crypto/internal/boring: keep ECDH public key alive during cgo calls

This prevents a possible use-after-free.

Change-Id: I02488206660d38cac5ebf2f11009907ae8f22157
Reviewed-on: https://go-review.googlesource.com/c/go/+/644119
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: David Chase <drchase@google.com>

diff --git a/src/crypto/internal/boring/ecdh.go b/src/crypto/internal/boring/ecdh.go
index b90e533e7cc38c367643beb1195be8a067c18f12..ff29eb17b1134482bc5bb4911bc4b737d888b506 100644 (file)
--- a/src/crypto/internal/boring/ecdh.go
+++ b/src/crypto/internal/boring/ecdh.go
@@ -138,6 +138,15 @@ func pointBytesECDH(curve string, group *C.GO_EC_GROUP, pt *C.GO_EC_POINT) ([]by
 }
 
 func ECDH(priv *PrivateKeyECDH, pub *PublicKeyECDH) ([]byte, error) {
+       // Make sure priv and pub are not garbage collected while we are in a cgo
+       // call.
+       //
+       // The call to xCoordBytesECDH should prevent priv from being collected, but
+       // include this in case the code is reordered and there is a subsequent call
+       // cgo call after that point.
+       defer runtime.KeepAlive(priv)
+       defer runtime.KeepAlive(pub)
+
        group := C._goboringcrypto_EC_KEY_get0_group(priv.key)
        if group == nil {
                return nil, fail("EC_KEY_get0_group")