[compat] adjust error raised from PKey::RSA

kares · kares · commit 411aefb8ab30 · 2026-03-06T07:58:15.000+01:00
diff --git a/src/main/java/org/jruby/ext/openssl/PKeyRSA.java b/src/main/java/org/jruby/ext/openssl/PKeyRSA.java
@@ -595,7 +595,7 @@ private static ASN1ObjectIdentifier osslNameToCipherOid(final String osslName) {
 
     private String getPadding(final int padding) {
         if ( padding < 1 || padding > 4 ) {
-            throw newRSAError(getRuntime(), "");
+            throw newPKeyError(getRuntime(), "");
         }
         // BC accepts "/NONE/*" but SunJCE doesn't. use "/ECB/*"
         String p = "/ECB/PKCS1Padding";
@@ -615,7 +615,7 @@ public IRubyObject private_encrypt(final ThreadContext context, final IRubyObjec
         if ( Arity.checkArgumentCount(context.runtime, args, 1, 2) == 2 && ! args[1].isNil() ) {
             padding = RubyNumeric.fix2int(args[1]);
         }
-        if ( privateKey == null ) throw newRSAError(context.runtime, "incomplete RSA");
+        if ( privateKey == null ) throw newPKeyError(context.runtime, "incomplete RSA");
         return doCipherRSA(context.runtime, args[0], padding, ENCRYPT_MODE, privateKey);
     }
 
@@ -625,7 +625,7 @@ public IRubyObject private_decrypt(final ThreadContext context, final IRubyObjec
         if ( Arity.checkArgumentCount(context.runtime, args, 1, 2) == 2 && ! args[1].isNil())  {
             padding = RubyNumeric.fix2int(args[1]);
         }
-        if ( privateKey == null ) throw newRSAError(context.runtime, "incomplete RSA");
+        if ( privateKey == null ) throw newPKeyError(context.runtime, "incomplete RSA");
         return doCipherRSA(context.runtime, args[0], padding, DECRYPT_MODE, privateKey);
     }
 
@@ -635,7 +635,7 @@ public IRubyObject public_encrypt(final ThreadContext context, final IRubyObject
         if ( Arity.checkArgumentCount(context.runtime, args, 1, 2) == 2 && ! args[1].isNil())  {
             padding = RubyNumeric.fix2int(args[1]);
         }
-        if ( publicKey == null ) throw newRSAError(context.runtime, "incomplete RSA");
+        if ( publicKey == null ) throw newPKeyError(context.runtime, "incomplete RSA");
         return doCipherRSA(context.runtime, args[0], padding, ENCRYPT_MODE, publicKey);
     }
 
@@ -645,7 +645,7 @@ public IRubyObject public_decrypt(final ThreadContext context, final IRubyObject
         if ( Arity.checkArgumentCount(context.runtime, args, 1, 2) == 2 && ! args[1].isNil() ) {
             padding = RubyNumeric.fix2int(args[1]);
         }
-        if ( publicKey == null ) throw newRSAError(context.runtime, "incomplete RSA");
+        if ( publicKey == null ) throw newPKeyError(context.runtime, "incomplete RSA");
         return doCipherRSA(context.runtime, args[0], padding, DECRYPT_MODE, publicKey);
     }
 
diff --git a/src/test/ruby/rsa/test_rsa.rb b/src/test/ruby/rsa/test_rsa.rb
@@ -9,6 +9,15 @@ def setup
     require 'base64'
   end
 
+  def test_no_private_exp
+    key = OpenSSL::PKey::RSA.new
+    rsa = Fixtures.pkey("rsa-1.pem")
+    key.set_key(rsa.n, rsa.e, nil)
+    key.set_factors(rsa.p, rsa.q)
+    assert_raise(OpenSSL::PKey::PKeyError){ key.private_encrypt("foo") }
+    assert_raise(OpenSSL::PKey::PKeyError){ key.private_decrypt("foo") }
+  end
+
   def test_private
     # Generated by key size and public exponent
     key = OpenSSL::PKey::RSA.new(512, 3)
@@ -128,6 +137,33 @@ def test_rsa_public_encrypt
     # }
   end
 
