RustCrypto · tarcieri · Aug 23, 2025 · Jun 3, 2025 · Aug 15, 2025 · Aug 15, 2025
diff --git a/.github/workflows/workspace.yml b/.github/workflows/workspace.yml
@@ -51,8 +51,9 @@ jobs:
           RUSTDOCFLAGS: "-Dwarnings --cfg docsrs"
         run: cargo doc --no-deps --features std,serde,hazmat,sha2
 
-  typos:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: crate-ci/[email protected]
+# does not understand concat! macro
+#  typos:
+#    runs-on: ubuntu-latest
+#    steps:
+#      - uses: actions/checkout@v4
+#      - uses: crate-ci/[email protected]
diff --git a/src/key.rs b/src/key.rs
@@ -297,6 +297,25 @@ impl RsaPrivateKey {
         Self::new_with_exp(rng, bit_size, BoxedUint::from(Self::EXP))
     }
 
+    /// Generate a new Rsa key pair of the given bit size using the passed in `rng
+    /// and allowing hazardous insecure or weak constructions of `RsaPrivateKey
+    ///
+    /// Unless you have specific needs, you should use `RsaPrivateKey::new` instead
+    #[cfg(feature = "hazmat")]
+    pub fn new_unchecked<R: CryptoRng + ?Sized>(
+        rng: &mut R,
+        bit_size: usize,
+    ) -> Result<RsaPrivateKey> {
+        let components =
+            generate_multi_prime_key_with_exp(rng, 2, bit_size, BoxedUint::from(Self::EXP))?;
+        RsaPrivateKey::from_components_unchecked(
+            components.n.get(),
+            components.e,
+            components.d,
+            components.primes,
+        )
+    }
+
     /// Generate a new RSA key pair of the given bit size and the public exponent
     /// using the passed in `rng`.
     ///
@@ -885,33 +904,34 @@ mod tests {
             "30820278020100300d06092a864886f70d0101010500048202623082025e0",
             "2010002818100cd1419dc3771354bee0955a90489cce0c98aee6577851358",
             "afe386a68bc95287862a1157d5aba8847e8e57b6f2f94748ab7efda3f3c74",
-            "a6702329397ffe0a8f83e2ef5297aa3d9d883cbeb94ee018fd68e986e08d5",
-            "b044c15e8170217cd57501d42dd72ef691b2a95bcc090d9bca735bba3ecb8",
-            "38650f13b1aa36d0f454e37ff020301000102818100935c4248cf3df5c21d",
-            "c56f5c07faccd129813f5481d189d94c69fdb366f6beeacb2927552a2032f",
-            "321cd3e92237da40f3fcbfc8df6f9d928b3978c1ec8aab23e857a3ba2db26",
-            "941ace6ecda8dcb290866a80820b3aa9138179ca867d37825ebcdb48adbe7",
-            "c397f1e77c4160f0fbf87cc0cd5dff195ac96fd333c0b38384c74c1024100",
+            "a6702329397ffe0b1d4f76e1b025d87d583e48b3cfce99d6a507d94eb46c5",
+            "242b3addb54d346ecf43eb0d7343bcb258a31d5fa51f47b9e0d7280623901",
+            "d1d29af1a986fec92ba5fe2430203010001028181009bb3203326d0c7b31f",
+            "456d08c6ce4c8379e10640792ecad271afe002406d184096a707c5d50ee00",
+            "1c00818266970c3233439551f0e2d879a8f7b90bd3d62fdffa3e661f14c8d",
+            "cce071f081966e25bb351289810c2f8a012f2fa3f001029d7f2e0cf24f6a4",
+            "b139292f8078fac24e7fc8185bab4f02f539267bd09b615e4e19fe1024100",
             "e90ad93c4b19bb40807391b5a9404ce5ea359e7b0556ee25cb2e7455aeb5c",
             "af83fc26f34457cdbb173347962c66b6fe0c4686b54dbe0d2c913a7aa924e",
-            "ff5d67024100e148067566a1fa3aabd0672361be62715516c9d62790b03f4",
+            "ff6031024100e148067566a1fa3aabd0672361be62715516c9d62790b03f4",
             "326cc00b2f782e6b64a167689e5c9aebe6a4cf594f3083380fe2a0a7edf1f",
-            "325e58c523b98199a9024100df15fc8924577892b1a4707b178faf4d751c6",
-            "91ed928b387486eaafd0ee7866a8916c73fa1b979d1f037ee6fa904563033",
-            "b4c5f2911e328a3c9f87c0d190d1c7024057461ce26c7141cc6af5608f6f7",
-            "55f13c2c0024f49a29ef4d321fb9425c1076033ac7e094c20ce4239185b5a",
-            "246b06795576a178d16fc4d9317db859bfaafa8902410084b2d64651b471b",
-            "f805af14018db693cdab6059063a6aa4eb8f9ca99b319074b79d7dead3d05",
-            "68c364978be262d3395aa60541d670f94367babebe7616dbc260"
+            "325e58c523b981a0b3024100ab96e85323bd038a3fca588c58ddd681278d6",
+            "96e8d84ef7ef676f303afcb7d728287e897a55e84e8c8b9e772da447b3115",
+            "8d0912877fa7d4945b4d15c382f7d102400ddde317e2e36185af01baf7809",
+            "2b97884664cb233e9421002d0268a7c79a3c313c167b4903466bfacd4da3b",
+            "db99420df988ab89cdd96a102da2852ff7c134e5024100bafb0dac0fda53f",
+            "9c755c23483343922727b88a5256a6fb47242e1c99b8f8a2c914f39f7af30",
+            "1219245786a6bb15336231d6a9b57ee7e0b3dd75129f93f54ecf"
         ))];
         assert_tokens(&priv_key.clone().readable(), &priv_tokens);
 
