add InvalidDecryption exception, check for ct > key size

author: Paul Kehrer <paul.l.kehrer@gmail.com> 2014-04-07 22:15:38 -0500
committer: Paul Kehrer <paul.l.kehrer@gmail.com> 2014-04-20 16:53:03 -0500
commit: af9a2cc7bc73129fcd807ac890be59dcc9672a4c (patch)
tree: beffb48565b4b5db89e5dfc2f7a90fe09b7af780 /cryptography
parent: e1c89f3d25c381f945db9de45c4782b123b7fe49 (diff)
download: cryptography-af9a2cc7bc73129fcd807ac890be59dcc9672a4c.tar.gz
cryptography-af9a2cc7bc73129fcd807ac890be59dcc9672a4c.tar.bz2
cryptography-af9a2cc7bc73129fcd807ac890be59dcc9672a4c.zip
2 files changed, 12 insertions, 4 deletions
diff --git a/cryptography/exceptions.py b/cryptography/exceptions.py
index b4ee8feb..fe9bf840 100644
--- a/cryptography/exceptions.py
+++ b/cryptography/exceptions.py
@@ -59,3 +59,7 @@ class InvalidKey(Exception):
 
 class InvalidToken(Exception):
     pass
+
+
+class InvalidDecryption(Exception):
+    pass
diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py
index 193fe925..31f6a344 100644
--- a/cryptography/hazmat/backends/openssl/backend.py
+++ b/cryptography/hazmat/backends/openssl/backend.py
@@ -21,8 +21,8 @@ import six
 
 from cryptography import utils
 from cryptography.exceptions import (
-    AlreadyFinalized, InternalError, InvalidSignature, InvalidTag,
-    UnsupportedAlgorithm, _Reasons
+    AlreadyFinalized, InternalError, InvalidDecryption, InvalidSignature,
+    InvalidTag, UnsupportedAlgorithm, _Reasons
 )
 from cryptography.hazmat.backends.interfaces import (
     CipherBackend, DSABackend, HMACBackend, HashBackend, PBKDF2HMACBackend,
@@ -508,6 +508,10 @@ class Backend(object):
                 _Reasons.UNSUPPORTED_PADDING
             )
 
+        key_size_bytes = int(math.ceil(private_key.key_size / 8.0))
+        if key_size_bytes < len(ciphertext):
+            raise ValueError("Ciphertext too large for key size")
+
         if self._lib.Cryptography_HAS_PKEY_CTX:
             return self._decrypt_rsa_pkey_ctx(private_key, ciphertext,
                                               padding_enum)
@@ -539,7 +543,7 @@ class Backend(object):
         if res <= 0:
             errors = self._consume_errors()
             assert errors
-            raise self._unknown_error(errors[0])  # TODO
+            raise InvalidDecryption
 
         return self._ffi.buffer(buf)[:outlen[0]]
 
@@ -561,7 +565,7 @@ class Backend(object):
         if res < 0:
             errors = self._consume_errors()
             assert errors
-            raise self._unknown_error(errors[0])  # TODO
+            raise InvalidDecryption
 
         return self._ffi.buffer(buf)[:res]
author	Paul Kehrer <paul.l.kehrer@gmail.com>	2014-04-07 22:15:38 -0500
committer	Paul Kehrer <paul.l.kehrer@gmail.com>	2014-04-20 16:53:03 -0500
commit	af9a2cc7bc73129fcd807ac890be59dcc9672a4c (patch)
tree	beffb48565b4b5db89e5dfc2f7a90fe09b7af780 /cryptography
parent	e1c89f3d25c381f945db9de45c4782b123b7fe49 (diff)
download	cryptography-af9a2cc7bc73129fcd807ac890be59dcc9672a4c.tar.gz cryptography-af9a2cc7bc73129fcd807ac890be59dcc9672a4c.tar.bz2 cryptography-af9a2cc7bc73129fcd807ac890be59dcc9672a4c.zip