Merge pull request #10065 from dgarske/async_nb_leak

douzzer · web-flow · commit 5b2e8b1376eb · 2026-03-30T11:40:02.000-05:00
Fix possible leak for ecc non-blocking crypto
diff --git a/src/tls.c b/src/tls.c
@@ -8579,8 +8579,15 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse)
         /* Cleanup on error, otherwise data owned by key share entry */
         XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
         kse->pubKey = NULL;
-        if (eccKey != NULL)
+        if (eccKey != NULL) {
+    #if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_ASYNC_CRYPT_SW) && \
+        defined(WC_ASYNC_ENABLE_ECC)
+            if (eccKey->nb_ctx != NULL) {
+                XFREE(eccKey->nb_ctx, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
+            }
+    #endif
             wc_ecc_free(eccKey);
+        }
         XFREE(kse->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
         kse->key = NULL;
     }
@@ -9817,8 +9824,14 @@ static int TLSX_KeyShare_ProcessEcc_ex(WOLFSSL* ssl,
         ssl->peerEccKey = NULL;
         ssl->peerEccKeyPresent = 0;
     }
-    if (keyShareEntry->key) {
-        wc_ecc_free((ecc_key*)keyShareEntry->key);
+    if (eccKey != NULL) {
+    #if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_ASYNC_CRYPT_SW) && \
+        defined(WC_ASYNC_ENABLE_ECC)
+        if (eccKey->nb_ctx != NULL) {
+            XFREE(eccKey->nb_ctx, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
+        }
+    #endif
+        wc_ecc_free(eccKey);
         XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_ECC);
         keyShareEntry->key = NULL;
     }
