diff options
author | djm@openbsd.org <djm@openbsd.org> | 2019-01-20 23:05:52 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-01-21 10:54:37 +1100 |
commit | 445cfce49dfc904c6b8ab25afa2f43130296c1a5 (patch) | |
tree | 808135c9919b47fbbdce602cddf4df562babdd88 | |
parent | 8a2467583f0b5760787273796ec929190c3f16ee (diff) |
upstream: fix leak of ECDSA pkcs11_key objects
work by markus, ok djm@
OpenBSD-Commit-ID: 9fc0c4f1d640aaa5f19b8d70f37ea19b8ad284a1
-rw-r--r-- | ssh-pkcs11.c | 23 |
1 files changed, 21 insertions, 2 deletions
diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c index bcbf727e6..c36d31604 100644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-pkcs11.c,v 1.31 2019/01/20 23:03:26 djm Exp $ */ | 1 | /* $OpenBSD: ssh-pkcs11.c,v 1.32 2019/01/20 23:05:52 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2010 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2010 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2014 Pedro Martelletto. All rights reserved. | 4 | * Copyright (c) 2014 Pedro Martelletto. All rights reserved. |
@@ -457,6 +457,21 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, | |||
457 | } | 457 | } |
458 | 458 | ||
459 | static EC_KEY_METHOD *ec_key_method; | 459 | static EC_KEY_METHOD *ec_key_method; |
460 | static int ec_key_idx = 0; | ||
461 | |||
462 | static void | ||
463 | pkcs11_k11_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, | ||
464 | long argl, void *argp) | ||
465 | { | ||
466 | struct pkcs11_key *k11 = ptr; | ||
467 | |||
468 | if (k11 == NULL) | ||
469 | return; | ||
470 | if (k11->provider) | ||
471 | pkcs11_provider_unref(k11->provider); | ||
472 | free(k11->keyid); | ||
473 | free(k11); | ||
474 | } | ||
460 | 475 | ||
461 | static int | 476 | static int |
462 | pkcs11_ecdsa_start_wrapper(void) | 477 | pkcs11_ecdsa_start_wrapper(void) |
@@ -466,6 +481,10 @@ pkcs11_ecdsa_start_wrapper(void) | |||
466 | 481 | ||
467 | if (ec_key_method != NULL) | 482 | if (ec_key_method != NULL) |
468 | return (0); | 483 | return (0); |
484 | ec_key_idx = EC_KEY_get_ex_new_index(0, "ssh-pkcs11-ecdsa", | ||
485 | NULL, NULL, pkcs11_k11_free); | ||
486 | if (ec_key_idx == -1) | ||
487 | return (-1); | ||
469 | ec_key_method = EC_KEY_METHOD_new(EC_KEY_OpenSSL()); | 488 | ec_key_method = EC_KEY_METHOD_new(EC_KEY_OpenSSL()); |
470 | if (ec_key_method == NULL) | 489 | if (ec_key_method == NULL) |
471 | return (-1); | 490 | return (-1); |
@@ -494,7 +513,7 @@ pkcs11_ecdsa_wrap(struct pkcs11_provider *provider, CK_ULONG slotidx, | |||
494 | k11->ec_key_method = ec_key_method; | 513 | k11->ec_key_method = ec_key_method; |
495 | 514 | ||
496 | EC_KEY_set_method(ec, k11->ec_key_method); | 515 | EC_KEY_set_method(ec, k11->ec_key_method); |
497 | EC_KEY_set_ex_data(ec, 0, k11); | 516 | EC_KEY_set_ex_data(ec, ec_key_idx, k11); |
498 | 517 | ||
499 | return (0); | 518 | return (0); |
500 | } | 519 | } |