wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 18:57:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix to prevent static ephemeral memory leak if WC_PK_TYPE_NONE is used for auto-detect. Add DER PK auto detect support. Add sniffer ssl_SetWatchKey_buffer support for static ephemeral.

Browse Source
This commit is contained in:
David Garske
2021-06-04 16:17:32 -07:00
parent 258e0c10da
commit 155621b611
2 changed files with 89 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/sniffer.c
View File

@ -1684,7 +1684,7 @@ static int SetNamedPrivateKey(const char* name, const char* address, int port,
/* auto detect key type with WC_PK_TYPE_NONE */
/* keySz == 0 mean load file */
ret = wolfSSL_CTX_set_ephemeral_key(sniffer->ctx, WC_PK_TYPE_NONE,
keyFile, 0, type);
keyFile, keySz, type);
if (ret == 0)
ret = WOLFSSL_SUCCESS;
}
@ -5716,8 +5716,21 @@ int ssl_SetWatchKey_buffer(void* vSniffer, const byte* key, word32 keySz,
keyType = (keyType == FILETYPE_PEM) ? WOLFSSL_FILETYPE_PEM :
WOLFSSL_FILETYPE_ASN1;
#ifdef WOLFSSL_STATIC_EPHEMERAL
/* try setting static ephemeral first */
/* auto detect key type with WC_PK_TYPE_NONE */
ret = wolfSSL_set_ephemeral_key(sniffer->sslServer,
WC_PK_TYPE_NONE, (const char*)key, keySz,
WOLFSSL_FILETYPE_ASN1);
if (ret == 0) {
ret = WOLFSSL_SUCCESS;
}
else
#endif
{
ret = wolfSSL_use_PrivateKey_buffer(sniffer->sslServer,
key, keySz, keyType);
}
if (ret != WOLFSSL_SUCCESS) {
SetError(KEY_FILE_STR, error, sniffer, FATAL_ERROR_STATE);
return -1;

64
src/ssl.c
View File

@ -53027,23 +53027,8 @@ static int SetStaticEphemeralKey(StaticKeyExchangeInfo_t* staticKE, int keyAlgo,
WOLFSSL_ENTER("SetStaticEphemeralKey");
/* if key is already set free it */
#ifndef NO_DH
if (keyAlgo == WC_PK_TYPE_DH && staticKE->dhKey &&
(ctx == NULL || staticKE->dhKey != ctx->staticKE.dhKey))
FreeDer(&staticKE->dhKey);
#endif
#ifdef HAVE_ECC
if (keyAlgo == WC_PK_TYPE_ECDH && staticKE->ecKey &&
(ctx == NULL || staticKE->ecKey != ctx->staticKE.ecKey))
FreeDer(&staticKE->ecKey);
#endif
/* check if just free'ing key */
if (key == NULL && keySz == 0) {
return 0;
}
/* if just free'ing key then skip loading */
if (key != NULL && keySz > 0) {
#ifndef NO_FILESYSTEM
/* load file from filesystem */
if (key && keySz == 0) {
@ -53068,7 +53053,7 @@ static int SetStaticEphemeralKey(StaticKeyExchangeInfo_t* staticKE, int keyAlgo,
ret = PemToDer(keyBuf, keySz, PRIVATEKEY_TYPE, &der,
heap, NULL, &keyFormat);
/* auto detect key type */
if (ret == 0 && keyAlgo == 0) {
if (ret == 0 && keyAlgo == WC_PK_TYPE_NONE) {
if (keyFormat == ECDSAk)
keyAlgo = WC_PK_TYPE_ECDH;
else
@ -53079,11 +53064,54 @@ static int SetStaticEphemeralKey(StaticKeyExchangeInfo_t* staticKE, int keyAlgo,
#endif
}
else {
/* Detect PK type (if required) */
#ifdef HAVE_ECC
if (keyAlgo == WC_PK_TYPE_NONE) {
word32 idx = 0;
ecc_key eccKey;
ret = wc_ecc_init_ex(&eccKey, heap, INVALID_DEVID);
if (ret == 0) {
ret = wc_EccPrivateKeyDecode(keyBuf, &idx, &eccKey, keySz);
if (ret == 0)
keyAlgo = WC_PK_TYPE_ECDH;
wc_ecc_free(&eccKey);
}
}
#endif
#if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)
if (keyAlgo == WC_PK_TYPE_NONE) {
word32 idx = 0;
DhKey dhKey;
ret = wc_InitDhKey_ex(&dhKey, heap, INVALID_DEVID);
if (ret == 0) {
ret = wc_DhKeyDecode(keyBuf, &idx, &dhKey, keySz);
if (ret == 0)
keyAlgo = WC_PK_TYPE_DH;
wc_FreeDhKey(&dhKey);
}
}
#endif
if (keyAlgo != WC_PK_TYPE_NONE) {
ret = AllocDer(&der, keySz, PRIVATEKEY_TYPE, heap);
if (ret == 0) {
XMEMCPY(der->buffer, keyBuf, keySz);
}
}
}
}
/* if key is already set free it */
#ifndef NO_DH
if (keyAlgo == WC_PK_TYPE_DH && staticKE->dhKey &&
(ctx == NULL || staticKE->dhKey != ctx->staticKE.dhKey))
FreeDer(&staticKE->dhKey);
#endif
#ifdef HAVE_ECC
if (keyAlgo == WC_PK_TYPE_ECDH && staticKE->ecKey &&
(ctx == NULL || staticKE->ecKey != ctx->staticKE.ecKey))
FreeDer(&staticKE->ecKey);
#endif
switch (keyAlgo) {
#ifndef NO_DH