From owner-svn-ports-all@freebsd.org  Mon Jun 19 18:14:56 2017
Return-Path: <owner-svn-ports-all@freebsd.org>
Delivered-To: svn-ports-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8834FDA1FD4;
 Mon, 19 Jun 2017 18:14:56 +0000 (UTC) (envelope-from pi@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 5792E7F2E3;
 Mon, 19 Jun 2017 18:14:56 +0000 (UTC) (envelope-from pi@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v5JIEt7M073013;
 Mon, 19 Jun 2017 18:14:55 GMT (envelope-from pi@FreeBSD.org)
Received: (from pi@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id v5JIEtDc073010;
 Mon, 19 Jun 2017 18:14:55 GMT (envelope-from pi@FreeBSD.org)
Message-Id: <201706191814.v5JIEtDc073010@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: pi set sender to pi@FreeBSD.org
 using -f
From: Kurt Jaeger <pi@FreeBSD.org>
Date: Mon, 19 Jun 2017 18:14:55 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-head@freebsd.org
Subject: svn commit: r443905 - in head/security/p5-Crypt-OpenSSL-RSA: . files
X-SVN-Group: ports-head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-all@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: SVN commit messages for the ports tree <svn-ports-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-all/>
List-Post: <mailto:svn-ports-all@freebsd.org>
List-Help: <mailto:svn-ports-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Jun 2017 18:14:56 -0000

Author: pi
Date: Mon Jun 19 18:14:54 2017
New Revision: 443905
URL: https://svnweb.freebsd.org/changeset/ports/443905

Log:
  security/p5-Crypt-OpenSSL-RSA: add functions to work with private keys
  
  - new_private_key(privkey_string)
    Create encrypted private RSA key from privkey_string
  - new_private_key(privkey_string, password)
    parse existed encrypted private RSA key from privkey_string
  - get_enc_private_key_string(password)
  - get_enc_private_key_string(password, cipher)
    Encrypt and return encrypted PEM PKCS coded RSA private key
  
  PR:		220136
  Submitted by:	Borodin Oleg <onborodin@gmail.com>

Added:
  head/security/p5-Crypt-OpenSSL-RSA/files/
  head/security/p5-Crypt-OpenSSL-RSA/files/patch-RSA.pm   (contents, props changed)
  head/security/p5-Crypt-OpenSSL-RSA/files/patch-RSA.xs   (contents, props changed)
  head/security/p5-Crypt-OpenSSL-RSA/files/patch-t_rsa.t   (contents, props changed)
Modified:
  head/security/p5-Crypt-OpenSSL-RSA/Makefile

Modified: head/security/p5-Crypt-OpenSSL-RSA/Makefile
==============================================================================
--- head/security/p5-Crypt-OpenSSL-RSA/Makefile	Mon Jun 19 18:05:26 2017	(r443904)
+++ head/security/p5-Crypt-OpenSSL-RSA/Makefile	Mon Jun 19 18:14:54 2017	(r443905)
@@ -3,7 +3,7 @@
 
 PORTNAME=	Crypt-OpenSSL-RSA
 PORTVERSION=	0.28
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	security perl5
 MASTER_SITES=	CPAN
 PKGNAMEPREFIX=	p5-

