From 0e7bbf7c0d9521820a0eafbd092635da87b0cbd3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= <mcepl@cepl.eu>
Date: Thu, 5 Jan 2017 22:33:33 +0100
Subject: [PATCH] Add a patch from
 https://github.com/pyca/cryptography/pull/3328

---
 add_memory_limit.patch   | 105 +++++++++++++++++++++++++++++++++++++++
 python-cryptography.spec |   3 ++
 2 files changed, 108 insertions(+)
 create mode 100644 add_memory_limit.patch

diff --git a/add_memory_limit.patch b/add_memory_limit.patch
new file mode 100644
index 0000000..4948ff4
--- /dev/null
+++ b/add_memory_limit.patch
@@ -0,0 +1,105 @@
+--- a/src/cryptography/hazmat/backends/openssl/backend.py
++++ b/src/cryptography/hazmat/backends/openssl/backend.py
+@@ -9,7 +9,6 @@ import calendar
+ import collections
+ import contextlib
+ import itertools
+-import sys
+ from contextlib import contextmanager
+ 
+ import six
+@@ -61,6 +60,7 @@ from cryptography.hazmat.primitives.ciph
+ from cryptography.hazmat.primitives.ciphers.modes import (
+     CBC, CFB, CFB8, CTR, ECB, GCM, OFB
+ )
++from cryptography.hazmat.primitives.kdf import scrypt
+ 
+ 
+ _MemoryBIO = collections.namedtuple("_MemoryBIO", ["bio", "char_ptr"])
+@@ -1894,9 +1894,10 @@ class Backend(object):
+ 
+     def derive_scrypt(self, key_material, salt, length, n, r, p):
+         buf = self._ffi.new("unsigned char[]", length)
+-        res = self._lib.EVP_PBE_scrypt(key_material, len(key_material), salt,
+-                                       len(salt), n, r, p, sys.maxsize // 2,
+-                                       buf, length)
++        res = self._lib.EVP_PBE_scrypt(
++            key_material, len(key_material), salt, len(salt), n, r, p,
++            scrypt._MEM_LIMIT, buf, length
++        )
+         self.openssl_assert(res == 1)
+         return self._ffi.buffer(buf)[:]
+ 
+--- a/src/cryptography/hazmat/primitives/kdf/scrypt.py
++++ b/src/cryptography/hazmat/primitives/kdf/scrypt.py
+@@ -4,6 +4,8 @@
+ 
+ from __future__ import absolute_import, division, print_function
+ 
++import sys
++
+ from cryptography import utils
+ from cryptography.exceptions import (
+     AlreadyFinalized, InvalidKey, UnsupportedAlgorithm, _Reasons
+@@ -13,6 +15,11 @@ from cryptography.hazmat.primitives impo
+ from cryptography.hazmat.primitives.kdf import KeyDerivationFunction
+ 
+ 
++# This is used by the scrypt tests to skip tests that require more memory
++# than the MEM_LIMIT
++_MEM_LIMIT = sys.maxsize // 2
++
++
+ @utils.register_interface(KeyDerivationFunction)
+ class Scrypt(object):
+     def __init__(self, salt, length, n, r, p, backend):
+--- a/tests/hazmat/primitives/test_scrypt.py
++++ b/tests/hazmat/primitives/test_scrypt.py
+@@ -14,7 +14,7 @@ from cryptography.exceptions import (
+     AlreadyFinalized, InvalidKey, UnsupportedAlgorithm
+ )
+ from cryptography.hazmat.backends.interfaces import ScryptBackend
+-from cryptography.hazmat.primitives.kdf.scrypt import Scrypt
++from cryptography.hazmat.primitives.kdf.scrypt import Scrypt, _MEM_LIMIT
+ 
+ from tests.utils import load_nist_vectors, load_vectors_from_file
+ 
+@@ -22,10 +22,30 @@ vectors = load_vectors_from_file(
+     os.path.join("KDF", "scrypt.txt"), load_nist_vectors)
+ 
+ 
++def _skip_if_memory_limited(memory_limit, params):
++    # Memory calc adapted from OpenSSL (URL split over 2 lines, thanks PEP8)
++    # https://github.com/openssl/openssl/blob/6286757141a8c6e14d647ec733634a
++    # e0c83d9887/crypto/evp/scrypt.c#L189-L221
++    blen = int(params["p"]) * 128 * int(params["r"])
++    vlen = 32 * int(params["r"]) * (int(params["n"]) + 2) * 4
++    memory_required = blen + vlen
++    if memory_limit < memory_required:
++        pytest.skip("Test exceeds Scrypt memory limit. "
++                    "This is likely a 32-bit platform.")
++
++
++def test_memory_limit_skip():
++    with pytest.raises(pytest.skip.Exception):
++        _skip_if_memory_limited(1000, {"p": 16, "r": 64, "n": 1024})
++
++    _skip_if_memory_limited(2 ** 31, {"p": 16, "r": 64, "n": 1024})
++
++
+ @pytest.mark.requires_backend_interface(interface=ScryptBackend)
+ class TestScrypt(object):
+     @pytest.mark.parametrize("params", vectors)
+     def test_derive(self, backend, params):
++        _skip_if_memory_limited(_MEM_LIMIT, params)
+         password = params["password"]
+         work_factor = int(params["n"])
+         block_size = int(params["r"])
+@@ -77,6 +97,7 @@ class TestScrypt(object):
+ 
+     @pytest.mark.parametrize("params", vectors)
+     def test_verify(self, backend, params):
++        _skip_if_memory_limited(_MEM_LIMIT, params)
+         password = params["password"]
+         work_factor = int(params["n"])
+         block_size = int(params["r"])
diff --git a/python-cryptography.spec b/python-cryptography.spec
index b1f3c1c..f6b5eb7 100644
--- a/python-cryptography.spec
+++ b/python-cryptography.spec
@@ -14,6 +14,8 @@ Group:          Development/Libraries
 License:        ASL 2.0 or BSD
 URL:            https://cryptography.io/en/latest/
 Source0:        https://pypi.io/packages/source/c/cryptography/cryptography-%{version}.tar.gz
+# Patch from https://github.com/pyca/cryptography/pull/3328
+Patch0:         add_memory_limit.patch
 
 BuildRequires:  openssl-devel
 
@@ -153,6 +155,7 @@ popd
 %changelog
 * Thu Jan 05 2017 Matěj Cepl <mcepl@redhat.com> - 1.7.1-1
 - Update to the latest upstream.
+- Add a patch from https://github.com/pyca/cryptography/pull/3328
 
 * Tue Dec 13 2016 Charalampos Stratakis <cstratak@redhat.com> - 1.5.3-5
 - Enable tests