Re: OpenSSL::PKey::RSA accepts empty constructor (BUG?)

< ^ > P N |<>|^_>< --- | ~ ...Help
On 14:10 Sat 22 Jan     , leon breedt wrote:
> It doesn't seem like you can do much with an empty RSA object (no #new
> parameters), so I'm not sure why its exposed to Ruby? It does not seem
> possible to set public/private key values after the fact on an RSA
> instance.

Actually, Net::SSH needs this. It allows you to explicitly set the
key's parameters:

  rsa = OpenSSL::PKey::RSA.new
  rsa.e = 1234123432
  rsa.n = 3453234398

DSA and DH keys also allow the empty constructor.

> 
> Also, it allows for possible coredumps:
> 
> irb(main):001:0> require 'openssl'
> => true
> irb(main):002:0> rsa = OpenSSL::PKey::RSA.new
> => -----BEGIN RSA PUBLIC KEY-----
> MAA=
> -----END RSA PUBLIC KEY-----
> 
> irb(main):004:0> rsa.public_encrypt "data"
> (irb):4: [BUG] Segmentation fault
> ruby 1.8.2 (2004-12-23) [i386-linux]

And yah, that's a bug. :) The methods should check to see that the
key's parameters are non-null before trying to do anything with them.

- Jamis

-- 
Jamis Buck
jamis_buck / byu.edu
http://jamis.jamisbuck.org
------------------------------
"I am Victor of Borge. You will be assimil-nine-ed."