wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 18:57:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix issue with WOLFSSL object copying CTX and object free'ing. Track ownership of the static key info.

Browse Source
This commit is contained in:
David Garske
2021-06-15 13:59:07 -07:00
parent 155621b611
commit 4bff3b6c69
4 changed files with 34 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/internal.c
View File

@ -2016,11 +2016,11 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
#endif #endif
#ifdef WOLFSSL_STATIC_EPHEMERAL #ifdef WOLFSSL_STATIC_EPHEMERAL
#ifndef NO_DH #ifndef NO_DH
if (ctx->staticKE.dhKey) if (ctx->staticKE.dhKey && ctx->staticKE.weOwnDH)
FreeDer(&ctx->staticKE.dhKey); FreeDer(&ctx->staticKE.dhKey);
#endif #endif
#ifdef HAVE_ECC #ifdef HAVE_ECC
if (ctx->staticKE.ecKey) if (ctx->staticKE.ecKey && ctx->staticKE.weOwnEC)
FreeDer(&ctx->staticKE.ecKey); FreeDer(&ctx->staticKE.ecKey);
#endif #endif
#endif #endif
@ -5925,7 +5925,13 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
ssl->options.mutualAuth = ctx->mutualAuth; ssl->options.mutualAuth = ctx->mutualAuth;
#ifdef WOLFSSL_STATIC_EPHEMERAL #ifdef WOLFSSL_STATIC_EPHEMERAL
ssl->staticKE = ctx->staticKE; XMEMCPY(&ssl->staticKE, &ctx->staticKE, sizeof(StaticKeyExchangeInfo_t));
#ifdef HAVE_ECC
ssl->staticKE.weOwnEC = 0;
#endif
#ifndef NO_DH
ssl->staticKE.weOwnDH = 0;
#endif
#endif #endif
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
@ -6669,11 +6675,11 @@ void SSL_ResourceFree(WOLFSSL* ssl)
#endif #endif
#ifdef WOLFSSL_STATIC_EPHEMERAL #ifdef WOLFSSL_STATIC_EPHEMERAL
#ifndef NO_DH #ifndef NO_DH
if (ssl->staticKE.dhKey && ssl->staticKE.dhKey != ssl->ctx->staticKE.dhKey) if (ssl->staticKE.dhKey && ssl->staticKE.weOwnDH)
FreeDer(&ssl->staticKE.dhKey); FreeDer(&ssl->staticKE.dhKey);
#endif #endif
#ifdef HAVE_ECC #ifdef HAVE_ECC
if (ssl->staticKE.ecKey && ssl->staticKE.ecKey != ssl->ctx->staticKE.ecKey) if (ssl->staticKE.ecKey && ssl->staticKE.weOwnEC)
FreeDer(&ssl->staticKE.ecKey); FreeDer(&ssl->staticKE.ecKey);
#endif #endif
#endif #endif

