diff options
author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2018-07-17 22:56:12 +0800 |
---|---|---|
committer | Alex Gaynor <alex.gaynor@gmail.com> | 2018-07-17 10:56:12 -0400 |
commit | 12a1cacb6ae6de51a003dcc884e769854a1345a8 (patch) | |
tree | 3efc3e8ca27249f8de685319687bd79bb515c8e5 | |
parent | 7ca0e46d82606b8a12ff323181065a00885d39dc (diff) | |
download | cryptography-12a1cacb6ae6de51a003dcc884e769854a1345a8.tar.gz cryptography-12a1cacb6ae6de51a003dcc884e769854a1345a8.tar.bz2 cryptography-12a1cacb6ae6de51a003dcc884e769854a1345a8.zip |
raise ValueError on zero length GCM IV (#4348)
-rw-r--r-- | docs/hazmat/primitives/symmetric-encryption.rst | 3 | ||||
-rw-r--r-- | src/cryptography/hazmat/primitives/ciphers/modes.py | 2 | ||||
-rw-r--r-- | tests/hazmat/primitives/test_block.py | 4 |
3 files changed, 8 insertions, 1 deletions
diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst index 5b600090..e74b4d66 100644 --- a/docs/hazmat/primitives/symmetric-encryption.rst +++ b/docs/hazmat/primitives/symmetric-encryption.rst @@ -399,7 +399,8 @@ Modes this is ``16``, meaning tag truncation is not allowed. Allowing tag truncation is strongly discouraged for most applications. - :raises ValueError: This is raised if ``len(tag) < min_tag_length``. + :raises ValueError: This is raised if ``len(tag) < min_tag_length`` or the + ``initialization_vector`` is too short. :raises NotImplementedError: This is raised if the version of the OpenSSL backend used is 1.0.1 or earlier. diff --git a/src/cryptography/hazmat/primitives/ciphers/modes.py b/src/cryptography/hazmat/primitives/ciphers/modes.py index 543015fe..e82c1a8d 100644 --- a/src/cryptography/hazmat/primitives/ciphers/modes.py +++ b/src/cryptography/hazmat/primitives/ciphers/modes.py @@ -208,6 +208,8 @@ class GCM(object): # for it if not isinstance(initialization_vector, bytes): raise TypeError("initialization_vector must be bytes") + if len(initialization_vector) == 0: + raise ValueError("initialization_vector must be at least 1 byte") self._initialization_vector = initialization_vector if tag is not None: if not isinstance(tag, bytes): diff --git a/tests/hazmat/primitives/test_block.py b/tests/hazmat/primitives/test_block.py index c053feaf..37158f15 100644 --- a/tests/hazmat/primitives/test_block.py +++ b/tests/hazmat/primitives/test_block.py @@ -191,6 +191,10 @@ class TestModeValidation(object): backend, ) + def test_gcm(self): + with pytest.raises(ValueError): + modes.GCM(b"") + class TestModesRequireBytes(object): def test_cbc(self): |