kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-10-13 08:13:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

res_rtp_asterisk: Don't leak temporary key when enabling PFS.

Browse Source 
A change recently went in which enabled perfect forward secrecy for
DTLS in res_rtp_asterisk. This was accomplished two different ways
depending on the availability of a feature in OpenSSL. The fallback
method created a temporary instance of a key but did not free it.
This change fixes that.

ASTERISK-25265

Change-Id: Iadc031b67a91410bbefb17ffb4218d615d051396
This commit is contained in:
Joshua Colp
2015-08-05 07:23:21 -03:00
parent 1aa23a5d1b
commit 9a12804e59
1 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
res/res_rtp_asterisk.c
View File

@@ -1268,6 +1268,9 @@ static int ast_rtp_dtls_set_configuration(struct ast_rtp_instance *instance, con
{ {
struct ast_rtp *rtp = ast_rtp_instance_get_data(instance); struct ast_rtp *rtp = ast_rtp_instance_get_data(instance);
int res; int res;
#ifndef HAVE_OPENSSL_ECDH_AUTO
EC_KEY *ecdh;
#endif
if (!dtls_cfg->enabled) { if (!dtls_cfg->enabled) {
return 0; return 0;
@@ -1291,8 +1294,11 @@ static int ast_rtp_dtls_set_configuration(struct ast_rtp_instance *instance, con
#ifdef HAVE_OPENSSL_ECDH_AUTO #ifdef HAVE_OPENSSL_ECDH_AUTO
SSL_CTX_set_ecdh_auto(rtp->ssl_ctx, 1); SSL_CTX_set_ecdh_auto(rtp->ssl_ctx, 1);
#else #else
SSL_CTX_set_tmp_ecdh(rtp->ssl_ctx, ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); if (ecdh) {
SSL_CTX_set_tmp_ecdh(rtp->ssl_ctx, ecdh);
EC_KEY_free(ecdh);
}
#endif #endif
rtp->dtls_verify = dtls_cfg->verify; rtp->dtls_verify = dtls_cfg->verify;