Package: libcrypt-openssl-rsa-perl Version: 0.41-1 Severity: important Tags: upstream X-Debbugs-Cc: [email protected]
Greetings,
it seems Crypt::OpenSSL::RSA::new_private_key can no longer handle a
private key in the PEM format with additional text - like it used to
since possibly the last ten years.
How to repeat:
Generate an according key. Using GnuTLS that's
certtool --generate-privkey --outfile /tmp/privkey.pem
Or, using OpenSSL and an exsting key:
openssl rsa -text </path/to/some-private-key >/tmp/privkey.pem
Then run
perl parse-key /tmp/privkey.pem
where parse-key:
```
#!/usr/bin/perl
use 5.010;
use strict;
use warnings;
use Crypt::OpenSSL::RSA;
use File::Slurp;
use Test::More;
diag ("Version: $Crypt::OpenSSL::RSA::VERSION");
my $rsa = eval {
my $content = read_file ($ARGV[0]);
Crypt::OpenSSL::RSA->new_private_key ($content);
};
ok (defined ($rsa)) or diag ($@);
done_testing;
```
Expected (using Debian 14, "forky"):
```
# Version: 0.35
ok 1
1..1
```
Got (using Debian unstable):
```
# Version: 0.41
not ok 1
# Failed test at parse-key line 18.
# unrecognized key format: expected PEM-encoded key (starting with
'-----BEGIN') or DER-encoded key (binary ASN.1 data) at parse-key line 15.
1..1
# Looks like you failed 1 test of 1.
```
To be honest, I didn't spend much time in investigation. It seems the
new_private_key method exists in the newer version only - perhaps it
used to be pure XS code in the past that was more flexible in that
regard?
This however fixes the issue for me:
[ RSA.pm:61 ]
- if ( $p_key_string =~ /^-----/ ) {
+ if ( $p_key_string =~ /^-----/m ) {
Cheers,
Christoph
-- System Information:
Debian Release: forky/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 6.12.94 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages libcrypt-openssl-rsa-perl depends on:
ii libc6 2.42-17
ii libcrypt-openssl-bignum-perl 0.09-2+b4
ii libcrypt-openssl-random-perl 0.17-1+b3
ii libssl3t64 3.6.3-1
ii perl 5.40.1-8
ii perl-base [perlapi-5.40.1] 5.40.1-8
ii perl-openssl-defaults [perl-openssl-abi-3] 7+b2
libcrypt-openssl-rsa-perl recommends no packages.
libcrypt-openssl-rsa-perl suggests no packages.
-- no debconf information
signature.asc
Description: PGP signature

