author: Kurt Jaeger <pi@FreeBSD.org> 2017-06-19 18:14:54 +0000
committer: Kurt Jaeger <pi@FreeBSD.org> 2017-06-19 18:14:54 +0000
commit: 95e88f73e20e72b9af38c4b97996c34933801817 (patch)
tree: 6d8219a798b05a1f4060c451d55f7358d8bdcc94 /security/p5-Crypt-OpenSSL-RSA
parent: f96774ea51977e9c7dc9e9ac15ba7fb275deaea0 (diff)
4 files changed, 198 insertions, 1 deletions
diff --git a/security/p5-Crypt-OpenSSL-RSA/Makefile b/security/p5-Crypt-OpenSSL-RSA/Makefile
index 4aa948f34d01..959eae0c935a 100644
--- a/security/p5-Crypt-OpenSSL-RSA/Makefile
+++ b/security/p5-Crypt-OpenSSL-RSA/Makefile
@@ -3,7 +3,7 @@
 
 PORTNAME=	Crypt-OpenSSL-RSA
 PORTVERSION=	0.28
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	security perl5
 MASTER_SITES=	CPAN
 PKGNAMEPREFIX=	p5-
diff --git a/security/p5-Crypt-OpenSSL-RSA/files/patch-RSA.pm b/security/p5-Crypt-OpenSSL-RSA/files/patch-RSA.pm
new file mode 100644
index 000000000000..03964488f4d5
--- /dev/null
+++ b/security/p5-Crypt-OpenSSL-RSA/files/patch-RSA.pm
@@ -0,0 +1,61 @@
+--- RSA.pm.orig	2017-06-19 18:08:26 UTC
++++ RSA.pm
+@@ -14,8 +14,31 @@ $VERSION = '0.28';
+ 
+ bootstrap Crypt::OpenSSL::RSA $VERSION;
+ 
++sub new_private_key {
++
++    my ($self, $keystring, $passin) = @_;
++
++    if (length ($passin) > 0 ) {
++        return $self->_new_enc_private_key($keystring, $passin);
++    }
++    return $self->_new_private_key($keystring);
++}
++
++sub get_private_key_string {
++
++    my ($self, $passout, $cipher) = @_;
++
++    if (length ($passout) > 0 && length ($cipher) > 0) {
++        return $self->_get_enc_private_key_string($passout, $cipher);
++    } elsif (length $passout > 0) { 
++        return $self->_get_enc_private_key_string($passout, "aes-256-cbc");
++    }
++    return $self->_get_private_key_string();
++}
++
+ BEGIN { eval { require Crypt::OpenSSL::Bignum; }; }
+ 
++
+ 1;
+ 
+ __END__
+@@ -96,7 +119,9 @@ sub new_public_key
+     }
+ }
+ 
+-=item new_private_key
++=item new_private_key(privkey_string)
++=cut
++=item new_private_key(privkey_string, password)
+ 
+ Create a new Crypt::OpenSSL::RSA object by loading a private key in
+ from an string containing the Base64/DER encoding of the PKCS1
+@@ -179,8 +204,14 @@ header and footer lines:
+ and is the format that is produced by running C<openssl rsa -pubout>.
+ 
+ =item get_private_key_string
++=cut
++=item get_enc_private_key_string(password)
++=cut
++=item get_enc_private_key_string(password, cipher)
+ 
+-Return the DER-encoded PKCS1 representation of the private key.
++Return the unencripted or encripted DER-encoded PKCS1 representation
++of the private key. For stoping of potential leak unencrypted private key
++if cipher name is unknown will use DES3 (DES-EDE3) cipher.
+ 
+ =item encrypt
+ 
diff --git a/security/p5-Crypt-OpenSSL-RSA/files/patch-RSA.xs b/security/p5-Crypt-OpenSSL-RSA/files/patch-RSA.xs
new file mode 100644
index 000000000000..3e16d7c4b48d
--- /dev/null
+++ b/security/p5-Crypt-OpenSSL-RSA/files/patch-RSA.xs
@@ -0,0 +1,109 @@
+--- RSA.xs.orig	2017-06-19 18:08:26 UTC
++++ RSA.xs
+@@ -179,6 +179,30 @@ RSA* _load_rsa_key(SV* p_keyStringSv,
+     return rsa;
+ }
+ 
++
++RSA* _load_enc_rsa_key(SV* p_keyStringSv,
++                   RSA*(*p_loader)(BIO*, RSA**, pem_password_cb*, void*), char* password)
++{
++    STRLEN keyStringLength;
++    char* keyString;
++
++    RSA* rsa;
++    BIO* stringBIO;
++
++    keyString = SvPV(p_keyStringSv, keyStringLength);
++
++    CHECK_OPEN_SSL(stringBIO = BIO_new_mem_buf(keyString, keyStringLength));
++
++    rsa = p_loader(stringBIO, NULL, NULL, password);
++
++    CHECK_OPEN_SSL(BIO_set_close(stringBIO, BIO_CLOSE) == 1);
++    BIO_free(stringBIO);
++
++    CHECK_OPEN_SSL(rsa);
