author | John Beck <John.Beck@Oracle.COM> |
Mon, 22 Feb 2016 16:08:11 -0800 | |
changeset 5485 | ff09ab50a80c |
parent 4894 | 7219201c1b0d |
permissions | -rw-r--r-- |
4894
7219201c1b0d
21157026 CFFI should be updated to >1.1.0
Erik Trauschke <Erik.Trauschke@oracle.com>
parents:
diff
changeset
|
1 |
Fix DSA double free. This has been fixed in newer versions of cryptography and |
7219201c1b0d
21157026 CFFI should be updated to >1.1.0
Erik Trauschke <Erik.Trauschke@oracle.com>
parents:
diff
changeset
|
2 |
will be part of a future update of the cryptography version in userland. |
7219201c1b0d
21157026 CFFI should be updated to >1.1.0
Erik Trauschke <Erik.Trauschke@oracle.com>
parents:
diff
changeset
|
3 |
|
7219201c1b0d
21157026 CFFI should be updated to >1.1.0
Erik Trauschke <Erik.Trauschke@oracle.com>
parents:
diff
changeset
|
4 |
https://github.com/pyca/cryptography/pull/2010 |
7219201c1b0d
21157026 CFFI should be updated to >1.1.0
Erik Trauschke <Erik.Trauschke@oracle.com>
parents:
diff
changeset
|
5 |
|
7219201c1b0d
21157026 CFFI should be updated to >1.1.0
Erik Trauschke <Erik.Trauschke@oracle.com>
parents:
diff
changeset
|
6 |
--- cryptography-0.8.2/src/cryptography/hazmat/backends/openssl/dsa.py 2015-09-04 11:01:09.332591847 -0700 |
7219201c1b0d
21157026 CFFI should be updated to >1.1.0
Erik Trauschke <Erik.Trauschke@oracle.com>
parents:
diff
changeset
|
7 |
+++ cryptography-0.8.2/src/cryptography/hazmat/backends/openssl/dsa.py 2015-09-04 11:01:43.317323715 -0700 |
7219201c1b0d
21157026 CFFI should be updated to >1.1.0
Erik Trauschke <Erik.Trauschke@oracle.com>
parents:
diff
changeset
|
8 |
@@ -40,13 +40,10 @@ |
7219201c1b0d
21157026 CFFI should be updated to >1.1.0
Erik Trauschke <Erik.Trauschke@oracle.com>
parents:
diff
changeset
|
9 |
self._hash_ctx.update(data) |
7219201c1b0d
21157026 CFFI should be updated to >1.1.0
Erik Trauschke <Erik.Trauschke@oracle.com>
parents:
diff
changeset
|
10 |
|
7219201c1b0d
21157026 CFFI should be updated to >1.1.0
Erik Trauschke <Erik.Trauschke@oracle.com>
parents:
diff
changeset
|
11 |
def verify(self): |
7219201c1b0d
21157026 CFFI should be updated to >1.1.0
Erik Trauschke <Erik.Trauschke@oracle.com>
parents:
diff
changeset
|
12 |
- self._dsa_cdata = self._backend._ffi.gc(self._public_key._dsa_cdata, |
7219201c1b0d
21157026 CFFI should be updated to >1.1.0
Erik Trauschke <Erik.Trauschke@oracle.com>
parents:
diff
changeset
|
13 |
- self._backend._lib.DSA_free) |
7219201c1b0d
21157026 CFFI should be updated to >1.1.0
Erik Trauschke <Erik.Trauschke@oracle.com>
parents:
diff
changeset
|
14 |
- |
7219201c1b0d
21157026 CFFI should be updated to >1.1.0
Erik Trauschke <Erik.Trauschke@oracle.com>
parents:
diff
changeset
|
15 |
data_to_verify = self._hash_ctx.finalize() |
7219201c1b0d
21157026 CFFI should be updated to >1.1.0
Erik Trauschke <Erik.Trauschke@oracle.com>
parents:
diff
changeset
|
16 |
|
7219201c1b0d
21157026 CFFI should be updated to >1.1.0
Erik Trauschke <Erik.Trauschke@oracle.com>
parents:
diff
changeset
|
17 |
data_to_verify = _truncate_digest_for_dsa( |
7219201c1b0d
21157026 CFFI should be updated to >1.1.0
Erik Trauschke <Erik.Trauschke@oracle.com>
parents:
diff
changeset
|
18 |
- self._dsa_cdata, data_to_verify, self._backend |
7219201c1b0d
21157026 CFFI should be updated to >1.1.0
Erik Trauschke <Erik.Trauschke@oracle.com>
parents:
diff
changeset
|
19 |
+ self._public_key._dsa_cdata, data_to_verify, self._backend |
7219201c1b0d
21157026 CFFI should be updated to >1.1.0
Erik Trauschke <Erik.Trauschke@oracle.com>
parents:
diff
changeset
|
20 |
) |
7219201c1b0d
21157026 CFFI should be updated to >1.1.0
Erik Trauschke <Erik.Trauschke@oracle.com>
parents:
diff
changeset
|
21 |
|
7219201c1b0d
21157026 CFFI should be updated to >1.1.0
Erik Trauschke <Erik.Trauschke@oracle.com>
parents:
diff
changeset
|
22 |
# The first parameter passed to DSA_verify is unused by OpenSSL but |