diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2017-07-20 10:45:54 +0200 |
|---|---|---|
| committer | Hynek Schlawack <hs@ox.cx> | 2017-07-20 10:45:54 +0200 |
| commit | 59d26251efd8a2a08abd9029018194430f7f25ca (patch) | |
| tree | 79a33413aaf11648d18f988e23d81456e52f4b26 /CHANGELOG.rst | |
| parent | 8102128e6ad83dcbb3567dd372cdd39c9a8fab44 (diff) | |
| download | pyopenssl-59d26251efd8a2a08abd9029018194430f7f25ca.tar.gz | |
(EC)DSA signature fix (#670)
* Write a test - signatures with EC keys (#609)
* Ask for signature length before allocating a buffer.
This fixes a potential heap buffer overflow that may happen when a signature
is longer than the private key, as with X9.62 ECDSA (#609).
* change approach to EVP_PKEY_size and add changelog
* add a small assert
Diffstat (limited to 'CHANGELOG.rst')
| -rw-r--r-- | CHANGELOG.rst | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 738ceab..ba9a124 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -27,6 +27,8 @@ Changes: - Fixed a bug causing ``Context.set_default_verify_paths()`` to not work with cryptography ``manylinux1`` wheels on Python 3.x. `#665 <https://github.com/pyca/pyopenssl/pull/665>`_ +- Fixed a crash with (EC)DSA signatures in some cases. + `#670 <https://github.com/pyca/pyopenssl/pull/670>`_ ---- |