Add bounds checking for Scrypt parameters. (#3130)

* Add bounds checking for Scrypt parameters. * Pep8. * More PEP8. * Change wording.
author: Terry Chia <terrycwk1994@gmail.com> 2016-09-03 07:57:45 +0800
committer: Alex Gaynor <alex.gaynor@gmail.com> 2016-09-02 19:57:45 -0400
commit: a2d0da9bcd7b5660b5038c79b7168d6fb645971f (patch)
tree: fc281bf52c97116c9fc8bce7c43e06b25ef71538 /src
parent: 8bd420513e3a1f8594079889a5ca8f5d12fd00a6 (diff)
download: cryptography-a2d0da9bcd7b5660b5038c79b7168d6fb645971f.tar.gz
cryptography-a2d0da9bcd7b5660b5038c79b7168d6fb645971f.tar.bz2
cryptography-a2d0da9bcd7b5660b5038c79b7168d6fb645971f.zip
1 files changed, 10 insertions, 0 deletions
diff --git a/src/cryptography/hazmat/primitives/kdf/scrypt.py b/src/cryptography/hazmat/primitives/kdf/scrypt.py
index 09181d97..20935409 100644
--- a/src/cryptography/hazmat/primitives/kdf/scrypt.py
+++ b/src/cryptography/hazmat/primitives/kdf/scrypt.py
@@ -25,6 +25,16 @@ class Scrypt(object):
         self._length = length
         if not isinstance(salt, bytes):
             raise TypeError("salt must be bytes.")
+
+        if n < 2 or (n & (n - 1)) != 0:
+            raise ValueError("n must be greater than 1 and be a power of 2.")
+
+        if r < 1:
+            raise ValueError("r must be greater than or equal to 1.")
+
+        if p < 1:
+            raise ValueError("p must be greater than or equal to 1.")
+
         self._used = False
         self._salt = salt
         self._n = n
author	Terry Chia <terrycwk1994@gmail.com>	2016-09-03 07:57:45 +0800
committer	Alex Gaynor <alex.gaynor@gmail.com>	2016-09-02 19:57:45 -0400
commit	a2d0da9bcd7b5660b5038c79b7168d6fb645971f (patch)
tree	fc281bf52c97116c9fc8bce7c43e06b25ef71538 /src
parent	8bd420513e3a1f8594079889a5ca8f5d12fd00a6 (diff)
download	cryptography-a2d0da9bcd7b5660b5038c79b7168d6fb645971f.tar.gz cryptography-a2d0da9bcd7b5660b5038c79b7168d6fb645971f.tar.bz2 cryptography-a2d0da9bcd7b5660b5038c79b7168d6fb645971f.zip