Revision history for Perl extension Crypt::OpenSSL::RSA.
0.41 Apr 24 2026
[Bug Fixes]
- PR #181: Skip OpenSSL 3.x-specific tests on LibreSSL. LibreSSL
reports version >= 3.0 via Crypt::OpenSSL::Guess's openssl_version()
but internally uses the pre-3.x code path
(OPENSSL_VERSION_NUMBER < 0x30000000L), causing two CPAN Testers
failures on OpenBSD: t/padding.t (use_sslv23_padding is still a
valid XS function on LibreSSL because RSA_SSLV23_PADDING exists)
and t/pkcs1_sign.t (RSA_verify on pre-3.x/LibreSSL ignores the
padding mode, so cross-padding verification succeeds). LibreSSL
is now detected by parsing `openssl version` output for the
"LibreSSL" string, using find_openssl_exec(find_openssl_prefix())
from Crypt::OpenSSL::Guess to locate the correct binary. The
earlier approach of detecting LibreSSL via an undefined patch
level was not reliable.
0.39 Apr 23 2026
[Bug Fixes]
- PR #171 GH #170: Fix macOS compile warnings. The OLD_CRUFTY_SSL_VERSION
macro used defined() inside a #define (undefined behavior when expanded
in #if directives); split into #ifdef/#else branches. Also cast
SvPV_nolen() result to UNSIGNED_CHAR* to silence the pointer-sign
mismatch in _load_rsa_key().
- PR #173: Reject non-RSA keys (EC, DSA, etc.) in _new_public_key_x509_der()
on OpenSSL 3.x. d2i_PUBKEY_bio() accepts any key type, unlike pre-3.x
d2i_RSA_PUBKEY_bio(); without validation a non-RSA DER key would be
stored in the rsaData struct and produce confusing failures later.
- PR #177: Check padding compatibility before message length in
private_encrypt() and public_decrypt(). Previously, calling these with
the default OAEP padding (or PSS) produced a misleading "plaintext too
long" error that hid the real issue (OAEP/PSS are fundamentally
incompatible with private_encrypt/public_decrypt). The clear
"OAEP/PSS padding is not supported" error is now emitted regardless of
data size, and the rejection extends to pre-3.x OpenSSL (previously
only checked on 3.x inside rsa_crypt()).
- PR #178: Validate key size in generate_key() before calling OpenSSL.
Reject negative, zero, and sub-512-bit key sizes with a clear croak
instead of letting OpenSSL produce cryptic errors or hang.
- PR #179 GH #174: Restore the lost configure_requires prereq on
Crypt::OpenSSL::Guess in Makefile.PL.
- PR #179 GH #175: Fix failing test 'Padding method pkcs1_pss is valid
for signing with ripemd160'.
[Improvements]
- PR #180: Add optional passphrase argument to new_private_key_der(),
enabling decryption of encrypted PKCS#8 DER (EncryptedPrivateKeyInfo)
private keys. On OpenSSL 3.x the passphrase is passed to the existing
OSSL_DECODER_CTX; on pre-3.x a d2i_PKCS8PrivateKey_bio() helper is
used. Previously only PEM-encoded keys supported a passphrase.
[Maintenance]
- PR #172: Fix 'passphase' -> 'passphrase' typo throughout the codebase
(RSA.xs internal names, RSA.pm POD for get_private_key_string, and the
test variable in t/format.t). The typo dates to the original 0.33
passphrase support. No functional change -- all renames are internal.
0.38 Apr 23 2026
[Bug Fixes]
- PR #103 GH #61: Re-enable PKCS#1 v1.5 padding for sign()/verify(). It
was incorrectly disabled in 0.35; the Marvin attack only affects
decryption, not signatures.
- PR #168: Fix croak message to reference use_pkcs1_oaep_padding() (not
use_pkcs1_padding()) when non-OAEP padding is used for encrypt/decrypt.
- PR #165: Fix OAEP overhead calculation that was hardcoded for SHA-1;
correct overhead is now computed per the configured hash algorithm.
- PR #141: Reject non-RSA keys (EC, DSA, RSA-PSS) loaded via
_load_rsa_key() on OpenSSL 3.x with a clear error instead of a
confusing failure later.
- PR #118: Fix private_encrypt() and public_decrypt() broken on OpenSSL
3.x with any padding except NO_PADDING; rsa_crypt() now distinguishes
encrypt vs. sign paths.
- PR #142: Free signature buffer on RSA_sign() failure on pre-3.x.
- PR #164 GH #152: Drain OpenSSL error queue after _get_key_parameters()
on OpenSSL 3.x so a failed optional-param lookup does not pollute the
error queue for subsequent operations.
- PR #161 GH #152: Cache is_private_key flag in rsaData struct to avoid a
per-call BIGNUM heap allocation on OpenSSL 3.x.
