From c6e722170ecfe4e7665fa3a35bf9c6b03bedccad Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Fri, 18 Aug 2017 10:55:38 -0600 Subject: [PATCH] fix check on ephemeral key type before free'ing --- src/internal.c | 8 +++++--- wolfssl/internal.h | 2 +- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/src/internal.c b/src/internal.c index d7915572f..d4705eb26 100755 --- a/src/internal.c +++ b/src/internal.c @@ -4811,7 +4811,8 @@ void SSL_ResourceFree(WOLFSSL* ssl) FreeKey(ssl, DYNAMIC_TYPE_ECC, (void**)&ssl->peerEccDsaKey); ssl->peerEccDsaKeyPresent = 0; #ifdef HAVE_CURVE25519 - if (!ssl->peerX25519KeyPresent) + if (!ssl->peerX25519KeyPresent && + ssl->eccTempKeyPresent != DYNAMIC_TYPE_CURVE25519) #endif /* HAVE_CURVE25519 */ { FreeKey(ssl, DYNAMIC_TYPE_ECC, (void**)&ssl->eccTempKey); @@ -20725,7 +20726,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ret = X25519MakeKey(ssl, (curve25519_key*)ssl->eccTempKey, NULL); if (ret == 0 || ret == WC_PENDING_E) { - ssl->eccTempKeyPresent = 1; + ssl->eccTempKeyPresent = + DYNAMIC_TYPE_CURVE25519; } } break; @@ -20747,7 +20749,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, then we know curve dp */ ret = EccMakeKey(ssl, ssl->eccTempKey, NULL); if (ret == 0 || ret == WC_PENDING_E) { - ssl->eccTempKeyPresent = 1; + ssl->eccTempKeyPresent = DYNAMIC_TYPE_ECC; } } #endif diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 17690ee68..9818ebda7 100755 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -3312,7 +3312,7 @@ struct WOLFSSL { #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) word32 ecdhCurveOID; /* curve Ecc_Sum */ ecc_key* eccTempKey; /* private ECDHE key */ - byte eccTempKeyPresent; + byte eccTempKeyPresent; /* also holds type */ byte peerEccKeyPresent; #endif #ifdef HAVE_ECC