Skip to content

Add missing _is_private() check to get_private_key_pkcs8_string()#183

Draft
toddr-bot wants to merge 1 commit into
cpan-authors:mainfrom
toddr-bot:koan.toddr.bot/fix-pkcs8-private-check
Draft

Add missing _is_private() check to get_private_key_pkcs8_string()#183
toddr-bot wants to merge 1 commit into
cpan-authors:mainfrom
toddr-bot:koan.toddr.bot/fix-pkcs8-private-check

Conversation

@toddr-bot
Copy link
Copy Markdown
Contributor

@toddr-bot toddr-bot commented May 21, 2026

Summary

  • Add _is_private() guard to get_private_key_pkcs8_string(), matching every other private-key operation
  • Add test for the error case (calling it on a public-only key)

Why

Every private-key operation in RSA.xs validates _is_private() before
proceeding: get_private_key_string, decrypt, private_encrypt,
check_key, sign. The PKCS#8 export variant was missed — calling it
on a public-only key produced silent garbage on pre-3.x or a cryptic
OpenSSL error on 3.x instead of a clear croak.

Same class of bug as PR #143 which fixed the identical gap in
get_private_key_string().

Testing

  • New test in t/format.t verifies the croak message
  • Full test suite passes (all 16 test files)

🤖 Generated with Claude Code

@toddr-bot @claude
Add missing _is_private() check to get_private_key_pkcs8_string()
6e37bfd 
Every private-key operation validates _is_private() before proceeding:
get_private_key_string, decrypt, private_encrypt, check_key, sign.
The PKCS#8 export variant was the sole exception — calling it on a
public-only key produced silent garbage (pre-3.x) or a cryptic
OpenSSL error (3.x) instead of a clear croak.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@toddr-bot