diff --git a/lib/Crypt/PK/DH.pm b/lib/Crypt/PK/DH.pm index 43ebf93..b7b0772 100644 --- a/lib/Crypt/PK/DH.pm +++ b/lib/Crypt/PK/DH.pm @@ -227,7 +227,9 @@ } elsif (ref $param eq 'SCALAR') { my $data = $$param; - $data = pem_to_der($data) if $data =~ /-----BEGIN DH PARAMETERS-----\s*(.+)\s*-----END DH PARAMETERS-----/s; + if ($data =~ /-----BEGIN DH PARAMETERS-----\s*(.+)\s*-----END DH PARAMETERS-----/s) { + $data = pem_to_der($data) or croak "FATAL: PEM/params decode failed"; + } return $self->_generate_key_dhparam($data); } elsif (ref $param eq 'HASH') { diff --git a/lib/Crypt/PK/DSA.pm b/lib/Crypt/PK/DSA.pm index 4130465..02316ec 100644 --- a/lib/Crypt/PK/DSA.pm +++ b/lib/Crypt/PK/DSA.pm @@ -36,7 +36,9 @@ } elsif (@_ == 1 && ref $_[0] eq 'SCALAR') { my $data = ${$_[0]}; - $data = pem_to_der($data) if $data =~ /-----BEGIN DSA PARAMETERS-----\s*(.+)\s*-----END DSA PARAMETERS-----/s; + if ($data =~ /-----BEGIN DSA PARAMETERS-----\s*(.+)\s*-----END DSA PARAMETERS-----/s) { + $data = pem_to_der($data) or croak "FATAL: PEM/params decode failed"; + } return $self->_generate_key_dsaparam($data); } croak "FATAL: DSA generate_key - invalid args"; @@ -76,11 +78,11 @@ croak "FATAL: invalid key data" unless $data; if ($data =~ /-----BEGIN (DSA PRIVATE|DSA PUBLIC|PRIVATE|PUBLIC) KEY-----(.*?)-----END/sg) { - $data = pem_to_der($data, $password); + $data = pem_to_der($data, $password) or croak "FATAL: PEM/key decode failed"; return $self->_import($data); } elsif ($data =~ /---- BEGIN SSH2 PUBLIC KEY ----(.*?)---- END SSH2 PUBLIC KEY ----/sg) { - $data = pem_to_der($data); + $data = pem_to_der($data) or croak "FATAL: PEM/key decode failed"; my ($typ, $p, $q, $g, $y) = Crypt::PK::_ssh_parse($data); return $self->_import_hex(unpack('H*',$p), unpack('H*',$q), unpack('H*',$g), undef, unpack('H*',$y)) if $typ && $p && $q && $g && $y && $typ eq 'ssh-dss'; } diff --git a/lib/Crypt/PK/ECC.pm b/lib/Crypt/PK/ECC.pm index 1eb825f..fdfb895 100644 --- a/lib/Crypt/PK/ECC.pm +++ b/lib/Crypt/PK/ECC.pm @@ -219,16 +219,16 @@ croak "FATAL: invalid key data" unless $data; if ($data =~ /-----BEGIN (EC PRIVATE|EC PUBLIC|PUBLIC) KEY-----(.*?)-----END/sg) { - $data = pem_to_der($data, $password); + $data = pem_to_der($data, $password) or croak "FATAL: PEM/key decode failed"; my $rv = eval { $self->_import($data) } || eval { $self->_import_old($data) }; return $rv if $rv; } elsif ($data =~ /-----BEGIN PRIVATE KEY-----(.*?)-----END/sg) { - $data = pem_to_der($data, $password); + $data = pem_to_der($data, $password) or croak "FATAL: PEM/key decode failed"; return $self->_import_pkcs8($data, $password); } elsif ($data =~ /-----BEGIN ENCRYPTED PRIVATE KEY-----(.*?)-----END/sg) { - $data = pem_to_der($data, $password); + $data = pem_to_der($data, $password) or croak "FATAL: PEM/key decode failed"; return $self->_import_pkcs8($data, $password); } elsif ($data =~ /^\s*(\{.*?\})\s*$/s) { @@ -244,11 +244,11 @@ } } elsif ($data =~ /-----BEGIN CERTIFICATE-----(.*?)-----END CERTIFICATE-----/sg) { - $data = pem_to_der($data); + $data = pem_to_der($data) or croak "FATAL: PEM/cert decode failed"; return $self->_import_x509($data); } elsif ($data =~ /---- BEGIN SSH2 PUBLIC KEY ----(.*?)---- END SSH2 PUBLIC KEY ----/sg) { - $data = pem_to_der($data); + $data = pem_to_der($data) or croak "FATAL: PEM/key decode failed"; my ($typ, $skip, $pubkey) = Crypt::PK::_ssh_parse($data); return $self->import_key_raw($pubkey, "$2") if $pubkey && $typ =~ /^ecdsa-(.+?)-(.*)$/; } diff --git a/lib/Crypt/PK/Ed25519.pm b/lib/Crypt/PK/Ed25519.pm index 89d8acc..1569c67 100644 --- a/lib/Crypt/PK/Ed25519.pm +++ b/lib/Crypt/PK/Ed25519.pm @@ -64,19 +64,19 @@ croak "FATAL: invalid key data" unless $data; if ($data =~ /-----BEGIN PUBLIC KEY-----(.*?)-----END/sg) { - $data = pem_to_der($data, $password); + $data = pem_to_der($data, $password) or croak "FATAL: PEM/key decode failed"; return $self->_import($data); } elsif ($data =~ /-----BEGIN PRIVATE KEY-----(.*?)