From d5701ed9445c47097a28cb6523abaa4c11f41090 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 24 Sep 2014 12:00:40 -0500 Subject: start and end BN_CTX so BN_CTX can track func owner of temporary BNs --- cryptography/hazmat/backends/openssl/backend.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py index 7e619a10..7da0ae25 100644 --- a/cryptography/hazmat/backends/openssl/backend.py +++ b/cryptography/hazmat/backends/openssl/backend.py @@ -1033,6 +1033,8 @@ class Backend(object): assert bn_ctx != self._ffi.NULL bn_ctx = self._ffi.gc(bn_ctx, self._lib.BN_CTX_free) + self._lib.BN_CTX_start(bn_ctx) + group = self._lib.EC_KEY_get0_group(ctx) assert group != self._ffi.NULL @@ -1069,6 +1071,8 @@ class Backend(object): self._lib.BN_cmp(bn_y, check_y) == 0 ) + self._lib.BN_CTX_end(bn_ctx) + res = self._lib.EC_KEY_set_public_key(ctx, point) assert res == 1 -- cgit v1.2.3 From 17b4aa4290cb1098bbd8021bd74de92b1dac5d71 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 24 Sep 2014 12:18:09 -0500 Subject: put BN_CTX_end in a finally to ensure it is invoked --- cryptography/hazmat/backends/openssl/backend.py | 30 +++++++++++++------------ 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py index 7da0ae25..959f6559 100644 --- a/cryptography/hazmat/backends/openssl/backend.py +++ b/cryptography/hazmat/backends/openssl/backend.py @@ -1033,8 +1033,6 @@ class Backend(object): assert bn_ctx != self._ffi.NULL bn_ctx = self._ffi.gc(bn_ctx, self._lib.BN_CTX_free) - self._lib.BN_CTX_start(bn_ctx) - group = self._lib.EC_KEY_get0_group(ctx) assert group != self._ffi.NULL @@ -1048,9 +1046,6 @@ class Backend(object): nid = self._lib.EC_METHOD_get_field_type(method) assert nid != self._lib.NID_undef - check_x = self._lib.BN_CTX_get(bn_ctx) - check_y = self._lib.BN_CTX_get(bn_ctx) - if nid == nid_two_field and self._lib.Cryptography_HAS_EC2M: set_func = self._lib.EC_POINT_set_affine_coordinates_GF2m get_func = self._lib.EC_POINT_get_affine_coordinates_GF2m @@ -1060,18 +1055,25 @@ class Backend(object): assert set_func and get_func - res = set_func(group, point, bn_x, bn_y, bn_ctx) - assert res == 1 + try: + self._lib.BN_CTX_start(bn_ctx) - res = get_func(group, point, check_x, check_y, bn_ctx) - assert res == 1 + check_x = self._lib.BN_CTX_get(bn_ctx) + check_y = self._lib.BN_CTX_get(bn_ctx) - assert ( - self._lib.BN_cmp(bn_x, check_x) == 0 and - self._lib.BN_cmp(bn_y, check_y) == 0 - ) - self._lib.BN_CTX_end(bn_ctx) + res = set_func(group, point, bn_x, bn_y, bn_ctx) + assert res == 1 + + res = get_func(group, point, check_x, check_y, bn_ctx) + assert res == 1 + + assert ( + self._lib.BN_cmp(bn_x, check_x) == 0 and + self._lib.BN_cmp(bn_y, check_y) == 0 + ) + finally: + self._lib.BN_CTX_end(bn_ctx) res = self._lib.EC_KEY_set_public_key(ctx, point) assert res == 1 -- cgit v1.2.3 From 3a55b55ec0b80ddbdf959b548353e7694bc718a0 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 24 Sep 2014 16:24:57 -0500 Subject: extraneous newline murdered --- cryptography/hazmat/backends/openssl/backend.py | 1 - 1 file changed, 1 deletion(-) diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py