From b09b9ecd695187f323c509aecdf517cadcf728d1 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Sun, 15 Jul 2018 20:48:57 -0400 Subject: Change the exception we raise in keywrap unwrapping on invalid length (#4337) I believe this can reasonably be considered backwards compatible since other invalid inputs already lead to InvalidUnwrap, and clients shouldn't be distinguishing between these two conditions, and ValueError wasn't documented anyways. --- tests/hazmat/primitives/test_keywrap.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'tests/hazmat/primitives') diff --git a/tests/hazmat/primitives/test_keywrap.py b/tests/hazmat/primitives/test_keywrap.py index 9b1e43e4..c74b144b 100644 --- a/tests/hazmat/primitives/test_keywrap.py +++ b/tests/hazmat/primitives/test_keywrap.py @@ -108,11 +108,11 @@ class TestAESKeyWrap(object): def test_unwrap_invalid_wrapped_key_length(self, backend): # Keys to unwrap must be at least 24 bytes - with pytest.raises(ValueError): + with pytest.raises(keywrap.InvalidUnwrap): keywrap.aes_key_unwrap(b"sixteen_byte_key", b"\x00" * 16, backend) # Keys to unwrap must be a multiple of 8 bytes - with pytest.raises(ValueError): + with pytest.raises(keywrap.InvalidUnwrap): keywrap.aes_key_unwrap(b"sixteen_byte_key", b"\x00" * 27, backend) @@ -189,7 +189,9 @@ class TestAESKeyWrapWithPadding(object): def test_unwrap_invalid_wrapped_key_length(self, backend): # Keys to unwrap must be at least 16 bytes - with pytest.raises(ValueError, match='Must be at least 16 bytes'): + with pytest.raises( + keywrap.InvalidUnwrap, match='Must be at least 16 bytes' + ): keywrap.aes_key_unwrap_with_padding( b"sixteen_byte_key", b"\x00" * 15, backend ) -- cgit v1.2.3