toddr / crypt-openssl-rsa Goto Github PK

View Code? Open in Web Editor NEW

8.0 8.0 24.0 150 KB

Release history of Crypt-OpenSSL-RSA

Home Page: https://metacpan.org/pod/Crypt::OpenSSL::RSA

License: Other

Perl 61.81% XS 38.19%

crypt-openssl-rsa's People

Contributors

Stargazers

Watchers

crypt-openssl-rsa's Issues

Crypt::OpenSSL::Bignum should likely be required

Related to https://github.com/timlegge/perl-Net-SAML2/issues/24. Net::SAML2 has RSA based keys included as a test so calls Crypt-OpenSSL-RSA
my $bigNum = ( $rsaKey->get_key_parameters() )[1];

get_key_parameters requires Crypt::OpenSSL::Bignum

Crypt-OpenSSL-RSA vulnerable to the Marvin Attack

I've tried contacting the maintainer directly over the email twice, but received no reply for two weeks now, as such, I'm filing a public issue.

I've tested the rsa->decrypt() API with PKCS#1v1.5 padding and have verified that it is vulnerable to the Marvin Attack.

There is a clear side-channel that depends on the correctness of the PKCS#1 v1.5 padding.

When executing the attached reproducer with current OpenSSL 3.0 branch (openssl-3.0.13), on an i9-12900KS with extensive tuning, analysing 100 thousand decryptions per sample I got the following result:

Sign test mean p-value: 0.2109, median p-value: 0.02162, min p-value: 0.0
Friedman test (chisquare approximation) for all samples
p-value: 0.0
Worst pair: 1(no_header_with_payload_48), 6(valid_48)
Mean of differences: -5.95866e-07s, 95% CI: -8.33062e-07s, -3.422477e-07s (±2.454e-07s)
Median of differences: -3.64000e-07s, 95% CI: -3.67000e-07s, -3.610000e-07s (±3.000e-09s)
Trimmed mean (5%) of differences: -3.63660e-07s, 95% CI: -3.66392e-07s, -3.607752e-07s (±2.808e-09s)
Trimmed mean (25%) of differences: -3.63709e-07s, 95% CI: -3.66622e-07s, -3.608409e-07s (±2.890e-09s)
Trimmed mean (45%) of differences: -3.63951e-07s, 95% CI: -3.67040e-07s, -3.610646e-07s (±2.988e-09s)
Trimean of differences: -3.64000e-07s, 95% CI: -3.66750e-07s, -3.612500e-07s (±2.750e-09s)
Layperson explanation: Definite side-channel detected, implementation is VULNERABLE

The explanation of the ciphertext names are in the marvin-toolkit repo

The issue is most likely caused by the interface raising an exception here:

Crypt-OpenSSL-RSA/RSA.xs

Lines 221 to 231 in 01fe9b7

    
           to_length = p_crypt( 
        
              from_length, from, (unsigned char*) to, p_rsa->rsa, p_rsa->padding); 
        
           if (to_length < 0) 
        
           { 
        
               Safefree(to); 
        
               CHECK_OPEN_SSL(0); 
        
           } 
        
           sv = newSVpv(to, to_length); 
        
           Safefree(to); 
        
           return sv;

Detailed results (explanation how to interpret them):

legend.csv
report.csv

Reproducer: https://github.com/tomato42/marvin-toolkit/tree/master/example/perl-Crypt-OpenSSL-RSA

Crypt-OpenSSL-RSA will not compile with OpenSSL 3.0.0 due to deprecated code

In OpenSSL 3.0.0's CHANGES.md file, there is this entry:

Removed RSA padding mode for SSLv23 (which was only used for SSLv2). This includes the functionsRSA_padding_check_SSLv23() and RSA_padding_add_SSLv23() and the -ssl option in the deprecated rsautl command.

RSA.xs fails to compile due to the removal of the definition of RSA_SSLV23_PADDING as a part of this change.

Load encrypted private keys by taking $password as an arg [rt.cpan.org #47447]

Migrated from rt.cpan.org#47447 (status was 'open')

Requestors:

[email protected]

Attachments:

Crypt-OpenSSL-RSA-0.25-encrypted-private-keys.diff

From @hachi on 2009-06-29 22:37:22:

I'd like to be able to load encrypted private keys using this module. I've implmented at least one way to do this, and the patch is attached. Is it possible for this to get into the released module?

From [email protected] on 2009-11-01 18:23:24:

This looks like a go start, but it seems incomplete. If the module can
read encrypted passwords, it should also be able to write them; this
would also allow for adding unit test coverage of your new methods to
t/rsa.t. Finally, it would be good to add perldoc to RSA.pm.

From [email protected] on 2011-04-13 22:21:25:

I just uploaded to CPAN a new Crypt::OpenSSL::Common module.

Among other things, it properly initializes the openssl libraries, that
results in that Crypt::OpenSSL::RSA can now load encrypted private keys
without any code modifications using openssl's default prompting.

Please give it a try, and report to me any success/failures.

Thanks.

Sortiz.

From [email protected] on 2015-01-19 06:13:15:

Not relevant to this module.

From [email protected] on 2015-01-19 17:19:02:

Most recent comment in the ticket implies we uploaded a fix in 2011 with no reply.

From [email protected] on 2016-01-02 19:23:02:

On Mon Jan 19 12:19:02 2015, TODDR wrote:

Most recent comment in the ticket implies we uploaded a fix in 2011
with no reply.

I'm not the original reporter, but I thought I'd reopen this bug rather than file a new one.

I agree that it would be useful to be able to read and write encrypted keys.

I disagree with the "implied fix" because the description of Crypt::OpenSSL::Common says:

"For example, the Crypt::OpenSSL::RSA's new_private_key class method now can handle encrypted private keys in the same way the C API does, ie. ** prompting the user** for the pass phrase used to protect the private key"

Crypt::OpenSSL::RSA is useful in CGI scripts and other places where prompting is not possible. Well, I suppose one could redirect stdin & ignore the prompts -- but at that point, one might as well run an "openssl rsa" command in a subprocess.

A solution to the problem would be of the form:

new_private_key( $pem, [$password] ) and
get_private_key_string( $encryption_method, $password ) (e.g. DES-EDE3-CBC, or perhaps a friendly alias...)

Obviously, undef or omitted arguments should produce unencrypted keys as currently.
(Supplying an un-needed password when reading can be ignored.)

An encrypted private key file looks like:

I'm not an XS coder, but here are some pointers that ought to be useful:

https://www.openssl.org/docs/manmaster/crypto/pem.html describe the password callback routines.

Crypt::OpenSSL::CA contains Crypt::OpenSSL::CA::PrivateKey, which knows how to read an encrypted PEM key. Unfortunately, it doesn't provide a means to export the key (encrypted or decrypted).

Thanks for your (re-)consideration.

Private key disappears from the object on leaving scope

I'm hoping this is a bug in Crypt::OpenSSL::RSA and not Crypt::OpenSSL::PKCS10 because the latter isn't maintained any more.

