From 59d26251efd8a2a08abd9029018194430f7f25ca Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Thu, 20 Jul 2017 10:45:54 +0200
Subject: (EC)DSA signature fix (#670)

* Write a test - signatures with EC keys (#609)

* Ask for signature length before allocating a buffer.

This fixes a potential heap buffer overflow that may happen when a signature
is longer than the private key, as with X9.62 ECDSA (#609).

* change approach to EVP_PKEY_size and add changelog

* add a small assert
---
 CHANGELOG.rst | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'CHANGELOG.rst')

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 738ceab..ba9a124 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -27,6 +27,8 @@ Changes:
 
 - Fixed a bug causing ``Context.set_default_verify_paths()`` to not work with cryptography ``manylinux1`` wheels on Python 3.x.
   `#665 <https://github.com/pyca/pyopenssl/pull/665>`_
+- Fixed a crash with (EC)DSA signatures in some cases.
+  `#670 <https://github.com/pyca/pyopenssl/pull/670>`_
 
 
 ----
-- 
cgit v1.2.1