search

toddr / Crypt-OpenSSL-RSA

Release history of Crypt-OpenSSL-RSA
https://metacpan.org/pod/Crypt::OpenSSL::RSA
Other
8 stars 25 forks source link

Private key disappears from the object on leaving scope #24

Closed skington closed 2 years ago

skington commented 5 years ago

I'm hoping this is a bug in Crypt::OpenSSL::RSA and not Crypt::OpenSSL::PKCS10 because the latter isn't maintained any more.

Consider this trivial script:

#!/usr/bin/env perl

use strict;
use warnings;
use feature 'say';

use Crypt::OpenSSL::RSA;
use Crypt::OpenSSL::PKCS10;

sub generate_rsa {
    my $rsa = Crypt::OpenSSL::RSA->generate_key(2048);
    say "Private key immediately after generating: ",
        $rsa->get_private_key_string;

    # Generate a CSR object, and store the resulting CSR string.
    my $csr = Crypt::OpenSSL::PKCS10->new_from_rsa($rsa);
    say "Private key before returning: ", $rsa->get_private_key_string;
    return $rsa;
}
my $rsa = generate_rsa();
say "Private key having returned: ", $rsa->get_private_key_string;

If I run it on perl 5.22.3, Crypt::OpenSSL::RSA 0.31, Crypt::OpenSSL::PKCS10 0.16, I get:

Private key immediately after generating: -----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAvBVZpIZx0XC8rgP59if3eqFm2LaN+FJuihlWSw5Xc8fg7N0w
oZAFwC860pTPfDijjGExAkqlAvWMTR6FIpj2Rj4eUpi1Qq/a7VrU/jEMadz9Xzhj
nV6grCC1O+lPY/s97SQKcsfJH1SAI+hQjXa+8nUALWJn1RqDUCgyL9FsRcb/XMEN
pwUFGw1xoFyp6VGfVZSuDRgCPLtMnIW4NYOaAXXKy/7oT5N6usGARtSTlggl0oi9
pK8o24/niZbUt5NX/ByReuJcZwNO2q38Lds3jx0ubinPcfzcdOr5PwNBrC39wad7
7ecQ4ipUntqSMbHeZwGH/guDXbJzJKlDh1XTlwIDAQABAoIBAQCA/heL2dUnsi0F
H58ILqLxTM6vZIx7uXUsa3IeacialIPzj0OyGoeHJh0unXarmGC6f1HQY4dGP0ep
AHyInOWSiTncpfTyto7saHZZmyQLWs++xXq0TFjflFMXssyLIp13DVfJHrIWNaro
dYUBcGZG/O1RMwNJSTSz/c1ltDiQpVwu4EQn7eJyKLA0k63gIgc75wrglXwx7EQR
1UumsA6EGFlGKdmily8nG5mbeYMyKk3FbOChJwvUTuR7qoHnyMyKWqj2LIqmYhum
q5e8Q6Wp+SBDANBZNCP1bKccMQUpAV4FDTJmwzAlU1VuIXugFNxPFEqimtki0dMz
yEuh74UZAoGBAN3MZ6dL2kJEmQ+S4b3HVAVCD3PCNyzxE+iZLlIc1P1a89MurYpB
OlTkKLXAoBp4U3QABcZElxXk0UoLtT4E4R0kDC05FmBZdL0MrzuzH7psNkuSM++h
Sk8ItjnWGNiUrP2mj6d1r9V1AOc/0gJY2cdG+w2X7pj1T3YzDmeyQFD7AoGBANkW
BywcoQ/r8vRGMpR9cI9IksXpKZtqH2iI6CHv8ualkZUcqMdkw0rbpQEMOjXgKvJs
XmZ3wtbuI99qQoqjh9AaGP7x1tMFtbK3EDH3CtQyGVSq+8uywjVtnXVMsu190/fQ
/IdEGQGRTx3Lntjpoz0ZFat+2hRM/ywvbvjGrF0VAoGAWLJFQUG0JowIKZIzdBEi
KHgidchVCEPgEkQvoealxit5Fhq0i3VKPmh/Xy+I1w0HUnwv0vna8YZvq4zDDeol
m+GufOc3a5Bafr9z1AvtxD9B9zagTlPRw4lYVgioJvRNuaHCENWfW11O3ytGcGnX
rTlVbDo10DVJcZs5R36g+cECgYBcINoYYWoFHMh13Ji4peewF0ea0FIFD+uWbIu/
Y1q9gcSf+JK0VFIBIegL4smNdb4kNdN2PxskJdp5hVoKBk6sBXdYMwBNfB3ZY5Fu
8v3Ygg53/Txw/UMoc4Wgc1V4Lq9Xe4zARykpniZqabDXM4hAdLXamzIn7WlZsiOx
Vndt5QKBgBLOsvuenMa4DMFWwrjIK2n7GPvNL3sWJvfMgzgtSVmsDmWjk/j4bp7O
hiHsziRbFCmUMZkFAxMF48hAkr6XQvU4jX5kGn5KFCw4W/XHbUVy7mb0zal44KRh
sP8jTxKTt3yXJctH0d3haZORx9D3bDTmapB6a6YaSIU6/VHQWfCw
-----END RSA PRIVATE KEY-----

