Reject d, e values <= 1

This avoids a potential infinite loop (e.g. with d=e=1 or d=e=-1).
pyca · Jan 12, 2025 · 369b67c · 369b67c
1 parent d7596d0
commit 369b67c
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/src/cryptography/hazmat/primitives/asymmetric/rsa.py b/src/cryptography/hazmat/primitives/asymmetric/rsa.py
@@ -235,6 +235,8 @@ def rsa_recover_prime_factors(n: int, e: int, d: int) -> tuple[int, int]:
     no more than two factors. This function is adapted from code in PyCrypto.
     """
     # reject invalid values early
+    if d <= 1 or e <= 1:
+        raise ValueError("d, e can't be <= 1")
     if 17 != pow(17, e * d, n):
         raise ValueError("n, d, e don't match")
     # See 8.2.2(i) in Handbook of Applied Cryptography.