| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
| |
* fix a memory leak and a potential UAF and also #722
* sanity check
* bump cryptography minimum version, add changelog
|
| | |
|
| |
|
|
|
|
|
|
| |
* Don't use things after they're freed...duh
* changelog
* more details
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes an issue where each instance of ``X509StoreContext`` would
leak a small amount of memory, but only if ``verify_certificate`` was
called.
The reason for this is that ``X509_STORE_CTX_init`` is called in
``X509StoreContext.__init__`` and at the start of
``X509StoreContext.verify_certificate``. According to the man page for
``X509_STORE_CTX_init``:
"X509_STORE_CTX_init() sets up ctx for a subsequent verification
operation. It must be called before each call to X509_verify_cert(),
i.e. a ctx is only good for one call to X509_verify_cert(); if you want
to verify a second certificate with the same ctx then you must call
X509_STORE_CTX_cleanup() and then X509_STORE_CTX_init() again before
the second call to X509_verify_cert()."
Prior to this commit, the following script would cause a memory leak:
```
from OpenSSL.crypto import (
X509Store, X509StoreContext, load_certificate, FILETYPE_PEM)
certificate = """
-----BEGIN CERTIFICATE-----
MIIESTCCA7KgAwIBAgIBAzANBgkqhkiG9w0BAQUFADCBoDELMAkGA1UEBhMCVVMx
CzAJBgNVBAgTAk5DMRAwDgYDVQQHEwdSYWxlaWdoMRcwFQYDVQQKEw5GZWRvcmEg
UHJvamVjdDEPMA0GA1UECxMGZmVkbXNnMQ8wDQYDVQQDEwZmZWRtc2cxDzANBgNV
BCkTBmZlZG1zZzEmMCQGCSqGSIb3DQEJARYXYWRtaW5AZmVkb3JhcHJvamVjdC5v
cmcwHhcNMTIwNzE1MjExODUyWhcNMjIwNzEzMjExODUyWjCB2DELMAkGA1UEBhMC
VVMxCzAJBgNVBAgTAk5DMRAwDgYDVQQHEwdSYWxlaWdoMRcwFQYDVQQKEw5GZWRv
cmEgUHJvamVjdDEPMA0GA1UECxMGZmVkbXNnMSswKQYDVQQDEyJzaGVsbC1hcHAw
MS5waHgyLmZlZG9yYXByb2plY3Qub3JnMSswKQYDVQQpEyJzaGVsbC1hcHAwMS5w
aHgyLmZlZG9yYXByb2plY3Qub3JnMSYwJAYJKoZIhvcNAQkBFhdhZG1pbkBmZWRv
cmFwcm9qZWN0Lm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyV0ydvno
pITmFs0kfploKj6nW0/COzp0rDwwvuWZF2KDdl1AeRWzfspOQOWIK5V+o2qxYA6t
aiK4bPfylYL1IGIwlVP9ma5zwkRvWketWjGORp5B7g7oECQOBo3gnQt0Uf5TWAQ1
6Wn0bCrIQSqOWVKScK9vUk/oomUlAZbksEcCAwEAAaOCAVcwggFTMAkGA1UdEwQC
MAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0
ZTAdBgNVHQ4EFgQUd3FXBbD2JW3qcmq+5VP7GcuxHF4wgdUGA1UdIwSBzTCByoAU
AJil1efEVQ6Eo2f+ZkoW4AQV3SGhgaakgaMwgaAxCzAJBgNVBAYTAlVTMQswCQYD
VQQIEwJOQzEQMA4GA1UEBxMHUmFsZWlnaDEXMBUGA1UEChMORmVkb3JhIFByb2pl
Y3QxDzANBgNVBAsTBmZlZG1zZzEPMA0GA1UEAxMGZmVkbXNnMQ8wDQYDVQQpEwZm
ZWRtc2cxJjAkBgkqhkiG9w0BCQEWF2FkbWluQGZlZG9yYXByb2plY3Qub3JnggkA
juso2KkTnXwwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMA0GCSqG
SIb3DQEBBQUAA4GBABG1zG/lzYyz/phhROq6nzk3QUVeNGyxFdxxoB57j4xDi60y
zy2yAYe9swqlL1Gk94/Zf/lLPFxOM+NinTOh/o6z0bEBBCufwFKiS+ug/pjsI
o69vC03F21S0pquM8bQjcdoA5q5pdiY/Bq5HULmosyA+ENu69ovQGZZUiJb/
-----END CERTIFICATE-----
"""
ca_certificate = """
-----BEGIN CERTIFICATE-----
