Welcome! Log In Create A New Profile

Advanced

[QUIC][BUG] function 'ngx_hkdf_extract ' has memory leak when use OPENSSL but not BoringSSL.

Previous Message Next Message
Forum List Message List New Topic Print View
lingtao.klt
March 09, 2021 10:17PM
In ngx_hkdf_expand, when use OPENSSL, the *pctx need to be free.


```

static ngx_int_t
ngx_hkdf_expand(u_char *out_key, size_t out_len, const EVP_MD *digest,
const uint8_t *prk, size_t prk_len, const u_char *info, size_t info_len)
{
#ifdef OPENSSL_IS_BORINGSSL
if (HKDF_expand(out_key, out_len, digest, prk, prk_len, info, info_len)
== 0)
{
return NGX_ERROR;
}
#else

EVP_PKEY_CTX *pctx;

pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);

if (EVP_PKEY_derive_init(pctx) <= 0) {
return NGX_ERROR;
}

if (EVP_PKEY_CTX_hkdf_mode(pctx, EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) <= 0) {
return NGX_ERROR;
}

if (EVP_PKEY_CTX_set_hkdf_md(pctx, digest) <= 0) {
return NGX_ERROR;
}

if (EVP_PKEY_CTX_set1_hkdf_key(pctx, prk, prk_len) <= 0) {
return NGX_ERROR;
}

if (EVP_PKEY_CTX_add1_hkdf_info(pctx, info, info_len) <= 0) {
return NGX_ERROR;
}

if (EVP_PKEY_derive(pctx, out_key, &out_len) <= 0) {
return NGX_ERROR;
}

#endif

return NGX_OK;
}

```
Reply Quote
RSS
Subject Author Posted

[QUIC][BUG] function 'ngx_hkdf_extract ' has memory leak when use OPENSSL but not BoringSSL.

lingtao.klt March 09, 2021 10:17PM

Re: [QUIC][BUG] function 'ngx_hkdf_extract ' has memory leak when use OPENSSL but not BoringSSL.

Vladimir Homutov March 12, 2021 03:52AM

Re: [QUIC][BUG] function 'ngx_hkdf_extract ' has memory leak when use OPENSSL but not BoringSSL.

lingtao.klt March 12, 2021 09:08AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 245
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready