From 3ecc020ccfad4ca1036319f549a8dcbedcbf50e4 Mon Sep 17 00:00:00 2001 From: chincheta0815 Date: Thu, 8 Nov 2018 07:50:50 +0100 Subject: [PATCH 1/7] Make use of RSA_generate_key_ex(). openssl 0.9.8 deprecated RSA_generate_key (see https://www.openssl.org/docs/man1.1.1/man3/RSA_generate_key.html) openssl 1.1.0 it is not possible anymore to generate the BN_GENCB structure directly (see https://www.openssl.org/docs/man1.1.1/man3/BN_GENCB_new.html) --- SSLeay.xs | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/SSLeay.xs b/SSLeay.xs index f8355911..51d431f4 100644 --- a/SSLeay.xs +++ b/SSLeay.xs @@ -5744,7 +5744,7 @@ SSL_set_tmp_rsa(ssl,rsa) #endif -#ifdef __ANDROID__ +#if OPENSSL_VERSION_NUMBER >= 0x0090800fL RSA * RSA_generate_key(bits,ee,perl_cb=&PL_sv_undef,perl_data=&PL_sv_undef) @@ -5755,20 +5755,30 @@ RSA_generate_key(bits,ee,perl_cb=&PL_sv_undef,perl_data=&PL_sv_undef) PREINIT: simple_cb_data_t* cb_data = NULL; CODE: - /* Android does not have RSA_generate_key. This equivalent is contributed by Brian Fraser for Android */ + /* openssl 0.9.8 deprecated RSA_generate_key. */ + /* This equivalent is contributed by Brian Fraser for Android */ /* but is not portable to old OpenSSLs where RSA_generate_key_ex is not available */ + /* as of openssl 1.1.0 it is not possible anymore to generate the BN_GENCB structure directly. */ + /* instead BN_EGNCB_new() has to be used. */ int rc; RSA * ret; BIGNUM *e; e = BN_new(); BN_set_word(e, ee); cb_data = simple_cb_data_new(perl_cb, perl_data); - BN_GENCB new_cb; - BN_GENCB_set_old(&new_cb, ssleay_RSA_generate_key_cb_invoke, cb_data); ret = RSA_new(); +#if OPENSSL_VERSION_NUMBER >= 0x1010000fL + BN_GENCB *new_cb; + new_cb = BN_GENCB_new(); + BN_GENCB_set_old(new_cb, ssleay_RSA_generate_key_cb_invoke, cb_data); + rc = RSA_generate_key_ex(ret, bits, e, new_cb); + BN_GENCB_free(new_cb); +#else + BN_GENCB new_cb; + BN_GENCB_set_old(&new_cb, ssleay_RSA_generate_key_cb_invoke, cb_data); rc = RSA_generate_key_ex(ret, bits, e, &new_cb); - +#endif if (rc == -1 || ret == NULL) croak("Couldn't generate RSA key"); simple_cb_data_free(cb_data); From 7b2b5dc24c2c0670e8b9c5919e8fe4f36e5d46ce Mon Sep 17 00:00:00 2001 From: chincheta0815 Date: Thu, 8 Nov 2018 08:58:57 +0100 Subject: [PATCH 2/7] Small typo. --- SSLeay.xs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SSLeay.xs b/SSLeay.xs index 51d431f4..fa23854f 100644 --- a/SSLeay.xs +++ b/SSLeay.xs @@ -5756,7 +5756,7 @@ RSA_generate_key(bits,ee,perl_cb=&PL_sv_undef,perl_data=&PL_sv_undef) simple_cb_data_t* cb_data = NULL; CODE: /* openssl 0.9.8 deprecated RSA_generate_key. */ - /* This equivalent is contributed by Brian Fraser for Android */ + /* This equivalent was contributed by Brian Fraser for Android */ /* but is not portable to old OpenSSLs where RSA_generate_key_ex is not available */ /* as of openssl 1.1.0 it is not possible anymore to generate the BN_GENCB structure directly. */ /* instead BN_EGNCB_new() has to