Added: head/security/p5-Crypt-OpenSSL-RSA/files/patch-RSA.pm
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/p5-Crypt-OpenSSL-RSA/files/patch-RSA.pm	Mon Jun 19 18:14:54 2017	(r443905)
@@ -0,0 +1,61 @@
+--- RSA.pm.orig	2017-06-19 18:08:26 UTC
++++ RSA.pm
+@@ -14,8 +14,31 @@ $VERSION = '0.28';
+ 
+ bootstrap Crypt::OpenSSL::RSA $VERSION;
+ 
++sub new_private_key {
++
++    my ($self, $keystring, $passin) = @_;
++
++    if (length ($passin) > 0 ) {
++        return $self->_new_enc_private_key($keystring, $passin);
++    }
++    return $self->_new_private_key($keystring);
++}
++
++sub get_private_key_string {
++
++    my ($self, $passout, $cipher) = @_;
++
++    if (length ($passout) > 0 && length ($cipher) > 0) {
++        return $self->_get_enc_private_key_string($passout, $cipher);
++    } elsif (length $passout > 0) { 
++        return $self->_get_enc_private_key_string($passout, "aes-256-cbc");
++    }
++    return $self->_get_private_key_string();
++}
++
+ BEGIN { eval { require Crypt::OpenSSL::Bignum; }; }
+ 
++
+ 1;
+ 
+ __END__
+@@ -96,7 +119,9 @@ sub new_public_key
+     }
+ }
+ 
+-=item new_private_key
++=item new_private_key(privkey_string)
++=cut
++=item new_private_key(privkey_string, password)
+ 
+ Create a new Crypt::OpenSSL::RSA object by loading a private key in
+ from an string containing the Base64/DER encoding of the PKCS1
+@@ -179,8 +204,14 @@ header and footer lines:
+ and is the format that is produced by running C<openssl rsa -pubout>.
+ 
+ =item get_private_key_string
++=cut
++=item get_enc_private_key_string(password)
++=cut
++=item get_enc_private_key_string(password, cipher)
+ 
+-Return the DER-encoded PKCS1 representation of the private key.
++Return the unencripted or encripted DER-encoded PKCS1 representation
++of the private key. For stoping of potential leak unencrypted private key
++if cipher name is unknown will use DES3 (DES-EDE3) cipher.
+ 
+ =item encrypt
+ 

Added: head/security/p5-Crypt-OpenSSL-RSA/files/patch-RSA.xs
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/p5-Crypt-OpenSSL-RSA/files/patch-RSA.xs	Mon Jun 19 18:14:54 2017	(r443905)
@@ -0,0 +1,109 @@
+--- RSA.xs.orig	2017-06-19 18:08:26 UTC
++++ RSA.xs
+@@ -179,6 +179,30 @@ RSA* _load_rsa_key(SV* p_keyStringSv,
+     return rsa;
+ }
+ 
++
++RSA* _load_enc_rsa_key(SV* p_keyStringSv,
++                   RSA*(*p_loader)(BIO*, RSA**, pem_password_cb*, void*), char* password)
++{
++    STRLEN keyStringLength;
++    char* keyString;
++
++    RSA* rsa;
++    BIO* stringBIO;
++
++    keyString = SvPV(p_keyStringSv, keyStringLength);
++
++    CHECK_OPEN_SSL(stringBIO = BIO_new_mem_buf(keyString, keyStringLength));
++
++    rsa = p_loader(stringBIO, NULL, NULL, password);
++
++    CHECK_OPEN_SSL(BIO_set_close(stringBIO, BIO_CLOSE) == 1);
++    BIO_free(stringBIO);
++
++    CHECK_OPEN_SSL(rsa);
++    return rsa;
++}
++
++
+ SV* rsa_crypt(rsaData* p_rsa, SV* p_from,
+               int (*p_crypt)(int, const unsigned char*, unsigned char*, RSA*, int))
+ {
+@@ -214,7 +238,7 @@ BOOT:
+     ERR_load_crypto_strings();
+ 
+ SV*
+-new_private_key(proto, key_string_SV)
++_new_private_key(proto, key_string_SV)
+     SV* proto;
+     SV* key_string_SV;
+   CODE:
+@@ -223,7 +247,24 @@ new_private_key(proto, key_string_SV)
+   OUTPUT:
+     RETVAL
+ 
++
+ SV*
++_new_enc_private_key(proto, key_string_SV, password_SV)
++    SV* proto;
++    SV* key_string_SV;
++    SV* password_SV;
++  PREINIT:
++    char* password;
++  CODE:
++    password = SvPV_nolen(password_SV);
++
++    RETVAL = make_rsa_obj(
++        proto, _load_enc_rsa_key(key_string_SV, PEM_read_bio_RSAPrivateKey, password));
++  OUTPUT:
++    RETVAL
++
++
++SV*
+ _new_public_key_pkcs1(proto, key_string_SV)
+     SV* proto;
+     SV* key_string_SV;
+@@ -251,7 +292,7 @@ DESTROY(p_rsa)
+     Safefree(p_rsa);
+ 
+ SV*
+-get_private_key_string(p_rsa)
++_get_private_key_string(p_rsa)
+     rsaData* p_rsa;
+   PREINIT:
+     BIO* stringBIO;
+@@ -259,6 +300,32 @@ get_private_key_string(p_rsa)
+     CHECK_OPEN_SSL(stringBIO = BIO_new(BIO_s_mem()));
+     PEM_write_bio_RSAPrivateKey(
+         stringBIO, p_rsa->rsa, NULL, NULL, 0, NULL, NULL);
++    RETVAL = extractBioString(stringBIO);
++
++  OUTPUT:
++    RETVAL
++
++
++SV*
++_get_enc_private_key_string(p_rsa, passout_SV, cipher_SV)
++    rsaData* p_rsa;
++    SV* passout_SV;
++    SV* cipher_SV;
++  PREINIT:
++    char* passout;
++    char* cipher;
++
++    BIO* stringBIO;
++    const EVP_CIPHER *enc;
++  CODE:
++    passout = SvPV_nolen(passout_SV);
++    cipher = SvPV_nolen(cipher_SV);
++
++    CHECK_OPEN_SSL(stringBIO = BIO_new(BIO_s_mem()));
++    enc = EVP_get_cipherbyname(cipher);
++    if (enc == NULL) { enc = EVP_get_cipherbyname("DES3"); }
++    PEM_write_bio_RSAPrivateKey(
++        stringBIO, p_rsa->rsa, enc, NULL, 0, NULL, passout);
+     RETVAL = extractBioString(stringBIO);
+ 
+   OUTPUT:

