diff options
| author | Tux <tuxxy@users.noreply.github.com> | 2018-12-08 18:15:51 -0700 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2018-12-08 20:15:51 -0500 |
| commit | fbbd54fe017717706ffe48b168ff0639e88f4b43 (patch) | |
| tree | 8c0166b2d68bcd79c2d63dec4165b6f28d62fe73 /src | |
| parent | c3d38b5d80a955aee4b160bb97464a20c4992da7 (diff) | |
| download | cryptography-fbbd54fe017717706ffe48b168ff0639e88f4b43.tar.gz cryptography-fbbd54fe017717706ffe48b168ff0639e88f4b43.tar.bz2 cryptography-fbbd54fe017717706ffe48b168ff0639e88f4b43.zip | |
Raise MemoryError when backend.derive_scrypt can't malloc enough (#4592)
* Raise MemoryError when backend.derive_scrypt can't malloc enough
* Expose ERR_R_MALLOC_FAILURE and use the reason_match pattern to catch it
* Add test_scrypt_malloc_failure in test_scrypt
* let's see if this passes
* add comment to filippo's blog post about scrypt's params
Diffstat (limited to 'src')
| -rw-r--r-- | src/_cffi_src/openssl/err.py | 2 | ||||
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/backend.py | 19 |
2 files changed, 20 insertions, 1 deletions
diff --git a/src/_cffi_src/openssl/err.py b/src/_cffi_src/openssl/err.py index 59751355..b4d053c6 100644 --- a/src/_cffi_src/openssl/err.py +++ b/src/_cffi_src/openssl/err.py @@ -22,6 +22,8 @@ static const int ERR_LIB_PKCS12; static const int ERR_LIB_SSL; static const int ERR_LIB_X509; +static const int ERR_R_MALLOC_FAILURE; + static const int ASN1_R_BOOLEAN_IS_WRONG_LENGTH; static const int ASN1_R_BUFFER_TOO_SMALL; static const int ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER; diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index ae966cd0..fda6293c 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -2120,7 +2120,24 @@ class Backend(object): key_material, len(key_material), salt, len(salt), n, r, p, scrypt._MEM_LIMIT, buf, length ) - self.openssl_assert(res == 1) + if res != 1: + errors = self._consume_errors() + if not self._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_111: + # This error is only added to the stack in 1.1.1+ + self.openssl_assert( + errors[0]._lib_reason_match( + self._lib.ERR_LIB_EVP, + self._lib.ERR_R_MALLOC_FAILURE + ) + ) + + # memory required formula explained here: + # https://blog.filippo.io/the-scrypt-parameters/ + min_memory = 128 * n * r // (1024**2) + raise MemoryError( + "Not enough memory to derive key. These parameters require" + " {} MB of memory.".format(min_memory) + ) return self._ffi.buffer(buf)[:] def aead_cipher_supported(self, cipher): |