Merge pull request #1 from perl-net-saml2/openssl-updates

Updates for OpenSSL version differences and a few bug fixes

Author: timlegge

Changes

@@ -1,5 +1,26 @@
 Revision history for Perl extension Crypt::OpenSSL::PKCS10.
 
+0.21  Sun 06 Aug 11:04:29 AM ADT 2023
+
+        - First release with new maintainer TIMLEGGE
+        - The following commits were added to 0.20 (27c5490 Initial commit)
+        - 61f9315 Increment Version for upcoming release
+        - 002eac3 Update repo in META files
+        - fcd0063 Add cpanfile, better README.md and remove default XS module generated README
+        - bc9707b Fixes #111030 - Memory leak in parse_name
+        - fc7103f Support multiple openssl versions without deprecated warnings
+        - 998ffa5 Fixes 120727 Error in synopsis
+        - f4b7c6f Remove exec bit from files
+        - 08276f2 Add some githoub actions to test builds
+        - 27e4d6e Sample fixes for Makefile.PL for solaris
+        - bf4c941 Another SvPV returns char * not unsigned char *
+        - 01414b7 Update to a newer ppport.h
+        - 1553f36 add_ext and add_ext_raw requires STACK_OF(X509_EXTENSION) not STACK_OF(X509_REQUEST)
+        - 84bf9ab X509_NAME_add_entry_by_txt second parameter is const char
+        - 35e1db5 Possible fix for solaris compiler token error
+        - bf7cae7 SvPV returns char pointer not unsigned char pointer
+        - 27c5490 Initial commit
+
 0.20  Mon Jul 17 12:26:03 PM PDT 2023
         - Fix #148807 (thanks Michal Josef Špaček)
 

MANIFEST

@@ -1,12 +1,13 @@
 Changes
-typemap
+cpanfile
 Makefile.PL
-MANIFEST
+MANIFEST			This list of files
+META.json
+META.yml
+PKCS10.pm
 PKCS10.xs
 ppport.h
-README
-t/Mytest.t
+README.md
 t/CSR.csr
-PKCS10.pm
-META.yml                                 Module meta-data (added by MakeMaker)
-META.json                                Module JSON meta-data (added by MakeMaker)
+t/Mytest.t
+typemap

META.json

@@ -46,6 +46,11 @@
       "bugtracker" : {
          "web" : "https://rt.cpan.org/Public/Dist/Display.html?Name=Crypt-OpenSSL-PKCS10"
       },
+      "repository" : {
+         "type" : "git",
+         "url" : "git@github.com:perl-net-saml2/perl-Crypt-OpenSSL-PKCS10.git",
+         "web" : "https://github.com/perl-net-saml2/perl-Crypt-OpenSSL-PKCS10"
+      },
       "homepage" : "https://metacpan.org/pod/Crypt::OpenSSL::PKCS10",
       "license" : [
          "http://dev.perl.org/licenses/"

META.yml

@@ -25,6 +25,7 @@ requires:
   Crypt::OpenSSL::RSA: '0'
 resources:
   bugtracker: https://rt.cpan.org/Public/Dist/Display.html?Name=Crypt-OpenSSL-PKCS10
+  repository: git@github.com:perl-net-saml2/perl-Crypt-OpenSSL-PKCS10.git
   homepage: https://metacpan.org/pod/Crypt::OpenSSL::PKCS10
   license: http://dev.perl.org/licenses/
 version: '0.20'

Makefile.PL

@@ -13,7 +13,9 @@ print "Installed OpenSSL: $major.$minor.$patch\n";
 $args{INC} =  openssl_inc_paths();
 $args{LIBS} = [openssl_lib_paths() . ' -lssl -lcrypto'];
 
-my $cc_option_flags = $major ge 3 ? ' -DOPENSSL_API_COMPAT=30000' : ' -DOPENSSL_API_COMPAT=10100';
+my $cc_option_flags;
+#my $cc_option_flags = $major ge 3 ? ' -DOPENSSL_API_COMPAT=30000' : ' -DOPENSSL_API_COMPAT=10100';
+#my $cc_option_flags = $major ge 3 ? ' -DOPENSSL_API_COMPAT=10100' : ' -DOPENSSL_API_COMPAT=10100';
 
 if ($Config::Config{cc} =~ /gcc/i) {
   $cc_option_flags .= $ENV{AUTHOR_TESTING} ? ' -Wall -Werror' : ' -Wall';

