enforce password must be bytes when loading PEM/DER asymmetric keys (#3383)

* enforce password must be bytes when loading PEM/DER asymmetric keys Previously we were using an ffi.buffer on the Python string, which was allowing text implicitly, but our documentation explicitly requires bytes. * add changelog entry
author: Paul Kehrer <paul.l.kehrer@gmail.com> 2017-02-09 05:55:34 +0800
committer: Alex Gaynor <alex.gaynor@gmail.com> 2017-02-08 16:55:34 -0500
commit: 7a13085afce1415c0524a5dc5b94c98e3d6d7b7d (patch)
tree: b13d9298a91fa673e54d18315351d431a78c86dd
parent: 0e6a129724b707ebf79149376251e85fad550414 (diff)
download: cryptography-7a13085afce1415c0524a5dc5b94c98e3d6d7b7d.tar.gz
cryptography-7a13085afce1415c0524a5dc5b94c98e3d6d7b7d.tar.bz2
cryptography-7a13085afce1415c0524a5dc5b94c98e3d6d7b7d.zip
4 files changed, 47 insertions, 2 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index ee0a3455..055651a5 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -15,11 +15,15 @@ Changelog
   :meth:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKeyWithSerialization.private_bytes`
   to
   :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKeyWithSerialization`.
-
 * Added
   :meth:`~cryptography.hazmat.primitives.asymmetric.dh.DHPublicKeyWithSerialization.public_bytes`
   to
   :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPublicKeyWithSerialization`.
+* :func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key`
+  and
+  :func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`
+  now require that ``password`` must be bytes if provided. Previously this
+  was documented but not enforced.
 
 1.7.2 - 2017-01-27
 ~~~~~~~~~~~~~~~~~~
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index e460ab51..e5144951 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -66,6 +66,8 @@ _MemoryBIO = collections.namedtuple("_MemoryBIO", ["bio", "char_ptr"])
 
 class _PasswordUserdata(object):
     def __init__(self, password):
+        if password is not None and not isinstance(password, bytes):
+            raise TypeError("Password must be bytes")
         self.password = password
         self.called = 0
         self.exception = None
diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py
index 8fa64bc8..a8198317 100644
--- a/tests/hazmat/backends/test_openssl.py
+++ b/tests/hazmat/backends/test_openssl.py
@@ -523,7 +523,7 @@ class TestOpenSSLSerializationWithOpenSSL(object):
             backend._evp_pkey_to_public_key(key)
 
     def test_very_long_pem_serialization_password(self):
-        password = "x" * 1024
+        password = b"x" * 1024
 
         with pytest.raises(ValueError):
             load_vectors_from_file(
diff --git a/tests/hazmat/primitives/test_serialization.py b/tests/hazmat/primitives/test_serialization.py
index 1ba8a3b6..dad056c6 100644
--- a/tests/hazmat/primitives/test_serialization.py
+++ b/tests/hazmat/primitives/test_serialization.py
@@ -78,6 +78,26 @@ class TestDERSerialization(object):
         _check_dsa_private_numbers(key.private_numbers())
 
     @pytest.mark.parametrize(
+        "key_path",
+        [
+            ["DER_Serialization", "enc-rsa-pkcs8.der"],
+        ]
+    )
+    @pytest.mark.requires_backend_interface(interface=RSABackend)
+    def test_password_not_bytes(self, key_path, backend):
+        key_file = os.path.join("asymmetric", *key_path)
+        password = u"this password is not bytes"
+
+        with pytest.raises(TypeError):
+            load_vectors_from_file(
+                key_file,
+                lambda derfile: load_der_private_key(
+                    derfile.read(), password, backend
+                ),
+                mode="rb"
+            )
+
+    @pytest.mark.parametrize(
         ("key_path", "password"),
         [
             (["DER_Serialization", "ec_private_key.der"], None),
@@ -499,6 +519,25 @@ class TestPEMSerialization(object):
             ["PKCS8", "enc-rsa-pkcs8.pem"]
         ]
     )
+    def test_password_not_bytes(self, key_path, backend):
+        key_file = os.path.join("asymmetric", *key_path)
+        password = u"this password is not bytes"
+
+        with pytest.raises(TypeError):
+            load_vectors_from_file(
+                key_file,
+                lambda pemfile: load_pem_private_key(
+                    pemfile.read().encode(), password, backend
+                )
+            )
+
+    @pytest.mark.parametrize(
+        "key_path",
+        [
+            ["Traditional_OpenSSL_Serialization", "testrsa-encrypted.pem"],
+            ["PKCS8", "enc-rsa-pkcs8.pem"]
+        ]
+    )
     def test_wrong_password(self, key_path, backend):
         key_file = os.path.join("asymmetric", *key_path)
         password = b"this password is wrong"
author	Paul Kehrer <paul.l.kehrer@gmail.com>	2017-02-09 05:55:34 +0800
committer	Alex Gaynor <alex.gaynor@gmail.com>	2017-02-08 16:55:34 -0500
commit	7a13085afce1415c0524a5dc5b94c98e3d6d7b7d (patch)
tree	b13d9298a91fa673e54d18315351d431a78c86dd
parent	0e6a129724b707ebf79149376251e85fad550414 (diff)
download	cryptography-7a13085afce1415c0524a5dc5b94c98e3d6d7b7d.tar.gz cryptography-7a13085afce1415c0524a5dc5b94c98e3d6d7b7d.tar.bz2 cryptography-7a13085afce1415c0524a5dc5b94c98e3d6d7b7d.zip