+  def test_sign_verify_raw_legacy
+    key = Fixtures.pkey("rsa-1.pem")
+    bits = key.n.num_bits
+
+    # Need right size for raw mode
+    plain0 = "x" * (bits/8)
+    cipher = key.private_encrypt(plain0, OpenSSL::PKey::RSA::NO_PADDING)
+    plain1 = key.public_decrypt(cipher, OpenSSL::PKey::RSA::NO_PADDING)
+    assert_equal(plain0, plain1)
+
+    # Need smaller size for pkcs1 mode
+    plain0 = "x" * (bits/8 - 11)
+    cipher1 = key.private_encrypt(plain0, OpenSSL::PKey::RSA::PKCS1_PADDING)
+    plain1 = key.public_decrypt(cipher1, OpenSSL::PKey::RSA::PKCS1_PADDING)
+    assert_equal(plain0, plain1)
+
+    cipherdef = key.private_encrypt(plain0) # PKCS1_PADDING is default
+    plain1 = key.public_decrypt(cipherdef)
+    assert_equal(plain0, plain1)
+    assert_equal(cipher1, cipherdef)
+
+    # Failure cases
+    assert_raise(ArgumentError){ key.private_encrypt() }
+    assert_raise(ArgumentError){ key.private_encrypt("hi", 1, nil) }
+    assert_raise(OpenSSL::PKey::PKeyError){ key.private_encrypt(plain0, 666) }
+  end
+
   def test_rsa_param_accessors
     key_file = File.join(File.dirname(__FILE__), 'private_key.pem')
     key = OpenSSL::PKey::RSA.new(File.read(key_file))

Original file line number	Diff line number	Diff line change
`@@ -595,7 +595,7 @@ private static ASN1ObjectIdentifier osslNameToCipherOid(final String osslName) {`
`595`	`595`
`596`	`596`	`private String getPadding(final int padding) {`
`597`	`597`	`if ( padding < 1 \|\| padding > 4 ) {`
`598`		`- throw newRSAError(getRuntime(), "");`
	`598`	`+ throw newPKeyError(getRuntime(), "");`
`599`	`599`	`}`
`600`	`600`	`// BC accepts "/NONE/" but SunJCE doesn't. use "/ECB/"`
`601`	`601`	`String p = "/ECB/PKCS1Padding";`
`@@ -615,7 +615,7 @@ public IRubyObject private_encrypt(final ThreadContext context, final IRubyObjec`
`615`	`615`	`if ( Arity.checkArgumentCount(context.runtime, args, 1, 2) == 2 && ! args[1].isNil() ) {`
`616`	`616`	`padding = RubyNumeric.fix2int(args[1]);`
`617`	`617`	`}`
`618`		`- if ( privateKey == null ) throw newRSAError(context.runtime, "incomplete RSA");`
	`618`	`+ if ( privateKey == null ) throw newPKeyError(context.runtime, "incomplete RSA");`
`619`	`619`	`return doCipherRSA(context.runtime, args[0], padding, ENCRYPT_MODE, privateKey);`
`620`	`620`	`}`
`621`	`621`
`@@ -625,7 +625,7 @@ public IRubyObject private_decrypt(final ThreadContext context, final IRubyObjec`
`625`	`625`	`if ( Arity.checkArgumentCount(context.runtime, args, 1, 2) == 2 && ! args[1].isNil()) {`
`626`	`626`	`padding = RubyNumeric.fix2int(args[1]);`
`627`	`627`	`}`
`628`		`- if ( privateKey == null ) throw newRSAError(context.runtime, "incomplete RSA");`
	`628`	`+ if ( privateKey == null ) throw newPKeyError(context.runtime, "incomplete RSA");`
`629`	`629`	`return doCipherRSA(context.runtime, args[0], padding, DECRYPT_MODE, privateKey);`
`630`	`630`	`}`
`631`	`631`
`@@ -635,7 +635,7 @@ public IRubyObject public_encrypt(final ThreadContext context, final IRubyObject`
`635`	`635`	`if ( Arity.checkArgumentCount(context.runtime, args, 1, 2) == 2 && ! args[1].isNil()) {`
`636`	`636`	`padding = RubyNumeric.fix2int(args[1]);`
`637`	`637`	`}`
`638`		`- if ( publicKey == null ) throw newRSAError(context.runtime, "incomplete RSA");`
	`638`	`+ if ( publicKey == null ) throw newPKeyError(context.runtime, "incomplete RSA");`
`639`	`639`	`return doCipherRSA(context.runtime, args[0], padding, ENCRYPT_MODE, publicKey);`
`640`	`640`	`}`
`641`	`641`
`@@ -645,7 +645,7 @@ public IRubyObject public_decrypt(final ThreadContext context, final IRubyObject`
`645`	`645`	`if ( Arity.checkArgumentCount(context.runtime, args, 1, 2) == 2 && ! args[1].isNil() ) {`
`646`	`646`	`padding = RubyNumeric.fix2int(args[1]);`
`647`	`647`	`}`
`648`		`- if ( publicKey == null ) throw newRSAError(context.runtime, "incomplete RSA");`
	`648`	`+ if ( publicKey == null ) throw newPKeyError(context.runtime, "incomplete RSA");`
`649`	`649`	`return doCipherRSA(context.runtime, args[0], padding, DECRYPT_MODE, publicKey);`
`650`	`650`	`}`
`651`	`651`