- PR #159 GH #155: Check return values of EVP_PKEY_get_bn_param() in
_get_key_parameters(); a failed mandatory param (n or e) now croaks
instead of silently returning undef.
- PR #160 GH #156: Use THROW macro for make_rsa_obj() result in
_new_key_from_parameters() to prevent resource leak on a NULL return.
- PR #158 GH #154: Extract setup_pss_sign_ctx() helper to deduplicate
PSS context setup in sign() and verify(); the two paths could previously
diverge silently.
- PR #157 GH #153: Eliminate duplicate NID-to-name table in
get_message_digest(); fixes whirlpool on OpenSSL 3.x where the old
low-level WHIRLPOOL() API path was being used instead of EVP_MD_fetch().
- PR #145: Fix BIO resource leak in extractBioString() error paths.
- PR #143: Validate that a private key is present before attempting export
in get_private_key_string().
- PR #140: NULL out BIGNUMs after freeing them in _new_key_from_parameters()
to prevent a double-free when make_rsa_obj() fails after they are freed.
- PR #137: Use BN_clear_free() (instead of BN_free()) for private key
BIGNUMs in _get_key_parameters() to scrub sensitive material.
- PR #136: Remove static buffer in get_message_digest() that caused
thread-safety problems under Perl ithreads.
- PR #134: Add Perl-level stub for use_sslv23_padding() on OpenSSL 3.x
where the underlying RSA_SSLV23_PADDING constant was removed.
- PR #133: Fix PSS MGF1 setup to inspect the correct padding fields
(sign_pad/verify_pad) instead of p_rsa->padding, preventing wrong
MGF1 hash on auto-promoted PSS operations.
- PR #120: Check PEM_write_bio_* return values in key export functions
so failures are reported rather than silently ignored.
- PR #119: Migrate SHA* digest calls to EVP_Q_digest() on OpenSSL 3.x,
replacing deprecated low-level SHA*() functions.
- PR #109: Drain the full OpenSSL error queue in croakSsl() and report
the last (most specific) error rather than the oldest one.
- PR #104: Guard croakSsl() against a NULL error string from
ERR_reason_error_string() to prevent a NULL-deref croak.
- PR #76: Do not include whrlpool.h when whirlpool support is disabled.
- Memory leak fixes across OpenSSL 3.x code paths (PR #75, PR #77, PR #78,
PR #79, PR #80, PR #81, PR #83, PR #87, PR #90, PR #99, PR #101, PR #108,
PR #112, PR #114, PR #127, PR #128, PR #129, PR #131): plugged leaks in
generate_key(), sign(), verify(), rsa_crypt(), check_key(),
get_public_key_string(), _new_key_from_parameters(), and
_get_key_parameters() across success and error paths.
[Improvements]
- PR #169: Make Crypt::OpenSSL::Bignum a hard runtime requirement (moved
from recommended to required in Makefile.PL and added hard import in
RSA.pm); it was already required in practice for get_key_parameters().
- PR #126: new_public_key() now accepts DER-encoded public keys in addition
to PEM; format is detected automatically via ASN.1 OID inspection.
- PR #124: Add get_private_key_pkcs8_string() to export private keys in
PKCS#8 PEM format.
- PR #110: Add get_public_key_pkcs1_string() as an alias for
get_public_key_string() for API symmetry with the X.509/PKCS#1 naming.
- PR #111: Add optional check=>1 parameter to new_key_from_parameters()
to validate the constructed key via check_key() before returning it.
- PR #135: Add plaintext length pre-validation in rsa_crypt() with a
descriptive croak before attempting the OpenSSL operation.
- PR #151: Reject invalid (even-numbered) RSA exponents before passing
them to OpenSSL, preventing a potential hang during key generation.
[Maintenance]
- PR #163: Add CONTRIBUTING.md and SECURITY.md to satisfy CPANTS
experimental kwalitee metrics.
- PR #144: Clean up Makefile.PL metadata: remove dead -DPERL5 and
-DOPENSSL_NO_KRB5 defines; derive version dynamically from RSA.pm.
- PR #130: Add test coverage for generate_key() with custom public
exponents and exponent validation.
- PR #121: Add test coverage for private_encrypt() and public_decrypt().
- PR #148: Add PKCS#1 v1.5 signing regression tests (PR #148).
- PR #95: Add error-path and edge-case test coverage (t/error.t).
- PR #115, PR #116: Add encrypt/decrypt and sign/verify edge-case tests.
- PR #85, PR #86, PR #88, PR #91: Improve test assertions — replace bare
ok() calls with is()/like() and add descriptive test names throughout.
- PR #84: Add macOS CI job covering both system LibreSSL and Homebrew
OpenSSL 3.x.
- PR #123: Add Valgrind memory-leak detection CI job on Debian bookworm.