         let pub_tokens = [Token::Str(concat!(
-            "30819f300d06092a864886f70d010101050003818d0030818902818100cd1419dc3771354bee",
-            "0955a90489cce0c98aee6577851358afe386a68bc95287862a1157d5aba8847e8e57b6f2f947",
-            "48ab7efda3f3c74a6702329397ffe0a8f83e2ef5297aa3d9d883cbeb94ee018fd68e986e08d5",
-            "b044c15e8170217cd57501d42dd72ef691b2a95bcc090d9bca735bba3ecb838650f13b1aa36d",
-            "0f454e37ff0203010001",
+            "30819f300d06092a864886f70d010101050003818d0030818902818100cd1",
+            "419dc3771354bee0955a90489cce0c98aee6577851358afe386a68bc95287",
+            "862a1157d5aba8847e8e57b6f2f94748ab7efda3f3c74a6702329397ffe0b",
+            "1d4f76e1b025d87d583e48b3cfce99d6a507d94eb46c5242b3addb54d346e",
+            "cf43eb0d7343bcb258a31d5fa51f47b9e0d7280623901d1d29af1a986fec9",
+            "2ba5fe2430203010001"
         ))];
         assert_tokens(
             &RsaPublicKey::from(priv_key.clone()).readable(),

diff --git a/src/oaep/decrypting_key.rs b/src/oaep/decrypting_key.rs
@@ -107,7 +107,7 @@ mod tests {
 
         let mut rng = ChaCha8Rng::from_seed([42; 32]);
         let decrypting_key = DecryptingKey::<Sha256>::new(
-            RsaPrivateKey::new(&mut rng, 64).expect("failed to generate key"),
+            RsaPrivateKey::new(&mut rng, 2048).expect("failed to generate key"),
         );
 