Consider this trivial script:

#!/usr/bin/env perl

use strict;
use warnings;
use feature 'say';

use Crypt::OpenSSL::RSA;
use Crypt::OpenSSL::PKCS10;

sub generate_rsa {
    my $rsa = Crypt::OpenSSL::RSA->generate_key(2048);
    say "Private key immediately after generating: ",
        $rsa->get_private_key_string;

    # Generate a CSR object, and store the resulting CSR string.
    my $csr = Crypt::OpenSSL::PKCS10->new_from_rsa($rsa);
    say "Private key before returning: ", $rsa->get_private_key_string;
    return $rsa;
}
my $rsa = generate_rsa();
say "Private key having returned: ", $rsa->get_private_key_string;

If I run it on perl 5.22.3, Crypt::OpenSSL::RSA 0.31, Crypt::OpenSSL::PKCS10 0.16, I get:

Private key immediately after generating: -----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAvBVZpIZx0XC8rgP59if3eqFm2LaN+FJuihlWSw5Xc8fg7N0w
oZAFwC860pTPfDijjGExAkqlAvWMTR6FIpj2Rj4eUpi1Qq/a7VrU/jEMadz9Xzhj
nV6grCC1O+lPY/s97SQKcsfJH1SAI+hQjXa+8nUALWJn1RqDUCgyL9FsRcb/XMEN
pwUFGw1xoFyp6VGfVZSuDRgCPLtMnIW4NYOaAXXKy/7oT5N6usGARtSTlggl0oi9
pK8o24/niZbUt5NX/ByReuJcZwNO2q38Lds3jx0ubinPcfzcdOr5PwNBrC39wad7
7ecQ4ipUntqSMbHeZwGH/guDXbJzJKlDh1XTlwIDAQABAoIBAQCA/heL2dUnsi0F
H58ILqLxTM6vZIx7uXUsa3IeacialIPzj0OyGoeHJh0unXarmGC6f1HQY4dGP0ep
AHyInOWSiTncpfTyto7saHZZmyQLWs++xXq0TFjflFMXssyLIp13DVfJHrIWNaro
dYUBcGZG/O1RMwNJSTSz/c1ltDiQpVwu4EQn7eJyKLA0k63gIgc75wrglXwx7EQR
1UumsA6EGFlGKdmily8nG5mbeYMyKk3FbOChJwvUTuR7qoHnyMyKWqj2LIqmYhum
q5e8Q6Wp+SBDANBZNCP1bKccMQUpAV4FDTJmwzAlU1VuIXugFNxPFEqimtki0dMz
yEuh74UZAoGBAN3MZ6dL2kJEmQ+S4b3HVAVCD3PCNyzxE+iZLlIc1P1a89MurYpB
OlTkKLXAoBp4U3QABcZElxXk0UoLtT4E4R0kDC05FmBZdL0MrzuzH7psNkuSM++h
Sk8ItjnWGNiUrP2mj6d1r9V1AOc/0gJY2cdG+w2X7pj1T3YzDmeyQFD7AoGBANkW
BywcoQ/r8vRGMpR9cI9IksXpKZtqH2iI6CHv8ualkZUcqMdkw0rbpQEMOjXgKvJs
XmZ3wtbuI99qQoqjh9AaGP7x1tMFtbK3EDH3CtQyGVSq+8uywjVtnXVMsu190/fQ
/IdEGQGRTx3Lntjpoz0ZFat+2hRM/ywvbvjGrF0VAoGAWLJFQUG0JowIKZIzdBEi
KHgidchVCEPgEkQvoealxit5Fhq0i3VKPmh/Xy+I1w0HUnwv0vna8YZvq4zDDeol
m+GufOc3a5Bafr9z1AvtxD9B9zagTlPRw4lYVgioJvRNuaHCENWfW11O3ytGcGnX
rTlVbDo10DVJcZs5R36g+cECgYBcINoYYWoFHMh13Ji4peewF0ea0FIFD+uWbIu/
Y1q9gcSf+JK0VFIBIegL4smNdb4kNdN2PxskJdp5hVoKBk6sBXdYMwBNfB3ZY5Fu
8v3Ygg53/Txw/UMoc4Wgc1V4Lq9Xe4zARykpniZqabDXM4hAdLXamzIn7WlZsiOx
Vndt5QKBgBLOsvuenMa4DMFWwrjIK2n7GPvNL3sWJvfMgzgtSVmsDmWjk/j4bp7O
hiHsziRbFCmUMZkFAxMF48hAkr6XQvU4jX5kGn5KFCw4W/XHbUVy7mb0zal44KRh
sP8jTxKTt3yXJctH0d3haZORx9D3bDTmapB6a6YaSIU6/VHQWfCw
-----END RSA PRIVATE KEY-----

Private key before returning: -----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAvBVZpIZx0XC8rgP59if3eqFm2LaN+FJuihlWSw5Xc8fg7N0w
oZAFwC860pTPfDijjGExAkqlAvWMTR6FIpj2Rj4eUpi1Qq/a7VrU/jEMadz9Xzhj
nV6grCC1O+lPY/s97SQKcsfJH1SAI+hQjXa+8nUALWJn1RqDUCgyL9FsRcb/XMEN
pwUFGw1xoFyp6VGfVZSuDRgCPLtMnIW4NYOaAXXKy/7oT5N6usGARtSTlggl0oi9
pK8o24/niZbUt5NX/ByReuJcZwNO2q38Lds3jx0ubinPcfzcdOr5PwNBrC39wad7
7ecQ4ipUntqSMbHeZwGH/guDXbJzJKlDh1XTlwIDAQABAoIBAQCA/heL2dUnsi0F
H58ILqLxTM6vZIx7uXUsa3IeacialIPzj0OyGoeHJh0unXarmGC6f1HQY4dGP0ep
AHyInOWSiTncpfTyto7saHZZmyQLWs++xXq0TFjflFMXssyLIp13DVfJHrIWNaro
dYUBcGZG/O1RMwNJSTSz/c1ltDiQpVwu4EQn7eJyKLA0k63gIgc75wrglXwx7EQR
1UumsA6EGFlGKdmily8nG5mbeYMyKk3FbOChJwvUTuR7qoHnyMyKWqj2LIqmYhum
q5e8Q6Wp+SBDANBZNCP1bKccMQUpAV4FDTJmwzAlU1VuIXugFNxPFEqimtki0dMz
yEuh74UZAoGBAN3MZ6dL2kJEmQ+S4b3HVAVCD3PCNyzxE+iZLlIc1P1a89MurYpB
OlTkKLXAoBp4U3QABcZElxXk0UoLtT4E4R0kDC05FmBZdL0MrzuzH7psNkuSM++h
Sk8ItjnWGNiUrP2mj6d1r9V1AOc/0gJY2cdG+w2X7pj1T3YzDmeyQFD7AoGBANkW
BywcoQ/r8vRGMpR9cI9IksXpKZtqH2iI6CHv8ualkZUcqMdkw0rbpQEMOjXgKvJs
XmZ3wtbuI99qQoqjh9AaGP7x1tMFtbK3EDH3CtQyGVSq+8uywjVtnXVMsu190/fQ
/IdEGQGRTx3Lntjpoz0ZFat+2hRM/ywvbvjGrF0VAoGAWLJFQUG0JowIKZIzdBEi
KHgidchVCEPgEkQvoealxit5Fhq0i3VKPmh/Xy+I1w0HUnwv0vna8YZvq4zDDeol
m+GufOc3a5Bafr9z1AvtxD9B9zagTlPRw4lYVgioJvRNuaHCENWfW11O3ytGcGnX
rTlVbDo10DVJcZs5R36g+cECgYBcINoYYWoFHMh13Ji4peewF0ea0FIFD+uWbIu/
Y1q9gcSf+JK0VFIBIegL4smNdb4kNdN2PxskJdp5hVoKBk6sBXdYMwBNfB3ZY5Fu
8v3Ygg53/Txw/UMoc4Wgc1V4Lq9Xe4zARykpniZqabDXM4hAdLXamzIn7WlZsiOx
Vndt5QKBgBLOsvuenMa4DMFWwrjIK2n7GPvNL3sWJvfMgzgtSVmsDmWjk/j4bp7O
hiHsziRbFCmUMZkFAxMF48hAkr6XQvU4jX5kGn5KFCw4W/XHbUVy7mb0zal44KRh
sP8jTxKTt3yXJctH0d3haZORx9D3bDTmapB6a6YaSIU6/VHQWfCw
-----END RSA PRIVATE KEY-----

