Skip to content

Commit 0dcc852

Browse files
reaperhulkreaperhulk
committed
restrict llen range heavily
1 parent 0e3599d commit 0dcc852

File tree

2 files changed

+10
-36
lines changed

2 files changed

+10
-36
lines changed

src/rust/src/backend/kdf.rs

Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1809,10 +1809,13 @@ fn validate_kbkdf_parameters(
18091809
));
18101810
}
18111811

1812-
if llen == Some(0) {
1813-
return Err(CryptographyError::from(
1814-
pyo3::exceptions::PyValueError::new_err("llen must be non-zero"),
1815-
));
1812+
if let Some(l) = llen {
1813+
// 4 is an arbitrary limit -- if a use case requires more please file an issue
1814+
if !(1..=4).contains(&l) {
1815+
return Err(CryptographyError::from(
1816+
pyo3::exceptions::PyValueError::new_err("llen must be between 1 and 4"),
1817+
));
1818+
}
18161819
}
18171820

18181821
Ok(KbkdfParams {

tests/hazmat/primitives/test_kbkdf.py

Lines changed: 3 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -212,44 +212,15 @@ def test_rlen(self, backend):
212212
backend=backend,
213213
)
214214

215-
def test_r_type(self, backend):
216-
with pytest.raises(TypeError):
217-
KBKDFHMAC(
218-
hashes.SHA1(),
219-
Mode.CounterMode,
220-
32,
221-
b"r", # type: ignore[arg-type]
222-
4,
223-
CounterLocation.BeforeFixed,
224-
b"label",
225-
b"context",
226-
None,
227-
backend=backend,
228-
)
229-
230-
def test_zero_llen(self, backend):
215+
@pytest.mark.parametrize("llen", [0, 5])
216+
def test_invalid_llen(self, llen, backend):
231217
with pytest.raises(ValueError):
232218
KBKDFHMAC(
233219
hashes.SHA256(),
234220
Mode.CounterMode,
235221
32,
236222
4,
237-
0,
238-
CounterLocation.BeforeFixed,
239-
b"label",
240-
b"context",
241-
None,
242-
backend=backend,
243-
)
244-
245-
def test_l_type(self, backend):
246-
with pytest.raises(TypeError):
247-
KBKDFHMAC(
248-
hashes.SHA1(),
249-
Mode.CounterMode,
250-
32,
251-
4,
252-
b"l", # type: ignore[arg-type]
223+
llen,
253224
CounterLocation.BeforeFixed,
254225
b"label",
255226
b"context",

0 commit comments

Comments
 (0)