kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-09-04 11:58:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

res_rtp_asterisk: Don't leak temporary key when enabling PFS.

Browse Source 
A change recently went in which enabled perfect forward secrecy for
DTLS in res_rtp_asterisk. This was accomplished two different ways
depending on the availability of a feature in OpenSSL. The fallback
method created a temporary instance of a key but did not free it.
This change fixes that.

ASTERISK-25265

Change-Id: Iadc031b67a91410bbefb17ffb4218d615d051396
This commit is contained in:
Joshua Colp
2015-08-05 07:23:21 -03:00
parent 3ba6099a9e
commit 7351d33a1f
1 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
res/res_rtp_asterisk.c
View File

@@ -1268,6 +1268,9 @@ static int ast_rtp_dtls_set_configuration(struct ast_rtp_instance *instance, con
{
struct ast_rtp *rtp = ast_rtp_instance_get_data(instance);
int res;
#ifndef HAVE_OPENSSL_ECDH_AUTO
EC_KEY *ecdh;
#endif
if (!dtls_cfg->enabled) {
return 0;
@@ -1291,8 +1294,11 @@ static int ast_rtp_dtls_set_configuration(struct ast_rtp_instance *instance, con
#ifdef HAVE_OPENSSL_ECDH_AUTO
SSL_CTX_set_ecdh_auto(rtp->ssl_ctx, 1);
#else
SSL_CTX_set_tmp_ecdh(rtp->ssl_ctx,
EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
if (ecdh) {
SSL_CTX_set_tmp_ecdh(rtp->ssl_ctx, ecdh);
EC_KEY_free(ecdh);
}
#endif
rtp->dtls_verify = dtls_cfg->verify;