Private key having returned: -----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----

Something is happening to the guts of the Crypt::OpenSSL::RSA object as a side-effect of Crypt::OpenSSL::PKCS10 having done... something to it. Crypt::OpenSSL::RSA is XS so that's as far as I could get.

Get rurban to re-submit his changes

@rurban, would you mind splitting up https://github.com/monken/Crypt-OpenSSL-RSA/pull/3? and re-submitting here as different pull requests? master has changed enough that merging it is impractical at this point.

After upgrading from 0.28 Net::OAuth signature fails

After upgrading from 0.28 signatures calculated by Net::OAuth are not valid anymore.

verify() doesn't clear underlying OpenSSL errors on failure

Consider the following perl program

use Crypt::OpenSSL::X509;
use Crypt::OpenSSL::RSA;
use Net::SSLeay;

my $cert = Crypt::OpenSSL::RSA->new_public_key(Crypt::OpenSSL::X509->new_from_string(<<"EOF")->pubkey());
-----BEGIN CERTIFICATE-----
MIIEpjCCAo4CCQDg0Gknph8e/DANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAls
b2NhbGhvc3QwIBcNMjAwMjA3MTUyNTQxWhgPMjEyMDAxMTQxNTI1NDFaMBQxEjAQ
BgNVBAMMCWxvY2FsaG9zdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
AKXsIUDTlEbTr1A9SuXPyRgw1yzTBKXTctvR0My26QD7ye46qLn2Tif1xynocspr
UqezlMaDdLxuMPhNv7FWDiMYeQzJ7UFem/SPQ/3w0MzrejOQ4zYSWp9ac+Xb6MsK
0z0pdYkpEzTq1H+T+zv5FbbWi4xIXmbKULgNMs2DsKFs3Sl0Ezl/kKGrWNjni6G5
3HfWWNg4UeBzvxqLiNJsTiXF/6AMIv7le/aUhGGu5aFfoeNx0F0lu/jfii/fYFqR
xNqcI8RELexNmSkksxl2XsjtfHTcbVN1GBkSvv+vCg0oTgaU/DZdImEXJXPIrfJ0
ui2JHtv4XdNTHy3MS/fTGys56ycIFtLELpGJI/Bcb1nlSDEVL0XgEEf3KYd9fNQt
oZTxPuWixjwL4S+CPUItGxCTetu1rUvRcXC/IKkrlCTr+ZketB5zzd0n4YOZuq90
TSycSqhFLB9JAEhUzMYvyqteou7CrYAkwTGJGA9twgdSEWeOOpXkxg/IbnoUEeQz
sRBvTfNnRWV5vqy7Pv/8nL6kgnU+tbuuoo80XDMNlOS5LShsf8I2GNGaNyDaz9qz
HtmRR7DOI3AbTROVR22yAmWtRwQ/hrBr/Qr0RcuzJ9gpjQ0kYL4ZCgpowWjsoeP1
17bFayRoG2bVJ8j4MPz8Jcu0Ah8WB6uK8wRumvGFpjWxAgMBAAEwDQYJKoZIhvcN
AQELBQADggIBAEFRIiOLC9/j1s6mR/RdDMhaIQ7a6sWfTmhya5fPokAfDnueRt8J
Dc1LgBAZvrA7Wm20E20zlULKK4Uwq43tJTY5bekZj4s9rDrxKB+EGC5UUHLNTlf/
9ApCuZr+IzcPON8KYXxjLk7aaAZvVMmrvMFFYWTh+gUwckovdB2k5XqmHM8AvAz5
IxnaZtOssbU4JL/r4KYXP8uYMUmUhQFusybNiKs6TJtikhEUOyvcYC5OlcX9xDsv
SojiVtR/EDbQrT2dMHHsA6NYy4JJdLCu5a4++PDEpufK8kmBSr0fyhT+dKiTEtl6
32Ku5WsKFnleoQsb5fLHItar10rAMV6OUdWZsjDHXQyvkkw9Ol3PrTEqmRd9g7KP
HUa//25reBP3ycaifcAXHJS48dmcXdpVqb3Yxz8xQy9wQrq5MNsJw1p5sHkJnqsn
GekplXOzRnlfe8c/abQiRGuKZneu3nvApR8aUK/S78T4m34h5kCuEOEA68u/IjG4
FqVZckVyGVmsFUgLuZZkVCGzonCHd2w1ZUPkjaLOWvB8ZGaby2autOLOJLbDVLFw
3anaPjecPHsz1S5BZhO04IfzrrPamSdSSplvZfpenCfsP5t3D6JQgQ+AEtLUV6YY
tx3+ckPVZTSyisIViUlE1ILy/tZkJ2maKvg9E/iyCu8Yl/nrrKGfN20O
-----END CERTIFICATE-----
EOF

warn 'ERR: '.Net::SSLeay::ERR_get_error()."\n";
unless ($cert->verify('payload', 'abc')) {
   warn "failed\n";
}
warn 'ERR: '.Net::SSLeay::ERR_get_error()."\n";

After the failed verify() call internal OpenSSL error stack is left non-empty with errors in it. That's a problem for end user, since that stack is global and isn't cleared by OpenSSL itself. So if someone peeks into it after the next openssl call, he'll find errors in it, but will assume that it's from theirs call, while in fact they're from verify().

In RSA.xs there's the following block

        case 0:
            CHECK_OPEN_SSL(ERR_peek_error());
            XSRETURN_NO;
            break;

which should presumably handle this situation, but CHECK_OPEN_SSL macro unwraps into

#define CHECK_OPEN_SSL(p_result) if (!(p_result)) croakSsl(__FILE__, __LINE__);
void croakSsl(char* p_file, int p_line)
{
    const char* errorReason;
    /* Just return the top error on the stack */
    errorReason = ERR_reason_error_string(ERR_get_error());
    ERR_clear_error();
    croak("%s:%d: OpenSSL error: %s", p_file, p_line, errorReason);
}

but ERR_peek_error() returns a positive error code, which makes (!p_result) condition to fail, in turn making croakSelf() and thus ERR_clear_error() to not get called.

