Changeset 5994

Timestamp:

May 15, 2019 9:41:52 AM (5 years ago)

Author:

nanang

Message:

Re #2179: Wipe out memory used for storing SSL keys in PJSIP TLS transport and pjsua app. Thanks Peter Koletzki for the feedback.

Location:

pjproject/trunk

Files:

• pjsip-apps/src/pjsua/pjsua_app.c (modified) (3 diffs)
• pjsip/include/pjsip/sip_transport_tls.h (modified) (1 diff)
• pjsip/src/pjsip/sip_transport_tls.c (modified) (5 diffs)

pjproject/trunk/pjsip-apps/src/pjsua/pjsua_app.c

@@ -1794 +1794 @@
         status = pjsua_set_null_snd_dev();
         if (status != PJ_SUCCESS)
-            return status;
+            goto on_error;
     }
 #endif
@@ -1811 +1811 @@
     call_opt.aud_cnt = app_config.aud_cnt;
     call_opt.vid_cnt = app_config.vid.vid_cnt;
+
+    /* Wipe out TLS key settings in transport configs */
+    pjsip_tls_setting_wipe_keys(&app_config.udp_cfg.tls_setting);
 
     pj_pool_release(tmp_pool);
@@ -1960 +1963 @@
         cli_telnet_port = app_config.cli_cfg.telnet_cfg.port;   
     }
+
+    /* Wipe out TLS key settings in transport configs */
+    pjsip_tls_setting_wipe_keys(&app_config.udp_cfg.tls_setting);
 
     /* Reset config */

pjproject/trunk/pjsip/include/pjsip/sip_transport_tls.h

@@ -418 +418 @@
     }
 }
+
+
+/**
+ * Wipe out certificates and keys in the TLS setting buffer.
+ *
+ * @param opt       TLS setting.
+ */
+PJ_DECL(void) pjsip_tls_setting_wipe_keys(pjsip_tls_setting *opt);
 
 

pjproject/trunk/pjsip/src/pjsip/sip_transport_tls.c

@@ -673 +673 @@
     if (listener->factory.pool) {
         PJ_LOG(4,(listener->factory.obj_name,  "SIP TLS transport destroyed"));
-        pj_pool_safe_release(&listener->factory.pool);
+        pj_pool_secure_release(&listener->factory.pool);
     }
 }
@@ -971 +971 @@
 
     if (tls->rdata.tp_info.pool) {
-        pj_pool_release(tls->rdata.tp_info.pool);
-        tls->rdata.tp_info.pool = NULL;
+        pj_pool_secure_release(&tls->rdata.tp_info.pool);
     }
 
@@ -986 +985 @@
 
     if (tls->base.pool) {
-        pj_pool_t *pool;
-
         if (tls->close_reason != PJ_SUCCESS) {
             char errmsg[PJ_ERR_MSG_SIZE];
@@ -1002 +999 @@
 
         }
-
-        pool = tls->base.pool;
-        tls->base.pool = NULL;
-        pj_pool_release(pool);
+        pj_pool_secure_release(&tls->base.pool);
     }
 }
@@ -2030 +2024 @@
 }
 
+
+static void wipe_buf(pj_str_t *buf)
+{
+    volatile char *p = buf->ptr;
+    pj_ssize_t len = buf->slen;
+    while (len--) *p++ = 0;
+    buf->slen = 0;
+}
+
+/*
+ * Wipe out certificates and keys in the TLS setting buffer.
+ */
+PJ_DEF(void) pjsip_tls_setting_wipe_keys(pjsip_tls_setting *opt)
+{
+    wipe_buf(&opt->ca_list_file);
+    wipe_buf(&opt->ca_list_path);
+    wipe_buf(&opt->cert_file);
+    wipe_buf(&opt->privkey_file);
+    wipe_buf(&opt->password);
+    wipe_buf(&opt->sigalgs);
+    wipe_buf(&opt->entropy_path);
+    wipe_buf(&opt->ca_buf);
+    wipe_buf(&opt->cert_buf);
+    wipe_buf(&opt->privkey_buf);    
+}
+
 #endif /* PJSIP_HAS_TLS_TRANSPORT */