crypto/internal/boring: keep ECDH public key alive during cgo calls

This prevents a possible use-after-free. Change-Id: I02488206660d38cac5ebf2f11009907ae8f22157 Reviewed-on: https://go-review.googlesource.com/c/go/+/644119 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Filippo Valsorda <filippo@golang.org> Reviewed-by: David Chase <drchase@google.com>
2025-12-08 06:10:04 +00:00 · 2025-01-24 12:21:36 -08:00 · 2025-01-24 12:21:36 -08:00 · e2e700f8b1
commit e2e700f8b1
parent 608acff847
1 changed files with 9 additions and 0 deletions
--- a/src/crypto/internal/boring/ecdh.go
+++ b/src/crypto/internal/boring/ecdh.go
@ -138,6 +138,15 @@ func pointBytesECDH(curve string, group *C.GO_EC_GROUP, pt *C.GO_EC_POINT) ([]by
 }

 func ECDH(priv *PrivateKeyECDH, pub *PublicKeyECDH) ([]byte, error) {
+	// Make sure priv and pub are not garbage collected while we are in a cgo
+	// call.
+	//
+	// The call to xCoordBytesECDH should prevent priv from being collected, but
+	// include this in case the code is reordered and there is a subsequent call
+	// cgo call after that point.
+	defer runtime.KeepAlive(priv)
+	defer runtime.KeepAlive(pub)
+
 	group := C._goboringcrypto_EC_KEY_get0_group(priv.key)
 	if group == nil {
 		return nil, fail("EC_KEY_get0_group")