From 953fedbbf00700491aef0e68e0fd74b7e8011de7 Mon Sep 17 00:00:00 2001 From: Alex Stapleton Date: Thu, 10 Jul 2014 21:52:40 +0100 Subject: Raise ValueError if the password doesn't fit Fixes #1235. OpenSSL only allows password up to 1024 bytes. --- tests/hazmat/backends/test_openssl.py | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) (limited to 'tests/hazmat') diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index 696a0f73..cf70f109 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -13,6 +13,7 @@ from __future__ import absolute_import, division, print_function +import os import subprocess import sys import textwrap @@ -33,7 +34,7 @@ from cryptography.hazmat.primitives.ciphers.algorithms import AES from cryptography.hazmat.primitives.ciphers.modes import CBC, CTR from cryptography.hazmat.primitives.interfaces import BlockCipherAlgorithm -from ...utils import raises_unsupported_algorithm +from ...utils import load_vectors_from_file, raises_unsupported_algorithm @utils.register_interface(interfaces.Mode) @@ -464,7 +465,7 @@ class TestOpenSSLCMAC(object): class TestOpenSSLSerialisationWithOpenSSL(object): - def test_password_too_long(self): + def test_pem_password_cb_buffer_too_small(self): ffi_cb, cb = backend._pem_password_cb(b"aa") assert cb(None, 1, False, None) == 0 @@ -473,6 +474,22 @@ class TestOpenSSLSerialisationWithOpenSSL(object): with raises_unsupported_algorithm(None): backend._evp_pkey_to_private_key(key) + def test_very_long_pem_serialization_password(self): + password = "x" * 1024 + + with pytest.raises(ValueError): + load_vectors_from_file( + os.path.join( + "asymmetric", "Traditional_OpenSSL_Serialization", + "key1.pem" + ), + lambda pemfile: ( + backend.load_traditional_openssl_pem_private_key( + pemfile.read().encode(), password + ) + ) + ) + class TestOpenSSLNoEllipticCurve(object): def test_elliptic_curve_supported(self, monkeypatch): -- cgit v1.2.3