test: add private_encrypt/public_decrypt coverage

[toddr-bot]

What

Adds t/private_crypt.t — 17 subtests for the private_encrypt()/public_decrypt() code path.

Why

These operations map to different OpenSSL functions than encrypt()/decrypt():

• Pre-3.x: RSA_private_encrypt / RSA_public_decrypt
• 3.x: EVP_PKEY_sign / EVP_PKEY_verify_recover

The existing test suite only exercised these with no_padding (in rsa.t). PR #118 fixed the 3.x code path but had no dedicated tests to prevent regressions.

Testing

• All 494 tests pass (16 files) on OpenSSL 3.5.1
• New tests cover: PKCS1 round-trip, no-padding round-trip, binary data, boundary lengths, error paths (wrong key, garbage data, truncated ciphertext), padding rejection (PSS/OAEP), and empty string handling

🤖 Generated with Claude Code

---

Quality Report

Changes: 1 file changed, 193 insertions(+)

Code scan: clean

Tests: passed (OK)

Branch hygiene: clean

Generated by Kōan post-mission quality pipeline

[timlegge]

lgtm, tests fine

[atoomic]

Failure from CI

1..17
ok 1 - private_encrypt with PKCS1 padding produces output
ok 2 - public_decrypt recovers plaintext with PKCS1 padding
ok 3 - private_encrypt with no padding produces key-sized output
ok 4 - public_decrypt recovers plaintext with no padding
ok 5 - binary data with embedded NULs round-trips through private_encrypt/public_decrypt
ok 6 - private_encrypt at max PKCS1 plaintext length (245 bytes) succeeds
ok 7 - max-length PKCS1 plaintext round-trips correctly
ok 8 - private_encrypt with plaintext too long for PKCS1 croaks
ok 9 - public_decrypt with wrong key croaks
ok 10 - public_decrypt of garbage data croaks
ok 11 - public_decrypt of truncated ciphertext croaks
ok 12 - PSS padding cannot be used with private_encrypt
ok 13 - OAEP padding cannot be used with private_encrypt
ok 14 - public key cannot call private_encrypt
ok 15 - private_encrypt and sign produce different outputs for same message
ok 16 - private_encrypt of empty string with PKCS1 succeeds
not ok 17 - public_decrypt of private_encrypt('') does not crash

#   Failed test 'public_decrypt of private_encrypt('') does not crash'
#   at t/private_crypt.t line 190.
# RSA.xs:378: OpenSSL error: provider signature failure at t/private_crypt.t line 189.
# Looks like you failed 1 test of 17.
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/17 subtests 
t/rsa.t ..................... 

@toddr-bot rebase

[toddr-bot]

Rebase: test: add private_encrypt/public_decrypt coverage

Branch koan.toddr.bot/test-private-encrypt-decrypt rebased onto main and force-pushed.

Diff: 1 file changed, 187 insertions(+)

Review feedback was analyzed and applied.

Actions

• Rebased koan.toddr.bot/test-private-encrypt-decrypt onto upstream/main
• Applied review feedback
• Force-pushed koan.toddr.bot/test-private-encrypt-decrypt to origin
• CI passed

CI

CI passed.

---

Automated by Kōan