Add more robust key processing: RSA#15015
Conversation
| n: &pyo3::Bound<'_, pyo3::types::PyInt>, | ||
| ) -> CryptographyResult<()> { | ||
| if n.lt(3)? { | ||
| if n.lt(0)? { |
There was a problem hiding this comment.
check_public_key_components_from_py has error paths (one of which doesn't have the condition match the exception text), but then it calls check_public_key_components, which has the same error paths. This function also appears to only have one caller, so can we not just inline the py_int_to_bn calls and use the check_public_key_components path?
There was a problem hiding this comment.
@reaperhulk updated to remove the early exit, and consolidate all checks at the same layer.
CI is red, but as far as I can tell the error looks intermittent to me.
There was a problem hiding this comment.
This is a known bug in the RSA paths of Ubuntu 22.04 that they never backported the fix for, so yeah, just a flake. I'll review this soon, sorry for the delay
2 participants
This PR adds more robust key processing for RSA by extending checks (e.g., that
e != 1) to the PEM and DER load paths. To maintain a single set of checks across all paths, it updates the existing direct construction flow to also validate over the public key components asBigNums.See #14992 for related changes to DSA processing.