From 3bb8e37a8b33ca1dd860723ec4b70a16a8133ce4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?K=C5=8Dan?= <koan.bot@atoomic.org>
Date: Sat, 14 Mar 2026 02:52:02 -0600
Subject: [PATCH 1/3] test: add error-path and edge-case test coverage

Add t/error.t with 34 tests covering previously untested error paths:

- Malformed PEM key loading (garbage, empty, undef, corrupted body)
- Unrecognized public key format detection
- Wrong/missing passphrase on encrypted keys
- Public key operation restrictions (sign, decrypt, private_encrypt, check_key)
- Corrupted/truncated/wrong-length ciphertext handling
- Plaintext size boundary for OAEP padding (max and overflow)
- Cross-key signature verification (sign with key1, verify with key2)
- Empty message signing and verification
- Truncated and extended signature rejection
- Custom exponent key generation (3, 17, even exponent rejection)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 t/error.t | 155 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 155 insertions(+)
 create mode 100644 t/error.t

diff --git a/t/error.t b/t/error.t
new file mode 100644
index 0000000..4c2ebed
--- /dev/null
+++ b/t/error.t
@@ -0,0 +1,155 @@
+use strict;
+use Test::More;
+
+use Crypt::OpenSSL::Random;
+use Crypt::OpenSSL::RSA;
+
+Crypt::OpenSSL::Random::random_seed("OpenSSL needs at least 32 bytes.");
+Crypt::OpenSSL::RSA->import_random_seed();
+
+my $rsa = Crypt::OpenSSL::RSA->generate_key(2048);
+my $rsa_pub = Crypt::OpenSSL::RSA->new_public_key($rsa->get_public_key_string());
+
+# --- Malformed key loading ---
+
+eval { Crypt::OpenSSL::RSA->new_private_key("not a key at all") };
+ok($@, "new_private_key croaks on garbage input");
+
+eval { Crypt::OpenSSL::RSA->new_private_key("") };
+ok($@, "new_private_key croaks on empty string");
+
+eval { Crypt::OpenSSL::RSA->new_private_key(undef) };
+ok($@, "new_private_key croaks on undef");
+
+eval {
+    Crypt::OpenSSL::RSA->new_private_key(
+        "-----BEGIN RSA PRIVATE KEY-----\ngarbage\n-----END RSA PRIVATE KEY-----\n"
+    );
+};
+ok($@, "new_private_key croaks on corrupted PEM body");
+
+eval { Crypt::OpenSSL::RSA->_new_public_key_pkcs1("not a key") };
+ok($@, "_new_public_key_pkcs1 croaks on garbage input");
+
+eval { Crypt::OpenSSL::RSA->_new_public_key_x509("not a key") };
+ok($@, "_new_public_key_x509 croaks on garbage input");
+
+# --- Unrecognized public key format (Perl-level croak) ---
+
+eval { Crypt::OpenSSL::RSA->new_public_key("-----BEGIN CERTIFICATE-----\nfoo\n-----END CERTIFICATE-----\n") };
+like($@, qr/unrecognized key format/, "new_public_key croaks on unrecognized PEM header");
+
+eval { Crypt::OpenSSL::RSA->new_public_key("just plain text") };
+like($@, qr/unrecognized key format/, "new_public_key croaks on plain text");
+
+# --- Wrong passphrase on encrypted key ---
+
+my $encrypted_pem = $rsa->get_private_key_string("correct_passphrase", "aes-128-cbc");
+eval { Crypt::OpenSSL::RSA->new_private_key($encrypted_pem, "wrong_passphrase") };
+ok($@, "new_private_key croaks on wrong passphrase");
+
+eval { Crypt::OpenSSL::RSA->new_private_key($encrypted_pem) };
+ok($@, "new_private_key croaks on encrypted key without passphrase");
+
+# --- Public key cannot perform private operations ---
+
+eval { $rsa_pub->sign("hello") };
+like($@, qr/Public keys cannot sign/i, "public key cannot sign");
+
+eval { $rsa_pub->decrypt("hello") };
+like($@, qr/Public keys cannot decrypt/i, "public key cannot decrypt");
