47 lines
1.4 KiB
Diff
47 lines
1.4 KiB
Diff
From 962eac3925c7184fb5dc174357823223beba0d85 Mon Sep 17 00:00:00 2001
|
|
From: Paul Kehrer <paul.l.kehrer@gmail.com>
|
|
Date: Sun, 7 Feb 2021 11:04:43 -0600
|
|
Subject: [PATCH] port changelog and fix back to master for CVE-2020-36242
|
|
|
|
---
|
|
CHANGELOG.rst | 9 +++++++++
|
|
src/cryptography/hazmat/backends/openssl/ciphers.py | 2 +-
|
|
2 files changed, 10 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
|
|
index 3cb53d0..4dd7146 100644
|
|
--- a/CHANGELOG.rst
|
|
+++ b/CHANGELOG.rst
|
|
@@ -1,6 +1,15 @@
|
|
Changelog
|
|
=========
|
|
|
|
+.. _v3-3-2:
|
|
+
|
|
+3.3.2 - 2021-02-07
|
|
+~~~~~~~~~~~~~~~~~~
|
|
+
|
|
+* **SECURITY ISSUE:** Fixed a bug where certain sequences of ``update()`` calls
|
|
+ when symmetrically encrypting very large payloads (>2GB) could result in an
|
|
+ integer overflow, leading to buffer overflows. *CVE-2020-36242*
|
|
+
|
|
.. _v3-3-1:
|
|
|
|
3.3.1 - 2020-12-09
|
|
diff --git a/src/cryptography/hazmat/backends/openssl/ciphers.py b/src/cryptography/hazmat/backends/openssl/ciphers.py
|
|
index 1e805d2..ad5dad3 100644
|
|
--- a/src/cryptography/hazmat/backends/openssl/ciphers.py
|
|
+++ b/src/cryptography/hazmat/backends/openssl/ciphers.py
|
|
@@ -17,7 +17,7 @@ from cryptography.hazmat.primitives.ciphers import modes
|
|
class _CipherContext(object):
|
|
_ENCRYPT = 1
|
|
_DECRYPT = 0
|
|
- _MAX_CHUNK_SIZE = 2 ** 31 - 1
|
|
+ _MAX_CHUNK_SIZE = 2 ** 30 - 1
|
|
|
|
def __init__(self, backend, cipher, mode, operation):
|
|
self._backend = backend
|
|
--
|
|
1.8.3.1
|
|
|