diff options
author | Tux <tuxxy@users.noreply.github.com> | 2018-12-08 18:15:51 -0700 |
---|---|---|
committer | Alex Gaynor <alex.gaynor@gmail.com> | 2018-12-08 20:15:51 -0500 |
commit | fbbd54fe017717706ffe48b168ff0639e88f4b43 (patch) | |
tree | 8c0166b2d68bcd79c2d63dec4165b6f28d62fe73 /src/cryptography/hazmat/backends/openssl/backend.py | |
parent | c3d38b5d80a955aee4b160bb97464a20c4992da7 (diff) | |
download | cryptography-fbbd54fe017717706ffe48b168ff0639e88f4b43.tar.gz cryptography-fbbd54fe017717706ffe48b168ff0639e88f4b43.tar.bz2 cryptography-fbbd54fe017717706ffe48b168ff0639e88f4b43.zip |
Raise MemoryError when backend.derive_scrypt can't malloc enough (#4592)
* Raise MemoryError when backend.derive_scrypt can't malloc enough
* Expose ERR_R_MALLOC_FAILURE and use the reason_match pattern to catch it
* Add test_scrypt_malloc_failure in test_scrypt
* let's see if this passes
* add comment to filippo's blog post about scrypt's params
Diffstat (limited to 'src/cryptography/hazmat/backends/openssl/backend.py')
-rw-r--r-- | src/cryptography/hazmat/backends/openssl/backend.py | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index ae966cd0..fda6293c 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -2120,7 +2120,24 @@ class Backend(object): key_material, len(key_material), salt, len(salt), n, r, p, scrypt._MEM_LIMIT, buf, length ) - self.openssl_assert(res == 1) + if res != 1: + errors = self._consume_errors() + if not self._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_111: + # This error is only added to the stack in 1.1.1+ + self.openssl_assert( + errors[0]._lib_reason_match( + self._lib.ERR_LIB_EVP, + self._lib.ERR_R_MALLOC_FAILURE + ) + ) + + # memory required formula explained here: + # https://blog.filippo.io/the-scrypt-parameters/ + min_memory = 128 * n * r // (1024**2) + raise MemoryError( + "Not enough memory to derive key. These parameters require" + " {} MB of memory.".format(min_memory) + ) return self._ffi.buffer(buf)[:] def aead_cipher_supported(self, cipher): |