Package: libcrypt-openssl-rsa-perl
Version: 0.41-1
Severity: important
Tags: upstream
X-Debbugs-Cc: [email protected]

Greetings,

it seems Crypt::OpenSSL::RSA::new_private_key can no longer handle a
private key in the PEM format with additional text - like it used to
since possibly the last ten years.

How to repeat:

Generate an according key. Using GnuTLS that's

    certtool --generate-privkey --outfile /tmp/privkey.pem

Or, using OpenSSL and an exsting key:

    openssl rsa -text </path/to/some-private-key  >/tmp/privkey.pem

Then run

    perl parse-key /tmp/privkey.pem

where parse-key:

```
#!/usr/bin/perl

use 5.010;
use strict;
use warnings;

use Crypt::OpenSSL::RSA;
use File::Slurp;
use Test::More;

diag ("Version: $Crypt::OpenSSL::RSA::VERSION");

my $rsa = eval {
    my $content = read_file ($ARGV[0]);
    Crypt::OpenSSL::RSA->new_private_key ($content);
};

ok (defined ($rsa)) or diag ($@);

done_testing;
```

Expected (using Debian 14, "forky"):

```
# Version: 0.35
ok 1
1..1
```

Got (using Debian unstable):

```
# Version: 0.41
not ok 1
#   Failed test at parse-key line 18.
# unrecognized key format: expected PEM-encoded key (starting with 
'-----BEGIN') or DER-encoded key (binary ASN.1 data) at parse-key line 15.
1..1
# Looks like you failed 1 test of 1.
```


To be honest, I didn't spend much time in investigation. It seems the
new_private_key method exists in the newer version only - perhaps it
used to be pure XS code in the past that was more flexible in that
regard?

This however fixes the issue for me:

[ RSA.pm:61 ]
-    if ( $p_key_string =~ /^-----/ ) {
+    if ( $p_key_string =~ /^-----/m ) {

Cheers,

    Christoph

-- System Information:
Debian Release: forky/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.12.94 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libcrypt-openssl-rsa-perl depends on:
ii  libc6                                       2.42-17
ii  libcrypt-openssl-bignum-perl                0.09-2+b4
ii  libcrypt-openssl-random-perl                0.17-1+b3
ii  libssl3t64                                  3.6.3-1
ii  perl                                        5.40.1-8
ii  perl-base [perlapi-5.40.1]                  5.40.1-8
ii  perl-openssl-defaults [perl-openssl-abi-3]  7+b2

libcrypt-openssl-rsa-perl recommends no packages.

libcrypt-openssl-rsa-perl suggests no packages.

-- no debconf information

Attachment: signature.asc
Description: PGP signature

Reply via email to