be used. */ From 6774a40ba9fe4c53a0f542b331d20729c7e18fa5 Mon Sep 17 00:00:00 2001 From: chincheta0815 Date: Tue, 13 Nov 2018 14:19:31 +0100 Subject: [PATCH 3/7] Better comments. --- SSLeay.xs | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/SSLeay.xs b/SSLeay.xs index fa23854f..af5a2f34 100644 --- a/SSLeay.xs +++ b/SSLeay.xs @@ -5756,8 +5756,9 @@ RSA_generate_key(bits,ee,perl_cb=&PL_sv_undef,perl_data=&PL_sv_undef) simple_cb_data_t* cb_data = NULL; CODE: /* openssl 0.9.8 deprecated RSA_generate_key. */ - /* This equivalent was contributed by Brian Fraser for Android */ - /* but is not portable to old OpenSSLs where RSA_generate_key_ex is not available */ + /* This equivalent was contributed by Brian Fraser for Android, */ + /* but was not portable to old OpenSSLs where RSA_generate_key_ex is not available. */ + /* It should now be more versatile. */ /* as of openssl 1.1.0 it is not possible anymore to generate the BN_GENCB structure directly. */ /* instead BN_EGNCB_new() has to be used. */ int rc; From 46cc1aea99d1d17920cb427b880645e5706c70b5 Mon Sep 17 00:00:00 2001 From: chincheta0815 Date: Tue, 20 Nov 2018 11:11:03 +0100 Subject: [PATCH 4/7] RSA_generate_kex_ex(): add check for libreSSL see: https://github.com/radiator-software/p5-net-ssleay/pull/100#issuecomment-440170821 --- SSLeay.xs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SSLeay.xs b/SSLeay.xs index af5a2f34..370fef9f 100644 --- a/SSLeay.xs +++ b/SSLeay.xs @@ -5769,7 +5769,7 @@ RSA_generate_key(bits,ee,perl_cb=&PL_sv_undef,perl_data=&PL_sv_undef) cb_data = simple_cb_data_new(perl_cb, perl_data); ret = RSA_new(); -#if OPENSSL_VERSION_NUMBER >= 0x1010000fL +#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER)) || (LIBRESSL_VERSION_NUMBER >= 0x2070000fL) BN_GENCB *new_cb; new_cb = BN_GENCB_new(); BN_GENCB_set_old(new_cb, ssleay_RSA_generate_key_cb_invoke, cb_data); From 5ccd85afba9eef0a285973e24fba6ee739d3f88b Mon Sep 17 00:00:00 2001 From: chincheta0815 Date: Tue, 20 Nov 2018 14:03:34 +0100 Subject: [PATCH 5/7] SSLeay.xs: add error handling for RSA_new, BN_new and BN_GENCB calls. --- SSLeay.xs | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/SSLeay.xs b/SSLeay.xs index 370fef9f..e223c58e 100644 --- a/SSLeay.xs +++ b/SSLeay.xs @@ -5765,13 +5765,19 @@ RSA_generate_key(bits,ee,perl_cb=&PL_sv_undef,perl_data=&PL_sv_undef) RSA * ret; BIGNUM *e; e = BN_new(); + if(!e) + croak("Net::SSLeay: RSA_generate_key perl function could not create BN structure.\n"); BN_set_word(e, ee); cb_data = simple_cb_data_new(perl_cb, perl_data); ret = RSA_new(); + if(!ret) + croak("Net::SSLeay: RSA_generate_key perl function could not create RSA structure.\n"); #if (OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER)) || (LIBRESSL_VERSION_NUMBER >= 0x2070000fL) BN_GENCB *new_cb; new_cb = BN_GENCB_new(); + if(!new_cb) + croak("Net::SSLeay: RSA_generate_key perl function could not create BN_GENCB structure.