From af9a2cc7bc73129fcd807ac890be59dcc9672a4c Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Mon, 7 Apr 2014 22:15:38 -0500
Subject: add InvalidDecryption exception, check for ct > key size

---
 cryptography/exceptions.py                      |  4 ++++
 cryptography/hazmat/backends/openssl/backend.py | 12 ++++++++----
 docs/exceptions.rst                             |  4 ++++
 tests/hazmat/primitives/test_rsa.py             | 13 +++++++++++++
 4 files changed, 29 insertions(+), 4 deletions(-)

diff --git a/cryptography/exceptions.py b/cryptography/exceptions.py
index b4ee8feb..fe9bf840 100644
--- a/cryptography/exceptions.py
+++ b/cryptography/exceptions.py
@@ -59,3 +59,7 @@ class InvalidKey(Exception):
 
 class InvalidToken(Exception):
     pass
+
+
+class InvalidDecryption(Exception):
+    pass
diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py
index 193fe925..31f6a344 100644
--- a/cryptography/hazmat/backends/openssl/backend.py
+++ b/cryptography/hazmat/backends/openssl/backend.py
@@ -21,8 +21,8 @@ import six
 
 from cryptography import utils
 from cryptography.exceptions import (
-    AlreadyFinalized, InternalError, InvalidSignature, InvalidTag,
-    UnsupportedAlgorithm, _Reasons
+    AlreadyFinalized, InternalError, InvalidDecryption, InvalidSignature,
+    InvalidTag, UnsupportedAlgorithm, _Reasons
 )
 from cryptography.hazmat.backends.interfaces import (
     CipherBackend, DSABackend, HMACBackend, HashBackend, PBKDF2HMACBackend,
@@ -508,6 +508,10 @@ class Backend(object):
                 _Reasons.UNSUPPORTED_PADDING
             )
 
+        key_size_bytes = int(math.ceil(private_key.key_size / 8.0))
+        if key_size_bytes < len(ciphertext):
+            raise ValueError("Ciphertext too large for key size")
+
         if self._lib.Cryptography_HAS_PKEY_CTX:
             return self._decrypt_rsa_pkey_ctx(private_key, ciphertext,
                                               padding_enum)
@@ -539,7 +543,7 @@ class Backend(object):
         if res <= 0:
             errors = self._consume_errors()
             assert errors
-            raise self._unknown_error(errors[0])  # TODO
+            raise InvalidDecryption
 
         return self._ffi.buffer(buf)[:outlen[0]]
 
@@ -561,7 +565,7 @@ class Backend(object):
         if res < 0:
             errors = self._consume_errors()
             assert errors
-            raise self._unknown_error(errors[0])  # TODO
+            raise InvalidDecryption
 
         return self._ffi.buffer(buf)[:res]
 
diff --git a/docs/exceptions.rst b/docs/exceptions.rst
index 28da8ecc..23e0df0a 100644
--- a/docs/exceptions.rst
+++ b/docs/exceptions.rst
@@ -43,3 +43,7 @@ Exceptions
 
     This is raised when the verify method of a one time password function's
     computed token does not match the expected token.
+
+.. class:: InvalidDecryption
+
+    This is raised when RSA decryption does not succeed.
diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py
index 7b658b69..9c6d6f87 100644
--- a/tests/hazmat/primitives/test_rsa.py
+++ b/tests/hazmat/primitives/test_rsa.py
@@ -1336,3 +1336,16 @@ class TestRSADecryption(object):
                 padding.PKCS1v15(),
                 backend
             )
+
+    def test_decrypt_ciphertext_too_large(self, backend):
+        private_key = rsa.RSAPrivateKey.generate(
+            public_exponent=65537,
+            key_size=512,
+            backend=backend
+        )
+        with pytest.raises(ValueError):
+            private_key.decrypt(
+                b"\x00" * 65,
+                padding.PKCS1v15(),
+                backend
+            )
-- 
cgit v1.2.3