MIIDyzCCAzSgAwIBAgIJAI7rKNipE518MA0GCSqGSIb3DQEBBQUAMIGgMQswCQYD
VQQGEwJVUzELMAkGA1UECBMCTkMxEDAOBgNVBAcTB1JhbGVpZ2gxFzAVBgNVBAoT
DkZlZG9yYSBQcm9qZWN0MQ8wDQYDVQQLEwZmZWRtc2cxDzANBgNVBAMTBmZlZG1z
ZzEPMA0GA1UEKRMGZmVkbXNnMSYwJAYJKoZIhvcNAQkBFhdhZG1pbkBmZWRvcmFw
cm9qZWN0Lm9yZzAeFw0xMjA3MTUyMTE4NTFaFw0yMjA3MTMyMTE4NTFaMIGgMQsw
CQYDVQQGEwJVUzELMAkGA1UECBMCTkMxEDAOBgNVBAcTB1JhbGVpZ2gxFzAVBgNV
BAoTDkZlZG9yYSBQcm9qZWN0MQ8wDQYDVQQLEwZmZWRtc2cxDzANBgNVBAMTBmZl
ZG1zZzEPMA0GA1UEKRMGZmVkbXNnMSYwJAYJKoZIhvcNAQkBFhdhZG1pbkBmZWRv
cmFwcm9qZWN0Lm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA9J6RmGr1
LzSJ5Fau2wdkVUiS5WXBcd0bNPyUJ9/G7t9SrycnLnEK4GQh2B525p4SCqvsHZtM
8rqii/Y2PPF5PbpgVjJLYsJk4SSv84aH+VPYcaEtYlPClXgHb3J9jgAxgHBHkJMQ
7mvxiIau7frKFqmJGZkxO2M+Sv8eLCKLJP8CAwEAAaOCAQkwggEFMB0GA1UdDgQW
BBQAmKXV58RVDoSjZ/5mShbgBBXdITCB1QYDVR0jBIHNMIHKgBQAmKXV58RVDoSj
Z/5mShbgBBXdIaGBpqSBozCBoDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk5DMRAw
DgYDVQQHEwdSYWxlaWdoMRcwFQYDVQQKEw5GZWRvcmEgUHJvamVjdDEPMA0GA1UE
CxMGZmVkbXNnMQ8wDQYDVQQDEwZmZWRtc2cxDzANBgNVBCkTBmZlZG1zZzEmMCQG
CSqGSIb3DQEJARYXYWRtaW5AZmVkb3JhcHJvamVjdC5vcmeCCQCO6yjYqROdfDAM
BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAN5r+1rbeTyGDdlelbqWOXBu
uS0a9BfusO0uwf3tHK9zeB5CDKFgxdfSZ+Fxg1w2HFRHhCOYoZ2ASPfbyANTzxUF
fVAId1uhBD1SlhXpTb3Ndo4uXfalf3W8MrQzFiVHbevvfsyd+RwoVT/PDokE3i4A
fftCd0uwvSqVgyE28SFt
-----END CERTIFICATE-----
"""
ca_cert = load_certificate(FILETYPE_PEM, ca_certificate)
cert = load_certificate(FILETYPE_PEM, certificate)
cert_store = X509Store()
cert_store.add_cert(ca_cert)
while True:
cert_store_context = X509StoreContext(cert_store, cert)
cert_store_context.verify_certificate()
```
Moving the creation of ``X509StoreContext`` outside the loop stops the
memory leak.
Signed-off-by: Jeremy Cline <jeremy@jcline.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This frees the memory allocated for the CRL object. Prior to this
commit, the following script would leak memory:
```
from OpenSSL.crypto import load_crl, FILETYPE_PEM
crl = """
-----BEGIN X509 CRL-----
MIIBfDCB5jANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCVVMxCzAJBgNVBAgT
Ak5DMRAwDgYDVQQHEwdSYWxlaWdoMRcwFQYDVQQKEw5GZWRvcmEgUHJvamVjdDEP
MA0GA1UECxMGZmVkbXNnMQ8wDQYDVQQDEwZmZWRtc2cxDzANBgNVBCkTBmZlZG1z
ZzEmMCQGCSqGSIb3DQEJARYXYWRtaW5AZmVkb3JhcHJvamVjdC5vcmcXDTE3MDYx
NTIxMDMwOFoXDTM3MDYxMDIxMDMwOFowFDASAgECFw0xMjA3MTUyMTE4NTJaMA0G
CSqGSIb3DQEBCwUAA4GBAGOBuDxmRFNcYP71LBsCOfFzKij00qpxM01d5/G6+0kM
WJT8oTajMQoY6oISvQDq6TkwEoKc1yl6Ld1/XTtCNOhbybzRBAVf/Lxi/nRPP1JO
qOdZs5jMLLQq1mRJz+MgKHHTDlnvpbjHMuyTss1RblFDr4iZPHMcBNKPGIj3pmpA
-----END X509 CRL-----
"""
for _ in range(0, 1000000):
load_crl(FILETYPE_PEM, crl)
```
Signed-off-by: Jeremy Cline <jeremy@jcline.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* Write a test - signatures with EC keys (#609)
* Ask for signature length before allocating a buffer.
