mbedtls: fix ssl server crash when enable mbedtls dynamic buffer

Not free keycert until MBEDTLS_SSL_CLIENT_KEY_EXCHANGE for rsa key exchange methods, because keycert will be used to parse client key exchange.
2024-10-05 20:47:46 -04:00 · 2022-04-22 17:28:37 +08:00 · 2022-04-22 17:28:37 +08:00 · c88af419a3
commit c88af419a3
parent 7e71c0cff2
1 changed files with 45 additions and 3 deletions
--- a/components/mbedtls/port/dynamic/esp_ssl_srv.c
+++ b/components/mbedtls/port/dynamic/esp_ssl_srv.c
@ -12,6 +12,24 @@ int __wrap_mbedtls_ssl_handshake_server_step(mbedtls_ssl_context *ssl);

 static const char *TAG = "SSL Server";

+#ifdef CONFIG_MBEDTLS_DYNAMIC_FREE_CONFIG_DATA
+/**
+ * Check if ciphersuite uses rsa key exchange methods.
+ */
+static bool ssl_ciphersuite_uses_rsa_key_ex(mbedtls_ssl_context *ssl)
+{
+    const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
+        ssl->MBEDTLS_PRIVATE(handshake)->ciphersuite_info;
+
+    if (ciphersuite_info->MBEDTLS_PRIVATE(key_exchange) == MBEDTLS_KEY_EXCHANGE_RSA ||
+        ciphersuite_info->MBEDTLS_PRIVATE(key_exchange) == MBEDTLS_KEY_EXCHANGE_RSA_PSK) {
+        return true;
+    } else {
+        return false;
+    }
+}
+#endif
+
 static int manage_resource(mbedtls_ssl_context *ssl, bool add)
 {
    int state = add ? ssl->MBEDTLS_PRIVATE(state) : ssl->MBEDTLS_PRIVATE(state) - 1;
@ -65,7 +83,13 @@ static int manage_resource(mbedtls_ssl_context *ssl, bool add)
                CHECK_OK(esp_mbedtls_add_tx_buffer(ssl, buffer_len));
            } else {
 #ifdef CONFIG_MBEDTLS_DYNAMIC_FREE_CONFIG_DATA
-                esp_mbedtls_free_keycert_cert(ssl);
+                /**
+                 * Not free keycert->cert until MBEDTLS_SSL_CLIENT_KEY_EXCHANGE for rsa key exchange methods.
+                 * For ssl server will use keycert->cert to parse client key exchange.
+                 */
+                if (!ssl_ciphersuite_uses_rsa_key_ex(ssl)) {
+                    esp_mbedtls_free_keycert_cert(ssl);
+                }
 #endif
            }
            break;
@ -77,8 +101,14 @@ static int manage_resource(mbedtls_ssl_context *ssl, bool add)
            } else {
 #ifdef CONFIG_MBEDTLS_DYNAMIC_FREE_CONFIG_DATA
                esp_mbedtls_free_dhm(ssl);
-                esp_mbedtls_free_keycert_key(ssl);
-                esp_mbedtls_free_keycert(ssl);
+                /**
+                 * Not free keycert->key and keycert until MBEDTLS_SSL_CLIENT_KEY_EXCHANGE for rsa key exchange methods.
+                 * For ssl server will use keycert->key to parse client key exchange.
+                 */
+                if (!ssl_ciphersuite_uses_rsa_key_ex(ssl)) {
+                    esp_mbedtls_free_keycert_key(ssl);
+                    esp_mbedtls_free_keycert(ssl);
+                }
 #endif
            }
            break;
@ -114,6 +144,18 @@ static int manage_resource(mbedtls_ssl_context *ssl, bool add)
                CHECK_OK(esp_mbedtls_add_rx_buffer(ssl));
            } else {
                CHECK_OK(esp_mbedtls_free_rx_buffer(ssl));
+
+#ifdef CONFIG_MBEDTLS_DYNAMIC_FREE_CONFIG_DATA
+                /**
+                 * Free keycert after MBEDTLS_SSL_CLIENT_KEY_EXCHANGE for rsa key exchange methods.
+                 * For ssl server will use keycert->cert and keycert->key to parse client key exchange.
+                 */
+                if (ssl_ciphersuite_uses_rsa_key_ex(ssl)) {
+                    esp_mbedtls_free_keycert_cert(ssl);
+                    esp_mbedtls_free_keycert_key(ssl);
+                    esp_mbedtls_free_keycert(ssl);
+                }
+#endif
            }
            break;
        case MBEDTLS_SSL_CERTIFICATE_VERIFY: