From a2d0da9bcd7b5660b5038c79b7168d6fb645971f Mon Sep 17 00:00:00 2001
From: Terry Chia <terrycwk1994@gmail.com>
Date: Sat, 3 Sep 2016 07:57:45 +0800
Subject: Add bounds checking for Scrypt parameters. (#3130)

* Add bounds checking for Scrypt parameters.

* Pep8.

* More PEP8.

* Change wording.
---
 src/cryptography/hazmat/primitives/kdf/scrypt.py | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'src')

diff --git a/src/cryptography/hazmat/primitives/kdf/scrypt.py b/src/cryptography/hazmat/primitives/kdf/scrypt.py
index 09181d97..20935409 100644
--- a/src/cryptography/hazmat/primitives/kdf/scrypt.py
+++ b/src/cryptography/hazmat/primitives/kdf/scrypt.py
@@ -25,6 +25,16 @@ class Scrypt(object):
         self._length = length
         if not isinstance(salt, bytes):
             raise TypeError("salt must be bytes.")
+
+        if n < 2 or (n & (n - 1)) != 0:
+            raise ValueError("n must be greater than 1 and be a power of 2.")
+
+        if r < 1:
+            raise ValueError("r must be greater than or equal to 1.")
+
+        if p < 1:
+            raise ValueError("p must be greater than or equal to 1.")
+
         self._used = False
         self._salt = salt
         self._n = n
-- 
cgit v1.2.3