diff options
author | Hynek Schlawack <hs@ox.cx> | 2016-07-03 14:40:20 +0200 |
---|---|---|
committer | Alex Gaynor <alex.gaynor@gmail.com> | 2016-07-03 08:40:20 -0400 |
commit | 11e43adfe8c63ae28007a3deb85633929e564669 (patch) | |
tree | 6854207a2792f81a00bf9ef057e95f237564d269 | |
parent | add5b07d03f9a8ed7121716d4eb0ab1ad0fbfddf (diff) | |
download | pyopenssl-11e43adfe8c63ae28007a3deb85633929e564669.tar.gz |
Fix memory leak in OpenSSL.crypto.dump_privatekey (#496)
* Fix memory leak in OpenSSL.crypto.dump_privatekey
* Add PR#
* Address feedback
-rw-r--r-- | CHANGELOG.rst | 2 | ||||
-rw-r--r-- | doc/api/crypto.rst | 9 | ||||
-rw-r--r-- | src/OpenSSL/crypto.py | 28 |
3 files changed, 18 insertions, 21 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst index b6401aa..fc81dec 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -23,6 +23,8 @@ Deprecations: Changes: ^^^^^^^^ +- Fix memory leak in ``OpenSSL.crypto.dump_privatekey()`` with ``FILETYPE_TEXT``. + `#496 <https://github.com/pyca/pyopenssl/pull/496>`_ - Enable use of CRL (and more) in verify context. `#483 <https://github.com/pyca/pyopenssl/pull/483>`_ diff --git a/doc/api/crypto.rst b/doc/api/crypto.rst index 5f7df24..c6501b4 100644 --- a/doc/api/crypto.rst +++ b/doc/api/crypto.rst @@ -73,14 +73,7 @@ Certificate signing requests Private keys ~~~~~~~~~~~~ -.. py:function:: dump_privatekey(type, pkey[, cipher, passphrase]) - - Dump the private key *pkey* into a buffer string encoded with the type - *type*, optionally (if *type* is :py:const:`FILETYPE_PEM`) encrypting it - using *cipher* and *passphrase*. - - *passphrase* must be either a string or a callback for providing the - pass phrase. +.. autofunction:: dump_privatekey .. py:function:: load_privatekey(type, buffer[, passphrase]) diff --git a/src/OpenSSL/crypto.py b/src/OpenSSL/crypto.py index 1735393..1116d5e 100644 --- a/src/OpenSSL/crypto.py +++ b/src/OpenSSL/crypto.py @@ -1698,16 +1698,17 @@ def dump_publickey(type, pkey): def dump_privatekey(type, pkey, cipher=None, passphrase=None): """ - Dump a private key to a buffer - - :param type: The file type (one of FILETYPE_PEM, FILETYPE_ASN1, or - FILETYPE_TEXT) - :param pkey: The PKey to dump - :param cipher: (optional) if encrypted PEM format, the cipher to - use + Dump the private key *pkey* into a buffer string encoded with the type + *type*. Optionally (if *type* is :const:`FILETYPE_PEM`) encrypting it + using *cipher* and *passphrase*. + + :param type: The file type (one of :const:`FILETYPE_PEM`, + :const:`FILETYPE_ASN1`, or :const:`FILETYPE_TEXT`) + :param PKey pkey: The PKey to dump + :param cipher: (optional) if encrypted PEM format, the cipher to use :param passphrase: (optional) if encrypted PEM format, this can be either - the passphrase to use, or a callback for providing the - passphrase. + the passphrase to use, or a callback for providing the passphrase. + :return: The buffer with the dumped key in :rtype: bytes """ @@ -1733,16 +1734,17 @@ def dump_privatekey(type, pkey, cipher=None, passphrase=None): elif type == FILETYPE_ASN1: result_code = _lib.i2d_PrivateKey_bio(bio, pkey._pkey) elif type == FILETYPE_TEXT: - rsa = _lib.EVP_PKEY_get1_RSA(pkey._pkey) + rsa = _ffi.gc( + _lib.EVP_PKEY_get1_RSA(pkey._pkey), + _lib.RSA_free + ) result_code = _lib.RSA_print(bio, rsa, 0) - # TODO RSA_free(rsa)? else: raise ValueError( "type argument must be FILETYPE_PEM, FILETYPE_ASN1, or " "FILETYPE_TEXT") - if result_code == 0: - _raise_current_error() + _openssl_assert(result_code != 0) return _bio_to_string(bio) |