I propose two possible solutions for this:

change CHECK_OPEN_SSL invocation to CHECK_OPEN_SSL(ERR_peek_error() == 0), making verify() croak on errors instead of returning false
remove CHECK_OPEN_SSL invocation (as it's effectively a no-op here) and call ERR_clear_error() unconditionally instead, retaining return value of verify()

Smoker failure due to URI::cpan

URI::cpan needs Perl >= 5.12

we are trying to use it, need to determine if it s for unit tests or not

https://github.com/toddr/Crypt-OpenSSL-RSA/runs/5501686803?check_suite_focus=true

Crypt::OpenSSL::Guess is up to date. (0.15)
[11](https://github.com/toddr/Crypt-OpenSSL-RSA/runs/5501686803?check_suite_focus=true#step:6:11)
--> Working on Test::Kwalitee
[12](https://github.com/toddr/Crypt-OpenSSL-RSA/runs/5501686803?check_suite_focus=true#step:6:12)
Fetching http://www.cpan.org/authors/id/E/ET/ETHER/Test-Kwalitee-1.28.tar.gz ... OK
[13](https://github.com/toddr/Crypt-OpenSSL-RSA/runs/5501686803?check_suite_focus=true#step:6:13)
Configuring Test-Kwalitee-1.28 ... OK
[14](https://github.com/toddr/Crypt-OpenSSL-RSA/runs/5501686803?check_suite_focus=true#step:6:14)
==> Found dependencies: Module::CPANTS::Analyse
[15](https://github.com/toddr/Crypt-OpenSSL-RSA/runs/5501686803?check_suite_focus=true#step:6:15)
--> Working on Module::CPANTS::Analyse
[16](https://github.com/toddr/Crypt-OpenSSL-RSA/runs/5501686803?check_suite_focus=true#step:6:16)
Fetching http://www.cpan.org/authors/id/I/IS/ISHIGAKI/Module-CPANTS-Analyse-1.01.tar.gz ... OK
[17](https://github.com/toddr/Crypt-OpenSSL-RSA/runs/5501686803?check_suite_focus=true#step:6:17)
Configuring Module-CPANTS-Analyse-1.01 ... OK
[18](https://github.com/toddr/Crypt-OpenSSL-RSA/runs/5501686803?check_suite_focus=true#step:6:18)
==> Found dependencies: Perl::PrereqScanner::NotQuiteLite
[19](https://github.com/toddr/Crypt-OpenSSL-RSA/runs/5501686803?check_suite_focus=true#step:6:19)
--> Working on Perl::PrereqScanner::NotQuiteLite
[20](https://github.com/toddr/Crypt-OpenSSL-RSA/runs/5501686803?check_suite_focus=true#step:6:20)
Fetching http://www.cpan.org/authors/id/I/IS/ISHIGAKI/Perl-PrereqScanner-NotQuiteLite-0.9914.tar.gz ... OK
[21](https://github.com/toddr/Crypt-OpenSSL-RSA/runs/5501686803?check_suite_focus=true#step:6:21)
Configuring Perl-PrereqScanner-NotQuiteLite-0.9914 ... OK
[22](https://github.com/toddr/Crypt-OpenSSL-RSA/runs/5501686803?check_suite_focus=true#step:6:22)
==> Found dependencies: URI::cpan
[23](https://github.com/toddr/Crypt-OpenSSL-RSA/runs/5501686803?check_suite_focus=true#step:6:23)
--> Working on URI::cpan
[24](https://github.com/toddr/Crypt-OpenSSL-RSA/runs/5501686803?check_suite_focus=true#step:6:24)
Fetching http://www.cpan.org/authors/id/R/RJ/RJBS/URI-cpan-1.008.tar.gz ... OK
[25](https://github.com/toddr/Crypt-OpenSSL-RSA/runs/5501686803?check_suite_focus=true#step:6:25)
! Configure failed for URI-cpan-1.008. See /github/home/.cpanm/work/1646941824.5444/build.log for details.
[26](https://github.com/toddr/Crypt-OpenSSL-RSA/runs/5501686803?check_suite_focus=true#step:6:26)
! Installing the dependencies failed: Module 'URI::cpan' is not installed
[27](https://github.com/toddr/Crypt-OpenSSL-RSA/runs/5501686803?check_suite_focus=true#step:6:27)
! Bailing out the installation for Perl-PrereqScanner-NotQuiteLite-0.9914.
[28](https://github.com/toddr/Crypt-OpenSSL-RSA/runs/5501686803?check_suite_focus=true#step:6:28)
! Installing the dependencies failed: Module 'Perl::PrereqScanner::NotQuiteLite' is not installed
[29](https://github.com/toddr/Crypt-OpenSSL-RSA/runs/5501686803?check_suite_focus=true#step:6:29)
! Bailing out the installation for Module-CPANTS-Analyse-1.01.
[30](https://github.com/toddr/Crypt-OpenSSL-RSA/runs/5501686803?check_suite_focus=true#step:6:30)
! Installing the dependencies failed: Module 'Module::CPANTS::Analyse' is not installed
[31](https://github.com/toddr/Crypt-OpenSSL-RSA/runs/5501686803?check_suite_focus=true#step:6:31)
! Bailing out the installation for Test-Kwalitee-1.28.
[32](https://github.com/toddr/Crypt-OpenSSL-RSA/runs/5501686803?check_suite_focus=true#step:6:32)
Configuring URI-cpan-1.008 ... N/A
[33](https://github.com/toddr/Crypt-OpenSSL-RSA/runs/5501686803?check_suite_focus=true#step:6:33)
Test::CPAN::Meta is up to date. (0.25)
[34](https://github.com/toddr/Crypt-OpenSSL-RSA/runs/5501686803?check_suite_focus=true#step:6:34)
Perl::MinimumVersion is up to date. (1.40)
[35](https://github.com/toddr/Crypt-OpenSSL-RSA/runs/5501686803?check_suite_focus=true#step:6:35)
Test::Pod::Coverage is up to date. (1.10)
[36](https://github.com/toddr/Crypt-OpenSSL-RSA/runs/5501686803?check_suite_focus=true#step:6:36)
Test::Pod is up to date. (1.52)
[37](https://github.com/toddr/Crypt-OpenSSL-RSA/runs/5501686803?check_suite_focus=true#step:6:37)
Test::MinimumVersion is up to date. (0.101082)
[38](https://github.com/toddr/Crypt-OpenSSL-RSA/runs/5501686803?check_suite_focus=true#step:6:38)
Crypt::OpenSSL::Bignum is up to date. (0.09)
[39](https://github.com/toddr/Crypt-OpenSSL-RSA/runs/5501686803?check_suite_focus=true#step:6:39)
Error: Process completed with exit code 1.

