search

fffonion / lua-resty-openssl

FFI-based OpenSSL binding for OpenResty
BSD 2-Clause "Simplified" License
130 stars 43 forks source link

Public key construction creates alerts #152

Open pr0x1ma-byte opened 5 months ago

pr0x1ma-byte commented 5 months ago

I receive the following error when constructing a public key from an exponent and modulus:

ignoring stale global SSL error (SSL: error:0407008A:rsa routines:RSA_padding_check_PKCS1_type_1:invalid padding error:04067072:rsa routines:rsa_ossl_public_decrypt:padding check failed)

This is how I'm constructing the key:

local key, err = pkey.new(json_text, {format = "JWK"})
...
local pem, err = key:to_PEM("public",false)

After a bit I get an alert in my nginx log with the error from above.

fffonion commented 5 months ago

Hi @pr0x1ma-byte the alert log you are seeing indicating there's a uncleared error when doing pubkey:decrypt, but I don't seem to reproduce this using the following code:

local jwk = require("cjson").encode({
    kty = "RSA",
    n   = "pjdss8ZaDfEH6K6U7GeW2nxDqR4IP049fk1fK0lndimbMMVBdPv_hSpm8T8EtBDxrUdi1OHZfMhUixGaut-3nQ4GG9nM249oxhCtxqqNvEXrmQRGqczyLxuh-fKn9Fg--hS9UpazHpfVAFnB5aCfXoNhPuI8oByyFKMKaOVgHNqP5NBEqabiLftZD3W_lsFCPGuzr4Vp0YS7zS2hDYScC2oOMu4rGU1LcMZf39p3153Cq7bS2Xh6Y-vw5pwzFYZdjQxDn8x8BG3fJ6j8TGLXQsbKH1218_HcUJRvMwdpbUQG5nvA2GXVqLqdwp054Lzk9_B_f1lVrmOKuHjTNHq48w",
    e   = "AQAB",
})
local key = assert(require("resty.openssl.pkey").new(jwk, {format = "JWK"}))
local err = require("resty.openssl.err")
print(err.format_error("x"))

print(key:decrypt("x"))
local pem = assert(key:to_PEM("public",false))
print(err.format_error("x"))

could you share more about the code that you use that involves pubkey decrypt operations?