From 6581c1cef845d2186dc7345b00098ea5ada24686 Mon Sep 17 00:00:00 2001
From: Heiko Schaefer <heiko@schaefer.name>
Date: Wed, 15 Oct 2025 23:32:57 +0200
Subject: [PATCH] Support for cryptographic operations with larger keys

Currently, this crate allows instantiation of public keys larger than
4096 bit (via `RsaPublicKey::new_with_max_size`), but doing
cryptographic operations with such public keys fails in
`key::check_public`, which always checks the modulus size against the
constant `RsaPublicKey::MAX_SIZE`.

I think it would be nice to cap both public and private key sizes to
4096 bit by default, but to allow opt-in creation of larger keys
(complete with working cryptographic operations).
---
 src/key.rs | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/src/key.rs b/src/key.rs
index 3c964809..462a65cb 100644
--- a/src/key.rs
+++ b/src/key.rs
@@ -228,7 +228,7 @@ impl RsaPublicKey {
 
     /// Create a new public key from its components.
     pub fn new_with_max_size(n: BoxedUint, e: BoxedUint, max_size: usize) -> Result<Self> {
-        check_public_with_max_size(&n, &e, max_size)?;
+        check_public_with_max_size(&n, &e, Some(max_size))?;
 
         let n_odd = Odd::new(n.clone())
             .into_option()
@@ -673,14 +673,16 @@ impl PrivateKeyParts for RsaPrivateKey {
 /// Check that the public key is well formed and has an exponent within acceptable bounds.
 #[inline]
 pub fn check_public(public_key: &impl PublicKeyParts) -> Result<()> {
-    check_public_with_max_size(public_key.n(), public_key.e(), RsaPublicKey::MAX_SIZE)
+    check_public_with_max_size(public_key.n(), public_key.e(), None)
 }
 
 /// Check that the public key is well formed and has an exponent within acceptable bounds.
 #[inline]
-fn check_public_with_max_size(n: &BoxedUint, e: &BoxedUint, max_size: usize) -> Result<()> {
-    if n.bits_vartime() as usize > max_size {
-        return Err(Error::ModulusTooLarge);
+fn check_public_with_max_size(n: &BoxedUint, e: &BoxedUint, max_size: Option<usize>) -> Result<()> {
+    if let Some(max_size) = max_size {
+        if n.bits_vartime() as usize > max_size {
+            return Err(Error::ModulusTooLarge);
+        }
     }
 
     if e >= n || n.is_even().into() || n.is_zero().into() {