diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2016-09-02 16:32:00 -0500 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2016-09-02 17:32:00 -0400 |
| commit | 8bd420513e3a1f8594079889a5ca8f5d12fd00a6 (patch) | |
| tree | 4cf01b075d6a574f4d9bf8cb97e9eccd085f67f8 | |
| parent | d8a27df32b1ae35f165b00a644bd2432f6e44280 (diff) | |
| download | cryptography-8bd420513e3a1f8594079889a5ca8f5d12fd00a6.tar.gz cryptography-8bd420513e3a1f8594079889a5ca8f5d12fd00a6.tar.bz2 cryptography-8bd420513e3a1f8594079889a5ca8f5d12fd00a6.zip | |
fix inconsistency in utilization of block_size in openssl cipher impl (#3131)
* fix inconsistency in utilization of block_size in openssl cipher impl
Previously we over-allocated our buffers because we treated a bit size
as bytes.
* rename property
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/ciphers.py | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/ciphers.py b/src/cryptography/hazmat/backends/openssl/ciphers.py index 9e074dba..d0d82ce2 100644 --- a/src/cryptography/hazmat/backends/openssl/ciphers.py +++ b/src/cryptography/hazmat/backends/openssl/ciphers.py @@ -25,9 +25,9 @@ class _CipherContext(object): self._tag = None if isinstance(self._cipher, ciphers.BlockCipherAlgorithm): - self._block_size = self._cipher.block_size + self._block_size_bytes = self._cipher.block_size // 8 else: - self._block_size = 1 + self._block_size_bytes = 1 ctx = self._backend._lib.EVP_CIPHER_CTX_new() ctx = self._backend._ffi.gc( @@ -102,7 +102,7 @@ class _CipherContext(object): def update(self, data): buf = self._backend._ffi.new("unsigned char[]", - len(data) + self._block_size - 1) + len(data) + self._block_size_bytes - 1) outlen = self._backend._ffi.new("int *") res = self._backend._lib.EVP_CipherUpdate(self._ctx, buf, outlen, data, len(data)) @@ -118,7 +118,7 @@ class _CipherContext(object): if isinstance(self._mode, modes.GCM): self.update(b"") - buf = self._backend._ffi.new("unsigned char[]", self._block_size) + buf = self._backend._ffi.new("unsigned char[]", self._block_size_bytes) outlen = self._backend._ffi.new("int *") res = self._backend._lib.EVP_CipherFinal_ex(self._ctx, buf, outlen) if res == 0: @@ -145,13 +145,12 @@ class _CipherContext(object): if (isinstance(self._mode, modes.GCM) and self._operation == self._ENCRYPT): - block_byte_size = self._block_size // 8 tag_buf = self._backend._ffi.new( - "unsigned char[]", block_byte_size + "unsigned char[]", self._block_size_bytes ) res = self._backend._lib.EVP_CIPHER_CTX_ctrl( self._ctx, self._backend._lib.EVP_CTRL_GCM_GET_TAG, - block_byte_size, tag_buf + self._block_size_bytes, tag_buf ) self._backend.openssl_assert(res != 0) self._tag = self._backend._ffi.buffer(tag_buf)[:] |