- PR #73: Fix META URLs, remove duplicate .gitignore entries, fix
build_requires; add Debian trixie (OpenSSL 3.4.x) to CI matrix.
- PR #72: Bump actions/checkout from v4 to v6.
- PR #82: Bump perl-actions/perl-versions from 1 to 2.
- PR #70: Add Dependabot for automatic GitHub Actions version updates.
- PR #69: Remove Debian buster from CI matrix (EOL).
0.37 Oct 29 2025
- Fix libressl bitwise logic error in RSA.xs
0.36 Oct 29 2025
- Fix old openssl on strawberry does not include whrlpool.h
- libressl message digest functions md cannot be NULL
- Don't support whirlpool in libressl
- Add support for use_pkcs1_pss_padding with fatal error if RSA-PSS is used for encryption operations
0.35 May 7 2025
- Disable PKCS#1 v1.5 padding. It's not practical to mitigate marvin attacks so we will instead disable this and require alternatives to address the issue.
- Resolves #42 - CVE-2024-2467.
0.34 May 5 2025
- Production release.
0.34_03 May 4 2025
- Fix bug in rsa_crypt. Need to pass NULL
0.34_02 May 4 2025
- t/rsa.t needs to tolerate sha1 being disabled on rhel.
0.34_01 May 3 2025
- docs - plaintext = decrypt(cyphertext)
- #44 - Fix issue when libz is not linked on AIX
- #50 - Correct openssl version may not be found
- #52 - Out of memory on openssl 1.1.1w hpux
- #47 - Update FSF address and LGPL name in LICENSE
- #55 - stop using AutoLoader
- #48 - Whirlpool is missing the header
- Move github repo to cpan-authors
- Fully support openSSL 3.x API
0.33 July 7 2022
- Update for windows github CI
- Remove duplicit 'LICENSE' key
- Remove EUMM Remove version check
- #31 by removing reference to RSA_SSLV23_PADDING (removed from OpenSSL starting from v3.0.0)
- support passphase protected private key load
- fix 'unsupported encryption' error on old library versions
- Clarify croak message for missing passphrase on older cyphers
- More structs opaqued in LibreSSL 3.5
- Use a macro for dealing with older SSL lacking macros
- more CI fixups. Drop testing for 5.10 and 5.8. Something is broken upstream.
0.32 Wed Sep 8 2021
- Prefix internal bn2sv function so it doesn't collide with Net::SSLeay
- Ensure that verify() leaves openssl error stack clean on failure
- Fixed broken SEE ALSO links.
- prevent outer $SIG{__DIE__} handler from being called during optional require.
- omit done_testing since it does not work for older perl versions
0.31 Mon Sep 24 2018
- Remove default of SHA256 for RSA keys. This has caused significant
problems with downstream modules and it has always been possible to
do $key->use_sha256_hash()
0.30 Tue May 1 2018
- Working windows library detection
- Actively testing on appveyor for windows now.
- work correctly on LibreSSL
0.29_03 Mon Apr 16 2018
- Add whirlpool hash support.
- Crypt::OpenSSL::Random is now required at comnpile-time.
- Use the new interface to RSA_generate_key if available
- Add library paths to LIBS from Crypt::OpenSSL::Guess
0.29_02 Sun Apr 15 2018
- Add missing require of Config::OpenSSL::Guess
0.29_01 Fri Apr 13 2018
- Adapt to OpenSSL 1.1.0 (dur-randir)
- Move issue tracker to github.
- Modernization as in Crypt::OpenSSL::Random.
- better MSWin32 hints, fixes MSVC libraries,
- more meta tests,
- prefer hash mode NID_sha256 over NID_sha1 for sign
0.28 Thu Aug 25 2011 - Moritz Onken (PERLER)
- RT 56454 - Win32 compatibility patch (kmx@cpan.org)
0.27 Wed Jun 29 2011 - Todd Rinaldo (TODDR)
- RT 65947 - Fix RSA.pm break with perl 5.14+
0.26 Sun Nov 22 2009 11:01:13
- Change subclassing test to generate a 512 bit key in order to work
around an odd issue seen on some 64-bit redhat systems. (CPAN bug 45498)
0.25 Sun May 20 2007 12:56:11
- Add a LICENSE file.
- Fix a bug (reported by many) in rsa.t - we were incorrectly counting
the number of tests in situations where use_sha512_hash was
not available.
0.24 Mon Nov 13 2006 08:21:14
- Fix a bug reported by Mark Martinec <Mark.Martinec@ijs.si>
where encrypt could segfault if called with insufficient
data; it now informatively croaks instead.
- Fix a bug reported by Mark Martinec where check_key would
segfault instead of croaking when called on a public key.
- Fix decrypt and private_encrypt to croak instead of segfault when
called on a public key.
- Add an is_private method.
- Silence a few compiler warnings about ignoring return values
from certain BIO_* methods.
