Skip to content

Commit

Permalink
tls_wolfssl: adapt patch with upstream
Browse files Browse the repository at this point in the history 
Grabbed from wolfSSL/wolfssl/#6785
As soon as the patch gets in a released version, we shall bump our
version as well.

(cherry picked from commit 2548f47)
  • Loading branch information
@razvancrainea
razvancrainea committed Sep 21, 2023
1 parent 5b02900 commit e8d05c2
Show file tree
Hide file tree
Showing 2 changed files with 45 additions and 29 deletions.
12 changes: 7 additions & 5 deletions modules/tls_wolfssl/Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,22 +23,24 @@ lib/wolfssl/Makefile: lib/wolfssl/configure
--prefix=$(MOD_DIR)/lib \
--exec-prefix=$(MOD_DIR)/lib C_EXTRA_FLAGS="-fPIC" CFLAGS="-DWOLFSSL_STATIC_RSA"; \

lib/lib/libwolfssl.a: lib/wolfssl/Makefile lib/wolfssl/src/internal.c
PATCHED_FILES = lib/wolfssl/src/internal.c lib/wolfssl/src/ssl.c

lib/lib/libwolfssl.a: lib/wolfssl/Makefile $(PATCHED_FILES)
$(Q)$(MAKE) -C ./lib/wolfssl install

lib/wolfssl/src/internal.c: lib/patches/wolfssl-internal-memleak-fix.patched

lib/patches/wolfssl-internal-memleak-fix.patched: lib/patches/wolfssl-internal-memleak-fix.patch
$(Q)patch -sNR --dry-run lib/wolfssl/src/internal.c $< || \
$(Q)patch -N lib/wolfssl/src/internal.c $< && cp $< $@
$(Q)patch -sNR -p1 -d lib/wolfssl --dry-run < $< || patch -N -p1 -d lib/wolfssl < $< && cp $< $@

clean: clean-wolfssl-lib

.PHONY: clean-wolfssl-lib
clean-wolfssl-lib:
@if [ -f ./lib/wolfssl/Makefile ]; then \
-@if [ -f ./lib/wolfssl/Makefile ]; then \
$(MAKE) -C ./lib/wolfssl clean; \
fi;
@rm -rf ./lib/bin ./lib/include ./lib/lib ./lib/share \
-@patch -stNR -p1 -d lib/wolfssl < lib/patches/wolfssl-internal-memleak-fix.patch
-@rm -rf ./lib/bin ./lib/include ./lib/lib ./lib/share \
./lib/wolfssl/Makefile ./lib/wolfssl/configure \
lib/patches/wolfssl-internal-memleak-fix.patched
62 changes: 38 additions & 24 deletions modules/tls_wolfssl/lib/patches/wolfssl-internal-memleak-fix.patch
View file
Original file line number Diff line number Diff line change
@@ -1,30 +1,44 @@
From 911c4519ef921a3e50e5a46cbe958ced8a528c3e Mon Sep 17 00:00:00 2001
From: Eric Blankenhorn <eric@wolfssl.com>
Date: Mon, 18 Sep 2023 16:19:22 -0500
Subject: [PATCH] Fix writedup rng leak

---
src/internal.c | 2 ++
src/ssl.c | 7 +++++++
2 files changed, 9 insertions(+)

diff --git a/src/internal.c b/src/internal.c
index 930769152..8e7ccf9c4 100644
index 930769152..46e26a313 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -7207,7 +7208,11 @@ void SSL_ResourceFree(WOLFSSL* ssl)
/* Cleanup async */
FreeAsyncCtx(ssl, 1);
#endif
- if (ssl->options.weOwnRng) {
+ if (ssl->options.weOwnRng || (ssl->rng
+#ifdef SINGLE_THREADED
+ && ssl->rng != ssl->ctx->rng
+#endif
+ )) {
@@ -7210,6 +7210,8 @@ void SSL_ResourceFree(WOLFSSL* ssl)
if (ssl->options.weOwnRng) {
wc_FreeRng(ssl->rng);
XFREE(ssl->rng, ssl->heap, DYNAMIC_TYPE_RNG);
+ ssl->rng = NULL;
+ ssl->options.weOwnRng = 0;
}
@@ -7571,7 +7576,11 @@ void FreeHandshakeResources(WOLFSSL* ssl)
#endif
#endif
) {
- if (ssl->options.weOwnRng) {
+ if (ssl->options.weOwnRng || (ssl->rng
+#ifdef SINGLE_THREADED
+ && ssl->rng != ssl->ctx->rng
+#endif
+ )) {
wc_FreeRng(ssl->rng);
XFREE(ssl->rng, ssl->heap, DYNAMIC_TYPE_RNG);
ssl->rng = NULL;
FreeSuites(ssl);
FreeHandshakeHashes(ssl);
diff --git a/src/ssl.c b/src/ssl.c
index 8d946f07b..01a4c7a54 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -747,6 +747,13 @@ static int DupSSL(WOLFSSL* dup, WOLFSSL* ssl)
ssl->dupWrite->dupCount = 2; /* both sides have a count to start */
dup->dupWrite = ssl->dupWrite; /* each side uses */

+ if (dup->options.weOwnRng) {
+ wc_FreeRng(dup->rng);
+ XFREE(dup->rng, dup->heap, DYNAMIC_TYPE_RNG);
+ dup->rng = NULL;
+ dup->options.weOwnRng = 0;
+ }
+
/* copy write parts over to dup writer */
XMEMCPY(&dup->specs, &ssl->specs, sizeof(CipherSpecs));
XMEMCPY(&dup->options, &ssl->options, sizeof(Options));
--
2.42.0

0 comments on commit e8d05c2

Please sign in to comment.