Bug #115163 for Net-SSLeay: maybe bug when read encrypted private key

Wed Jun 08 08:22:28 2016 logioniz [...] yandex.ru - Ticket created

Subject:	maybe bug when read encrypted private key
Date:	Wed, 08 Jun 2016 17:22:12 +0500
To:	bug-net-ssleay [...] rt.cpan.org
From:	Алексей Ставров <logioniz [...] yandex.ru>

private key from examples (server_key.pem)

$ cat 11.pl

#!/usr/bin/perl

use Mojo::Base -strict;

use Net::SSLeay;

sub provide_password {

# ($buf,$siz,$rwflag,$pwd)=@_;

$_[0]="1234";

return 4;

}

my $bio = Net::SSLeay::BIO_new_file('server_key.pem', 'r');

my $pk = Net::SSLeay::PEM_read_bio_PrivateKey($bio, \&provide_password);

if ($pk == 0) {

warn 'Error';

} else {

warn 'Success';

}

$ cat server_key.pem

-----BEGIN RSA PRIVATE KEY-----

Proc-Type: 4,ENCRYPTED

DEK-Info: DES-EDE3-CBC,932256E9ACCDC996

wav+t55gSrsCnvgeikRqcQKXuUeXEqEcL6zwNsTMIis6rpGuXkBYH5Ezntm6h/5h

2vZDu2vTOeq7QbNmTbKWbU6Rw0e7hlnWcPFhg3ssLNrh0XW3ynZ56gLCj/TRHj9V

4c7UnozeDTb+XYEAp+1Yj21Bpepectak6j4dZfhhJteEGWMDj9faNTbA08LX87Wn

JiNhlhIWl7ncS/13riwLqsemHcTFlNCaoANaVCUKEGoIFZmz1OoYJvBWLj7HnxDU

+Z/lvf3o1glE1EP3XcCACGhapfZcALlYhz1qGTA6ProZ/sIJGLAYAi8uobJlA1E0

SwGXNm4rtMocR7utO649/g92SFvGZmG715t2P8jBa4MqgV5H3oIIVJK1YiL6Zmk5

jZMPmTDctXD61dLnTFXa+m0vLJMZAMD8UkhtbuCMYzTy0dIHBaxTYNxggSbfbbKJ

6QijHZHn+iygyudCxYWXtZQ1uyBFzU4wpEGqugngf3T0W2TWpiM3PQjh+vymxKRZ

UVY5LGejMuz3HpgFcJ+Hs6DCJYAECUWWjSPhTXvTifNIZq5XdaeCveyLkMnCHQ7y

LW64XcZ9jWzI+FOqRmLMYcUoHh8eZyB6X6ITC3wy2g1ovc5KrD+OuC+HOyLvvb+8

avnSoc1+maBC7su7htE/EPP6X/zvNzLM4Ky4JvmNtFR5+CzD7xnwoS3jY97u6gMz

MHjb7t2pA7rFnVImwivvi/y3sEAL9P5N+mL+q82q9qsmcb58tlkAteUpcrOvlmRk

3kzlM0tz9/Rm4bYttEDBt67Fg4/hZbZ+m+5BMzVWWdtZIdHUIGJjew==

-----END RSA PRIVATE KEY-----

$ perl 11.pl

Error at 11.pl line 15.

How can i read private key which encrypted with password?

--
С уважением, Ставров Алексей.

Wed Jun 08 17:34:49 2016 mikem [...] airspayce.com - Correspondence added

Subject:	Re: [rt.cpan.org #115163] maybe bug when read encrypted private key
Date:	Thu, 9 Jun 2016 06:34:33 +0900
To:	bug-Net-SSLeay [...] rt.cpan.org
From:	Mike McCauley <mikem [...] airspayce.com>

Thanks for the report. I am travelling now and will investigate when I return in 3 weeks Cheers Sent from my iPhone Show quoted text

