diff options
author | Joshua Colp <jcolp@digium.com> | 2015-08-05 07:23:21 -0300 |
---|---|---|
committer | Joshua Colp <jcolp@digium.com> | 2015-08-05 10:25:45 -0500 |
commit | 9a12804e592b97d74ff7b909e0d0022f1ca72386 (patch) | |
tree | b0cd4b4dac667464770236992b9b128a37514fa5 /res/res_rtp_asterisk.c | |
parent | 1aa23a5d1ba42a0a7253cbd1793fe8627409637d (diff) |
res_rtp_asterisk: Don't leak temporary key when enabling PFS.
A change recently went in which enabled perfect forward secrecy for
DTLS in res_rtp_asterisk. This was accomplished two different ways
depending on the availability of a feature in OpenSSL. The fallback
method created a temporary instance of a key but did not free it.
This change fixes that.
ASTERISK-25265
Change-Id: Iadc031b67a91410bbefb17ffb4218d615d051396
Diffstat (limited to 'res/res_rtp_asterisk.c')
-rw-r--r-- | res/res_rtp_asterisk.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/res/res_rtp_asterisk.c b/res/res_rtp_asterisk.c index 0c47e1e25..462091778 100644 --- a/res/res_rtp_asterisk.c +++ b/res/res_rtp_asterisk.c @@ -1268,6 +1268,9 @@ static int ast_rtp_dtls_set_configuration(struct ast_rtp_instance *instance, con { struct ast_rtp *rtp = ast_rtp_instance_get_data(instance); int res; +#ifndef HAVE_OPENSSL_ECDH_AUTO + EC_KEY *ecdh; +#endif if (!dtls_cfg->enabled) { return 0; @@ -1291,8 +1294,11 @@ static int ast_rtp_dtls_set_configuration(struct ast_rtp_instance *instance, con #ifdef HAVE_OPENSSL_ECDH_AUTO SSL_CTX_set_ecdh_auto(rtp->ssl_ctx, 1); #else - SSL_CTX_set_tmp_ecdh(rtp->ssl_ctx, - EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); + ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); + if (ecdh) { + SSL_CTX_set_tmp_ecdh(rtp->ssl_ctx, ecdh); + EC_KEY_free(ecdh); + } #endif rtp->dtls_verify = dtls_cfg->verify; |