Errors building on Mac OSX 10.12.1 [rt.cpan.org #119018]

Migrated from rt.cpan.org#119018 (status was 'open')

Requestors:

[email protected]

From [email protected] on 2016-11-28 19:06:34:

Trying to cpanm install on Mac OSX 10.12.1 to 5.24.0 (using plenv). Here's
the build log:
cpanm (App::cpanminus) 1.7042 on perl 5.024000 built for darwin-2level
Work directory is /Users/squinlan/.cpanm/work/1480359360.88921
You have make /usr/bin/make
You have LWP 6.15
You have /usr/bin/tar: bsdtar 2.8.3 - libarchive 2.8.3
You have /usr/bin/unzip
Searching Crypt::OpenSSL::RSA on mirror
http://104.196.119.58:3111/stacks/5.24.0-dev ...
Downloading index file
http://104.196.119.58:3111/stacks/5.24.0-dev/modules/02packages.details.txt.gz
...
--> Working on Crypt::OpenSSL::RSA
Fetching
http://104.196.119.58:3111/stacks/5.24.0-dev/authors/id/P/PE/PERLER/Crypt-OpenSSL-RSA-0.28.tar.gz
-> OK
Unpacking Crypt-OpenSSL-RSA-0.28.tar.gz
Entering Crypt-OpenSSL-RSA-0.28
Checking configure dependencies from META.json
Checking if you have ExtUtils::MakeMaker 6.58 ... Yes (7.24)
Configuring Crypt-OpenSSL-RSA-0.28
Running Makefile.PL
Checking if your kit is complete...
Looks good
Generating a Unix-style Makefile
Writing Makefile for Crypt::OpenSSL::RSA
Writing MYMETA.yml and MYMETA.json
-> OK
Checking dependencies from MYMETA.json ...
Checking if you have Test 0 ... Yes (1.28)
Checking if you have ExtUtils::MakeMaker 0 ... Yes (7.24)
Checking if you have Crypt::OpenSSL::Random 0 ... Yes (0.11)
Building and testing Crypt-OpenSSL-RSA-0.28
cp RSA.pm blib/lib/Crypt/OpenSSL/RSA.pm
AutoSplitting blib/lib/Crypt/OpenSSL/RSA.pm
(blib/lib/auto/Crypt/OpenSSL/RSA)
Running Mkbootstrap for RSA ()
chmod 644 "RSA.bs"
"/Users/squinlan/.plenv/versions/5.24.0/bin/perl5.24.0"
-MExtUtils::Command::MM -e 'cp_nonempty' -- RSA.bs
blib/arch/auto/Crypt/OpenSSL/RSA/RSA.bs 644
"/Users/squinlan/.plenv/versions/5.24.0/bin/perl5.24.0"
"/Users/squinlan/.plenv/versions/5.24.0/lib/perl5/5.24.0/ExtUtils/xsubpp"
 -typemap
'/Users/squinlan/.plenv/versions/5.24.0/lib/perl5/5.24.0/ExtUtils/typemap'
-typemap
'/Users/squinlan/.cpanm/work/1480359360.88921/Crypt-OpenSSL-RSA-0.28/typemap'
 RSA.xs > RSA.xsc
mv RSA.xsc RSA.c
cc -c   -I/usr/local/opt/openssl/include -L/usr/local/opt/openssl/lib -O3
-DVERSION=\"0.28\" -DXS_VERSION=\"0.28\"
 "-I/Users/squinlan/.plenv/versions/5.24.0/lib/perl5/5.24.0/darwin-2level/CORE"
 -DPERL5 -DOPENSSL_NO_KRB5 RSA.c
clang: warning: argument unused during compilation:
'-L/usr/local/opt/openssl/lib'
rm -f blib/arch/auto/Crypt/OpenSSL/RSA/RSA.bundle
LD_RUN_PATH="/usr/lib" cc  -mmacosx-version-min=10.12 -bundle -undefined
dynamic_lookup -L/usr/local/lib -fstack-protector-strong RSA.o  -o
blib/arch/auto/Crypt/OpenSSL/RSA/RSA.bundle  \
  -lssl -lcrypto   \

chmod 755 blib/arch/auto/Crypt/OpenSSL/RSA/RSA.bundle
Manifying 1 pod document
"/Users/squinlan/.plenv/versions/5.24.0/bin/perl5.24.0"
-MExtUtils::Command::MM -e 'cp_nonempty' -- RSA.bs
blib/arch/auto/Crypt/OpenSSL/RSA/RSA.bs 644
PERL_DL_NONLAZY=1 "/Users/squinlan/.plenv/versions/5.24.0/bin/perl5.24.0"
"-MExtUtils::Command::MM" "-MTest::Harness" "-e" "undef
*Test::Harness::Switches; test_harness(0, 'blib/lib', 'blib/arch')" t/*.t
panic: sv_setpvn called with negative strlen -1152921504606846899 at
t/bignum.t line 66.
t/bignum.t ..
Dubious, test returned 255 (wstat 65280, 0xff00)
Failed 53/64 subtests
perl5.24.0(89280,0x7fffdc69c3c0) malloc: ***
mach_vm_map(size=8070450532247932928) failed (error code=3)
*** error: can't allocate region
*** set a breakpoint in malloc_error_break to debug
Out of memory!
t/format.t ..
Dubious, test returned 1 (wstat 256, 0x100)
Failed 8/10 subtests
panic: sv_setpvn called with negative strlen -2305843009213693061 at
t/rsa.t line 82.
t/rsa.t .....
Dubious, test returned 255 (wstat 65280, 0xff00)
Failed 45/63 subtests

Test Summary Report
-------------------
t/bignum.t (Wstat: 65280 Tests: 11 Failed: 0)
  Non-zero exit status: 255
  Parse errors: Bad plan.  You planned 64 tests but ran 11.
t/format.t (Wstat: 256 Tests: 2 Failed: 0)
  Non-zero exit status: 1
  Parse errors: Bad plan.  You planned 10 tests but ran 2.
t/rsa.t   (Wstat: 65280 Tests: 18 Failed: 0)
  Non-zero exit status: 255
  Parse errors: Bad plan.  You planned 63 tests but ran 18.
Files=3, Tests=31,  0 wallclock secs ( 0.02 usr  0.01 sys +  0.07 cusr
 0.01 csys =  0.11 CPU)
Result: FAIL
Failed 3/3 test programs. 0/31 subtests failed.
make: *** [test_dynamic] Error 255
-> FAIL Installing Crypt::OpenSSL::RSA failed. See
/Users/squinlan/.cpanm/work/1480359360.88921/build.log for details. Retry
with --force to force install it.