Added: head/security/p5-Crypt-OpenSSL-RSA/files/patch-t_rsa.t
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/p5-Crypt-OpenSSL-RSA/files/patch-t_rsa.t	Mon Jun 19 18:14:54 2017	(r443905)
@@ -0,0 +1,27 @@
+--- t/rsa.t.orig	2017-06-19 18:08:26 UTC
++++ t/rsa.t
+@@ -4,7 +4,7 @@ use Test;
+ use Crypt::OpenSSL::Random;
+ use Crypt::OpenSSL::RSA;
+ 
+-BEGIN { plan tests => 43 + (UNIVERSAL::can("Crypt::OpenSSL::RSA", "use_sha512_hash") ? 4*5 : 0) }
++BEGIN { plan tests => 46 + (UNIVERSAL::can("Crypt::OpenSSL::RSA", "use_sha512_hash") ? 4*5 : 0) }
+ 
+ sub _Test_Encrypt_And_Decrypt
+ {
+@@ -83,6 +83,15 @@ my $private_key_string = $rsa->get_private_key_string(
+ my $public_key_string = $rsa->get_public_key_string();
+ 
+ ok($private_key_string and $public_key_string);
++
++my $enc_private_key_string_default = $rsa->get_private_key_string('12345');
++ok($enc_private_key_string_default);
++
++my $enc_private_key_string_des3 = $rsa->get_private_key_string('12345', 'des3-cbc');
++ok($enc_private_key_string_des3);
++
++my $enc_private_key_string_idea = $rsa->get_private_key_string('12345', 'IDEA');
++ok($enc_private_key_string_idea);
+ 
+ my $plaintext = "The quick brown fox jumped over the lazy dog";
+ my $rsa_priv = Crypt::OpenSSL::RSA->new_private_key($private_key_string);