From 51f049ab3c6eaddd2afc5b089d54ac7b8244fa1e Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Fri, 30 Jun 2017 15:50:23 -0700
Subject: Fixed a memory leak in EC private numbers (#3741)

---
 .../hazmat/backends/openssl/backend.py             |  6 +++--
 tests/hazmat/backends/test_openssl_memleak.py      | 26 +++++++++++++---------
 2 files changed, 20 insertions(+), 12 deletions(-)

diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index c481c094..18238e1c 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -1326,8 +1326,10 @@ class Backend(object):
         ec_cdata = self._ec_key_set_public_key_affine_coordinates(
             ec_cdata, public.x, public.y)
 
-        res = self._lib.EC_KEY_set_private_key(
-            ec_cdata, self._int_to_bn(numbers.private_value))
+        private_value = self._ffi.gc(
+            self._int_to_bn(numbers.private_value), self._lib.BN_free
+        )
+        res = self._lib.EC_KEY_set_private_key(ec_cdata, private_value)
         self.openssl_assert(res == 1)
         evp_pkey = self._ec_cdata_to_evp_pkey(ec_cdata)
 
diff --git a/tests/hazmat/backends/test_openssl_memleak.py b/tests/hazmat/backends/test_openssl_memleak.py
index e58090a9..6e92e341 100644
--- a/tests/hazmat/backends/test_openssl_memleak.py
+++ b/tests/hazmat/backends/test_openssl_memleak.py
@@ -190,21 +190,27 @@ class TestOpenSSLMemoryLeaks(object):
             cert.extensions
         """), [path])
 
-    def test_ec_public_numbers_public_key(self):
+    def test_ec_private_numbers_private_key(self):
         assert_no_memory_leaks(textwrap.dedent("""
         def func():
             from cryptography.hazmat.backends.openssl import backend
             from cryptography.hazmat.primitives.asymmetric import ec
 
-            ec.EllipticCurvePublicNumbers(
-                curve=ec.SECP384R1(),
-                x=int(
-                    '10036914308591746758780165503819213553101287571902957054148542'
-                    '504671046744460374996612408381962208627004841444205030'
+            ec.EllipticCurvePrivateNumbers(
+                private_value=int(
+                    '280814107134858470598753916394807521398239633534281633982576099083'
+                    '35787109896602102090002196616273211495718603965098'
                 ),
-                y=int(
-                    '17337335659928075994560513699823544906448896792102247714689323'
-                    '575406618073069185107088229463828921069465902299522926'
+                public_numbers=ec.EllipticCurvePublicNumbers(
+                    curve=ec.SECP384R1(),
+                    x=int(
+                        '10036914308591746758780165503819213553101287571902957054148542'
+                        '504671046744460374996612408381962208627004841444205030'
+                    ),
+                    y=int(
+                        '17337335659928075994560513699823544906448896792102247714689323'
+                        '575406618073069185107088229463828921069465902299522926'
+                    )
                 )
-            ).public_key(backend)
+            ).private_key(backend)
         """))
-- 
cgit v1.2.3