Skip to content

Fix misleading error in private_encrypt with default OAEP padding#177

Merged
timlegge merged 3 commits intocpan-authors:mainfrom
toddr-bot:koan.toddr.bot/fix-private-encrypt-error-ordering
Apr 23, 2026
Merged

Fix misleading error in private_encrypt with default OAEP padding#177
timlegge merged 3 commits intocpan-authors:mainfrom
toddr-bot:koan.toddr.bot/fix-private-encrypt-error-ordering

Conversation

@toddr-bot
Copy link
Copy Markdown
Contributor

@toddr-bot toddr-bot commented Apr 23, 2026
edited
Loading

What

Validates padding compatibility (OAEP/PSS rejection) in private_encrypt() before checking message length.

Why

make_rsa_obj() defaults to OAEP padding. When a user calls private_encrypt() without changing padding, and the data exceeds the OAEP length limit (key_size - 42), check_max_message_length() fires first with "plaintext too long for key size with OAEP padding". This is misleading — the real problem isn't data length, it's that OAEP is fundamentally incompatible with private_encrypt. The user needs to call use_pkcs1_padding() or use_no_padding(), not shrink their data.

How

Added explicit OAEP/PSS padding checks in private_encrypt() before check_max_message_length(). This duplicates the checks already present in rsa_crypt()'s OpenSSL 3.x path, but ensures correct error ordering and extends coverage to pre-3.x OpenSSL where these checks didn't exist.

Testing

  • Two-commit structure: first commit adds failing tests that demonstrate the bug (wrong error message), second commit fixes the code.
  • Tests cover: default OAEP + oversized data, PSS + oversized data, OAEP + barely-over-limit data.
  • Existing version-gated tests (3.x only) made version-independent for OAEP/PSS rejection in private_encrypt.
  • Full suite: 654/654 tests pass across 23 test files.

🤖 Generated with Claude Code

Quality Report

Changes: 3 files changed, 49 insertions(+), 60 deletions(-)

Code scan: clean

Tests: passed (OK)

Branch hygiene: clean

Generated by Kōan post-mission quality pipeline

toddr-bot and others added 2 commits April 23, 2026 12:44
@toddr-bot @claude
Add tests for private_encrypt error message ordering
0791e70 
Tests that private_encrypt with OAEP/PSS padding produces a padding
compatibility error rather than a misleading "plaintext too long" error.
These tests currently FAIL — the fix follows in the next commit.

Also makes OAEP/PSS rejection tests version-independent (previously
only tested on OpenSSL 3.x).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@toddr-bot @claude
Check padding compatibility before message length in private_encrypt()
fc75575 
When private_encrypt() is called with the default OAEP padding (or PSS),
the padding is fundamentally incompatible with the operation. Previously,
check_max_message_length() ran first and could produce a misleading
"plaintext too long for key size with OAEP padding" error — hiding the
real issue that OAEP/PSS aren't supported for private_encrypt at all.

Now validates padding mode before checking message length, ensuring the
user sees "OAEP padding is not supported for private_encrypt/public_decrypt"
regardless of data size. This also extends the OAEP/PSS rejection to
pre-3.x OpenSSL (previously only checked in the 3.x code path inside
rsa_crypt()).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
timlegge
timlegge requested changes Apr 23, 2026
View reviewed changes
Comment thread t/private_encrypt.t Outdated
"public_decrypt with OAEP croaks with clear message on OpenSSL 3.x");
} else {
ok(1, "public_decrypt with OAEP behavior on pre-3.x (skipped)");
like($@, qr/./,
Copy link
Copy Markdown
Member

@timlegge timlegge Apr 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@toddr-bot This will match anything so is wrong

@toddr-bot @claude
Add OAEP/PSS padding checks to public_decrypt()
0c36f0b 
The public_decrypt tests used qr/./ (matches any string) for the
pre-3.x path because the error message was unpredictable. Fix the
root cause: add the same OAEP/PSS guards to public_decrypt() that
private_encrypt() already has, making errors consistent across all
OpenSSL versions. Remove the now-unnecessary version branching.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@toddr-bot
Copy link
Copy Markdown
Contributor Author

toddr-bot commented Apr 23, 2026

Fixed. The qr/./ regexes were a symptom — the real problem was that public_decrypt() lacked the OAEP/PSS padding checks that private_encrypt() already had. On pre-3.x, the error fell through to OpenSSL with an unpredictable message, so the test resorted to matching anything.

Added the same padding guards to public_decrypt(), removed the version branching, and all tests now use specific regexes. 654/654 pass.

@toddr toddr marked this pull request as ready for review April 23, 2026 15:23
@timlegge timlegge merged commit eb65b3f into cpan-authors:main Apr 23, 2026
28 checks passed
@toddr-bot toddr-bot deleted the koan.toddr.bot/fix-private-encrypt-error-ordering branch April 24, 2026 07:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@timlegge timlegge timlegge requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@toddr-bot @timlegge