diff options
| author | Jeff Forcier <jeff@bitprophet.org> | 2021-11-28 15:25:33 -0500 |
|---|---|---|
| committer | Jeff Forcier <jeff@bitprophet.org> | 2021-11-28 20:24:17 -0500 |
| commit | 6b1513e79a3244ccd5879fdd3399ea97f87f16f9 (patch) | |
| tree | 3155f1d15a6d271f5ada92f9efe5c85d741bd709 | |
| parent | e9e411e25267ccff7ef5dc265280a5a2d8945e8b (diff) | |
Catch TypeError and UnsupportedAlgorithm when using Cryptography to load private key material
Prior to this change, these exceptions bubble up as-is instead of becoming
SSHException instances like most other key-loading errors
| -rw-r--r-- | paramiko/ecdsakey.py | 9 | ||||
| -rw-r--r-- | paramiko/rsakey.py | 4 |
2 files changed, 9 insertions, 4 deletions
diff --git a/paramiko/ecdsakey.py b/paramiko/ecdsakey.py index 05bd10f9..b609d130 100644 --- a/paramiko/ecdsakey.py +++ b/paramiko/ecdsakey.py @@ -20,7 +20,7 @@ ECDSA keys """ -from cryptography.exceptions import InvalidSignature +from cryptography.exceptions import InvalidSignature, UnsupportedAlgorithm from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import hashes, serialization from cryptography.hazmat.primitives.asymmetric import ec @@ -288,7 +288,12 @@ class ECDSAKey(PKey): key = serialization.load_der_private_key( data, password=None, backend=default_backend() ) - except (ValueError, AssertionError) as e: + except ( + ValueError, + AssertionError, + TypeError, + UnsupportedAlgorithm, + ) as e: raise SSHException(str(e)) elif pkformat == self._PRIVATE_KEY_FORMAT_OPENSSH: try: diff --git a/paramiko/rsakey.py b/paramiko/rsakey.py index 142dd278..292d0ccc 100644 --- a/paramiko/rsakey.py +++ b/paramiko/rsakey.py @@ -20,7 +20,7 @@ RSA keys. """ -from cryptography.exceptions import InvalidSignature +from cryptography.exceptions import InvalidSignature, UnsupportedAlgorithm from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import hashes, serialization from cryptography.hazmat.primitives.asymmetric import rsa, padding @@ -185,7 +185,7 @@ class RSAKey(PKey): key = serialization.load_der_private_key( data, password=None, backend=default_backend() ) - except ValueError as e: + except (ValueError, TypeError, UnsupportedAlgorithm) as e: raise SSHException(str(e)) elif pkformat == self._PRIVATE_KEY_FORMAT_OPENSSH: n, e, d, iqmp, p, q = self._uint32_cstruct_unpack(data, "iiiiii") |