This fixes a potential heap buffer overflow that may happen when a signature
is longer than the private key, as with X9.62 ECDSA (#609).
* change approach to EVP_PKEY_size and add changelog
* add a small assert
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Removed the deprecated md5 default on CRL.export()
* Doh
* unused import
* fixed tests
* last one
* py3k!!!!!
|
| | |
|
| |
|
|
|
|
|
|
| |
* dump_privatekey with FILETYPE_TEXT only supports RSA keys
FILETYPE_TEXT is terrible but everyone hold their nose
* also verify it's a pkey
|
| |
|
|
|
|
| |
* add to_cryptography/from_cryptography on CRL and X509Req
* add changelog entry
|
| |
|
|
|
|
|
|
| |
* Fixed #486 -- deprecate the backwards compat names
* remove the docs for these, pretend they don't exist
* CHANGELOG
|
| |
|
|
|
|
| |
* Added an API for converting X509 to/from cryptography
* changelog
|
| |
|
|
|
|
|
|
| |
* update docs and and changelog for #612
* update changelog
* more detail
|
| |
|
|
|
|
| |
* Fix invalid cast from ASN1_TIME to ASN1_GENERALIZEDTIME, which ends up with an error with LibreSSL.
* Require cryptography >= 1.9
|
| |
|
| |
We don’t support 0.9.8 anymore.
|
| | |
|
| |
|
|
|
|
|
|
| |
* Prepare for 17.0.0
Fix a bunch URLs and account for the non-existance of 16.3.
* Fix codecov link
|
| |
|
|
|
|
| |
* Fix broken link described in #610
* Fix two other broken links
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Modify tests to detect empty crypto.Errors from load_privatekey
This reproduces #119 and #456.
* Prevent _PassphraseHelper.raise_if_problem() from eating exceptions.
This resolves #119, resolves #456.
`_PassphraseHelper.raise_if_problem()` always flushes the OpenSSL
exception queue, but does not always raise an exception. In some cases,
other code attempts to raise an error from OpenSSL after
`raise_if_problem()` has flushed the queue, thus causing an empty
exception to be raised (i.e. `raise Error([])`).
This commit modifies `_PassphraseHelper.raise_if_problem` to flush the
OpenSSL error queue only if it has en exception to raise. Subsequent
code that detects an error should now be able to raise an non-empty
exception.
* Add CHANGELOG entry for #581.
|
| |
|
|
|
|
|
|
|
|
|
| |
* Activate intersphinx
That adds links to CPython docs and cryptography.
Also let the copyright at 2001 which seems to be just fine and gives us
reproducible builds.
* Appease docs builder
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
* Add empty line to CHANGELOG so extraction works
* Fix a bunch of links
* Prepare 16.2.0
|
| |
|
| |
sad trombone
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* convert pkey to cryptography keys and vice versa
* pep8 and such
* Add documentation and changelog
* add a type check and verify that it rejects ECDSA keys from cryptography
|
| |
|
|
|
|
| |
* Write a few more tests
* pytestify this whole jam
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Replace several untested paths with _openssl_assert
* fix, these require a bool
* oop, fixed
* finish porting crypto.py
* typo
* yessssssss
|
| |
|
|
|
|
|
|
| |
* Fix memory leak in OpenSSL.crypto.dump_privatekey
* Add PR#
* Address feedback
|
| |
|
| |
Refs #478
|
| |
|
| |
Refs #478
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Enable use of CRL (and more) in verify context.
* flake8 fixes.
* Comments from Hynek & Paul.
* More updates from Paul & Hynek.
* Fix closing backtick.
* Remove commented out constants.
* More doc updates. Changelog update.
* Getting closer?
* Sphinx fix.
* Indent docstring.
* More Sphinx updates.
* Type updates for docstrings.
* Remove Enum subclassing.
* Docstring update.
* Docstrings updates.
* Round and round it goes. Where it ends, nobody knows.
* Remove TODO comment. Need @sholsapp to follow up.
* Time for lots of alcohol.
|
| |
|
|
|
|
|
|
| |
* fix a small bug with load_publickey
* update docstring, rename test method
* make hynek happy
|
| | |
|
| |\ |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| |/ |
|
| | |
|
| | |
|