Private key before returning: -----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAvBVZpIZx0XC8rgP59if3eqFm2LaN+FJuihlWSw5Xc8fg7N0w
oZAFwC860pTPfDijjGExAkqlAvWMTR6FIpj2Rj4eUpi1Qq/a7VrU/jEMadz9Xzhj
nV6grCC1O+lPY/s97SQKcsfJH1SAI+hQjXa+8nUALWJn1RqDUCgyL9FsRcb/XMEN
pwUFGw1xoFyp6VGfVZSuDRgCPLtMnIW4NYOaAXXKy/7oT5N6usGARtSTlggl0oi9
pK8o24/niZbUt5NX/ByReuJcZwNO2q38Lds3jx0ubinPcfzcdOr5PwNBrC39wad7
7ecQ4ipUntqSMbHeZwGH/guDXbJzJKlDh1XTlwIDAQABAoIBAQCA/heL2dUnsi0F
H58ILqLxTM6vZIx7uXUsa3IeacialIPzj0OyGoeHJh0unXarmGC6f1HQY4dGP0ep
AHyInOWSiTncpfTyto7saHZZmyQLWs++xXq0TFjflFMXssyLIp13DVfJHrIWNaro
dYUBcGZG/O1RMwNJSTSz/c1ltDiQpVwu4EQn7eJyKLA0k63gIgc75wrglXwx7EQR
1UumsA6EGFlGKdmily8nG5mbeYMyKk3FbOChJwvUTuR7qoHnyMyKWqj2LIqmYhum
q5e8Q6Wp+SBDANBZNCP1bKccMQUpAV4FDTJmwzAlU1VuIXugFNxPFEqimtki0dMz
yEuh74UZAoGBAN3MZ6dL2kJEmQ+S4b3HVAVCD3PCNyzxE+iZLlIc1P1a89MurYpB
OlTkKLXAoBp4U3QABcZElxXk0UoLtT4E4R0kDC05FmBZdL0MrzuzH7psNkuSM++h
Sk8ItjnWGNiUrP2mj6d1r9V1AOc/0gJY2cdG+w2X7pj1T3YzDmeyQFD7AoGBANkW
BywcoQ/r8vRGMpR9cI9IksXpKZtqH2iI6CHv8ualkZUcqMdkw0rbpQEMOjXgKvJs
XmZ3wtbuI99qQoqjh9AaGP7x1tMFtbK3EDH3CtQyGVSq+8uywjVtnXVMsu190/fQ
/IdEGQGRTx3Lntjpoz0ZFat+2hRM/ywvbvjGrF0VAoGAWLJFQUG0JowIKZIzdBEi
KHgidchVCEPgEkQvoealxit5Fhq0i3VKPmh/Xy+I1w0HUnwv0vna8YZvq4zDDeol
m+GufOc3a5Bafr9z1AvtxD9B9zagTlPRw4lYVgioJvRNuaHCENWfW11O3ytGcGnX
rTlVbDo10DVJcZs5R36g+cECgYBcINoYYWoFHMh13Ji4peewF0ea0FIFD+uWbIu/
Y1q9gcSf+JK0VFIBIegL4smNdb4kNdN2PxskJdp5hVoKBk6sBXdYMwBNfB3ZY5Fu
8v3Ygg53/Txw/UMoc4Wgc1V4Lq9Xe4zARykpniZqabDXM4hAdLXamzIn7WlZsiOx
Vndt5QKBgBLOsvuenMa4DMFWwrjIK2n7GPvNL3sWJvfMgzgtSVmsDmWjk/j4bp7O
hiHsziRbFCmUMZkFAxMF48hAkr6XQvU4jX5kGn5KFCw4W/XHbUVy7mb0zal44KRh
sP8jTxKTt3yXJctH0d3haZORx9D3bDTmapB6a6YaSIU6/VHQWfCw
-----END RSA PRIVATE KEY-----

Private key having returned: -----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----

Something is happening to the guts of the Crypt::OpenSSL::RSA object as a side-effect of Crypt::OpenSSL::PKCS10 having done... something to it. Crypt::OpenSSL::RSA is XS so that's as far as I could get.

bigpresh commented 5 years ago

I'm fairly sure this is caused by Crypt::OpenSSL::PKCS10's DESTROY method, which does:

void
DESTROY(pkcs10)
        pkcs10Data *pkcs10;

        PREINIT:
        //BIO *bio_err;

        PPCODE:
        //bio_err=BIO_new_fp(stderr, BIO_NOCLOSE);
        if (pkcs10->pk)   EVP_PKEY_free(pkcs10->pk); pkcs10->pk = 0;
        if (pkcs10->rsa) *pkcs10->rsa = 0;
        if (pkcs10->req)  X509_REQ_free(pkcs10->req); pkcs10->req = 0;
        Safefree(pkcs10);
        CRYPTO_cleanup_all_ex_data();

It's even documented in Crypt::OpenSSL::PKCS10's BUGS section:

If you destroy $req object that is linked to a Crypt::OpenSSL::RSA object, the RSA private key is also freed, thus you can't use latter object anymore. Avoid this [...]

So, I suspect this ticket can be closed :)