> On 8 Jun 2016, at 9:22 PM, Алексей Ставров via RT <bug-Net-SSLeay@rt.cpan.org> wrote: > > Wed Jun 08 08:22:28 2016: Request 115163 was acted upon. > Transaction: Ticket created by logioniz@yandex.ru > Queue: Net-SSLeay > Subject: maybe bug when read encrypted private key > Broken in: (no value) > Severity: (no value) > Owner: Nobody > Requestors: logioniz@yandex.ru > Status: new > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=115163 > > > > private key from examples (server_key.pem) $ cat 11.pl#!/usr/bin/perluse > Mojo::Base -strict; use Net::SSLeay; sub provide_password {# > ($buf,$siz,$rwflag,$pwd)=@_; $_[0]="1234"; return 4;} my $bio = > Net::SSLeay::BIO_new_file('server_key.pem', 'r');my $pk = > Net::SSLeay::PEM_read_bio_PrivateKey($bio, \&provide_password);if ($pk == 0) { > warn 'Error';} else { warn 'Success';} $ cat server_key.pem-----BEGIN RSA > PRIVATE KEY-----Proc-Type: 4,ENCRYPTEDDEK-Info: DES-EDE3-CBC,932256E9ACCDC996 > wav+t55gSrsCnvgeikRqcQKXuUeXEqEcL6zwNsTMIis6rpGuXkBYH5Ezntm6h/5h2vZDu2vTOeq7QbNmTbKWbU6Rw0e7hlnWcPFhg3ssLNrh0XW3ynZ56gLCj/TRHj9V4c7UnozeDTb+XYEAp+1Yj21Bpepectak6j4dZfhhJteEGWMDj9faNTbA08LX87WnJiNhlhIWl7ncS/13riwLqsemHcTFlNCaoANaVCUKEGoIFZmz1OoYJvBWLj7HnxDU+Z/lvf3o1glE1EP3XcCACGhapfZcALlYhz1qGTA6ProZ/sIJGLAYAi8uobJlA1E0SwGXNm4rtMocR7utO649/g92SFvGZmG715t2P8jBa4MqgV5H3oIIVJK1YiL6Zmk5jZMPmTDctXD61dLnTFXa+m0vLJMZAMD8UkhtbuCMYzTy0dIHBaxTYNxggSbfbbKJ6QijHZHn+iygyudCxYWXtZQ1uyBFzU4wpEGqugngf3T0W2TWpiM3PQjh+vymxKRZUVY5LGejMuz3HpgFcJ+Hs6DCJYAECUWWjSPhTXvTifNIZq5XdaeCveyLkMnCHQ7yLW64XcZ9jWzI+FOqRmLMYcUoHh8eZyB6X6ITC3wy2g1ovc5KrD+OuC+HOyLvvb+8avnSoc1+maBC7su7htE/EPP6X/zvNzLM4Ky4JvmNtFR5+CzD7xnwoS3jY97u6gMzMHjb7t2pA7rFnVImwivvi/y3sEAL9P5N+mL+q82q9qsmcb58tlkAteUpcrOvlmRk3kzlM0tz9/Rm4bYttEDBt67Fg4/hZbZ+m+5BMzVWWdtZIdHUIGJjew==-----END > RSA PRIVATE KEY-----$ perl 11.plError at 11.pl line 15.$ How can i read private > key which encrypted with password? -- > С уважением, Ставров Алексей. >

Wed Jun 08 17:34:51 2016 The RT System itself - Status changed from 'new' to 'open'