29
src/ssl.c
View File

@ -53011,7 +53011,7 @@ int wolfSSL_X509_REQ_set_pubkey(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey)
#ifdef WOLFSSL_STATIC_EPHEMERAL #ifdef WOLFSSL_STATIC_EPHEMERAL
static int SetStaticEphemeralKey(StaticKeyExchangeInfo_t* staticKE, int keyAlgo, static int SetStaticEphemeralKey(StaticKeyExchangeInfo_t* staticKE, int keyAlgo,
const char* key, unsigned int keySz, int format, void* heap, WOLFSSL_CTX* ctx) const char* key, unsigned int keySz, int format, void* heap)
{ {
int ret = 0; int ret = 0;
DerBuffer* der = NULL; DerBuffer* der = NULL;
@ -53101,15 +53101,20 @@ static int SetStaticEphemeralKey(StaticKeyExchangeInfo_t* staticKE, int keyAlgo,
} }
} }
/* if key is already set free it */ #ifndef NO_FILESYSTEM
/* done with keyFile buffer */
if (keyFile && keyBuf) {
XFREE(keyBuf, heap, DYNAMIC_TYPE_TMP_BUFFER);
}
#endif
/* if key is already allocated then set free it */
#ifndef NO_DH #ifndef NO_DH
if (keyAlgo == WC_PK_TYPE_DH && staticKE->dhKey && if (keyAlgo == WC_PK_TYPE_DH && staticKE->dhKey && staticKE->weOwnDH)
(ctx == NULL || staticKE->dhKey != ctx->staticKE.dhKey))
FreeDer(&staticKE->dhKey); FreeDer(&staticKE->dhKey);
#endif #endif
#ifdef HAVE_ECC #ifdef HAVE_ECC
if (keyAlgo == WC_PK_TYPE_ECDH && staticKE->ecKey && if (keyAlgo == WC_PK_TYPE_ECDH && staticKE->ecKey && staticKE->weOwnEC)
(ctx == NULL || staticKE->ecKey != ctx->staticKE.ecKey))
FreeDer(&staticKE->ecKey); FreeDer(&staticKE->ecKey);
#endif #endif
@ -53117,11 +53122,13 @@ static int SetStaticEphemeralKey(StaticKeyExchangeInfo_t* staticKE, int keyAlgo,
#ifndef NO_DH #ifndef NO_DH
case WC_PK_TYPE_DH: case WC_PK_TYPE_DH:
staticKE->dhKey = der; staticKE->dhKey = der;
staticKE->weOwnDH = 1;
break; break;
#endif #endif
#ifdef HAVE_ECC #ifdef HAVE_ECC
case WC_PK_TYPE_ECDH: case WC_PK_TYPE_ECDH:
staticKE->ecKey = der; staticKE->ecKey = der;
staticKE->weOwnEC = 1;
break; break;
#endif #endif
default: default:
@ -53131,12 +53138,6 @@ static int SetStaticEphemeralKey(StaticKeyExchangeInfo_t* staticKE, int keyAlgo,
break; break;
} }
#ifndef NO_FILESYSTEM
if (keyFile && keyBuf) {
XFREE(keyBuf, heap, DYNAMIC_TYPE_TMP_BUFFER);
}
#endif
WOLFSSL_LEAVE("SetStaticEphemeralKey", ret); WOLFSSL_LEAVE("SetStaticEphemeralKey", ret);
return ret; return ret;
@ -53150,7 +53151,7 @@ int wolfSSL_CTX_set_ephemeral_key(WOLFSSL_CTX* ctx, int keyAlgo,
} }
return SetStaticEphemeralKey(&ctx->staticKE, keyAlgo, key, keySz, format, return SetStaticEphemeralKey(&ctx->staticKE, keyAlgo, key, keySz, format,
ctx->heap, NULL); ctx->heap);
} }
int wolfSSL_set_ephemeral_key(WOLFSSL* ssl, int keyAlgo, int wolfSSL_set_ephemeral_key(WOLFSSL* ssl, int keyAlgo,
const char* key, unsigned int keySz, int format) const char* key, unsigned int keySz, int format)
@ -53160,7 +53161,7 @@ int wolfSSL_set_ephemeral_key(WOLFSSL* ssl, int keyAlgo,
} }
return SetStaticEphemeralKey(&ssl->staticKE, keyAlgo, key, keySz, format, return SetStaticEphemeralKey(&ssl->staticKE, keyAlgo, key, keySz, format,
ssl->heap, ssl->ctx); ssl->heap);
} }
static int GetStaticEphemeralKey(StaticKeyExchangeInfo_t* staticKE, int keyAlgo, static int GetStaticEphemeralKey(StaticKeyExchangeInfo_t* staticKE, int keyAlgo,

2
wolfcrypt/src/asn.c
View File

@ -10729,7 +10729,7 @@ void FreeDer(DerBuffer** pDer)
DerBuffer* der = (DerBuffer*)*pDer; DerBuffer* der = (DerBuffer*)*pDer;
/* ForceZero private keys */ /* ForceZero private keys */
if (der->type == PRIVATEKEY_TYPE) { if (der->type == PRIVATEKEY_TYPE && der->buffer != NULL) {
ForceZero(der->buffer, der->length); ForceZero(der->buffer, der->length);
} }
der->buffer = NULL; der->buffer = NULL;

7
wolfssl/internal.h
View File

@ -2745,6 +2745,13 @@ typedef struct {
#endif #endif
#ifdef HAVE_ECC #ifdef HAVE_ECC
DerBuffer* ecKey; DerBuffer* ecKey;
#endif
/* bits */
#ifndef NO_DH
byte weOwnDH:1;
#endif
#ifdef HAVE_ECC
byte weOwnEC:1;
#endif #endif
} StaticKeyExchangeInfo_t; } StaticKeyExchangeInfo_t;
#endif #endif