From f21ffff2d2bc916b70e66810b4582a604f03965f Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Wed, 28 Jun 2017 13:24:07 -0700
Subject: Fix for leaking memory in EllipticCurvePublicNumbers.public_key()
 (#3732)

* Test for leaking memory in EllipticCurvePublicNumbers.public_key()

* Fix the memory leak

As far as I can tell, from spelunking in the OpenSSL source (as you do), EC_KEY_set_public_key_affine_coordinates doesn't take ownership of "x" or "y". https://github.com/openssl/openssl/blob/master/crypto/ec/ecp_smpl.c#L362-L420 is the place in the source I found that actually uses "x" and "y".

* Unused imports
---
 src/cryptography/hazmat/backends/openssl/backend.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'src')

diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index 5458a0f8..c481c094 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -1465,9 +1465,9 @@ class Backend(object):
                 "Invalid EC key. Both x and y must be non-negative."
             )
 
-        res = self._lib.EC_KEY_set_public_key_affine_coordinates(
-            ctx, self._int_to_bn(x), self._int_to_bn(y)
-        )
+        x = self._ffi.gc(self._int_to_bn(x), self._lib.BN_free)
+        y = self._ffi.gc(self._int_to_bn(y), self._lib.BN_free)
+        res = self._lib.EC_KEY_set_public_key_affine_coordinates(ctx, x, y)
         if res != 1:
             self._consume_errors()
             raise ValueError("Invalid EC key.")
-- 
cgit v1.2.3