From 7a13085afce1415c0524a5dc5b94c98e3d6d7b7d Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Thu, 9 Feb 2017 05:55:34 +0800
Subject: enforce password must be bytes when loading PEM/DER asymmetric keys
 (#3383)

* enforce password must be bytes when loading PEM/DER asymmetric keys

Previously we were using an ffi.buffer on the Python string, which was
allowing text implicitly, but our documentation explicitly requires
bytes.

* add changelog entry
---
 src/cryptography/hazmat/backends/openssl/backend.py | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'src')

diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index e460ab51..e5144951 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -66,6 +66,8 @@ _MemoryBIO = collections.namedtuple("_MemoryBIO", ["bio", "char_ptr"])
 
 class _PasswordUserdata(object):
     def __init__(self, password):
+        if password is not None and not isinstance(password, bytes):
+            raise TypeError("Password must be bytes")
         self.password = password
         self.called = 0
         self.exception = None
-- 
cgit v1.2.3