diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2017-06-28 13:24:07 -0700 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2017-06-28 15:24:07 -0500 |
| commit | f21ffff2d2bc916b70e66810b4582a604f03965f (patch) | |
| tree | dde2b3e3415cb61692247cd23d14811128a50660 | |
| parent | 491fd7cc5aefff8064039d073331b41a2f606a63 (diff) | |
| download | cryptography-f21ffff2d2bc916b70e66810b4582a604f03965f.tar.gz cryptography-f21ffff2d2bc916b70e66810b4582a604f03965f.tar.bz2 cryptography-f21ffff2d2bc916b70e66810b4582a604f03965f.zip | |
Fix for leaking memory in EllipticCurvePublicNumbers.public_key() (#3732)
* Test for leaking memory in EllipticCurvePublicNumbers.public_key()
* Fix the memory leak
As far as I can tell, from spelunking in the OpenSSL source (as you do), EC_KEY_set_public_key_affine_coordinates doesn't take ownership of "x" or "y". https://github.com/openssl/openssl/blob/master/crypto/ec/ecp_smpl.c#L362-L420 is the place in the source I found that actually uses "x" and "y".
* Unused imports
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/backend.py | 6 | ||||
| -rw-r--r-- | tests/hazmat/backends/test_openssl_memleak.py | 19 |
2 files changed, 22 insertions, 3 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index 5458a0f8..c481c094 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -1465,9 +1465,9 @@ class Backend(object): "Invalid EC key. Both x and y must be non-negative." ) - res = self._lib.EC_KEY_set_public_key_affine_coordinates( - ctx, self._int_to_bn(x), self._int_to_bn(y) - ) + x = self._ffi.gc(self._int_to_bn(x), self._lib.BN_free) + y = self._ffi.gc(self._int_to_bn(y), self._lib.BN_free) + res = self._lib.EC_KEY_set_public_key_affine_coordinates(ctx, x, y) if res != 1: self._consume_errors() raise ValueError("Invalid EC key.") diff --git a/tests/hazmat/backends/test_openssl_memleak.py b/tests/hazmat/backends/test_openssl_memleak.py index 53c41375..e58090a9 100644 --- a/tests/hazmat/backends/test_openssl_memleak.py +++ b/tests/hazmat/backends/test_openssl_memleak.py @@ -189,3 +189,22 @@ class TestOpenSSLMemoryLeaks(object): cert.extensions """), [path]) + + def test_ec_public_numbers_public_key(self): + assert_no_memory_leaks(textwrap.dedent(""" + def func(): + from cryptography.hazmat.backends.openssl import backend + from cryptography.hazmat.primitives.asymmetric import ec + + ec.EllipticCurvePublicNumbers( + curve=ec.SECP384R1(), + x=int( + '10036914308591746758780165503819213553101287571902957054148542' + '504671046744460374996612408381962208627004841444205030' + ), + y=int( + '17337335659928075994560513699823544906448896792102247714689323' + '575406618073069185107088229463828921069465902299522926' + ) + ).public_key(backend) + """)) |