Skip to content

Commit

Permalink
Merge pull request PowerDNS#12794 from rgacogne/ddist-ossl3-ticket-leak
Browse files Browse the repository at this point in the history 
libssl: Fix a memory leak when processing TLS tickets w/ OpenSSL 3.x
  • Loading branch information
@rgacogne
rgacogne authored May 9, 2023
2 parents bf3597c + 0a18d03 commit 30cb0c2
Showing 1 changed file with 6 additions and 4 deletions.
10 changes: 6 additions & 4 deletions pdns/libssl.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -762,6 +762,7 @@ int OpenSSLTLSTicketKey::encrypt(unsigned char keyName[TLS_TICKETS_KEY_NAME_SIZE

#if OPENSSL_VERSION_MAJOR >= 3
using ParamsBuilder = std::unique_ptr<OSSL_PARAM_BLD, decltype(&OSSL_PARAM_BLD_free)>;
using Params = std::unique_ptr<OSSL_PARAM, decltype(&OSSL_PARAM_free)>;

auto params_build = ParamsBuilder(OSSL_PARAM_BLD_new(), OSSL_PARAM_BLD_free);
if (params_build == nullptr) {
Expand All @@ -772,12 +773,12 @@ int OpenSSLTLSTicketKey::encrypt(unsigned char keyName[TLS_TICKETS_KEY_NAME_SIZE
return -1;
}

auto* params = OSSL_PARAM_BLD_to_param(params_build.get());
auto params = Params(OSSL_PARAM_BLD_to_param(params_build.get()), OSSL_PARAM_free);
if (params == nullptr) {
return -1;
}

if (EVP_MAC_CTX_set_params(hctx, params) == 0) {
if (EVP_MAC_CTX_set_params(hctx, params.get()) == 0) {
return -1;
}

Expand All @@ -801,6 +802,7 @@ bool OpenSSLTLSTicketKey::decrypt(const unsigned char* iv, EVP_CIPHER_CTX* ectx,
{
#if OPENSSL_VERSION_MAJOR >= 3
using ParamsBuilder = std::unique_ptr<OSSL_PARAM_BLD, decltype(&OSSL_PARAM_BLD_free)>;
using Params = std::unique_ptr<OSSL_PARAM, decltype(&OSSL_PARAM_free)>;

auto params_build = ParamsBuilder(OSSL_PARAM_BLD_new(), OSSL_PARAM_BLD_free);
if (params_build == nullptr) {
Expand All @@ -811,12 +813,12 @@ bool OpenSSLTLSTicketKey::decrypt(const unsigned char* iv, EVP_CIPHER_CTX* ectx,
return false;
}

auto* params = OSSL_PARAM_BLD_to_param(params_build.get());
auto params = Params(OSSL_PARAM_BLD_to_param(params_build.get()), OSSL_PARAM_free);
if (params == nullptr) {
return false;
}

if (EVP_MAC_CTX_set_params(hctx, params) == 0) {
if (EVP_MAC_CTX_set_params(hctx, params.get()) == 0) {
return false;
}

Expand Down

0 comments on commit 30cb0c2

Please sign in to comment.