Correctly free EVP_MD_CTX in OpenSSL #501
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
soter_sign_ctx_t
structures store both EVP_MD_CTX (to keep the digest algorithm used for signatures) and EVP_PKEY_CTX (to keep the key used for signature). The key is actually shared between those structures but EVP_MD_CTX assumes ownership over it, with EVP_MD_CTX_destroy() freeing the key. EVP_PKEY structures are refcounted so sharing the key should be safe... if we make the correct precautions to avoid freeing the key after it has been freed. EVP_PKEY_CTX keeps track of that, but we need to free EVP_MD_CTX first and then proceed to freeing EVP_PKEY_CTX and maybe the key it has been managing.tl;dr: manual memory management is hard.
This sleeper bug is presumed to be responsible for occasional segfaults when running JsThemis. Interestingly, the crashes do not reproduce with any other wrapper. Furthermore, BoringSSL code uses correct freeing order since the beginning. "Coincidence? I don't think so".