Skip to content

OpenSSL::PKey::RSA.new returns the wrong value #357

Closed
queso opened this Issue Oct 24, 2012 · 7 comments

4 participants

@queso
queso commented Oct 24, 2012

I've created a gist that shows code that works in 1.6.8, but returns the wrong value in 1.7.0.

https://gist.github.com/3947534

This leads to this line throwing an error because privKey is null: https://github.com/jruby/jruby/blob/master/src/org/jruby/ext/openssl/PKeyRSA.java#L469

@queso
queso commented Oct 24, 2012

Submitted here as suggested by @headius. /cc @bcurren

@queso
queso commented Oct 24, 2012

I tried to just read the private.pem key by itself and that errors out here: https://github.com/jruby/jruby/blob/master/src/org/jruby/ext/openssl/PKeyRSA.java#L278

I am just not sure where in that long if chain it is erroring out.

@pmahoney

Some work with the (Eclipse) debugger shows an exception in line 214 of PKeyRSA.java

val = PEMInputOutput.readPrivateKey(new StringReader(str.toString()), passwd);

the initializer then falls to the next case, which apparently only considers the public key portion.

The original exception in that method is java.security.InvalidKeyException "Wrong algorithm: DESede or TripleDES required". I think the "alrogithm" arg is "DESede/CBC/PKCS5Padding" while Java is perhaps expecting one of "DESede" or "TripleDES" (from this link which hopefully isn't horribly out of date).

Will hopefully post more details later.

@pmahoney

Some data copied from debugging session, at the point the InvalidKeyException is thrown.

@pmahoney

I cannot reproduce (I get the expected private key) on trunk (approx. 1.7.0: 2547a3a) on Linux using

$ java -version
java version "1.7.0_07"
OpenJDK Runtime Environment (IcedTea7 2.3.2) (7u7-2.3.2a-1ubuntu1)
OpenJDK 64-Bit Server VM (build 23.2-b09, mixed mode)

I verified that realName is also "DESede/CBC/PKCS5Padding" in this case. Will have to wait for tomorrow to check Java versions on my other machine, but it is a Mac, probably using the Apple provided Java 1.6.

Also failed to reproduce on Linux using jruby 1.7.0 (1.9.3p203) 2012-10-24 2547a3a on OpenJDK 64-Bit Server VM 1.6.0_24-b24 [linux-amd64]

@pmahoney

Ok, back on the Mac. I've created a small Java program that I think reproduces this problem.

$ cat CryptoBug.java 
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

public class CryptoBug {

    public static void main(String[] args) throws Exception {
        final String algo = "DESede/CBC/PKCS5Padding";
        final IvParameterSpec spec = new IvParameterSpec(new byte[8]);
        final SecretKeySpec secretKey = new SecretKeySpec(new byte[100], algo);

        Cipher.getInstance(algo).init(Cipher.DECRYPT_MODE, secretKey, spec);
    }

}

It simply attempt to initialize a cipher instance. Expected behavior is failure, either because the algorithm is "wrong" (this is the cause of this bug I believe), or because the algorithm was right but the bogus parameters are invalid (the ruby code above should work in JVMs where this failure mode occurs).

$ java -version && javac CryptoBug.java && java CryptoBug
java version "1.6.0_35"
Java(TM) SE Runtime Environment (build 1.6.0_35-b10-428-10M3811)
Java HotSpot(TM) 64-Bit Server VM (build 20.10-b01-428, mixed mode)
Exception in thread "main" java.security.InvalidKeyException: Wrong algorithm: DESede or TripleDES required
    ...
    at CryptoBug.main(CryptoBug.java:12)

And with OpenJDK 7 on the Mac:

$ java7 -version && javac CryptoBug.java && java7 CryptoBug
openjdk version "1.7.0-u10-b09"
OpenJDK Runtime Environment (build 1.7.0-u10-b09-20120927)
OpenJDK 64-Bit Server VM (build 23.6-b03, mixed mode)
Exception in thread "main" java.security.InvalidKeyException: Invalid key length: 100 bytes
    ....
    at CryptoBug.main(CryptoBug.java:12)
@headius
JRuby Team member
headius commented Oct 29, 2012

Perhaps we can just check the algorithm string for DESede or TripleDES and specify them directly?

@kares kares added a commit to kares/jruby that referenced this issue Apr 23, 2014
@kares kares add a spec for `OpenSSL::PKey::RSA.new` regression - working fine as …
…is (fixes #357)

not tested on Mac (only Linux with Java 1.7.0_51) but we're now not simply doing `Cipher.getInstance(String)` ... we're first attempt to consult (BC) provider directly
5114e6b
@kares kares added a commit to kares/jruby that referenced this issue Apr 23, 2014
@kares kares add a spec for `OpenSSL::PKey::RSA.new` regression - working fine as …
…is (fixes #357)

not tested on Mac (only Linux with Java 1.7.0_51) but we're now not simply doing `Cipher.getInstance(String)` ... we're first attempt to consult (BC) provider directly
c7d7d8a
@mkristian mkristian added a commit that referenced this issue Apr 23, 2014
@kares kares add a spec for `OpenSSL::PKey::RSA.new` regression - working fine as …
…is (fixes #357)

not tested on Mac (only Linux with Java 1.7.0_51) but we're now not simply doing `Cipher.getInstance(String)` ... we're first attempt to consult (BC) provider directly
0199652
@mkristian mkristian added a commit that referenced this issue Apr 29, 2014
@kares kares add a spec for `OpenSSL::PKey::RSA.new` regression - working fine as …
…is (fixes #357)

not tested on Mac (only Linux with Java 1.7.0_51) but we're now not simply doing `Cipher.getInstance(String)` ... we're first attempt to consult (BC) provider directly
59391fb
@mkristian mkristian added a commit that closed this issue Apr 29, 2014
@kares kares add a spec for `OpenSSL::PKey::RSA.new` regression - working fine as …
…is (fixes #357)

not tested on Mac (only Linux with Java 1.7.0_51) but we're now not simply doing `Cipher.getInstance(String)` ... we're first attempt to consult (BC) provider directly
d9b0d95
@mkristian mkristian closed this in d9b0d95 Apr 29, 2014
@enebo enebo added this to the JRuby 1.7.13 milestone Jun 24, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.