[Python-modules-commits] [python-cryptography] 02/03: merge patched into master

Tristan Seligmann mithrandi at moszumanska.debian.org
Mon Dec 19 17:58:07 UTC 2016 

This is an automated email from the git hooks/post-receive script.

mithrandi pushed a commit to branch master
in repository python-cryptography.

commit b70ae30fb99923d687b238d57a1410b1f64b1a04
Merge: 4c5f307 ced38e7
Author: Tristan Seligmann <mithrandi at debian.org>
Date:   Mon Dec 19 19:48:44 2016 +0200

    merge patched into master

 debian/.git-dpm                                    |  4 +-
 .../0001-add-memory-limit-check-for-scrypt.patch   | 78 ++++++++++++++++++++++
 debian/patches/series                              |  1 +
 .../hazmat/backends/openssl/backend.py             |  8 ++-
 tests/hazmat/primitives/test_scrypt.py             | 19 ++++++
 5 files changed, 105 insertions(+), 5 deletions(-)

diff --cc debian/.git-dpm
index aaa1f54,0000000..f6fc077
mode 100644,000000..100644
--- a/debian/.git-dpm
+++ b/debian/.git-dpm
@@@ -1,11 -1,0 +1,11 @@@
 +# see git-dpm(1) from git-dpm package
- 55816224b8c57c07982677ad261a11520141b97e
- 55816224b8c57c07982677ad261a11520141b97e
++ced38e7dcb84cd11039fe6b7c078593c2a4968ff
++ced38e7dcb84cd11039fe6b7c078593c2a4968ff
 +55816224b8c57c07982677ad261a11520141b97e
 +55816224b8c57c07982677ad261a11520141b97e
 +python-cryptography_1.7.1.orig.tar.gz
 +6ef868de80378546a42b3b49995d7017d33f03e5
 +420673
 +debianTag="debian/%e%v"
 +patchedTag="patched/%e%v"
 +upstreamTag="upstream/%e%u"
diff --cc debian/patches/0001-add-memory-limit-check-for-scrypt.patch
index 0000000,0000000..9559218
new file mode 100644
--- /dev/null
+++ b/debian/patches/0001-add-memory-limit-check-for-scrypt.patch
@@@ -1,0 -1,0 +1,78 @@@
++From ced38e7dcb84cd11039fe6b7c078593c2a4968ff Mon Sep 17 00:00:00 2001
++From: Paul Kehrer <paul.l.kehrer at gmail.com>
++Date: Sun, 18 Dec 2016 18:36:05 -0600
++Subject: add memory limit check for scrypt
++
++fixes #3323
++---
++ src/cryptography/hazmat/backends/openssl/backend.py |  8 +++++---
++ tests/hazmat/primitives/test_scrypt.py              | 19 +++++++++++++++++++
++ 2 files changed, 24 insertions(+), 3 deletions(-)
++
++diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
++index 71063c1..9e101a3 100644
++--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++++ b/src/cryptography/hazmat/backends/openssl/backend.py
++@@ -143,6 +143,7 @@ class Backend(object):
++         self._cipher_registry = {}
++         self._register_default_ciphers()
++         self.activate_osrandom_engine()
+++        self._scrypt_mem_limit = sys.maxsize // 2
++ 
++     def openssl_assert(self, ok):
++         return binding._openssl_assert(self._lib, ok)
++@@ -1894,9 +1895,10 @@ class Backend(object):
++ 
++     def derive_scrypt(self, key_material, salt, length, n, r, p):
++         buf = self._ffi.new("unsigned char[]", length)
++-        res = self._lib.EVP_PBE_scrypt(key_material, len(key_material), salt,
++-                                       len(salt), n, r, p, sys.maxsize // 2,
++-                                       buf, length)
+++        res = self._lib.EVP_PBE_scrypt(
+++            key_material, len(key_material), salt, len(salt), n, r, p,
+++            self._scrypt_mem_limit, buf, length
+++        )
++         self.openssl_assert(res == 1)
++         return self._ffi.buffer(buf)[:]
++ 
++diff --git a/tests/hazmat/primitives/test_scrypt.py b/tests/hazmat/primitives/test_scrypt.py
++index 49b304e..450eb82 100644
++--- a/tests/hazmat/primitives/test_scrypt.py
+++++ b/tests/hazmat/primitives/test_scrypt.py
++@@ -22,10 +22,28 @@ vectors = load_vectors_from_file(
++     os.path.join("KDF", "scrypt.txt"), load_nist_vectors)
++ 
++ 
+++def _skip_if_memory_limited(memory_limit, params):
+++    # Memory calc adapted from OpenSSL (URL split over 2 lines, thanks PEP8)
+++    # https://github.com/openssl/openssl/blob/6286757141a8c6e14d647ec733634a
+++    # e0c83d9887/crypto/evp/scrypt.c#L189-L221
+++    blen = int(params["p"]) * 128 * int(params["r"])
+++    vlen = 32 * int(params["r"]) * (int(params["n"]) + 2) * 4
+++    memory_required = blen + vlen
+++    if memory_limit < memory_required:
+++        pytest.skip("Test exceeds Scrypt memory limit. "
+++                    "This is likely a 32-bit platform.")
+++
+++
+++def test_memory_limit_skip():
+++    with pytest.raises(pytest.skip.Exception):
+++        _skip_if_memory_limited(1000, {"p": 16, "r": 64, "n": 1024})
+++
+++
++ @pytest.mark.requires_backend_interface(interface=ScryptBackend)
++ class TestScrypt(object):
++     @pytest.mark.parametrize("params", vectors)
++     def test_derive(self, backend, params):
+++        _skip_if_memory_limited(backend._scrypt_mem_limit, params)
++         password = params["password"]
++         work_factor = int(params["n"])
++         block_size = int(params["r"])
++@@ -77,6 +95,7 @@ class TestScrypt(object):
++ 
++     @pytest.mark.parametrize("params", vectors)
++     def test_verify(self, backend, params):
+++        _skip_if_memory_limited(backend._scrypt_mem_limit, params)
++         password = params["password"]
++         work_factor = int(params["n"])
++         block_size = int(params["r"])
diff --cc debian/patches/series
index 0000000,0000000..8596aca
new file mode 100644
--- /dev/null
+++ b/debian/patches/series
@@@ -1,0 -1,0 +1,1 @@@
++0001-add-memory-limit-check-for-scrypt.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/python-modules/packages/python-cryptography.git

More information about the Python-modules-commits mailing list