OpenSSL::PKey::RSA accepts empty constructor (BUG?)

[leon breedt]

It doesn't seem like you can do much with an empty RSA object (no #new
parameters), so I'm not sure why its exposed to Ruby? It does not seem
possible to set public/private key values after the fact on an RSA
instance.

Also, it allows for possible coredumps:

irb(main):001:0> require 'openssl'
=> true
irb(main):002:0> rsa = OpenSSL:Key::RSA.new
=> -----BEGIN RSA PUBLIC KEY-----
MAA=
-----END RSA PUBLIC KEY-----

irb(main):004:0> rsa.public_encrypt "data"
(irb):4: [BUG] Segmentation fault
ruby 1.8.2 (2004-12-23) [i386-linux]

Leon

 

[Jamis Buck]

It doesn't seem like you can do much with an empty RSA object (no #new
parameters), so I'm not sure why its exposed to Ruby? It does not seem
possible to set public/private key values after the fact on an RSA
instance.

Actually, Net::SSH needs this. It allows you to explicitly set the
key's parameters:

rsa = OpenSSL:Key::RSA.new
rsa.e = 1234123432
rsa.n = 3453234398

DSA and DH keys also allow the empty constructor.

Also, it allows for possible coredumps:

irb(main):001:0> require 'openssl'
=> true
irb(main):002:0> rsa = OpenSSL:Key::RSA.new
=> -----BEGIN RSA PUBLIC KEY-----
MAA=
-----END RSA PUBLIC KEY-----

irb(main):004:0> rsa.public_encrypt "data"
(irb):4: [BUG] Segmentation fault
ruby 1.8.2 (2004-12-23) [i386-linux]

And yah, that's a bug. The methods should check to see that the
key's parameters are non-null before trying to do anything with them.

- Jamis

 

[leon breedt]

Actually, Net::SSH needs this. It allows you to explicitly set the
key's parameters:

rsa = OpenSSL:Key::RSA.new
rsa.e = 1234123432
rsa.n = 3453234398

DSA and DH keys also allow the empty constructor.

I noticed

From reading the archives, it appears you've done a fair amount of
work in terms of finding out what the OpenSSL bindings do.

I'm busy slowly adding RDoc to the OpenSSL bindings, mind if I ask you
to proofread when I have something more substantial to show?

I have very little in the way of experience with OpenSSL, but having
needed to use it recently in Ruby, I wasted a lot of time trying to
figure out what to do, so I'm hoping documenting the Ruby bindings
will alleviate this for the next person who comes along to do it.

Its currently not too clear how to add documentation for in-tree stuff
though, so I've just started adding stuff to ext/ossl/*.c, but I'm
wary that a massive patch adding the docs won't get accepted.

Any ideas?

Cheers
Leon

 

[Jamis Buck]

I noticed

work in terms of finding out what the OpenSSL bindings do.

I'm busy slowly adding RDoc to the OpenSSL bindings, mind if I ask you
to proofread when I have something more substantial to show?

Well, I figured out what I needed to make Net::SSH work, which is only
a fairly small subset of OpenSSL (mostly just the Bignum stuff, and
keys). I'd be happy to read over your docs, though. Just might not be
give much feedback on most of it.

I have very little in the way of experience with OpenSSL, but having
needed to use it recently in Ruby, I wasted a lot of time trying to
figure out what to do, so I'm hoping documenting the Ruby bindings
will alleviate this for the next person who comes along to do it.

Generations to come will bless your name, Leon!

Its currently not too clear how to add documentation for in-tree stuff
though, so I've just started adding stuff to ext/ossl/*.c, but I'm
wary that a massive patch adding the docs won't get accepted.

Any ideas?

Good question. I'm not very familiar with the process of documenting
the modules. James Britt--I assume you'd know more about this?

- Jamis