PKCS10.pm

@@ -30,13 +30,22 @@ our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
 
 #);
 
-our $VERSION = '0.20';
+our $VERSION = '0.21';
 
 require XSLoader;
 XSLoader::load('Crypt::OpenSSL::PKCS10', $VERSION);
 
 # Preloaded methods go here.
 
+sub new_from_rsa {
+    my $self = shift;
+    my $rsa = shift;
+
+    my $priv = $rsa->get_private_key_string();
+    $self->_new_from_rsa($rsa, $priv);
+
+}
+
 1;
 __END__
 
@@ -46,7 +55,7 @@ Crypt::OpenSSL::PKCS10 - Perl extension to OpenSSL's PKCS10 API.
 
 =head1 SYNOPSIS
 
-  use Crypt::OpenSSL::PKCS10::PKCS10 qw( :const );
+  use Crypt::OpenSSL::PKCS10 qw( :const );
   
   my $req = Crypt::OpenSSL::PKCS10->new;
   $req->set_subject("/C=RO/O=UTI/OU=ssi");
@@ -86,6 +95,8 @@ Create a new Crypt::OpenSSL::PKCS10 object by using key information from a Crypt
   my $rsa = Crypt::OpenSSL::RSA->generate_key(512);
   my $req = Crypt::OpenSSL::PKCS10->new_from_rsa($rsa);
 
+OpenSSL 3.0 has deprecated the RSA object which Crypt::OpenSSL::RSA creates.  new_from_rsa() is now a perl sub which obtains the private key as a string that is also passed to the _new_from_rsa() XS function.
+
 =item new_from_file( $filename )
 
 Create a new Crypt::OpenSSL::PKCS10 object by reading the request and key information from a PEM formatted file. Here is an example:

PKCS10.xs

@@ -9,6 +9,7 @@
 #include <openssl/pem.h>
 #include <openssl/x509v3.h>
 #include <openssl/err.h>
+#include <openssl/rand.h>
 
 #include "ppport.h"
 
@@ -36,7 +37,7 @@ typedef struct
 } Crypt__OpenSSL__RSA; 
 
 #define PACKAGE_NAME "Crypt::OpenSSL::PKCS10"
-#define PACKAGE_CROAK(p_message) croak("%s:%d: %s", (p_message))
+#define PACKAGE_CROAK(p_message) croak("%s", (p_message))
 #define CHECK_NEW(p_var, p_size, p_type) \
   if (New(0, p_var, p_size, p_type) == NULL) \
     { PACKAGE_CROAK("unable to alloc buffer"); }
@@ -63,7 +64,7 @@ X509_NAME *parse_name(char *subject, long chtype, int multirdn)
 
 	X509_NAME *n = NULL;
 
-	if (!buf || !ne_types || !ne_values)
+	if (!buf || !ne_types || !ne_values || !mval)
 		{
 		croak("malloc error\n");
 		goto error;
@@ -172,6 +173,8 @@ X509_NAME *parse_name(char *subject, long chtype, int multirdn)
 		OPENSSL_free(ne_types);
 	if (buf)
 		OPENSSL_free(buf);
+    if (mval)
+	    OPENSSL_free(mval);
 	return NULL;
 }
 
@@ -227,20 +230,23 @@ SV* make_pkcs10_obj(SV* p_proto, X509_REQ* p_req, EVP_PKEY* p_pk, STACK_OF(X509_
 }
 
