add memory limit check for scrypt
fixes #3323 Gbp-Pq: Name 0001-add-memory-limit-check-for-scrypt.patch
This commit is contained in:
parent
eaaebec083
commit
b006607b33
|
@ -143,6 +143,7 @@ class Backend(object):
|
|||
self._cipher_registry = {}
|
||||
self._register_default_ciphers()
|
||||
self.activate_osrandom_engine()
|
||||
self._scrypt_mem_limit = sys.maxsize // 2
|
||||
|
||||
def openssl_assert(self, ok):
|
||||
return binding._openssl_assert(self._lib, ok)
|
||||
|
@ -1894,9 +1895,10 @@ class Backend(object):
|
|||
|
||||
def derive_scrypt(self, key_material, salt, length, n, r, p):
|
||||
buf = self._ffi.new("unsigned char[]", length)
|
||||
res = self._lib.EVP_PBE_scrypt(key_material, len(key_material), salt,
|
||||
len(salt), n, r, p, sys.maxsize // 2,
|
||||
buf, length)
|
||||
res = self._lib.EVP_PBE_scrypt(
|
||||
key_material, len(key_material), salt, len(salt), n, r, p,
|
||||
self._scrypt_mem_limit, buf, length
|
||||
)
|
||||
self.openssl_assert(res == 1)
|
||||
return self._ffi.buffer(buf)[:]
|
||||
|
||||
|
|
|
@ -22,10 +22,28 @@ vectors = load_vectors_from_file(
|
|||
os.path.join("KDF", "scrypt.txt"), load_nist_vectors)
|
||||
|
||||
|
||||
def _skip_if_memory_limited(memory_limit, params):
|
||||
# Memory calc adapted from OpenSSL (URL split over 2 lines, thanks PEP8)
|
||||
# https://github.com/openssl/openssl/blob/6286757141a8c6e14d647ec733634a
|
||||
# e0c83d9887/crypto/evp/scrypt.c#L189-L221
|
||||
blen = int(params["p"]) * 128 * int(params["r"])
|
||||
vlen = 32 * int(params["r"]) * (int(params["n"]) + 2) * 4
|
||||
memory_required = blen + vlen
|
||||
if memory_limit < memory_required:
|
||||
pytest.skip("Test exceeds Scrypt memory limit. "
|
||||
"This is likely a 32-bit platform.")
|
||||
|
||||
|
||||
def test_memory_limit_skip():
|
||||
with pytest.raises(pytest.skip.Exception):
|
||||
_skip_if_memory_limited(1000, {"p": 16, "r": 64, "n": 1024})
|
||||
|
||||
|
||||
@pytest.mark.requires_backend_interface(interface=ScryptBackend)
|
||||
class TestScrypt(object):
|
||||
@pytest.mark.parametrize("params", vectors)
|
||||
def test_derive(self, backend, params):
|
||||
_skip_if_memory_limited(backend._scrypt_mem_limit, params)
|
||||
password = params["password"]
|
||||
work_factor = int(params["n"])
|
||||
block_size = int(params["r"])
|
||||
|
@ -77,6 +95,7 @@ class TestScrypt(object):
|
|||
|
||||
@pytest.mark.parametrize("params", vectors)
|
||||
def test_verify(self, backend, params):
|
||||
_skip_if_memory_limited(backend._scrypt_mem_limit, params)
|
||||
password = params["password"]
|
||||
work_factor = int(params["n"])
|
||||
block_size = int(params["r"])
|
||||
|
|
Loading…
Reference in New Issue