From 8e37f7628d1974176ab57bdad52429395c46a5fc Mon Sep 17 00:00:00 2001
From: Jean-Paul Calderone <exarkun@divmod.com>
Date: Wed, 14 Sep 2011 10:00:50 -0400
Subject: Add leak checkers for some cases of load_privatekey, notice one leaks
 against trunk

---
 leakcheck/crypto.py | 71 +++++++++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 66 insertions(+), 5 deletions(-)

diff --git a/leakcheck/crypto.py b/leakcheck/crypto.py
index 07b77e5..c12d8ff 100644
--- a/leakcheck/crypto.py
+++ b/leakcheck/crypto.py
@@ -3,16 +3,21 @@
 
 import sys
 
-from OpenSSL.crypto import TYPE_DSA, Error, PKey, X509
+from OpenSSL.crypto import (
+    FILETYPE_PEM, TYPE_DSA, Error, PKey, X509, load_privatekey)
 
-class Checker_X509_get_pubkey(object):
-    """
-    Leak checks for L{X509.get_pubkey}.
-    """
+
+
+class BaseChecker(object):
     def __init__(self, iterations):
         self.iterations = iterations
 
 
+
+class Checker_X509_get_pubkey(BaseChecker):
+    """
+    Leak checks for L{X509.get_pubkey}.
+    """
     def check_exception(self):
         """
         Call the method repeatedly such that it will raise an exception.
@@ -40,6 +45,62 @@ class Checker_X509_get_pubkey(object):
                     cert.get_pubkey()
 
 
+
+class Checker_load_privatekey(BaseChecker):
+    """
+    Leak checks for :py:obj:`load_privatekey`.
+    """
+    ENCRYPTED_PEM = """\
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: BF-CBC,3763C340F9B5A1D0
+
+a/DO10mLjHLCAOG8/Hc5Lbuh3pfjvcTZiCexShP+tupkp0VxW2YbZjML8uoXrpA6
+fSPUo7cEC+r96GjV03ZIVhjmsxxesdWMpfkzXRpG8rUbWEW2KcCJWdSX8bEkuNW3
+uvAXdXZwiOrm56ANDo/48gj27GcLwnlA8ld39+ylAzkUJ1tcMVzzTjfcyd6BMFpR
+Yjg23ikseug6iWEsZQormdl0ITdYzmFpM+YYsG7kmmmi4UjCEYfb9zFaqJn+WZT2
+qXxmo2ZPFzmEVkuB46mf5GCqMwLRN2QTbIZX2+Dljj1Hfo5erf5jROewE/yzcTwO
+FCB5K3c2kkTv2KjcCAimjxkE+SBKfHg35W0wB0AWkXpVFO5W/TbHg4tqtkpt/KMn
+/MPnSxvYr/vEqYMfW4Y83c45iqK0Cyr2pwY60lcn8Kk=
+-----END RSA PRIVATE KEY-----
+"""
+    def check_load_privatekey_callback(self):
+        """
+        Call the function with an encrypted PEM and a passphrase callback.
+        """
+        for i in xrange(self.iterations * 10):
+            load_privatekey(
+                FILETYPE_PEM, self.ENCRYPTED_PEM, lambda *args: "hello, secret")
+
+
+    def check_load_privatekey_callback_incorrect(self):
+        """
+        Call the function with an encrypted PEM and a passphrase callback which
+        returns the wrong passphrase.
+        """
+        for i in xrange(self.iterations * 10):
+            try:
+                load_privatekey(
+                    FILETYPE_PEM, self.ENCRYPTED_PEM,
+                    lambda *args: "hello, public")
+            except Error:
+                pass
+
+
+    def check_load_privatekey_callback_wrong_type(self):
+        """
+        Call the function with an encrypted PEM and a passphrase callback which
+        returns a non-string.
+        """
+        for i in xrange(self.iterations * 10):
+            try:
+                load_privatekey(
+                    FILETYPE_PEM, self.ENCRYPTED_PEM,
+                    lambda *args: {})
+            except Error:
+                pass
+
+
 def vmsize():
     return [x for x in file('/proc/self/status').readlines() if 'VmSize' in x]
 
-- 
cgit v1.2.1