Fri Jul 27 20:17:40 2018 chrisn [...] cpan.org - Correspondence added

On Wed Jun 08 13:22:28 2016, logioniz@yandex.ru wrote: Show quoted text

> private key from examples (server_key.pem) $ cat > 11.pl#!/usr/bin/perluse > Mojo::Base -strict; use Net::SSLeay; sub provide_password {# > ($buf,$siz,$rwflag,$pwd)=@_; $_[0]="1234"; return 4;} my $bio = > Net::SSLeay::BIO_new_file('server_key.pem', 'r');my $pk = > Net::SSLeay::PEM_read_bio_PrivateKey($bio, \&provide_password);if ($pk > == 0) { > warn 'Error';} else { warn 'Success';} $ cat server_key.pem-----BEGIN > RSA > PRIVATE KEY-----Proc-Type: 4,ENCRYPTEDDEK-Info: DES-EDE3- > CBC,932256E9ACCDC996 > wav+t55gSrsCnvgeikRqcQKXuUeXEqEcL6zwNsTMIis6rpGuXkBYH5Ezntm6h/5h2vZDu2vTOeq7QbNmTbKWbU6Rw0e7hlnWcPFhg3ssLNrh0XW3ynZ56gLCj/TRHj9V4c7UnozeDTb+XYEAp+1Yj21Bpepectak6j4dZfhhJteEGWMDj9faNTbA08LX87WnJiNhlhIWl7ncS/13riwLqsemHcTFlNCaoANaVCUKEGoIFZmz1OoYJvBWLj7HnxDU+Z/lvf3o1glE1EP3XcCACGhapfZcALlYhz1qGTA6ProZ/sIJGLAYAi8uobJlA1E0SwGXNm4rtMocR7utO649/g92SFvGZmG715t2P8jBa4MqgV5H3oIIVJK1YiL6Zmk5jZMPmTDctXD61dLnTFXa+m0vLJMZAMD8UkhtbuCMYzTy0dIHBaxTYNxggSbfbbKJ6QijHZHn+iygyudCxYWXtZQ1uyBFzU4wpEGqugngf3T0W2TWpiM3PQjh+vymxKRZUVY5LGejMuz3HpgFcJ+Hs6DCJYAECUWWjSPhTXvTifNIZq5XdaeCveyLkMnCHQ7yLW64XcZ9jWzI+FOqRmLMYcUoHh8eZyB6X6ITC3wy2g1ovc5KrD+OuC+HOyLvvb+8avnSoc1+maBC7su7htE/EPP6X/zvNzLM4Ky4JvmNtFR5+CzD7xnwoS3jY97u6gMzMHjb7t2pA7rFnVImwivvi/y3sEAL9P5N+mL+q82q9qsmcb58tlkAteUpcrOvlmRk3kzlM0tz9/Rm4bYttEDBt67Fg4/hZbZ+m+5BMzVWWdtZIdHUIGJjew==----- > END > RSA PRIVATE KEY-----$ perl 11.plError at 11.pl line 15.$ How can i > read private > key which encrypted with password? -- > С уважением, Ставров Алексей.

There are three problems here. The first is that you're not getting very useful feedback about where your code is failing - to do that, import die_now() and call it when one of the Net::SSLeay functions returns a false value (remembering to call load_error_strings() - and, for reasons I don't fully understand, randomize() - so that die_now() does in fact show the underlying error message string from OpenSSL): use Net::SSLeay qw(die_now); Net::SSLeay::randomize(); Net::SSLeay::load_error_strings(); [...] Net::SSLeay::BIO_new_file('server_key.pem', 'r') or die_now("BIO_new_file: $!"); Net::SSLeay::PEM_read_bio_PrivateKey($bio, \&provide_password) or die_now("PEM_read_bio_PrivateKey: $!"); Your code will now die with the message 24305: PEM_read_bio_PrivateKey: Invalid argument so the problem is with the call to Net::SSLeay::PEM_read_bio_PrivateKey(), and one or more of the arguments passed to it are "invalid". (The integer at "24305" is a red herring: that's the PID of your Perl process, not an OpenSSL error code.) Admittedly this isn't very helpful, but it's a starting point. The second problem is with the first argument to PEM_read_bio_PrivateKey(): you've loaded server_key.pem, but OpenSSL can't interpret it as an RSA key because it doesn't know about the RSA algorithm until you've initialised the library (see https://wiki.openssl.org/index.php/Library_Initialization): Net::SSLeay::randomize(); Net::SSLeay::load_error_strings(); Net::SSLeay::library_init(); Your code will die with the same message as before: 27035: PEM_read_bio_PrivateKey: Invalid argument so there's also a third problem, with the second argument to PEM_read_bio_PrivateKey(). The return value of the function should be the passphrase of the RSA key as a scalar, not the length of the passphrase: sub provide_password { return "1234"; } Now you get the result you're looking for: Success at examples/encrypted_key.pl line 22. See t/local/05_passwd_cb.t for a fully-worked example of decrypting an RSA private key using a password callback.

Fri Jul 27 20:17:42 2018 chrisn [...] cpan.org - Status changed from 'open' to 'rejected'

Fri Jul 27 20:17:43 2018 chrisn [...] cpan.org - Taken