Here's my perl -V:
Summary of my perl5 (revision 5 version 24 subversion 0) configuration:

  Platform:
    osname=darwin, osvers=16.1.0, archname=darwin-2level
    uname='darwin bur-squinlan-m.local 16.1.0 darwin kernel version 16.1.0:
thu oct 13 21:26:57 pdt 2016; root:xnu-3789.21.3~60release_x86_64 x86_64 '
    config_args='-Dprefix=/Users/squinlan/.plenv/versions/5.24.0 -de
-Dusedevel -A'eval:scriptdir=/Users/squinlan/.plenv/versions/5.24.0/bin''
    hint=recommended, useposix=true, d_sigaction=define
    useithreads=undef, usemultiplicity=undef
    use64bitint=define, use64bitall=define, uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
  Compiler:
    cc='cc', ccflags ='-fno-common -DPERL_DARWIN -mmacosx-version-min=10.12
-fno-strict-aliasing -pipe -fstack-protector-strong -I/usr/local/include',
    optimize='-O3',
    cppflags='-fno-common -DPERL_DARWIN -mmacosx-version-min=10.12
-fno-strict-aliasing -pipe -fstack-protector-strong -I/usr/local/include'
    ccversion='', gccversion='4.2.1 Compatible Apple LLVM 8.0.0
(clang-800.0.42.1)', gccosandvers=''
    intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678,
doublekind=3
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16,
longdblkind=3
    ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t',
lseeksize=8
    alignbytes=8, prototype=define
  Linker and Libraries:
    ld='cc', ldflags =' -mmacosx-version-min=10.12 -fstack-protector-strong
-L/usr/local/lib'
    libpth=/usr/local/lib
/Library/Developer/CommandLineTools/usr/bin/../lib/clang/8.0.0/lib
/Library/Developer/CommandLineTools/usr/lib /usr/lib
    libs=-lpthread -ldbm -ldl -lm -lutil -lc
    perllibs=-lpthread -ldl -lm -lutil -lc
    libc=, so=dylib, useshrplib=false, libperl=libperl.a
    gnulibc_version=''
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=bundle, d_dlsymun=undef, ccdlflags=' '
    cccdlflags=' ', lddlflags=' -mmacosx-version-min=10.12 -bundle
-undefined dynamic_lookup -L/usr/local/lib -fstack-protector-strong'


Characteristics of this binary (from libperl):
  Compile-time options: HAS_TIMES PERLIO_LAYERS PERL_COPY_ON_WRITE
                        PERL_DONT_CREATE_GVSV
                        PERL_HASH_FUNC_ONE_AT_A_TIME_HARD PERL_MALLOC_WRAP
                        PERL_PRESERVE_IVUV PERL_USE_DEVEL USE_64_BIT_ALL
                        USE_64_BIT_INT USE_LARGE_FILES USE_LOCALE
                        USE_LOCALE_COLLATE USE_LOCALE_CTYPE
                        USE_LOCALE_NUMERIC USE_LOCALE_TIME USE_PERLIO
                        USE_PERL_ATOF
  Locally applied patches:
Devel::PatchPerl 1.40
  Built under darwin
  Compiled at Nov 28 2016 13:06:51
  %ENV:
    PERL5LIB="/Users/squinlan/devel/core/perl_lib"
    PERL_MM_OPT="CCFLAGS="-I/usr/local/opt/openssl/include
-L/usr/local/opt/openssl/lib""
  @INC:
    /Users/squinlan/devel/core/perl_lib

/Users/squinlan/.plenv/versions/5.24.0/lib/perl5/site_perl/5.24.0/darwin-2level
    /Users/squinlan/.plenv/versions/5.24.0/lib/perl5/site_perl/5.24.0
    /Users/squinlan/.plenv/versions/5.24.0/lib/perl5/5.24.0/darwin-2level
    /Users/squinlan/.plenv/versions/5.24.0/lib/perl5/5.24.0
    .

Please let me know if there is any additional information I can supply.

-Thanks,
Sean

From [email protected] on 2016-12-02 23:24:58:

On Mon Nov 28 14:06:34 2016, [email protected] wrote:
> Trying to cpanm install on Mac OSX 10.12.1 to 5.24.0 (using plenv).

Do you perhaps have homebrew installed? And OpenSSL installed from homebrew? What version do you get when you do "openssl version"?

OS X comes installed with 0.9.8zh, but it doesn't provide the headers. If you install openssl via homebrew, you get the headers for 1.0.2j. These are incompatible, and though the compiling and linking succeeds, running fails due to integer differences (that's why it tries to allocate 3-4 exabytes of memory, which is kind of difficult to do).

I solved this by downloading the right version of OpenSSL from https://www.openssl.org/source/old/0.9.x/. Then extracting it, running `./config` which populates the `include` directory, and then running `cp -LR include/openssl /usr/local/include`.

From [email protected] on 2016-12-05 17:02:47:

Yes indeed, homebrew for openssl installs. Version is OpenSSL 0.9.8zh 14
Jan 2016

FYI I use the following to get Net::SSLeay etc to install:
export PERL_MM_OPT='CCFLAGS="-I/usr/local/opt/openssl/include
-L/usr/local/opt/openssl/lib"'

But that didn't seem to be sufficient for Crypt::OpenSSL::RSA?

(interestingly I had to unset that to get DBD::Pg to compile)

I will try your suggestion after I next backup. Thank you!

-Cheers,
Sean



On Fri, Dec 2, 2016 at 6:24 PM, Doug Bell via RT <
[email protected]> wrote:

> <URL: https://rt.cpan.org/Ticket/Display.html?id=119018 >
>
> On Mon Nov 28 14:06:34 2016, [email protected] wrote:
> > Trying to cpanm install on Mac OSX 10.12.1 to 5.24.0 (using plenv).
>
> Do you perhaps have homebrew installed? And OpenSSL installed from
> homebrew? What version do you get when you do "openssl version"?
>
> OS X comes installed with 0.9.8zh, but it doesn't provide the headers. If
> you install openssl via homebrew, you get the headers for 1.0.2j. These are
> incompatible, and though the compiling and linking succeeds, running fails
> due to integer differences (that's why it tries to allocate 3-4 exabytes of
> memory, which is kind of difficult to do).
>
> I solved this by downloading the right version of OpenSSL from
> https://www.openssl.org/source/old/0.9.x/. Then extracting it, running
> `./config` which populates the `include` directory, and then running `cp
> -LR include/openssl /usr/local/include`.
>

From [email protected] on 2016-12-14 18:08:33:

Doug, finally got to installing a new perl version and re-building these
modules after installing the matching header per your suggestion appears to
have completely solved the problem. Thanks!

-Cheers,
Sean

On Mon, Dec 5, 2016 at 12:01 PM, Sean Quinlan <[email protected]>
wrote:

> Yes indeed, homebrew for openssl installs. Version is OpenSSL 0.9.8zh 14
> Jan 2016
>
> FYI I use the following to get Net::SSLeay etc to install:
> export PERL_MM_OPT='CCFLAGS="-I/usr/local/opt/openssl/include
> -L/usr/local/opt/openssl/lib"'
>
> But that didn't seem to be sufficient for Crypt::OpenSSL::RSA?
>
> (interestingly I had to unset that to get DBD::Pg to compile)
>
> I will try your suggestion after I next backup. Thank you!
>
> -Cheers,
> Sean
>
>
>
> On Fri, Dec 2, 2016 at 6:24 PM, Doug Bell via RT <
> [email protected]> wrote:
>
>> <URL: https://rt.cpan.org/Ticket/Display.html?id=119018 >
>>
>> On Mon Nov 28 14:06:34 2016, [email protected] wrote:
>> > Trying to cpanm install on Mac OSX 10.12.1 to 5.24.0 (using plenv).
>>
>> Do you perhaps have homebrew installed? And OpenSSL installed from
>> homebrew? What version do you get when you do "openssl version"?
>>
>> OS X comes installed with 0.9.8zh, but it doesn't provide the headers. If
>> you install openssl via homebrew, you get the headers for 1.0.2j. These are
>> incompatible, and though the compiling and linking succeeds, running fails
>> due to integer differences (that's why it tries to allocate 3-4 exabytes of
>> memory, which is kind of difficult to do).
>>
>> I solved this by downloading the right version of OpenSSL from
>> https://www.openssl.org/source/old/0.9.x/. Then extracting it, running
>> `./config` which populates the `include` directory, and then running `cp
>> -LR include/openssl /usr/local/include`.
>>
>
>

From [email protected] on 2017-02-24 09:17:40:

I have to remove `-lssl -lcrypto` from Line 22, then it works.

