diff options
| author | Roland Shoemaker <roland@golang.org> | 2025-01-24 12:21:36 -0800 |
|---|---|---|
| committer | Roland Shoemaker <roland@golang.org> | 2025-01-27 09:30:26 -0800 |
| commit | e2e700f8b174f34b44c32d7e923ffe4e7219e171 (patch) | |
| tree | 8aa126fd79a7f5560ccbf3ade28fccb75ba59266 /src | |
| parent | 608acff8479640b00c85371d91280b64f5ec9594 (diff) | |
| download | go-e2e700f8b174f34b44c32d7e923ffe4e7219e171.tar.xz | |
crypto/internal/boring: keep ECDH public key alive during cgo calls
This prevents a possible use-after-free.
Change-Id: I02488206660d38cac5ebf2f11009907ae8f22157
Reviewed-on: https://go-review.googlesource.com/c/go/+/644119
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: David Chase <drchase@google.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/crypto/internal/boring/ecdh.go | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/src/crypto/internal/boring/ecdh.go b/src/crypto/internal/boring/ecdh.go index b90e533e7c..ff29eb17b1 100644 --- a/src/crypto/internal/boring/ecdh.go +++ b/src/crypto/internal/boring/ecdh.go @@ -138,6 +138,15 @@ func pointBytesECDH(curve string, group *C.GO_EC_GROUP, pt *C.GO_EC_POINT) ([]by } func ECDH(priv *PrivateKeyECDH, pub *PublicKeyECDH) ([]byte, error) { + // Make sure priv and pub are not garbage collected while we are in a cgo + // call. + // + // The call to xCoordBytesECDH should prevent priv from being collected, but + // include this in case the code is reordered and there is a subsequent call + // cgo call after that point. + defer runtime.KeepAlive(priv) + defer runtime.KeepAlive(pub) + group := C._goboringcrypto_EC_KEY_get0_group(priv.key) if group == nil { return nil, fail("EC_KEY_get0_group") |