0.23 Wed Apr 12 2006 00:06:10
- Provide 32 bytes of seeding in tests, up from 19.
- Stop relying on implicit includes, which disappeared in the 0.98
release of OpenSSL.
- Apply patch from Jim Radford <radford@blackbean.org> to add support
for SHA{224,256,384,512}
0.22 Mon Nov 15 2005 21:13:20
- Add public_decrypt, private_encrypt methods, contributed
by Paul G. Weiss <paul@weiss.name>
- Some changes to help builds on Redhat9
- Remove deprecated methods:
* the no-arg new constructor - use new_from_public_key,
new_from_private_key or Crypt::OpenSSL::RSA->generate_key instead
* load_public_key - use new_from_public_key
* load_private_key - use new_from_private_key
* generate_key as an instance method - use it as a class constructor
method instead.
* set_padding_mode - use use_no_padding, use_pkcs1_padding,
use_pkcs1_oaep_padding, or use_sslv23_padding instead.
* get_padding_mode
- Eliminate all(most all) memory leaks.
- fix email address
- Stop returning true from methods just to indicate success.
- Change default public exponent from 65535 to 65537
0.21 Sun Feb 15 2004 21:13:45
- Include t/format.t in the MANIFEST file, so that it is
actually included in the distribution.
0.20 Sun Feb 15 2004 15:21:40
- Finally add support for the public key format produced by
"openssl rsa -pubout".
- Add comment in readme about locating kerberos files on redhat systems
0.19 Sun Apr 27 2003 18:33:48
- Revert back to old declaration style so that we no longer
break under perl 5.005 (spotted by Rob Brown <bbb@cpan.org>).
- Add some needed use statements in legacy.t and rsa.t (patch
submitted by Rob Brown).
- Fix typo in docs spotted by Daniel Drown <dan@drown.org>
- Update copyright dates.
0.18 Sun Feb 23 2003 20:44:35
- Add two new methods, new_key_from_parameters and
get_key_parameters, which, working with
Crypt::OpenSSL::Bignum, allow working directly with the
paramaters of an rsa key.
0.17 Mon Jan 06 2003 22:43:31
- Workaround for gcc 3.2 compile problems:
"/usr/include/openssl/des.h:193: parse error before '&' token"
(Patch by Rob Brown <bbb@cpan.org>)
- Deprecate no-arg constructor, load_*_key methods and the
instance method generate_key; switch to three constructors:
new_public_key, new_private_key and generate_key (as a class
method)
- Deprecate set_padding_mode method; replace with
use_xxx_padding.
- move tests into t directory, use Test as a framework
0.16 Tue Jun 11 22:01:45
- Fix bug reported by Rob McMillin <rlm@pricegrabber.com> which
prevented subclassing.
0.15 Fri Jun 07 09:13:12
- Fix two bugs reported by Gordon Lack <gml4410@ggr.co.uk>: use
IV, not I32, for pointers, and cast the right-hand, not
left-hand, value when doing an assignment from an SV to an HV
0.14 Sun May 19 12:35:21
- Fix bug reported by Charles Jardine <cj10@cam.ac.uk>: use
Safefree, not free, to release memory allocated by New
0.13 Thu Mar 21 00:10:30
- Incorporating patch from Matthias Bauer
<bauerm@immd1.informatik.uni-erlangen.de>, which provides
signing and verification, as well as uses OpenSSL's internal
error reporting system. This patch also fixes a bug with the
RSA_NO_PADDING_MODE. Thanks, Matthias!
- Deprecate set_padding_mode in favor of use_xxx_padding.
- Rather than returning true on success, false on failure, just
croak when there are problems.
- Plug memory leaks.
- Fix my email address (it's cpan.org, not cpan.com)
0.12 Thu Sep 06 22:44:17
- Fixing bug with Crypt::OpenSSL::Random interoperability
- Implementing patch from Thomas Linden <scip@daemon.de>
fixing a keysize bug
- Fixing email address in docs.
0.11 Tue Apr 10 22:45:31
- Fixing bug in test.pl.
0.10 Mon Apr 09 18:25:41
- Moving random routines into Crypt::OpenSSL::Random
- Use New instead of malloc
0.09 Mon Apr 02 12:27:10
- Typo fix, and always exercise test random_seed in testing.
0.08 Sun Apr 01 23:04:31
- Changing method names to match convention
0.07 Thu Mar 08 3:31:41 2001
- Allow seeding of the PRNG
0.06 Thu Mar 08 12:40:04 2001
- Adding a readme file.
0.05 Mon Feb 26 10:50:43 2001
- Removing signing and verification, due to bizarre bugs
0.04 Fri Feb 23 10:41:33 2001
- Removing Base64 functionality and dependence
0.01 Wed Feb 14 11:21:42 2001
- original version; created by h2xs 1.19