fix a memory leak in ec derive_private_key

fixes pyca#4095
reaperhulk · Feb 4, 2018 · 56b420c · 56b420c
1 parent 15cc998
commit 56b420c
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 2 deletions.
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -1409,8 +1409,9 @@ def derive_elliptic_curve_private_key(self, private_value, curve):
 
         res = self._lib.EC_KEY_set_public_key(ec_cdata, point)
         self.openssl_assert(res == 1)
-        res = self._lib.EC_KEY_set_private_key(
-            ec_cdata, self._int_to_bn(private_value))
+        private = self._int_to_bn(private_value)
+        private = self._ffi.gc(private, self._lib.BN_clear_free)
+        res = self._lib.EC_KEY_set_private_key(ec_cdata, private)
         self.openssl_assert(res == 1)
 
         evp_pkey = self._ec_cdata_to_evp_pkey(ec_cdata)

diff --git a/tests/hazmat/backends/test_openssl_memleak.py b/tests/hazmat/backends/test_openssl_memleak.py
@@ -214,3 +214,11 @@ def func():
                 )
             ).private_key(backend)
         """))
+
+    def test_ec_derive_private_key(self):
+        assert_no_memory_leaks(textwrap.dedent("""
+        def func():
+            from cryptography.hazmat.backends.openssl import backend
+            from cryptography.hazmat.primitives.asymmetric.ec import SECP256R1, derive_private_key
+            derive_private_key(1, SECP256R1(), backend)
+        """))