On Wed Dec 14 13:08:33 2016, [email protected] wrote:
> Doug, finally got to installing a new perl version and re-building
> these
> modules after installing the matching header per your suggestion
> appears to
> have completely solved the problem. Thanks!
> 
> -Cheers,
> Sean
> 
> On Mon, Dec 5, 2016 at 12:01 PM, Sean Quinlan
> <[email protected]>
> wrote:
> 
> > Yes indeed, homebrew for openssl installs. Version is OpenSSL 0.9.8zh
> > 14
> > Jan 2016
> >
> > FYI I use the following to get Net::SSLeay etc to install:
> > export PERL_MM_OPT='CCFLAGS="-I/usr/local/opt/openssl/include
> > -L/usr/local/opt/openssl/lib"'
> >
> > But that didn't seem to be sufficient for Crypt::OpenSSL::RSA?
> >
> > (interestingly I had to unset that to get DBD::Pg to compile)
> >
> > I will try your suggestion after I next backup. Thank you!
> >
> > -Cheers,
> > Sean
> >
> >
> >
> > On Fri, Dec 2, 2016 at 6:24 PM, Doug Bell via RT <
> > [email protected]> wrote:
> >
> >> <URL: https://rt.cpan.org/Ticket/Display.html?id=119018 >
> >>
> >> On Mon Nov 28 14:06:34 2016, [email protected] wrote:
> >> > Trying to cpanm install on Mac OSX 10.12.1 to 5.24.0 (using
> >> > plenv).
> >>
> >> Do you perhaps have homebrew installed? And OpenSSL installed from
> >> homebrew? What version do you get when you do "openssl version"?
> >>
> >> OS X comes installed with 0.9.8zh, but it doesn't provide the
> >> headers. If
> >> you install openssl via homebrew, you get the headers for 1.0.2j.
> >> These are
> >> incompatible, and though the compiling and linking succeeds, running
> >> fails
> >> due to integer differences (that's why it tries to allocate 3-4
> >> exabytes of
> >> memory, which is kind of difficult to do).
> >>
> >> I solved this by downloading the right version of OpenSSL from
> >> https://www.openssl.org/source/old/0.9.x/. Then extracting it,
> >> running
> >> `./config` which populates the `include` directory, and then running
> >> `cp
> >> -LR include/openssl /usr/local/include`.
> >>
> >
> >

Unrecognized key format

I am trying to use the following pem key but I get the error message: unrecognized key format. I believe the key is valid. Please tell me how to load it into Crypt::OpenSSL::RSA ? Thanks!

use warnings FATAL => qw(all);
use strict;
use Crypt::OpenSSL::RSA;

my $pub = Crypt::OpenSSL::RSA->new_public_key(&pub);                # unrecognized key format.

sub pub{<<END}
-----BEGIN CERTIFICATE-----
MIIDBTCCAe2gAwIBAgIJVUA+C4kFeX1SMA0GCSqGSIb3DQEBCwUAMCAxHjAcBgNV
BAMTFWFwcGFhcHBzLnVzLmF1dGgwLmNvbTAeFw0yMDExMTgxODMxMDBaFw0zNDA3
MjgxODMxMDBaMCAxHjAcBgNVBAMTFWFwcGFhcHBzLnVzLmF1dGgwLmNvbTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMca4+tiTHOTYXieazgmqth3Llx/
07uLDvu2cYy37EKI5aR++Hajgqrxi9aMC7DeI2dGvaBuL7TdVokMoIlB1VYu98uD
O4NYjMdQXuhWFTb21uL5p7nCywTadeBNc5TjS3yNUvKWfjhjXhMQRA1shIWozFei
FUMcDdX9Pj6FdUlE7LYlTTBngGyrT/fceOw28sO+eSQTQkX9bxRjbY+mdmdIJgAm
scURy9U874nP7QOf2n6HN6SslbqbkErKI3DrssdurXssyXHDRehF7l/SSDq7C4v7
r6W7ZzBlh35/XbJa8a6qY0yLt8makm77Vqw1HLFpjidj2EqgIZC0GpqsuvUCAwEA
AaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUWMPdJRDcmkEQI3rAo34O
C9ULv4EwDgYDVR0PAQH/BAQDAgKEMA0GCSqGSIb3DQEBCwUAA4IBAQAy596RGv/P
wUZ5kc1vWidWS5znNhl95crFHCusKsIVcwqOJTwQLMOmW7JPqt139Fi73tyiBwGp
FIWbdyNqdGOxVo8FtBUrQ2ymGNXg57SRVfO4NqSQfjbmM+JniVeAyemFzMblHhMV
GBH+X37ATtdmpewlW+xjIxXpENvPmLvfxmEKhlKsjUMCqCDFIcuiMbO0g3STz4dS
X9HcQLdAZMbOKsrTaWznLVb95jFmkaCMuENU9h8HQcvMHDUcaFAcDcM7DHp5pYGF
lOIuop1AMQQRzkqtqXqDtaLciUUo4DP31PqlTblJaobcR4uRujaN9F0zam+cFkS6
6TpUzMupcHT2
-----END CERTIFICATE-----
END

Patch to add functions to work with private keys [rt.cpan.org #122135]

Migrated from rt.cpan.org#122135 (status was 'new')

Requestors:

[email protected]

Attachments:

rsa.diff

From [email protected] on 2017-06-19 18:24:09:

See attached patch. See also:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220136

Does not install on Mac OS 12 (Monetery)

With a brew perl 5.34, you can get this:

--> Working on Crypt::OpenSSL::RSA
Fetching http://cpan.metacpan.org/authors/id/T/TO/TODDR/Crypt-OpenSSL-RSA-0.31.tar.gz
-> OK
Unpacking Crypt-OpenSSL-RSA-0.31.tar.gz
Copying Crypt-OpenSSL-RSA-0.31.tar.gz to [...]
Entering Crypt-OpenSSL-RSA-0.31
Checking configure dependencies from META.json
Checking if you have Crypt::OpenSSL::Guess 0.11 ... No
Checking if you have ExtUtils::MakeMaker 7.20 ... Yes (7.62)
==> Found dependencies: Crypt::OpenSSL::Guess
[...]
Configuring Crypt-OpenSSL-RSA-0.31
Running Makefile.PL
Warning: prerequisite Crypt::OpenSSL::Random 0 not found.
Checking if your kit is complete...
Looks good
WARNING: /opt/homebrew/Cellar/perl/5.34.0/bin/perl is loading libcrypto in an unsafe way
-> N/A
-> FAIL No MYMETA file is found after configure. Your toolchain is too old?
-> FAIL Configure failed for Crypt-OpenSSL-RSA-0.31. [...]