+
+eval { $rsa_pub->private_encrypt("hello") };
+like($@, qr/Public keys cannot private_encrypt/i, "public key cannot private_encrypt");
+
+eval { $rsa_pub->check_key() };
+like($@, qr/Public keys cannot be checked/i, "public key cannot check_key");
+
+# --- Corrupted ciphertext ---
+
+$rsa->use_pkcs1_oaep_padding();
+my $ciphertext = $rsa->encrypt("test message");
+
+# Flip bits in ciphertext
+my $corrupted = $ciphertext;
+substr($corrupted, 10, 1) ^= "\xff";
+eval { $rsa->decrypt($corrupted) };
+ok($@, "decrypt croaks on corrupted ciphertext");
+
+# Wrong-length ciphertext
+eval { $rsa->decrypt("too short") };
+ok($@, "decrypt croaks on wrong-length ciphertext");
+
+eval { $rsa->decrypt("") };
+ok($@, "decrypt croaks on empty ciphertext");
+
+# --- Plaintext too large for padding mode ---
+
+$rsa->use_pkcs1_oaep_padding();
+my $max_oaep = $rsa->size() - 42;
+my $too_large = "x" x ($max_oaep + 1);
+eval { $rsa->encrypt($too_large) };
+ok($@, "encrypt croaks when plaintext exceeds OAEP max size");
+
+# Exact max should work
+my $exact_max = "x" x $max_oaep;
+my $ct = eval { $rsa->encrypt($exact_max) };
+ok(!$@, "encrypt succeeds at exact OAEP max size");
+is(eval { $rsa->decrypt($ct) }, $exact_max, "round-trip at OAEP max size");
+
+# --- Cross-key signature verification ---
+
+my $rsa2 = Crypt::OpenSSL::RSA->generate_key(2048);
+$rsa->use_pkcs1_pss_padding();
+$rsa2->use_pkcs1_pss_padding();
+
+my $sig = $rsa->sign("message to sign");
+ok(!$rsa2->verify("message to sign", $sig), "signature from key1 does not verify with key2");
+
+my $rsa2_pub = Crypt::OpenSSL::RSA->new_public_key($rsa2->get_public_key_string());
+$rsa2_pub->use_pkcs1_pss_padding();
+ok(!$rsa2_pub->verify("message to sign", $sig), "signature from key1 does not verify with key2 public");
+
+# --- Empty message signing ---
+
+my $empty_sig = eval { $rsa->sign("") };
+ok(!$@, "sign succeeds on empty message");
+ok($rsa->verify("", $empty_sig), "verify succeeds on empty message signature");
+ok(!$rsa->verify("not empty", $empty_sig), "empty message signature does not verify different message");
+
+# --- Truncated signature ---
+
+my $full_sig = $rsa->sign("test data");
+my $truncated_sig = substr($full_sig, 0, length($full_sig) - 1);
+ok(!eval { $rsa->verify("test data", $truncated_sig) }, "truncated signature does not verify");
+
+my $extended_sig = $full_sig . "\x00";
+ok(!eval { $rsa->verify("test data", $extended_sig) }, "extended signature does not verify");
+
+# --- Key size boundary ---
+
+my $small_rsa = eval { Crypt::OpenSSL::RSA->generate_key(512) };
+ok(!$@, "512-bit key generation succeeds");
+is($small_rsa->size() * 8, 512, "512-bit key has correct size");
+
+# --- generate_key with custom exponent ---
+
+my $rsa_e3 = eval { Crypt::OpenSSL::RSA->generate_key(2048, 3) };
+SKIP: {
+    skip "OpenSSL rejected exponent 3", 2 if $@;
+    ok($rsa_e3, "generate_key with exponent 3 succeeds");
+    ok($rsa_e3->check_key(), "key with exponent 3 passes check_key");
+}
+
+my $rsa_e17 = eval { Crypt::OpenSSL::RSA->generate_key(2048, 17) };
+SKIP: {
+    skip "OpenSSL rejected exponent 17", 2 if $@;
+    ok($rsa_e17, "generate_key with exponent 17 succeeds");
+    ok($rsa_e17->check_key(), "key with exponent 17 passes check_key");
+}
+
+# Even exponent should fail
+eval { Crypt::OpenSSL::RSA->generate_key(2048, 2) };
+ok($@, "generate_key croaks on even exponent");
+
+done_testing;