\n"); BN_GENCB_set_old(new_cb, ssleay_RSA_generate_key_cb_invoke, cb_data); rc = RSA_generate_key_ex(ret, bits, e, new_cb); BN_GENCB_free(new_cb); @@ -5781,7 +5787,7 @@ RSA_generate_key(bits,ee,perl_cb=&PL_sv_undef,perl_data=&PL_sv_undef) rc = RSA_generate_key_ex(ret, bits, e, &new_cb); #endif if (rc == -1 || ret == NULL) - croak("Couldn't generate RSA key"); + croak("Net::SSLeay: Couldn't generate RSA key"); simple_cb_data_free(cb_data); BN_free(e); e = NULL; From 09321e956b5746538ee7a88224ea8df7e3e7cac4 Mon Sep 17 00:00:00 2001 From: Heikki Vatiainen Date: Tue, 20 Nov 2018 19:33:47 +0200 Subject: [PATCH 6/7] Free more before calling croak. --- SSLeay.xs | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/SSLeay.xs b/SSLeay.xs index 23f5d793..630e5fee 100644 --- a/SSLeay.xs +++ b/SSLeay.xs @@ -5771,13 +5771,20 @@ RSA_generate_key(bits,ee,perl_cb=&PL_sv_undef,perl_data=&PL_sv_undef) cb_data = simple_cb_data_new(perl_cb, perl_data); ret = RSA_new(); - if(!ret) + if(!ret) { + simple_cb_data_free(cb_data); + BN_free(e); croak("Net::SSLeay: RSA_generate_key perl function could not create RSA structure.\n"); + } #if (OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER)) || (LIBRESSL_VERSION_NUMBER >= 0x2070000fL) BN_GENCB *new_cb; new_cb = BN_GENCB_new(); - if(!new_cb) - croak("Net::SSLeay: RSA_generate_key perl function could not create BN_GENCB structure.\n"); + if(!new_cb) { + simple_cb_data_free(cb_data); + BN_free(e); + RSA_free(ret); + croak("Net::SSLeay: RSA_generate_key perl function could not create BN_GENCB structure.\n"); + } BN_GENCB_set_old(new_cb, ssleay_RSA_generate_key_cb_invoke, cb_data); rc = RSA_generate_key_ex(ret, bits, e, new_cb); BN_GENCB_free(new_cb); @@ -5786,10 +5793,12 @@ RSA_generate_key(bits,ee,perl_cb=&PL_sv_undef,perl_data=&PL_sv_undef) BN_GENCB_set_old(&new_cb, ssleay_RSA_generate_key_cb_invoke, cb_data); rc = RSA_generate_key_ex(ret, bits, e, &new_cb); #endif - if (rc == -1 || ret == NULL) - croak("Net::SSLeay: Couldn't generate RSA key"); simple_cb_data_free(cb_data); BN_free(e); + if (rc == -1 || ret == NULL) { + if (ret) RSA_free(ret); + croak("Net::SSLeay: Couldn't generate RSA key"); + } e = NULL; RETVAL = ret; OUTPUT: From f91e49463e794abac15d9f9a8f21e5891a4f3d91 Mon Sep 17 00:00:00 2001 From: Heikki Vatiainen Date: Wed, 21 Nov 2018 11:23:25 +0200 Subject: [PATCH 7/7] Updated Changes for RSA_generate_key update. --- Changes | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/Changes b/Changes index 564e9fd4..6a6e9984 100644 --- a/Changes +++ b/Changes @@ -1,5 +1,11 @@ Revision history for Perl extension Net::SSLeay. +??????? 2018-??-?? + - Net::SSLeay::RSA_generate_key() now prefers using + RSA_generate_key_ex. This avois deprecated RSA_generate_key + and allows removing the only Android specific code in + SSLeay.xs. Fixes RT#127593. Thanks to Rouven Weiler. + 1.86_06 2018-09-29 - Net::SSLeay::read() and SSL_peek() now check SSL_get_error() for SSL_ERROR_ZERO_RETURN for return values <= 0 to make