Merge pull request #840 from reaperhulk/pkcs1-key-size-checks

some checks for PKCS1 keys being too small for the payload to be signed

3 files changed, 48 insertions, 5 deletions

diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py
index 021ce8c4..9ac062c2 100644
--- a/cryptography/hazmat/backends/openssl/backend.py
+++ b/cryptography/hazmat/backends/openssl/backend.py
@@ -897,10 +897,16 @@ class _RSASignatureContext(object):
         if res != 1:
             errors = self._backend._consume_errors()
             assert errors[0].lib == self._backend._lib.ERR_LIB_RSA
-            assert (errors[0].reason ==
-                    self._backend._lib.RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE)
-            raise ValueError("Salt length too long for key size. Try using "
-                             "MAX_LENGTH instead.")
+            reason = None
+            if (errors[0].reason ==
+                    self._backend._lib.RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE):
+                reason = ("Salt length too long for key size. Try using "
+                          "MAX_LENGTH instead.")
+            elif (errors[0].reason ==
+                    self._backend._lib.RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY):
+                reason = "Digest too large for key size. Use a larger key."
+            assert reason is not None
+            raise ValueError(reason)
 
         return self._backend._ffi.buffer(buf)[:]
 
@@ -915,7 +921,14 @@ class _RSASignatureContext(object):
         )
         self._hash_ctx.finalize()
         self._hash_ctx = None
-        assert res == 1
+        if res == 0:
+            errors = self._backend._consume_errors()
+            assert errors[0].lib == self._backend._lib.ERR_LIB_RSA
+            assert (errors[0].reason ==
+                    self._backend._lib.RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY)
+            raise ValueError("Digest too large for key size. Use a larger "
+                             "key.")
+
         return self._backend._ffi.buffer(sig_buf)[:sig_len[0]]
 
     def _finalize_pss(self, evp_pkey, pkey_size, evp_md):
diff --git a/cryptography/hazmat/bindings/openssl/err.py b/cryptography/hazmat/bindings/openssl/err.py
index 551d8217..f51393aa 100644
--- a/cryptography/hazmat/bindings/openssl/err.py
+++ b/cryptography/hazmat/bindings/openssl/err.py
@@ -215,6 +215,7 @@ static const int PEM_R_UNSUPPORTED_CIPHER;
 static const int PEM_R_UNSUPPORTED_ENCRYPTION;
 
 static const int RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
+static const int RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY;
 """
 
 FUNCTIONS = """
diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py
index 236a3bb1..1cbd1636 100644
--- a/tests/hazmat/primitives/test_rsa.py
+++ b/tests/hazmat/primitives/test_rsa.py
@@ -655,6 +655,35 @@ class TestRSASignature(object):
             private_key.signer(padding.PSS(mgf=DummyMGF()), hashes.SHA1(),
                                backend)
 
+    def test_pkcs1_digest_too_large_for_key_size(self, backend):
+        private_key = rsa.RSAPrivateKey.generate(
+            public_exponent=65537,
+            key_size=599,
+            backend=backend
+        )
+        signer = private_key.signer(
+            padding.PKCS1v15(),
+            hashes.SHA512(),
+            backend
+        )
+        signer.update(b"failure coming")
+        with pytest.raises(ValueError):
+            signer.finalize()
+
+    def test_pkcs1_minimum_key_size(self, backend):
+        private_key = rsa.RSAPrivateKey.generate(
+            public_exponent=65537,
+            key_size=745,
+            backend=backend
+        )
+        signer = private_key.signer(
+            padding.PKCS1v15(),
+            hashes.SHA512(),
+            backend
+        )
+        signer.update(b"no failure")
+        signer.finalize()
+
 
 @pytest.mark.rsa
 class TestRSAVerification(object):