From 069691a27b98bbca13faa843a1408d631b691bea Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Sun, 26 Apr 2020 11:44:49 -0400
Subject: Added wycheproof RSA PKCSv1 encryption tests (#5234)

---
 src/_cffi_src/openssl/err.py                    |  1 +
 src/cryptography/hazmat/backends/openssl/rsa.py |  1 +
 tests/wycheproof/test_rsa.py                    | 36 +++++++++++++++++++++++--
 3 files changed, 36 insertions(+), 2 deletions(-)

diff --git a/src/_cffi_src/openssl/err.py b/src/_cffi_src/openssl/err.py
index d4033f5a..ecdc6e3d 100644
--- a/src/_cffi_src/openssl/err.py
+++ b/src/_cffi_src/openssl/err.py
@@ -100,6 +100,7 @@ static const int PEM_R_UNSUPPORTED_ENCRYPTION;
 
 static const int PKCS12_R_PKCS12_CIPHERFINAL_ERROR;
 
+static const int RSA_R_BAD_PAD_BYTE_COUNT;
 static const int RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
 static const int RSA_R_DATA_TOO_LARGE_FOR_MODULUS;
 static const int RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY;
diff --git a/src/cryptography/hazmat/backends/openssl/rsa.py b/src/cryptography/hazmat/backends/openssl/rsa.py
index 458071ca..bd4a1bea 100644
--- a/src/cryptography/hazmat/backends/openssl/rsa.py
+++ b/src/cryptography/hazmat/backends/openssl/rsa.py
@@ -136,6 +136,7 @@ def _handle_rsa_enc_dec_error(backend, key):
         )
     else:
         decoding_errors = [
+            backend._lib.RSA_R_BAD_PAD_BYTE_COUNT,
             backend._lib.RSA_R_BLOCK_TYPE_IS_NOT_01,
             backend._lib.RSA_R_BLOCK_TYPE_IS_NOT_02,
             backend._lib.RSA_R_OAEP_DECODING_ERROR,
diff --git a/tests/wycheproof/test_rsa.py b/tests/wycheproof/test_rsa.py
index 8a971d98..f17eff69 100644
--- a/tests/wycheproof/test_rsa.py
+++ b/tests/wycheproof/test_rsa.py
@@ -78,7 +78,9 @@ def test_rsa_pkcs1v15_signature(backend, wycheproof):
     digest = _DIGESTS[wycheproof.testgroup["sha"]]
 
     if digest is None or not backend.hash_supported(digest):
-        pytest.skip("Hash {} not supported".format(digest))
+        pytest.skip(
+            "Hash {} not supported".format(wycheproof.testgroup["sha"])
+        )
 
     if should_verify(backend, wycheproof):
         key.verify(
@@ -184,7 +186,11 @@ def test_rsa_oaep_encryption(backend, wycheproof):
     )
 
     if not backend.rsa_padding_supported(padding_algo):
-        pytest.skip("Padding {} not supported".format(padding_algo))
+        pytest.skip(
+            "OAEP with digest={} and MGF digest={} not supported".format(
+                wycheproof.testgroup["sha"], wycheproof.testgroup["mgfSha"],
+            )
+        )
 
     if wycheproof.valid or wycheproof.acceptable:
         pt = key.decrypt(
@@ -198,3 +204,29 @@ def test_rsa_oaep_encryption(backend, wycheproof):
                 binascii.unhexlify(wycheproof.testcase["ct"]),
                 padding_algo
             )
+
+
+@pytest.mark.wycheproof_tests(
+    "rsa_pkcs1_2048_test.json",
+    "rsa_pkcs1_3072_test.json",
+    "rsa_pkcs1_4096_test.json",
+)
+def test_rsa_pkcs1_encryption(backend, wycheproof):
+    key = serialization.load_pem_private_key(
+        wycheproof.testgroup["privateKeyPem"].encode("ascii"),
+        password=None,
+        backend=backend,
+    )
+
+    if wycheproof.valid:
+        pt = key.decrypt(
+            binascii.unhexlify(wycheproof.testcase["ct"]),
+            padding.PKCS1v15()
+        )
+        assert pt == binascii.unhexlify(wycheproof.testcase["msg"])
+    else:
+        with pytest.raises(ValueError):
+            key.decrypt(
+                binascii.unhexlify(wycheproof.testcase["ct"]),
+                padding.PKCS1v15()
+            )
-- 
cgit v1.2.3