index 959f6559..beec5864 100644 --- a/cryptography/hazmat/backends/openssl/backend.py +++ b/cryptography/hazmat/backends/openssl/backend.py @@ -1061,7 +1061,6 @@ class Backend(object): check_x = self._lib.BN_CTX_get(bn_ctx) check_y = self._lib.BN_CTX_get(bn_ctx) - res = set_func(group, point, bn_x, bn_y, bn_ctx) assert res == 1 -- cgit v1.2.3 From 1a7bdab8b006fcd610ddda8f9c2500df1bdd1000 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 24 Sep 2014 18:37:09 -0500 Subject: switch to a BN_CTX context manager. --- cryptography/hazmat/backends/openssl/backend.py | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py index beec5864..5d2fddc1 100644 --- a/cryptography/hazmat/backends/openssl/backend.py +++ b/cryptography/hazmat/backends/openssl/backend.py @@ -16,6 +16,7 @@ from __future__ import absolute_import, division, print_function import collections import itertools import warnings +from contextlib import contextmanager import six @@ -1012,6 +1013,15 @@ class Backend(object): ) return curve_nid + @contextmanager + def _bn_ctx_manager(self): + bn_ctx = self._lib.BN_CTX_new() + assert bn_ctx != self._ffi.NULL + bn_ctx = self._ffi.gc(bn_ctx, self._lib.BN_CTX_free) + self._lib.BN_CTX_start(bn_ctx) + yield bn_ctx + self._lib.BN_CTX_end(bn_ctx) + def _ec_key_set_public_key_affine_coordinates(self, ctx, x, y): """ This is a port of EC_KEY_set_public_key_affine_coordinates that was @@ -1029,10 +1039,6 @@ class Backend(object): nid_two_field = self._lib.OBJ_sn2nid(b"characteristic-two-field") assert nid_two_field != self._lib.NID_undef - bn_ctx = self._lib.BN_CTX_new() - assert bn_ctx != self._ffi.NULL - bn_ctx = self._ffi.gc(bn_ctx, self._lib.BN_CTX_free) - group = self._lib.EC_KEY_get0_group(ctx) assert group != self._ffi.NULL @@ -1055,9 +1061,7 @@ class Backend(object): assert set_func and get_func - try: - self._lib.BN_CTX_start(bn_ctx) - + with self._bn_ctx_manager() as bn_ctx: check_x = self._lib.BN_CTX_get(bn_ctx) check_y = self._lib.BN_CTX_get(bn_ctx) @@ -1071,8 +1075,6 @@ class Backend(object): self._lib.BN_cmp(bn_x, check_x) == 0 and self._lib.BN_cmp(bn_y, check_y) == 0 ) - finally: - self._lib.BN_CTX_end(bn_ctx) res = self._lib.EC_KEY_set_public_key(ctx, point) assert res == 1 -- cgit v1.2.3 From 49b9fdf44125ce26455cd0fa146b8b31f582049f Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 24 Sep 2014 21:35:39 -0500 Subject: try/finally the bn_ctx manager --- cryptography/hazmat/backends/openssl/backend.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py index 5d2fddc1..cb988ac9 100644 --- a/cryptography/hazmat/backends/openssl/backend.py +++ b/cryptography/hazmat/backends/openssl/backend.py @@ -1018,9 +1018,11 @@ class Backend(object): bn_ctx = self._lib.BN_CTX_new() assert bn_ctx != self._ffi.NULL bn_ctx = self._ffi.gc(bn_ctx, self._lib.BN_CTX_free) - self._lib.BN_CTX_start(bn_ctx) - yield bn_ctx - self._lib.BN_CTX_end(bn_ctx) + try: + self._lib.BN_CTX_start(bn_ctx) + yield bn_ctx + finally: + self._lib.BN_CTX_end(bn_ctx) def _ec_key_set_public_key_affine_coordinates(self, ctx, x, y): """ -- cgit v1.2.3