Merge remote-tracking branch 'origin/master' into const-crypto-biguint

RustCrypto · Dec 17, 2024 · d675b13 · d675b13
2 parents ffdc5c2 + 9956b8f
commit d675b13
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 9 deletions.
diff --git a/src/algorithms/pkcs1v15.rs b/src/algorithms/pkcs1v15.rs
@@ -41,7 +41,7 @@ pub(crate) fn pkcs1v15_encrypt_pad<R>(
 where
     R: CryptoRngCore + ?Sized,
 {
-    if msg.len() > k - 11 {
+    if msg.len() + 11 > k {
         return Err(Error::MessageTooLong);
     }
 
@@ -195,4 +195,13 @@ mod tests {
             }
         }
     }
+
+    #[test]
+    fn test_encrypt_tiny_no_crash() {
+        let mut rng = ChaCha8Rng::from_seed([42; 32]);
+        let k = 8;
+        let message = vec![1u8; 4];
+        let res = pkcs1v15_encrypt_pad(&mut rng, &message, k);
+        assert_eq!(res, Err(Error::MessageTooLong));
+    }
 }
diff --git a/src/key.rs b/src/key.rs
@@ -284,8 +284,6 @@ impl RsaPrivateKey {
         let n_params = BoxedMontyParams::new(n.clone());
         let n_c = NonZero::new(n.as_ref().clone()).unwrap();
 
-        let mut should_validate = false;
-
         if primes.len() < 2 {
             if !primes.is_empty() {
                 return Err(Error::NprimesTooSmall);
@@ -295,7 +293,6 @@ impl RsaPrivateKey {
             let (p, q) = recover_primes(&n_c, &e, &d)?;
             primes.push(p);
             primes.push(q);
-            should_validate = true;
         }
 
         let mut k = RsaPrivateKey {
@@ -309,10 +306,8 @@ impl RsaPrivateKey {
             precomputed: None,
         };
 
-        // Validate the key if we had to recover the primes.
-        if should_validate {
-            k.validate()?;
-        }
+        // Alaways validate the key, to ensure precompute can't fail
+        k.validate()?;
 
         // precompute when possible, ignore error otherwise.
         let _ = k.precompute();
@@ -877,7 +872,8 @@ mod tests {
             .iter()
             .map(|p| BoxedUint::from_be_slice(p, bits / 2).unwrap())
             .collect();
-        RsaPrivateKey::from_components(n, e, d, primes).unwrap();
+        let res = RsaPrivateKey::from_components(n, e, d, primes);
+        assert_eq!(res, Err(Error::InvalidModulus));
     }
 
     #[test]