Permalink
Browse files

Improved error checking.

This accounts for observed differences between different versions of
OpenSSL, opting for a consistent error message coming from Ursa, rather
than just letting the OpenSSL error bubble up.
  • Loading branch information...
1 parent 3f5228b commit d56a02b4114dd5246f78e54e78a17c7b1e01e64d Dan Bornstein committed Aug 24, 2012
Showing with 34 additions and 5 deletions.
  1. +4 −0 README.md
  2. +22 −2 src/ursaNative.cc
  3. +8 −3 test/native.js
View
@@ -157,6 +157,10 @@ the exponent value, which must be odd (65537 is the typical value; 3
and 17 are also common). Both arguments are optional and default to
2048 and 65537 (respectively).
+This method will throw if `modulusBits` is less than `512` (because
+it's pretty crazy to want a key with that few bits) or if `exponent`
+is even (because RSA only works for odd exponents).
+
Using the command-line `openssl` tool, this operation is
equivalent to:
View
@@ -444,8 +444,28 @@ Handle<Value> RsaWrap::GeneratePrivateKey(const Arguments& args) {
return Undefined();
}
- // Sanity-check the exponent, since (as of this writing) it looks like
- // OpenSSL doesn't check it. It's required to be odd.
+ // Sanity-check the arguments, since (as of this writing) OpenSSL
+ // either doesn't check, or at least doesn't consistently check:
+ //
+ // * The modulus bit count must be >= 512. Really, it just has to
+ // be a positive integer, but anything less than 512 is a
+ // horrendously bad idea.
+ //
+ // * The exponend must be positive and odd.
+
+ if (modulusBits < 512) {
+ Local<String> message =
+ String::New("Expected modulus bit count >= 512.");
+ ThrowException(Exception::TypeError(message));
+ return Undefined();
+ }
+
+ if (exponent <= 0) {
+ Local<String> message = String::New("Expected positive exponent.");
+ ThrowException(Exception::TypeError(message));
+ return Undefined();
+ }
+
if ((exponent & 1) == 0) {
Local<String> message = String::New("Expected odd exponent.");
ThrowException(Exception::TypeError(message));
View
@@ -408,14 +408,19 @@ function test_fail_generatePrivateKey() {
assert.throws(f4, /Expected a 32-bit integer in args\[1]\./);
function f5() {
- rsa.generatePrivateKey(512, 0);
+ rsa.generatePrivateKey(512, 2);
}
assert.throws(f5, /Expected odd exponent\./);
function f6() {
- rsa.generatePrivateKey(0, 1);
+ rsa.generatePrivateKey(512, 0);
+ }
+ assert.throws(f6, /Expected positive exponent\./);
+
+ function f7() {
+ rsa.generatePrivateKey(511, 1);
}
- assert.throws(f6, /key size too small/);
+ assert.throws(f7, /Expected modulus bit count >= 512\./);
// Use the original f1(), above, for this test.
rsa.setPublicKeyPem(fixture.PUBLIC_KEY);

0 comments on commit d56a02b

Please sign in to comment.