some checks for PKCS1 keys being too small for the payload to be signed
diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py
index 021ce8c..923cc47 100644
--- a/cryptography/hazmat/backends/openssl/backend.py
+++ b/cryptography/hazmat/backends/openssl/backend.py
@@ -897,10 +897,15 @@
if res != 1:
errors = self._backend._consume_errors()
assert errors[0].lib == self._backend._lib.ERR_LIB_RSA
- assert (errors[0].reason ==
- self._backend._lib.RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE)
- raise ValueError("Salt length too long for key size. Try using "
- "MAX_LENGTH instead.")
+ raise ValueError(
+ {
+ self._backend._lib.RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE:
+ "Salt length too long for key size. Try using MAX_LENGTH "
+ "instead.",
+ self._backend._lib.RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY:
+ "Digest too large for key size. Use a larger key."
+ }[errors[0].reason]
+ )
return self._backend._ffi.buffer(buf)[:]
@@ -915,7 +920,14 @@
)
self._hash_ctx.finalize()
self._hash_ctx = None
- assert res == 1
+ if res == 0:
+ errors = self._backend._consume_errors()
+ assert errors[0].lib == self._backend._lib.ERR_LIB_RSA
+ assert (errors[0].reason ==
+ self._backend._lib.RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY)
+ raise ValueError("Digest too large for key size. Use a larger "
+ "key.")
+
return self._backend._ffi.buffer(sig_buf)[:sig_len[0]]
def _finalize_pss(self, evp_pkey, pkey_size, evp_md):
diff --git a/cryptography/hazmat/bindings/openssl/err.py b/cryptography/hazmat/bindings/openssl/err.py
index 551d821..f51393a 100644
--- a/cryptography/hazmat/bindings/openssl/err.py
+++ b/cryptography/hazmat/bindings/openssl/err.py
@@ -215,6 +215,7 @@
static const int PEM_R_UNSUPPORTED_ENCRYPTION;
static const int RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
+static const int RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY;
"""
FUNCTIONS = """
diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py
index 236a3bb..1cbd163 100644
--- a/tests/hazmat/primitives/test_rsa.py
+++ b/tests/hazmat/primitives/test_rsa.py
@@ -655,6 +655,35 @@
private_key.signer(padding.PSS(mgf=DummyMGF()), hashes.SHA1(),
backend)
+ def test_pkcs1_digest_too_large_for_key_size(self, backend):
+ private_key = rsa.RSAPrivateKey.generate(
+ public_exponent=65537,
+ key_size=599,
+ backend=backend
+ )
+ signer = private_key.signer(
+ padding.PKCS1v15(),
+ hashes.SHA512(),
+ backend
+ )
+ signer.update(b"failure coming")
+ with pytest.raises(ValueError):
+ signer.finalize()
+
+ def test_pkcs1_minimum_key_size(self, backend):
+ private_key = rsa.RSAPrivateKey.generate(
+ public_exponent=65537,
+ key_size=745,
+ backend=backend
+ )
+ signer = private_key.signer(
+ padding.PKCS1v15(),
+ hashes.SHA512(),
+ backend
+ )
+ signer.update(b"no failure")
+ signer.finalize()
+
@pytest.mark.rsa
class TestRSAVerification(object):