document one shot AEAD length restrictions (#4322)

* document one shot AEAD length restrictions

* write a test that won't consume infinity ram

continue to raise OverflowError since that's what cffi did.

* this applies to associated_data too

* remove unneeded arg

* review feedback on docs

1 files changed, 6 insertions, 0 deletions

diff --git a/docs/hazmat/primitives/aead.rst b/docs/hazmat/primitives/aead.rst
index ee4214a1..a54cc6fa 100644
--- a/docs/hazmat/primitives/aead.rst
+++ b/docs/hazmat/primitives/aead.rst
@@ -60,6 +60,8 @@ also support providing integrity for associated data which is not encrypted.
             authenticated with the key, but does not need to be encrypted. Can
             be ``None``.
         :returns bytes: The ciphertext bytes with the 16 byte tag appended.
+        :raises OverflowError: If ``data`` or ``associated_data`` is larger
+            than 2\ :sup:`32` bytes.
 
     .. method:: decrypt(nonce, data, associated_data)
 
@@ -128,6 +130,8 @@ also support providing integrity for associated data which is not encrypted.
         :param bytes associated_data: Additional data that should be
             authenticated with the key, but is not encrypted. Can be ``None``.
         :returns bytes: The ciphertext bytes with the 16 byte tag appended.
+        :raises OverflowError: If ``data`` or ``associated_data`` is larger
+            than 2\ :sup:`32` bytes.
 
     .. method:: decrypt(nonce, data, associated_data)
 
@@ -212,6 +216,8 @@ also support providing integrity for associated data which is not encrypted.
         :param bytes associated_data: Additional data that should be
             authenticated with the key, but is not encrypted. Can be ``None``.
         :returns bytes: The ciphertext bytes with the tag appended.
+        :raises OverflowError: If ``data`` or ``associated_data`` is larger
+            than 2\ :sup:`32` bytes.
 
     .. method:: decrypt(nonce, data, associated_data)