 /* stolen from OpenSSL.xs */
-long bio_write_cb(struct bio_st *bm, int m, const char *ptr, int l, long x, long y) {
-
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+long bio_write_cb(struct bio_st *bm, int m, const char *ptr, size_t len, int l, long x, int y, size_t *processed) {
+#else
+long bio_write_cb(struct bio_st *bm, int m, const char *ptr, int len, long x, long y) {
+#endif
         if (m == BIO_CB_WRITE) {
                 SV *sv = (SV *) BIO_get_callback_arg(bm);
-                sv_catpvn(sv, ptr, l);
+                sv_catpvn(sv, ptr, len);
         }
 
         if (m == BIO_CB_PUTS) {
                 SV *sv = (SV *) BIO_get_callback_arg(bm);
-                l = strlen(ptr);
-                sv_catpvn(sv, ptr, l);
+                len = strlen(ptr);
+                sv_catpvn(sv, ptr, len);
         }
 
-        return l;
+        return len;
 }
 
 static BIO* sv_bio_create(void) {
@@ -250,7 +256,11 @@ static BIO* sv_bio_create(void) {
 	/* create an in-memory BIO abstraction and callbacks */
         BIO *bio = BIO_new(BIO_s_mem());
 
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+        BIO_set_callback_ex(bio, bio_write_cb);
+#else
         BIO_set_callback(bio, bio_write_cb);
+#endif
         BIO_set_callback_arg(bio, (void *)sv);
 
         return bio;
@@ -339,25 +349,48 @@ new(class, keylen = 1024)
 	PREINIT:
 	X509_REQ *x;
 	EVP_PKEY *pk;
-	RSA *rsa = NULL;
-	
+    char *classname = SvPVutf8_nolen(class);
+
 	CODE:
 	//CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-	
-	if ((pk=EVP_PKEY_new()) == NULL)
-		croak ("%s - can't create PKEY", class);
+    if (!RAND_status())
+        printf("Warning: generating random key material may take a long time\n"
+                   "if the system has a poor entropy source\n");
 
 	if ((x=X509_REQ_new()) == NULL)
-		croak ("%s - can't create req", class);
+		croak ("%s - can't create req", classname);
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+    pk = EVP_RSA_gen(keylen);
+#elif OPENSSL_VERSION_NUMBER <= 0x10000000L
+    RSA *rsa;
+	if ((pk=EVP_PKEY_new()) == NULL)
+		croak ("%s - can't create PKEY", classname);
 
 	rsa=RSA_generate_key(keylen, RSA_F4, NULL, NULL);
 	if (!EVP_PKEY_assign_RSA(pk,rsa))
-		croak ("%s - EVP_PKEY_assign_RSA", class);
-	
+		croak ("%s - EVP_PKEY_assign_RSA", classname);
+#else
+    RSA *rsa = RSA_new();
+    BIGNUM *bne = BN_new();
+    if (bne == NULL)
+		croak ("%s - BN_new failed", classname);
+
+    if (BN_set_word(bne, RSA_F4) != 1)
+		croak ("%s - BN_set_word failed", classname);
+
+	if ((pk=EVP_PKEY_new()) == NULL)
+		croak ("%s - can't create PKEY", classname);
+
+    if (!RSA_generate_key_ex(rsa, keylen, bne, NULL))
+		croak ("%s - RSA_generate_key_ex failed", classname);
+
+	if (!EVP_PKEY_assign_RSA(pk,rsa))
+		croak ("%s - EVP_PKEY_assign_RSA", classname);
+#endif
 	X509_REQ_set_pubkey(x,pk);
 	X509_REQ_set_version(x,0L);
 	if (!X509_REQ_sign(x,pk,EVP_sha256()))
-		croak ("%s - X509_REQ_sign", class);
+		croak ("%s - X509_REQ_sign failed", classname);
 
 	RETVAL = make_pkcs10_obj(class, x, pk, NULL, NULL);
 
@@ -382,32 +415,43 @@ DESTROY(pkcs10)
 	BIO_free(bio_err);*/
 
 SV*
-new_from_rsa(class, p_rsa)
+_new_from_rsa(class, p_rsa, priv)
 	SV	*class
 	SV	*p_rsa
+	SV  *priv
 
 	PREINIT:
 	Crypt__OpenSSL__RSA	*rsa;
+	char *keyString;
+	STRLEN keylen;
+	BIO *bio;
 	X509_REQ *x;
 	EVP_PKEY *pk;
+	char *classname = SvPVutf8_nolen(class);
 