The issue appears to be trying to load an unversioned libcrypto causes it to now deliberately crash.

Someone at MacPorts has proposed this fix for Net::SSLeay: macports/macports-ports#12704 (based on this ticket https://trac.macports.org/ticket/63415 ), and if that was correct then an equivalent change could be made to Guess.pm in Crypt::OpenSSL::Guess, I think?

Net::SSLeay 'fixed' apparently in radiator-software/p5-net-ssleay#292 (unneeded in Guess, I think, as that uses brew prefix) but radiator-software/p5-net-ssleay#268 (comment) said you also needed to symlink in files, so did it actually fix it? Not sure.

I don't have a Monterey machine myself, this is second hand from someone trying to install something. I'm not sure at present if they had openssl installed via brew or not, and whether that would have resolved this, will try and get them to try it.

Documentation incorrect/inconsistent

Here:

https://metacpan.org/pod/Crypt::OpenSSL::RSA

it says "use_sha256_hash is the default hash mode when available" - which is not correct.

Here:

https://github.com/toddr/Crypt-OpenSSL-RSA

it says "use_sha1_hash is the default".

Please correct it on cpan, so others don't waste time thinking "use_sha256_hash()" is unnecessary. :-)

Thanks for the great module!

RSA.xs:218: OpenSSL error: sslv3 rollback attack

Code that has worked for years is now getting an error when decrypting a string. Is there something new that I need to do to support the latest openssl?

$rsa = Crypt::OpenSSL::RSA->new_private_key($privkeytext);
$rsa->use_sslv23_padding();
$clrText = $rsa->decrypt($encString);

The private key is id_rsa.pem format
Text encrypted using a public key in id_rsa.pub.pem format

Add static compatibiltiy between COR and Net::SSLeay [rt.cpan.org #123936]

Migrated from rt.cpan.org#123936 (status was 'new')

Requestors:

[email protected]

Attachments:

linkerror.txt

From [email protected] on 2017-12-23 20:58:51:

The Net::SSLeay module is already using in XS the function name "bn2sv", resulting in compiling error, at least if you try to compile statically. (See attached linkerror.txt)

The following short patch fixes this issue:

--- failing/Crypt-OpenSSL-RSA-0.28/RSA.xs	2011-08-24 22:57:35.000000000 +0000
+++ working/Crypt-OpenSSL-RSA-0.28/RSA.xs	2017-12-23 20:44:17.182419988 +0000
@@ -136,7 +136,7 @@
     }
 }
 
-SV* bn2sv(BIGNUM* p_bn)
+SV* cor_bn2sv(BIGNUM* p_bn)
 {
     return p_bn != NULL
         ? sv_2mortal(newSViv((IV) BN_dup(p_bn)))
@@ -387,14 +387,14 @@
 {
     RSA* rsa;
     rsa = p_rsa->rsa;
-    XPUSHs(bn2sv(rsa->n));
-    XPUSHs(bn2sv(rsa->e));
-    XPUSHs(bn2sv(rsa->d));
-    XPUSHs(bn2sv(rsa->p));
-    XPUSHs(bn2sv(rsa->q));
-    XPUSHs(bn2sv(rsa->dmp1));
-    XPUSHs(bn2sv(rsa->dmq1));
-    XPUSHs(bn2sv(rsa->iqmp));
+    XPUSHs(cor_bn2sv(rsa->n));
+    XPUSHs(cor_bn2sv(rsa->e));
+    XPUSHs(cor_bn2sv(rsa->d));
+    XPUSHs(cor_bn2sv(rsa->p));
+    XPUSHs(cor_bn2sv(rsa->q));
+    XPUSHs(cor_bn2sv(rsa->dmp1));
+    XPUSHs(cor_bn2sv(rsa->dmq1));
+    XPUSHs(cor_bn2sv(rsa->iqmp));
 }
 
 SV*

Fails to Compile on OS/X [rt.cpan.org #122552]

Migrated from rt.cpan.org#122552 (status was 'new')

Requestors:

[email protected]

From [email protected] on 2017-07-20 17:28:22:

cc -c   -fno-common -DPERL_DARWIN -O2 -W -Wformat=2 -Wswitch -Wshadow -Wwrite-strings -Wuninitialized -Wall -pipe -mtune=native -march=native -fomit-frame-pointer -msse2 -msse -mmmx -D_FORTIFY_SOURCE=2 -I/usr/local/include -O3   -DVERSION=\"0.28\" -DXS_VERSION=\"0.28\"  "-I/Users/hornenj/perl5/perlbrew/perls/perl-5.26.0/lib/5.26.0/darwin-thread-multi-2level/CORE" -DPERL5 -DOPENSSL_NO_KRB5 RSA.c
RSA.xs:52:22: error: incomplete definition of type 'struct rsa_st'
    return(p_rsa->rsa->d != NULL);
           ~~~~~~~~~~^
/usr/include/openssl/include/openssl/ossl_typ.h:110:16: note: forward
      declaration of 'struct rsa_st'
typedef struct rsa_st RSA;

Missing dependency Crypt::OpenSSL::Guess

Crypt::OpenSSL::Guess has probably to be specified in configure_requires:

Output from '/usr/perl5.26.0p/bin/perl5.26.0 Makefile.PL':

Can't locate Crypt/OpenSSL/Guess.pm in @INC (you may need to install the Crypt::OpenSSL::Guess module) (@INC contains: /var/tmp/cpansmoker-1023/2018041415/CPAN-Reporter-lib-lhtS /usr/perl5.26.0p/lib/site_perl/5.26.0/amd64-freebsd /usr/perl5.26.0p/lib/site_perl/5.26.0 /usr/perl5.26.0p/lib/5.26.0/amd64-freebsd /usr/perl5.26.0p/lib/5.26.0 .) at Makefile.PL line 6.
BEGIN failed--compilation aborted at Makefile.PL line 6.

0.30 breaks other CPAN modules

I already opened an issue for a new failure of Authen-NZRealMe (catalyst/Authen-NZRealMe#5) and now stumbled over the next failure: RIZEN/AWS-SNS-Verify-0.0102.tar.gz fails, according to statistical analysis also because of Crypt::OpenSSL::RSA 0.30.

	to_length = p_crypt(
	from_length, from, (unsigned char*) to, p_rsa->rsa, p_rsa->padding);

	if (to_length < 0)
	{
	Safefree(to);
	CHECK_OPEN_SSL(0);
	}
	sv = newSVpv(to, to_length);
	Safefree(to);
	return sv;

toddr / crypt-openssl-rsa Goto Github PK

crypt-openssl-rsa's People

Contributors

Stargazers

Watchers

Forkers

crypt-openssl-rsa's Issues

Recommend Projects

Recommend Topics

Recommend Org