         let tokens = [
@@ -117,9 +117,7 @@ mod tests {
             },
             Token::Str("inner"),
             Token::Str(concat!(
-                "3056020100300d06092a864886f70d010101050004423040020100020900ab",
-                "240c3361d02e370203010001020811e54a15259d22f9020500ceff5cf30205",
-                "00d3a7aaad020500ccaddf17020500cb529d3d020500bb526d6f"
+                "308204bd020100300d06092a864886f70d0101010500048204a7308204a30201000282010100cf823bdbad23cda55787e9d1dbd630457e3e8407f3a4da723656a120866a8284ce211ff8464904cf7dab256d0b5544549719f4155d32187ad3eb928ada9cd4152a9e4153e21c68022e654b0d10b065519e9ef5619f431740c2a0f568141c27670485f28d1643fe650af3757f4775af5d01ed3c992a6269c5aa5ff7f52450c30a84783e36931b8855b091559540ec34e0730c511d62e09ea86d66b0f4cb92d1a609e7fb6f34ae8cf08bd791eee85150850e943fb5e4d9b7fd44a5eb474ed7e0bb7faa2e1dca443d5df8f77468fb0905731e421b2e06e864f957f3a517b2b0e3ad09118310b9fd74cb54bb07308d009e3ec6cecc17f06cddf10e0b1b9eff5ff8b90203010001028201000a7071d4765c63bf1aad32bd25031c80927e50a419c4c45c94913d1fe6c33af7b56b0331b94f79177b29fe03035bf1c913a4f19b9589aca3993fb3aa9a9ee32881715eb5fa9d153a6edd17ae7b9574336bf8713dcd065208270273f61d74e122949eac7a1e91a31db0345947e2ef6fb80d1dc33bad5f30150aa2335638d27b4d57f47262b31059351b08c2350d8afe88d1dfbd1b398daf317db8c0cd42859072b8ddadcc2d50c5ad1d6d06a56594bdabb7dd51c77fe2b5d404c64ff99e6500de5da418c5c49c6ebd7ecfc400f18ba26fd4d6e7b31e435d494326585a9efff7bdb3c51ba19399918df4a999453dfed65e84adb15b0a183416b5ec5f221491978102818100e148067566a1fa3aabd0672361be62715516c9d62790b03f4326cc00b2f782e6b64a167689e5c9aebe6a4cf594f3083380fe2a0a7edf1f325e58c523b9819747a90ad93c4b19bb40807391b5a9404ce5ea359e7b0556ee25cb2e7455aeb5caf83fc26f34457cdbb173347962c66b6fe0c4686b54dbe0d2c913a7aa924eff6ec902818100ebcdd03d9b1dfd2ea4f2d6dade79fcb02727d84426f9d756121525f14696434fa594867ca839d1025b823a7576eb6c8b33e6dd4ff4fcb72c6069d1e5e74885e90b76b0bf3994501dd0ef212694e73cbf43855731ba543c771debf979eea8f77fcab8a53d56fc46d5398893f3421ca54b371afb10ecb2137892f5062c506e82710281801c345542ab87c9f9407b85fe23059ff38a70a0f263dfb481271a1b5e5709afe4cc9bb7f63d4b7c9599175bed3f29b234288929a048c40c76d4e30e436bbd32c071047fb011c2f5f39c615bb3bfade232c2c0d5c797228c0c4544daa1c38ed50b8188093e2518fdb458b5102172b00ec0b8364e81c049847a5230a2a550a8a029028180718bebc89e9734416fc057e190dbe0e7da12ffbae1a1d1256b13afef9cf3e279c9dbd95ed18af5b052ec44c6277b7a0b15f50780e711820ae66a4e5e8c9e898d0cae1cb21841e8ca52bfb390e686eae396d9f080cb9ea077237b6be8611a10040354228d85037a0056f2037c51cb8574d096376b90eeb71d8a765e809c427aa102818100886afe7a9610e60cd2da4cf3137ba5f597cd9cdc344f36c4101720363341c42cdfe09f68ee25a3dd63e191b6542bcd97aaa0af776eb68aaab84db4594e5340591b4fe194ea2fe2f7586ac3c3aaf8bc337963c4e05d6556b1a6024ac6e07710cdf01bcd9543e263a35ad13baaa2aa6c3af60880cc56622959916cab038a51fff9",
             )),
             Token::Str("label"),
             Token::None,

diff --git a/src/oaep/encrypting_key.rs b/src/oaep/encrypting_key.rs
@@ -80,7 +80,7 @@ mod tests {
         use serde_test::{assert_tokens, Configure, Token};
 
         let mut rng = ChaCha8Rng::from_seed([42; 32]);
-        let priv_key = crate::RsaPrivateKey::new(&mut rng, 64).expect("failed to generate key");
+        let priv_key = crate::RsaPrivateKey::new(&mut rng, 2048).expect("failed to generate key");
         let encrypting_key = EncryptingKey::<sha2::Sha256>::new(priv_key.to_public_key());
 
         let tokens = [
@@ -90,7 +90,7 @@ mod tests {
             },
             Token::Str("inner"),
             Token::Str(
-                "3024300d06092a864886f70d01010105000313003010020900ab240c3361d02e370203010001",
+                "30820122300d06092a864886f70d01010105000382010f003082010a0282010100cf823bdbad23cda55787e9d1dbd630457e3e8407f3a4da723656a120866a8284ce211ff8464904cf7dab256d0b5544549719f4155d32187ad3eb928ada9cd4152a9e4153e21c68022e654b0d10b065519e9ef5619f431740c2a0f568141c27670485f28d1643fe650af3757f4775af5d01ed3c992a6269c5aa5ff7f52450c30a84783e36931b8855b091559540ec34e0730c511d62e09ea86d66b0f4cb92d1a609e7fb6f34ae8cf08bd791eee85150850e943fb5e4d9b7fd44a5eb474ed7e0bb7faa2e1dca443d5df8f77468fb0905731e421b2e06e864f957f3a517b2b0e3ad09118310b9fd74cb54bb07308d009e3ec6cecc17f06cddf10e0b1b9eff5ff8b90203010001",
             ),
             Token::Str("label"),
             Token::None,