cpan-authors · toddr-bot · May 23, 2026
diff --git a/RSA.xs b/RSA.xs
@@ -426,10 +426,15 @@ EVP_PKEY*  _load_rsa_key(SV* p_keyStringSv,
     return rsa;
 }
 
-static void check_max_message_length(rsaData* p_rsa, STRLEN from_length) {
+static void check_max_message_length(rsaData* p_rsa, SV* from_sv) {
     int size;
     int max_len = -1;
     const char *pad_name = NULL;
+    STRLEN from_length;
+
+    /* sv_len() returns character count for UTF-8 SVs, but encryption
+       operates on bytes.  SvPV always returns the byte length. */
+    (void)SvPV(from_sv, from_length);
 
     size = EVP_PKEY_get_size(p_rsa->rsa);
 
@@ -1204,7 +1209,7 @@ encrypt(p_rsa, p_plaintext)
     rsaData* p_rsa;
     SV* p_plaintext;
   CODE:
-    check_max_message_length(p_rsa, sv_len(p_plaintext));
+    check_max_message_length(p_rsa, p_plaintext);
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
     RETVAL = rsa_crypt(p_rsa, p_plaintext, EVP_PKEY_encrypt, EVP_PKEY_encrypt_init, 1 /* is_encrypt */);
 #else
@@ -1247,7 +1252,7 @@ private_encrypt(p_rsa, p_plaintext)
         croak("PSS padding with private_encrypt/public_decrypt is not supported. "
               "Use sign()/verify() for PSS signatures.");
     }
-    check_max_message_length(p_rsa, sv_len(p_plaintext));
+    check_max_message_length(p_rsa, p_plaintext);
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
     RETVAL = rsa_crypt(p_rsa, p_plaintext, EVP_PKEY_sign, EVP_PKEY_sign_init, 0 /* is_encrypt */);
 #else

diff --git a/t/crypto.t b/t/crypto.t
@@ -7,7 +7,7 @@ use Crypt::OpenSSL::RSA;
 # Tests for encrypt/decrypt error paths, boundary conditions, and edge cases.
 # These cover gaps not addressed by rsa.t or padding.t.
 
-plan tests => 20;
+plan tests => 22;
 
 Crypt::OpenSSL::Random::random_seed("OpenSSL needs at least 32 bytes.");
 Crypt::OpenSSL::RSA->import_random_seed();
@@ -156,6 +156,23 @@ $rsa->use_pkcs1_oaep_padding();
         "no-padding oversized plaintext gives clear error message");
 }
 
+# --- UTF-8 byte-length validation ---
+# sv_len() returns character count for UTF-8 SVs, which is shorter than the
+# byte count.  The length check must use byte count since OpenSSL operates
+# on bytes.  Construct a UTF-8 string where chars <= max but bytes > max.
+
+{
+    $rsa->use_pkcs1_oaep_padding();
+    my $utf8_str = "\xe9" x 120;
+    utf8::upgrade($utf8_str);  # 120 chars, 240 UTF-8 bytes
+    require bytes;
+    ok(bytes::length($utf8_str) > $oaep_max,
+        "UTF-8 test string byte length exceeds OAEP max");
+    eval { $rsa->encrypt($utf8_str) };
+    like($@, qr/plaintext too long/,
+        "length check uses byte count for UTF-8 strings");
+}
+
 # Decrypt still works (no false positive from validation)
 {
     $rsa->use_pkcs1_oaep_padding();