Add key use tracking to detect use after free

This allows an error to be thrown if the engine gets torn down while keys are active. This condition is unrecoverable because the key methods (and potentially the engine code) would be freed after this. Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
author: James Bottomley <James.Bottomley@HansenPartnership.com> 2022-02-27 16:38:46 -0500
committer: James Bottomley <James.Bottomley@HansenPartnership.com> 2022-02-28 09:55:51 -0500
commit: ab988e0cf2b050159ead87d9a7f1d08f9905f853 (patch)
tree: 75137e9c8808e5a35fc4c88fbf2e1bb9f6144e5a
parent: 6b9c5718b913900195354edc927b5c2783ff829b (diff)
download: openssl_tpm2_engine-ab988e0cf2b050159ead87d9a7f1d08f9905f853.tar.gz
2 files changed, 15 insertions, 0 deletions
diff --git a/e_tpm2-ecc.c b/e_tpm2-ecc.c
index bd500f8..0a2f7c5 100644
--- a/e_tpm2-ecc.c
+++ b/e_tpm2-ecc.c
@@ -56,6 +56,7 @@ static EC_KEY_METHOD *tpm2_eck = NULL;
 
 /* varibles used to get/set CRYPTO_EX_DATA values */
 static int ec_app_data = TPM2_ENGINE_EX_DATA_UNINIT;
+static int active_keys = 0;
 
 static TPM_HANDLE tpm2_load_key_from_ecc(const EC_KEY *eck,
 					 TSS_CONTEXT **tssContext, char **auth,
@@ -103,6 +104,7 @@ void tpm2_bind_key_to_engine_ecc(EVP_PKEY *pkey, void *data)
 #endif
 	}
 
+	active_keys++;
 #if OPENSSL_VERSION_NUMBER >= 0x30000000
 	EVP_PKEY_set1_EC_KEY(pkey, eck);
 #else
@@ -118,6 +120,7 @@ static void tpm2_ecc_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
 	if (!data)
 		return;
 
+	--active_keys;
 	tpm2_delete(data);
 }
 
@@ -352,6 +355,10 @@ err:
 
 void tpm2_teardown_ecc_methods(void)
 {
+	if (active_keys != 0) {
+		fprintf(stderr, "ERROR: engine torn down while keys active\n");
+		exit(1);
+	}
 #if OPENSSL_VERSION_NUMBER < 0x10100000
 	if (tpm2_ecdsa) {
 		ECDSA_METHOD_free(tpm2_ecdsa);
diff --git a/e_tpm2-rsa.c b/e_tpm2-rsa.c
index 062a960..6f67e2a 100644
--- a/e_tpm2-rsa.c
+++ b/e_tpm2-rsa.c
@@ -27,6 +27,7 @@
 static int ex_app_data = TPM2_ENGINE_EX_DATA_UNINIT;
 
 RSA_METHOD *tpm2_rsa = NULL;
+static int active_keys = 0;
 
 #if OPENSSL_VERSION_NUMBER < 0x10100000
 /* rsa functions */
@@ -129,6 +130,7 @@ void tpm2_bind_key_to_engine_rsa(EVP_PKEY *pkey, void *data)
 #endif
 
 	RSA_set_ex_data(rsa, ex_app_data, data);
+	active_keys++;
 
 #if OPENSSL_VERSION_NUMBER >= 0x30000000
 	EVP_PKEY_set1_RSA(pkey, rsa);
@@ -146,6 +148,8 @@ static void tpm2_rsa_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
 	if (!app_data)
 		return;
 
+	--active_keys;
+
 	tpm2_delete(app_data);
 }
 
@@ -343,6 +347,10 @@ err:
 
 void tpm2_teardown_rsa_methods(void)
 {
+	if (active_keys != 0) {
+		fprintf(stderr, "ERROR: engine torn down while keys active\n");
+		exit(1);
+	}
 #if OPENSSL_VERSION_NUMBER >= 0x10100000
 	if (tpm2_rsa) {
 		RSA_meth_free(tpm2_rsa);
author	James Bottomley <James.Bottomley@HansenPartnership.com>	2022-02-27 16:38:46 -0500
committer	James Bottomley <James.Bottomley@HansenPartnership.com>	2022-02-28 09:55:51 -0500
commit	ab988e0cf2b050159ead87d9a7f1d08f9905f853 (patch)
tree	75137e9c8808e5a35fc4c88fbf2e1bb9f6144e5a
parent	6b9c5718b913900195354edc927b5c2783ff829b (diff)
download	openssl_tpm2_engine-ab988e0cf2b050159ead87d9a7f1d08f9905f853.tar.gz