diff --git a/src/algorithms/pkcs1v15.rs b/src/algorithms/pkcs1v15.rs index c1f0779..e813de1 100644 --- a/src/algorithms/pkcs1v15.rs +++ b/src/algorithms/pkcs1v15.rs @@ -41,7 +41,7 @@ pub(crate) fn pkcs1v15_encrypt_pad( where R: CryptoRngCore + ?Sized, { - if msg.len() > k - 11 { + if msg.len() + 11 > k { return Err(Error::MessageTooLong); } @@ -195,4 +195,13 @@ mod tests { } } } + + #[test] + fn test_encrypt_tiny_no_crash() { + let mut rng = ChaCha8Rng::from_seed([42; 32]); + let k = 8; + let message = vec![1u8; 4]; + let res = pkcs1v15_encrypt_pad(&mut rng, &message, k); + assert_eq!(res, Err(Error::MessageTooLong)); + } } diff --git a/src/key.rs b/src/key.rs index 751775e..fef5417 100644 --- a/src/key.rs +++ b/src/key.rs @@ -284,8 +284,6 @@ impl RsaPrivateKey { let n_params = BoxedMontyParams::new(n.clone()); let n_c = NonZero::new(n.as_ref().clone()).unwrap(); - let mut should_validate = false; - if primes.len() < 2 { if !primes.is_empty() { return Err(Error::NprimesTooSmall); @@ -295,7 +293,6 @@ impl RsaPrivateKey { let (p, q) = recover_primes(&n_c, &e, &d)?; primes.push(p); primes.push(q); - should_validate = true; } let mut k = RsaPrivateKey { @@ -309,10 +306,8 @@ impl RsaPrivateKey { precomputed: None, }; - // Validate the key if we had to recover the primes. - if should_validate { - k.validate()?; - } + // Alaways validate the key, to ensure precompute can't fail + k.validate()?; // precompute when possible, ignore error otherwise. let _ = k.precompute(); @@ -877,7 +872,8 @@ mod tests { .iter() .map(|p| BoxedUint::from_be_slice(p, bits / 2).unwrap()) .collect(); - RsaPrivateKey::from_components(n, e, d, primes).unwrap(); + let res = RsaPrivateKey::from_components(n, e, d, primes); + assert_eq!(res, Err(Error::InvalidModulus)); } #[test]