(EC)DH memory handling fixes.

Submitted by: Adam Langley

diff --git a/CHANGES b/CHANGES
index 98992f5a12d8b7909197f46e15895a07b56227fd..e68cc7b3c143d87f4852fa9f2240927d4aab22d5 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -418,6 +418,10 @@
 
  Changes between 1.0.0d and 1.0.0e [xx XXX xxxx]
 
+  *) Fix SSL memory handling for (EC)DH ciphersuites, in particular
+     for multi-threaded use of ECDH.
+     [Adam Langley (Google)]
+
   *) Fix x509_name_ex_d2i memory leak on bad inputs.
      [Bodo Moeller]
 
@@ -1315,6 +1319,10 @@
   
  Changes between 0.9.8r and 0.9.8s [xx XXX xxxx]
 
+  *) Fix SSL memory handling for (EC)DH ciphersuites, in particular
+     for multi-threaded use of ECDH.
+     [Adam Langley (Google)]
+
   *) Fix x509_name_ex_d2i memory leak on bad inputs.
      [Bodo Moeller]
 

diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index 1d3805a1b438e18403d92880be96a43dcbce1de9..608502d1ba92abcb855a2a58f1cb33cde62e7710 100644 (file)
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -1031,12 +1031,11 @@ int dtls1_send_server_key_exchange(SSL *s)
                                SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
                                goto err;
                                }
-                       if (!EC_KEY_up_ref(ecdhp))
+                       if ((ecdh = EC_KEY_dup(ecdhp)) == NULL)
                                {
                                SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
                                goto err;
                                }
-                       ecdh = ecdhp;
 
                        s->s3->tmp.ecdh=ecdh;
                        if ((EC_KEY_get0_public_key(ecdh) == NULL) ||

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 9d25e993e3a9430d687f7e3e7ad03d14e66007ca..11c2190ed36c838390d78d4e35d7b01e526e50be 100644 (file)
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3021,11 +3021,17 @@ void ssl3_clear(SSL *s)
                }
 #ifndef OPENSSL_NO_DH
        if (s->s3->tmp.dh != NULL)
+               {
                DH_free(s->s3->tmp.dh);
+               s->s3->tmp.dh = NULL;
+               }
 #endif
 #ifndef OPENSSL_NO_ECDH
        if (s->s3->tmp.ecdh != NULL)
+               {
                EC_KEY_free(s->s3->tmp.ecdh);
+               s->s3->tmp.ecdh = NULL;
+               }
 #endif
 
        rp = s->s3->rbuf.buf;

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 197a498924d63870c520f748c735c3e1920483e3..834f301bc6c54f868df0e49609121190e3d5a8c4 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -883,15 +883,20 @@ int ssl3_check_client_hello(SSL *s)
        if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO)
                {
                /* Throw away what we have done so far in the current handshake,
-                * which will now be aborted. (A full SSL_clear would be too much.)
-                * I hope that tmp.dh is the only thing that may need to be cleared
-                * when a handshake is not completed ... */
+                * which will now be aborted. (A full SSL_clear would be too much.) */
 #ifndef OPENSSL_NO_DH
                if (s->s3->tmp.dh != NULL)
                        {
                        DH_free(s->s3->tmp.dh);
                        s->s3->tmp.dh = NULL;
                        }
+#endif
+#ifndef OPENSSL_NO_ECDH
+               if (s->s3->tmp.ecdh != NULL)
+                       {
+                       EC_KEY_free(s->s3->tmp.ecdh);
+                       s->s3->tmp.ecdh = NULL;
+                       }
 #endif
                return 2;
                }
@@ -1622,7 +1627,6 @@ int ssl3_send_server_key_exchange(SSL *s)
 
                        if (s->s3->tmp.dh != NULL)
                                {
-                               DH_free(dh);
                                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
                                goto err;
                                }
@@ -1683,7 +1687,6 @@ int ssl3_send_server_key_exchange(SSL *s)
 
                        if (s->s3->tmp.ecdh != NULL)
                                {
-                               EC_KEY_free(s->s3->tmp.ecdh); 
                                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
                                goto err;
                                }
@@ -1694,12 +1697,11 @@ int ssl3_send_server_key_exchange(SSL *s)
                                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
                                goto err;
                                }
-                       if (!EC_KEY_up_ref(ecdhp))
+                       if ((ecdh = EC_KEY_dup(ecdhp)) == NULL)
                                {
                                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
                                goto err;
                                }
-                       ecdh = ecdhp;
 
                        s->s3->tmp.ecdh=ecdh;
                        if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
@@ -2611,6 +2613,12 @@ int ssl3_get_client_key_exchange(SSL *s)
                        /* Get encoded point length */
                        i = *p; 
                        p += 1;
+                       if (n != 1 + i)
+                               {
+                               SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                                   ERR_R_EC_LIB);
+                               goto err;
+                               }
                        if (EC_POINT_oct2point(group, 
                            clnt_ecpoint, p, i, bn_ctx) == 0)
                                {