res_rtp_asterisk: Don't leak temporary key when enabling PFS.

A change recently went in which enabled perfect forward secrecy for DTLS in res_rtp_asterisk. This was accomplished two different ways depending on the availability of a feature in OpenSSL. The fallback method created a temporary instance of a key but did not free it. This change fixes that. ASTERISK-25265 Change-Id: Iadc031b67a91410bbefb17ffb4218d615d051396
author: Joshua Colp <jcolp@digium.com> 2015-08-05 07:23:21 -0300
committer: Joshua Colp <jcolp@digium.com> 2015-08-05 10:25:45 -0500
commit: 9a12804e592b97d74ff7b909e0d0022f1ca72386 (patch)
tree: b0cd4b4dac667464770236992b9b128a37514fa5 /res/res_rtp_asterisk.c
parent: 1aa23a5d1ba42a0a7253cbd1793fe8627409637d (diff)
1 files changed, 8 insertions, 2 deletions
diff --git a/res/res_rtp_asterisk.c b/res/res_rtp_asterisk.c
index 0c47e1e25..462091778 100644
--- a/res/res_rtp_asterisk.c
+++ b/res/res_rtp_asterisk.c
@@ -1268,6 +1268,9 @@ static int ast_rtp_dtls_set_configuration(struct ast_rtp_instance *instance, con
 {
 	struct ast_rtp *rtp = ast_rtp_instance_get_data(instance);
 	int res;
+#ifndef HAVE_OPENSSL_ECDH_AUTO
+	EC_KEY *ecdh;
+#endif
 
 	if (!dtls_cfg->enabled) {
 		return 0;
@@ -1291,8 +1294,11 @@ static int ast_rtp_dtls_set_configuration(struct ast_rtp_instance *instance, con
 #ifdef HAVE_OPENSSL_ECDH_AUTO
 	SSL_CTX_set_ecdh_auto(rtp->ssl_ctx, 1);
 #else
-	SSL_CTX_set_tmp_ecdh(rtp->ssl_ctx,
-		EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
+	ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+	if (ecdh) {
+		SSL_CTX_set_tmp_ecdh(rtp->ssl_ctx, ecdh);
+		EC_KEY_free(ecdh);
+	}
 #endif
 
 	rtp->dtls_verify = dtls_cfg->verify;
author	Joshua Colp <jcolp@digium.com>	2015-08-05 07:23:21 -0300
committer	Joshua Colp <jcolp@digium.com>	2015-08-05 10:25:45 -0500
commit	9a12804e592b97d74ff7b909e0d0022f1ca72386 (patch)
tree	b0cd4b4dac667464770236992b9b128a37514fa5 /res/res_rtp_asterisk.c
parent	1aa23a5d1ba42a0a7253cbd1793fe8627409637d (diff)