From b40c4705f7304fa34b7851489c1fd3d64eaff55e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?K=C5=8Dan?= <koan.bot@atoomic.org>
Date: Mon, 16 Mar 2026 19:48:49 -0600
Subject: [PATCH 2/3] rebase: apply review feedback on #95

---
 t/error.t | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/t/error.t b/t/error.t
index 4c2ebed..8493729 100644
--- a/t/error.t
+++ b/t/error.t
@@ -48,8 +48,8 @@ my $encrypted_pem = $rsa->get_private_key_string("correct_passphrase", "aes-128-
 eval { Crypt::OpenSSL::RSA->new_private_key($encrypted_pem, "wrong_passphrase") };
 ok($@, "new_private_key croaks on wrong passphrase");
 
-eval { Crypt::OpenSSL::RSA->new_private_key($encrypted_pem) };
-ok($@, "new_private_key croaks on encrypted key without passphrase");
+eval { Crypt::OpenSSL::RSA->new_private_key($encrypted_pem, "") };
+ok($@, "new_private_key croaks on encrypted key with empty passphrase");
 
 # --- Public key cannot perform private operations ---
 
@@ -104,11 +104,11 @@ $rsa->use_pkcs1_pss_padding();
 $rsa2->use_pkcs1_pss_padding();
 
 my $sig = $rsa->sign("message to sign");
-ok(!$rsa2->verify("message to sign", $sig), "signature from key1 does not verify with key2");
+ok(!eval { $rsa2->verify("message to sign", $sig) }, "signature from key1 does not verify with key2");
 
 my $rsa2_pub = Crypt::OpenSSL::RSA->new_public_key($rsa2->get_public_key_string());
 $rsa2_pub->use_pkcs1_pss_padding();
-ok(!$rsa2_pub->verify("message to sign", $sig), "signature from key1 does not verify with key2 public");
+ok(!eval { $rsa2_pub->verify("message to sign", $sig) }, "signature from key1 does not verify with key2 public");
 
 # --- Empty message signing ---
 
@@ -129,8 +129,11 @@ ok(!eval { $rsa->verify("test data", $extended_sig) }, "extended signature does
 # --- Key size boundary ---
 
 my $small_rsa = eval { Crypt::OpenSSL::RSA->generate_key(512) };
-ok(!$@, "512-bit key generation succeeds");
-is($small_rsa->size() * 8, 512, "512-bit key has correct size");
+SKIP: {
+    skip "OpenSSL 3.x rejects 512-bit keys at default security level", 2 if $@;
+    ok($small_rsa, "512-bit key generation succeeds");
+    is($small_rsa->size() * 8, 512, "512-bit key has correct size");
+}
 
 # --- generate_key with custom exponent ---
 

From 1474085dce9d564b77a1afce2411961e011c1e04 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?K=C5=8Dan?= <koan.bot@atoomic.org>
Date: Wed, 18 Mar 2026 02:22:23 -0600
Subject: [PATCH 3/3] rebase: apply review feedback on #95

---
 t/error.t | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/t/error.t b/t/error.t
index 8493729..2e1e33a 100644
--- a/t/error.t
+++ b/t/error.t
@@ -48,8 +48,8 @@ my $encrypted_pem = $rsa->get_private_key_string("correct_passphrase", "aes-128-
 eval { Crypt::OpenSSL::RSA->new_private_key($encrypted_pem, "wrong_passphrase") };
 ok($@, "new_private_key croaks on wrong passphrase");
 
-eval { Crypt::OpenSSL::RSA->new_private_key($encrypted_pem, "") };
-ok($@, "new_private_key croaks on encrypted key with empty passphrase");
+# Note: testing with no passphrase or empty passphrase is intentionally
+# omitted — OpenSSL may prompt on the terminal, hanging non-interactive runs.
 
 # --- Public key cannot perform private operations ---