| From 7d9e2030791a0e2c7dd0be9711c2bdcb28cf862e Mon Sep 17 00:00:00 2001 |
| From: Arnav Kansal <rnv@google.com> |
| Date: Tue, 14 Mar 2023 22:24:06 +0000 |
| Subject: [PATCH] Don't allow update_into to mutate immutable objects |
| |
| --- |
| src/cryptography/hazmat/backends/openssl/ciphers.py | 2 +- |
| tests/hazmat/primitives/test_ciphers.py | 8 ++++++++ |
| 2 files changed, 9 insertions(+), 1 deletion(-) |
| |
| diff --git a/src/cryptography/hazmat/backends/openssl/ciphers.py b/src/cryptography/hazmat/backends/openssl/ciphers.py |
| index 94b48f527..be80afffc 100644 |
| --- a/src/cryptography/hazmat/backends/openssl/ciphers.py |
| +++ b/src/cryptography/hazmat/backends/openssl/ciphers.py |
| @@ -132,7 +132,7 @@ class _CipherContext(object): |
| ) |
| |
| buf = self._backend._ffi.cast( |
| - "unsigned char *", self._backend._ffi.from_buffer(buf) |
| + "unsigned char *", self._backend._ffi.from_buffer(buf, require_writable=True) |
| ) |
| outlen = self._backend._ffi.new("int *") |
| res = self._backend._lib.EVP_CipherUpdate( |
| diff --git a/tests/hazmat/primitives/test_ciphers.py b/tests/hazmat/primitives/test_ciphers.py |
| index f29ba9a91..4534de4cc 100644 |
| --- a/tests/hazmat/primitives/test_ciphers.py |
| +++ b/tests/hazmat/primitives/test_ciphers.py |
| @@ -296,6 +296,14 @@ class TestCipherUpdateInto(object): |
| with pytest.raises(ValueError): |
| encryptor.update_into(b"testing", buf) |
| |
| + def test_update_into_immutable(self, backend): |
| + key = b"\x00" * 16 |
| + c = ciphers.Cipher(AES(key), modes.ECB(), backend) |
| + encryptor = c.encryptor() |
| + buf = b"\x00" * 32 |
| + with pytest.raises((TypeError, BufferError)): |
| + encryptor.update_into(b"testing", buf) |
| + |
| @pytest.mark.supported( |
| only_if=lambda backend: backend.cipher_supported( |
| AES(b"\x00" * 16), modes.GCM(b"\x00" * 12) |
