diff options
author | Alex Gaynor <alex.gaynor@gmail.com> | 2018-07-15 20:48:57 -0400 |
---|---|---|
committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2018-07-16 06:18:57 +0530 |
commit | b09b9ecd695187f323c509aecdf517cadcf728d1 (patch) | |
tree | c295740f84703c77f4cfee6866bac18db6246114 /src | |
parent | bb23c6c7cbb3f62f1b1b2480f9dc07c6beba3398 (diff) | |
download | cryptography-b09b9ecd695187f323c509aecdf517cadcf728d1.tar.gz cryptography-b09b9ecd695187f323c509aecdf517cadcf728d1.tar.bz2 cryptography-b09b9ecd695187f323c509aecdf517cadcf728d1.zip |
Change the exception we raise in keywrap unwrapping on invalid length (#4337)
I believe this can reasonably be considered backwards compatible since other invalid inputs already lead to InvalidUnwrap, and clients shouldn't be distinguishing between these two conditions, and ValueError wasn't documented anyways.
Diffstat (limited to 'src')
-rw-r--r-- | src/cryptography/hazmat/primitives/keywrap.py | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/cryptography/hazmat/primitives/keywrap.py b/src/cryptography/hazmat/primitives/keywrap.py index 2b7955f8..f55c519c 100644 --- a/src/cryptography/hazmat/primitives/keywrap.py +++ b/src/cryptography/hazmat/primitives/keywrap.py @@ -89,7 +89,7 @@ def aes_key_wrap_with_padding(wrapping_key, key_to_wrap, backend): def aes_key_unwrap_with_padding(wrapping_key, wrapped_key, backend): if len(wrapped_key) < 16: - raise ValueError("Must be at least 16 bytes") + raise InvalidUnwrap("Must be at least 16 bytes") if len(wrapping_key) not in [16, 24, 32]: raise ValueError("The wrapping key must be a valid AES key length") @@ -132,10 +132,10 @@ def aes_key_unwrap_with_padding(wrapping_key, wrapped_key, backend): def aes_key_unwrap(wrapping_key, wrapped_key, backend): if len(wrapped_key) < 24: - raise ValueError("Must be at least 24 bytes") + raise InvalidUnwrap("Must be at least 24 bytes") if len(wrapped_key) % 8 != 0: - raise ValueError("The wrapped key must be a multiple of 8 bytes") + raise InvalidUnwrap("The wrapped key must be a multiple of 8 bytes") if len(wrapping_key) not in [16, 24, 32]: raise ValueError("The wrapping key must be a valid AES key length") |