 	CODE:
-	//CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-	
-	if ((pk=EVP_PKEY_new()) == NULL)
-		croak ("%s - can't create PKEY", class);
+
+	// Get the private key and save it in memory
+	keyString = SvPV(priv, keylen);
+	bio = BIO_new_mem_buf(keyString, keylen);
+	if (bio == NULL) {
+		croak ("Bio is null **** \n");
+	}
+
+	// Create the PrivateKey as EVP_PKEY
+	pk = PEM_read_bio_PrivateKey(bio, NULL, 0, NULL);
+	if (pk == NULL) {
+		croak("Failed operation error code %d\n", errno);
+	}
 
 	if ((x=X509_REQ_new()) == NULL)
-		croak ("%s - can't create req", class);
+		croak ("%s - can't create req", classname);
 
 	rsa = (Crypt__OpenSSL__RSA	*) SvIV(SvRV(p_rsa));
-	if (!EVP_PKEY_assign_RSA(pk,rsa->rsa))
-		croak ("%s - EVP_PKEY_assign_RSA", class);
-	
 	X509_REQ_set_pubkey(x,pk);
 	X509_REQ_set_version(x,0L);
 	if (!X509_REQ_sign(x,pk,EVP_sha256()))
-		croak ("%s - X509_REQ_sign", class);
+		croak ("%s - X509_REQ_sign", classname);
 
 	RETVAL = make_pkcs10_obj(class, x, pk, NULL, &rsa->rsa);
 
@@ -452,16 +496,12 @@ get_pem_pubkey(pkcs10)
 
 	type = EVP_PKEY_base_id(pkey);
 	if (type == EVP_PKEY_RSA) {
-
-#		PEM_write_bio_RSAPublicKey(bio, EVP_PKEY_get0_RSA(pkey));
-		PEM_write_bio_RSA_PUBKEY(bio, EVP_PKEY_get0_RSA(pkey));
-
+		PEM_write_bio_PUBKEY(bio, pkey);
 	} else if (type == EVP_PKEY_DSA) {
-
-		PEM_write_bio_DSA_PUBKEY(bio, EVP_PKEY_get0_DSA(pkey));
+		PEM_write_bio_PUBKEY(bio, pkey);
 #ifndef OPENSSL_NO_EC
 	} else if ( type == EVP_PKEY_EC ) {
-		PEM_write_bio_EC_PUBKEY(bio, EVP_PKEY_get0_EC_KEY(pkey));
+		PEM_write_bio_PUBKEY(bio, pkey);
 #endif
 	} else {
 
@@ -562,7 +602,7 @@ get_pem_pk(pkcs10,...)
 	/* get the certificate back out in a specified format. */
 
 	if(!PEM_write_bio_PrivateKey(bio,pkcs10->pk,NULL,NULL,0,NULL,NULL))
-		croak ("%s - PEM_write_bio_PrivateKey", pkcs10->pk);
+		croak ("%s - PEM_write_bio_PrivateKey", (char *) pkcs10->pk);
 
 	RETVAL = sv_bio_final(bio);
 
@@ -686,7 +726,7 @@ add_ext_final(pkcs10)
 	if(pkcs10->exts)
 		sk_X509_EXTENSION_pop_free(pkcs10->exts, X509_EXTENSION_free);
 	} else {
-		RETVAL = NULL;
+		RETVAL = 0;
 	}
 
 	OUTPUT:
@@ -741,8 +781,12 @@ accessor(pkcs10)
       name = X509_REQ_get_subject_name(pkcs10->req);
       X509_NAME_print_ex(bio, name, 0, XN_FLAG_SEP_CPLUS_SPC);
     } else if (ix == 2 ) {
-      key = X509_REQ_extract_key(pkcs10->req);
+      key = X509_REQ_get_pubkey(pkcs10->req);
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+      EVP_PKEY_print_public(bio, key, 0, NULL);
+#else
       RSA_print(bio, EVP_PKEY_get1_RSA(key), 0);
+#endif
     }
   }