Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OpenSSL::PKey::RSA.new behaves differently than MRI #2697

Closed
rampion opened this issue Mar 13, 2015 · 1 comment
Closed

OpenSSL::PKey::RSA.new behaves differently than MRI #2697

rampion opened this issue Mar 13, 2015 · 1 comment

Comments

@rampion
Copy link

@rampion rampion commented Mar 13, 2015

One of the ways that OpenSSL::PKey::RSA.new may be called is with a PEM-formatted string and no password. For example, see rubygems/request.

In the MRI implementation, when OpenSSL::PKey::RSA.new is called with an PEM-formatted string containing an encrypted RSA key but no password, it opens /dev/tty to prompt the user for a pass phrase:

% rvm use ruby-2.1
Using /usr/local/rvm/gems/ruby-2.1.5
% ruby example.rb
Decrypting key using password "correct horse battery staple"
success
Decrypting key using password nil
Enter PEM pass phrase:
success

When JRuby attempts the same, it raises an error instead of attempting to prompt the user for a pass phrase:

% rvm use jruby
Using /usr/local/rvm/gems/jruby-1.7.19
% JRUBY_OPTS=-J-Djruby.openssl.debug=true ruby example.rb
Decrypting key using password "correct horse battery staple"
success
Decrypting key using password nil
java.io.IOException: problem creating RSA private key: java.io.IOException: Password is null, but a password is required
        at org.jruby.ext.openssl.x509store.PEMInputOutput.readPrivateKey(PEMInputOutput.java:308)
        at org.jruby.ext.openssl.PKeyRSA.initialize(PKeyRSA.java:237)
...
failure: Neither PUB key nor PRIV key:
        org/jruby/ext/openssl/PKeyRSA.java:280:in `initialize'
        example.rb:6:in `test'
        example.rb:17:in `(root)'

Example code:

# example.rb
require 'openssl'

def test pemkey_text, pemkey_pass
  puts "Decrypting key using password #{pemkey_pass.inspect}"
  begin
    key = OpenSSL::PKey::RSA.new pemkey_text, pemkey_pass
    puts "success"
  rescue OpenSSL::PKey::RSAError => e
    puts %(failure: #{e.message}\n\t#{e.backtrace.join("\n\t")})
  end
end

pemkey_text = DATA.read
pemkey_pass = "correct horse battery staple"

test pemkey_text, pemkey_pass
test pemkey_text, nil

__END__
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,40D5A4CB36A82BF11E864AB17F4796BF

OfBi5HqB22AhV9pEtyf2/LIGt+80Dd53po8i+MXa2rBTSzHVDIqtECDjXogJjfYi
osuCQTTDddYtXL00LBYKxO94mERmfpYg94oiccBQRbSCkvYmxoY5Tw9ExllPcORR
M0BqvpVlGBZeHDSqrsHXM1ApREx8Iz9IaR3ZR0cX5DXHWlo3qEumKiafAcd5PdRJ
o7fFY6tt4zCzNZ63yK9lt6/M3KNeY9stPOwoHm3R548HQwIz+m6M5CVwy40XejEM
5O2LS5AUoib0GxFHOQJBDGf9wcq35ivyz4bhDzRYPBaoA6/SCACiW8e4jLkqhw4B
ye1f3ESBmpFEPRTwBVA+vnvYkfVLf0MlGWNY3J3zxJKC9TJUT3tkNY41gndh6761
i41ObaTIV+DlL4uNB7UDkS+8PjTQ+ndAbu3277yI+UCu8RbebpnWpmTDviTigH4z
zZSCrW1A0OLWwFr+sfKPo8QSkcA+H4fMX3IER7tl77I62idRO+jbZzauhj8lyiHO
LJt3AIOEjQ9YZm0GSLbWbZvu2fN9WP5BVrTcrKXAhjTTdQoNWgwVKVSbs6v0umvM
fOIUZ4I1VPBpdfd6Q0XL4LtvNf/nUh+o92Udmuguj/mOwrlh1Aujkfjy0U/jBbIw
ieXUC3CvWKkD9AzXwln7FbsFq6HdFZ6QUFc63WxzoEY6G6R0dK8U1zEy+cNbtlgD
IeXmldJ+hdbP32BOnBfKYAEWvCTJXjixvM25B5v4S5HqUW5CzATszMD+TvNuOpt0
Unca2Dl25FJnhAVE0TScfhMXLdaQv3cP1PRa4ylEL8dg3L8HsdYD6hgAlrHFRnKF
-----END RSA PRIVATE KEY-----
@kares kares added the openssl label Mar 16, 2015
@rtyler rtyler added the JRuby 1.7.x label Mar 22, 2015
@kares
Copy link
Member

@kares kares commented Jan 12, 2016

there's some naive prompting implemented since jruby-openssl 0.9.14 jruby/jruby-openssl@098ad46 ...
if more is needed please consider helping us out, thanks!

@kares kares closed this Jan 12, 2016
@kares kares added this to the JRuby 1.7.25 milestone Jan 12, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants
You can’t perform that action at this time.