_key));
EXPECT_SUCCESS(conn->secure.cipher_suite->cipher->destroy_key(&conn->secure.client_key));
EXPECT_SUCCESS(conn->secure.cipher_suite->record_alg->cipher->destroy_key(&conn->secure.server_key));
EXPECT_SUCCESS(conn->secure.cipher_suite->record_alg->cipher->destroy_key(&conn->secure.client_key));
EXPECT_SUCCESS(s2n_connection_free(conn));

/* test the AES256 cipher with a SHA1 hash */
EXPECT_NOT_NULL(conn = s2n_connection_new(S2N_SERVER));
conn->server = &conn->secure;
conn->client = &conn->secure;
conn->secure.cipher_suite->cipher = &s2n_aes256;
conn->secure.cipher_suite->hmac_alg = S2N_HMAC_SHA1;
EXPECT_SUCCESS(conn->secure.cipher_suite->cipher->init(&conn->secure.server_key));
EXPECT_SUCCESS(conn->secure.cipher_suite->cipher->init(&conn->secure.client_key));
EXPECT_SUCCESS(conn->secure.cipher_suite->cipher->set_encryption_key(&conn->secure.server_key, &aes256));
EXPECT_SUCCESS(conn->secure.cipher_suite->cipher->set_decryption_key(&conn->secure.client_key, &aes256));
conn->secure.cipher_suite->record_alg = &s2n_record_alg_aes256_sha;
EXPECT_SUCCESS(conn->secure.cipher_suite->record_alg->cipher->init(&conn->secure.server_key));
EXPECT_SUCCESS(conn->secure.cipher_suite->record_alg->cipher->init(&conn->secure.client_key));
EXPECT_SUCCESS(conn->secure.cipher_suite->record_alg->cipher->set_encryption_key(&conn->secure.server_key, &aes256));
EXPECT_SUCCESS(conn->secure.cipher_suite->record_alg->cipher->set_decryption_key(&conn->secure.client_key, &aes256));
EXPECT_SUCCESS(s2n_hmac_init(&conn->secure.client_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key)));
EXPECT_SUCCESS(s2n_hmac_init(&conn->secure.server_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key)));
conn->actual_protocol_version = S2N_TLS11;
Expand Down Expand Up @@ -173,8 +171,8 @@ int main(int argc, char **argv)
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->in));
}

EXPECT_SUCCESS(conn->secure.cipher_suite->cipher->destroy_key(&conn->secure.server_key));
EXPECT_SUCCESS(conn->secure.cipher_suite->cipher->destroy_key(&conn->secure.client_key));
EXPECT_SUCCESS(conn->secure.cipher_suite->record_alg->cipher->destroy_key(&conn->secure.server_key));
EXPECT_SUCCESS(conn->secure.cipher_suite->record_alg->cipher->destroy_key(&conn->secure.client_key));
EXPECT_SUCCESS(s2n_connection_free(conn));

END_TEST();
Expand Down
Loading

0 comments on commit b3721cb

Please sign in to comment.