Skip to content

fix: reject invalid RSA exponents before calling OpenSSL#151

Merged
timlegge merged 2 commits into
cpan-authors:mainfrom
atoomic:koan.atoomic/fix-even-exponent-hang
Apr 3, 2026
Merged

fix: reject invalid RSA exponents before calling OpenSSL#151
timlegge merged 2 commits into
cpan-authors:mainfrom
atoomic:koan.atoomic/fix-even-exponent-hang

Conversation

@Koan-Bot
Copy link
Copy Markdown
Contributor

@Koan-Bot Koan-Bot commented Apr 3, 2026
edited
Loading

What

Pre-validate RSA exponent in generate_key() — croak immediately if exponent is even or < 3.

Why

RSA_generate_key_ex() on OpenSSL 1.1.x enters an infinite loop when given an even exponent (e.g. 2), causing CI hangs on Debian Bullseye. This is the root cause of the timeout in PR #95. OpenSSL 3.x handles this gracefully, but 1.1.x does not.

RSA exponents must be odd and >= 3 per FIPS 186-4 / RFC 8017. Validating before calling OpenSSL prevents the hang on all versions.

How

Two-line check at the top of generate_key() in RSA.xs, before any OpenSSL allocation. Croak with a descriptive message including the invalid value.

Testing

  • 4 new regression tests in t/key_lifecycle.t (exponents 0, 1, 2, 100)
  • Full suite: 481 tests pass (macOS, OpenSSL 3.6.1)

Fixes the CI hang reported in #95.

🤖 Generated with Claude Code

Quality Report

Changes: 2 files changed, 21 insertions(+), 1 deletion(-)

Code scan: clean

Tests: passed (OK)

Branch hygiene: clean

Generated by Kōan post-mission quality pipeline

Koan-Bot and others added 2 commits April 2, 2026 22:42
@Koan-Bot @claude
fix: reject invalid RSA exponents before calling OpenSSL
3ac255a 
RSA_generate_key_ex() on OpenSSL 1.1.x enters an infinite loop when
given an even exponent (e.g. 2). Add pre-validation in generate_key()
to croak immediately if the exponent is < 3 or even, preventing the
hang on all OpenSSL versions.

Fixes the CI timeout on Debian Bullseye (OpenSSL 1.1.1d) reported in PR cpan-authors#95.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@Koan-Bot @claude
test: add regression tests for invalid RSA exponent rejection
2371c26 
Verify that generate_key() croaks immediately on even exponents (2, 100),
exponent 1, and exponent 0 — all of which would hang on OpenSSL 1.1.x
without the pre-validation check.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@Koan-Bot Koan-Bot mentioned this pull request Apr 3, 2026
Merged
@atoomic atoomic marked this pull request as ready for review April 3, 2026 11:09
@atoomic atoomic requested a review from timlegge April 3, 2026 11:10
@atoomic
Copy link
Copy Markdown
Collaborator

atoomic commented Apr 3, 2026

@timlegge looks like an interesting protection
Would like your review on that change
Thanks

timlegge
timlegge approved these changes Apr 3, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@timlegge timlegge left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

approved - look fine and fixes #95

@timlegge timlegge merged commit 232eb05 into cpan-authors:main Apr 3, 2026
28 checks passed
@toddr-bot toddr-bot mentioned this pull request Apr 3, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@timlegge timlegge timlegge approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Koan-Bot @atoomic @timlegge