++    return rsa;
++}
++
++
+ SV* rsa_crypt(rsaData* p_rsa, SV* p_from,
+               int (*p_crypt)(int, const unsigned char*, unsigned char*, RSA*, int))
+ {
+@@ -214,7 +238,7 @@ BOOT:
+     ERR_load_crypto_strings();
+ 
+ SV*
+-new_private_key(proto, key_string_SV)
++_new_private_key(proto, key_string_SV)
+     SV* proto;
+     SV* key_string_SV;
+   CODE:
+@@ -223,7 +247,24 @@ new_private_key(proto, key_string_SV)
+   OUTPUT:
+     RETVAL
+ 
++
+ SV*
++_new_enc_private_key(proto, key_string_SV, password_SV)
++    SV* proto;
++    SV* key_string_SV;
++    SV* password_SV;
++  PREINIT:
++    char* password;
++  CODE:
++    password = SvPV_nolen(password_SV);
++
++    RETVAL = make_rsa_obj(
++        proto, _load_enc_rsa_key(key_string_SV, PEM_read_bio_RSAPrivateKey, password));
++  OUTPUT:
++    RETVAL
++
++
++SV*
+ _new_public_key_pkcs1(proto, key_string_SV)
+     SV* proto;
+     SV* key_string_SV;
+@@ -251,7 +292,7 @@ DESTROY(p_rsa)
+     Safefree(p_rsa);
+ 
+ SV*
+-get_private_key_string(p_rsa)
++_get_private_key_string(p_rsa)
+     rsaData* p_rsa;
+   PREINIT:
+     BIO* stringBIO;
+@@ -259,6 +300,32 @@ get_private_key_string(p_rsa)
+     CHECK_OPEN_SSL(stringBIO = BIO_new(BIO_s_mem()));
+     PEM_write_bio_RSAPrivateKey(
+         stringBIO, p_rsa->rsa, NULL, NULL, 0, NULL, NULL);
++    RETVAL = extractBioString(stringBIO);
++
++  OUTPUT:
++    RETVAL
++
++
++SV*
++_get_enc_private_key_string(p_rsa, passout_SV, cipher_SV)
++    rsaData* p_rsa;
++    SV* passout_SV;
++    SV* cipher_SV;
++  PREINIT:
++    char* passout;
++    char* cipher;
++
++    BIO* stringBIO;
++    const EVP_CIPHER *enc;
++  CODE:
++    passout = SvPV_nolen(passout_SV);
++    cipher = SvPV_nolen(cipher_SV);
++
++    CHECK_OPEN_SSL(stringBIO = BIO_new(BIO_s_mem()));
++    enc = EVP_get_cipherbyname(cipher);
++    if (enc == NULL) { enc = EVP_get_cipherbyname("DES3"); }
++    PEM_write_bio_RSAPrivateKey(
++        stringBIO, p_rsa->rsa, enc, NULL, 0, NULL, passout);
+     RETVAL = extractBioString(stringBIO);
+ 
+   OUTPUT:
diff --git a/security/p5-Crypt-OpenSSL-RSA/files/patch-t_rsa.t b/security/p5-Crypt-OpenSSL-RSA/files/patch-t_rsa.t
new file mode 100644
index 000000000000..cd66441ac8d8
--- /dev/null
+++ b/security/p5-Crypt-OpenSSL-RSA/files/patch-t_rsa.t
@@ -0,0 +1,27 @@
+--- t/rsa.t.orig	2017-06-19 18:08:26 UTC
++++ t/rsa.t
+@@ -4,7 +4,7 @@ use Test;
+ use Crypt::OpenSSL::Random;
+ use Crypt::OpenSSL::RSA;
+ 
+-BEGIN { plan tests => 43 + (UNIVERSAL::can("Crypt::OpenSSL::RSA", "use_sha512_hash") ? 4*5 : 0) }
++BEGIN { plan tests => 46 + (UNIVERSAL::can("Crypt::OpenSSL::RSA", "use_sha512_hash") ? 4*5 : 0) }
+ 
+ sub _Test_Encrypt_And_Decrypt
+ {
+@@ -83,6 +83,15 @@ my $private_key_string = $rsa->get_private_key_string(
+ my $public_key_string = $rsa->get_public_key_string();
+ 
+ ok($private_key_string and $public_key_string);
++
++my $enc_private_key_string_default = $rsa->get_private_key_string('12345');
++ok($enc_private_key_string_default);
++
++my $enc_private_key_string_des3 = $rsa->get_private_key_string('12345', 'des3-cbc');
++ok($enc_private_key_string_des3);
++
++my $enc_private_key_string_idea = $rsa->get_private_key_string('12345', 'IDEA');
++ok($enc_private_key_string_idea);
+ 
+ my $plaintext = "The quick brown fox jumped over the lazy dog";
+ my $rsa_priv = Crypt::OpenSSL::RSA->new_private_key($private_key_string);
author	Kurt Jaeger <pi@FreeBSD.org>	2017-06-19 18:14:54 +0000
committer	Kurt Jaeger <pi@FreeBSD.org>	2017-06-19 18:14:54 +0000
commit	95e88f73e20e72b9af38c4b97996c34933801817 (patch)
tree	6d8219a798b05a1f4060c451d55f7358d8bdcc94 /security/p5-Crypt-OpenSSL-RSA
parent	f96774ea51977e9c7dc9e9ac15ba7fb275deaea0 (diff)