From: Roland Shoemaker <roland@golang.org>
Date: Fri, 24 Jan 2025 20:21:36 +0000 (-0800)
Subject: crypto/internal/boring: keep ECDH public key alive during cgo calls
X-Git-Tag: go1.24rc3~2^2~21
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=e2e700f8b1;p=gostls13.git

crypto/internal/boring: keep ECDH public key alive during cgo calls

This prevents a possible use-after-free.

Change-Id: I02488206660d38cac5ebf2f11009907ae8f22157
Reviewed-on: https://go-review.googlesource.com/c/go/+/644119
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: David Chase <drchase@google.com>
---

diff --git a/src/crypto/internal/boring/ecdh.go b/src/crypto/internal/boring/ecdh.go
index b90e533e7c..ff29eb17b1 100644
--- a/src/crypto/internal/boring/ecdh.go
+++ b/src/crypto/internal/boring/ecdh.go
@@ -138,6 +138,15 @@ func pointBytesECDH(curve string, group *C.GO_EC_GROUP, pt *C.GO_EC_POINT) ([]by
 }
 
 func ECDH(priv *PrivateKeyECDH, pub *PublicKeyECDH) ([]byte, error) {
+	// Make sure priv and pub are not garbage collected while we are in a cgo
+	// call.
+	//
+	// The call to xCoordBytesECDH should prevent priv from being collected, but
+	// include this in case the code is reordered and there is a subsequent call
+	// cgo call after that point.
+	defer runtime.KeepAlive(priv)
+	defer runtime.KeepAlive(pub)
+
 	group := C._goboringcrypto_EC_KEY_get0_group(priv.key)
 	if group == nil {
 		return nil, fail("EC_KEY_get0_group")