-----END/sg) { - $data = pem_to_der($data, $password); + $data = pem_to_der($data, $password) or croak "FATAL: PEM/key decode failed"; return $self->_import_pkcs8($data, $password); } elsif ($data =~ /-----BEGIN ENCRYPTED PRIVATE KEY-----(.*?)-----END/sg) { - $data = pem_to_der($data, $password); + $data = pem_to_der($data, $password) or croak "FATAL: PEM/key decode failed"; return $self->_import_pkcs8($data, $password); } elsif ($data =~ /-----BEGIN ED25519 PRIVATE KEY-----(.*?)-----END/sg) { - $data = pem_to_der($data, $password); + $data = pem_to_der($data, $password) or croak "FATAL: PEM/key decode failed"; return $self->_import_pkcs8($data, $password); } elsif ($data =~ /^\s*(\{.*?\})\s*$/s) { # JSON @@ -87,7 +87,7 @@ } } elsif ($data =~ /-----BEGIN CERTIFICATE-----(.*?)-----END CERTIFICATE-----/sg) { - $data = pem_to_der($data); + $data = pem_to_der($data) or croak "FATAL: PEM/cert decode failed"; return $self->_import_x509($data); } elsif ($data =~ /-----BEGIN OPENSSH PRIVATE KEY-----(.*?)-----END/sg) { @@ -97,7 +97,7 @@ croak "FATAL: OPENSSH PRIVATE KEY not supported"; } elsif ($data =~ /---- BEGIN SSH2 PUBLIC KEY ----(.*?)---- END SSH2 PUBLIC KEY ----/sg) { - $data = pem_to_der($data); + $data = pem_to_der($data) or croak "FATAL: PEM/key decode failed"; my ($typ, $pubkey) = Crypt::PK::_ssh_parse($data); return $self->_import_raw($pubkey, 0) if $typ eq 'ssh-ed25519' && length($pubkey) == 32; } diff --git a/lib/Crypt/PK/RSA.pm b/lib/Crypt/PK/RSA.pm index 92e71c1..768753e 100644 --- a/lib/Crypt/PK/RSA.pm +++ b/lib/Crypt/PK/RSA.pm @@ -122,17 +122,17 @@ # PKCS#1 RSAPublicKey (PEM header: BEGIN RSA PUBLIC KEY) # PKCS#1 RSAPrivateKey (PEM header: BEGIN RSA PRIVATE KEY) # X.509 SubjectPublicKeyInfo (PEM header: BEGIN PUBLIC KEY) - $data = pem_to_der($data, $password); + $data = pem_to_der($data, $password) or croak "FATAL: PEM/key decode failed"; return $self->_import($data) if $data; } elsif ($data =~ /-----BEGIN PRIVATE KEY-----(.*?)-----END/sg) { # PKCS#8 PrivateKeyInfo (PEM header: BEGIN PRIVATE KEY) - $data = pem_to_der($data, $password); + $data = pem_to_der($data, $password) or croak "FATAL: PEM/key decode failed"; return $self->_import_pkcs8($data, $password); } elsif ($data =~ /-----BEGIN ENCRYPTED PRIVATE KEY-----(.*?)-----END/sg) { # PKCS#8 PrivateKeyInfo (PEM header: BEGIN ENCRYPTED PRIVATE KEY) - $data = pem_to_der($data, $password); + $data = pem_to_der($data, $password) or croak "FATAL: PEM/key decode failed"; return $self->_import_pkcs8($data, $password); } elsif ($data =~ /^\s*(\{.*?\})\s*$/s) { @@ -147,11 +147,11 @@ } } elsif ($data =~ /-----BEGIN CERTIFICATE-----(.*?)-----END CERTIFICATE-----/sg) { - $data = pem_to_der($data); + $data = pem_to_der($data) or croak "FATAL: PEM/cert decode failed"; return $self->_import_x509($data); } elsif ($data =~ /---- BEGIN SSH2 PUBLIC KEY ----(.*?)---- END SSH2 PUBLIC KEY ----/sg) { - $data = pem_to_der($data); + $data = pem_to_der($data) or croak "FATAL: PEM/key decode failed"; my ($typ, $N, $e) = Crypt::PK::_ssh_parse($data); return $self->_import_hex(unpack("H*", $e), unpack("H*", $N)) if $typ && $e && $N && $typ eq 'ssh-rsa'; } diff --git a/lib/Crypt/PK/X25519.pm b/lib/Crypt/PK/X25519.pm index 121bb22..f659326 100644 --- a/lib/Crypt/PK/X25519.pm +++ b/lib/Crypt/PK/X25519.pm @@ -64,19 +64,19 @@ croak "FATAL: invalid key data" unless $data; if ($data =~ /-----BEGIN PUBLIC KEY-----(.*?)-----END/sg) { - $data = pem_to_der($data, $password); + $data = pem_to_der($data, $password) or croak "FATAL: PEM/key decode failed"; return $self->_import($data); } elsif ($data =~ /-----BEGIN PRIVATE KEY-----(.*?)-----END/sg) { - $data = pem_to_der($data, $password); + $data = pem_to_der($data, $password) or croak "FATAL: PEM/key decode failed"; return $self->_import_pkcs8($data, $password); } elsif ($data =~ /-----BEGIN ENCRYPTED PRIVATE KEY-----(.*?)-----END/sg) { - $data = pem_to_der($data, $password); + $data = pem_to_der($data, $password) or croak "FATAL: PEM/key decode failed"; return $self->_import_pkcs8($data, $password); } elsif ($data =~ /-----BEGIN X25519 PRIVATE KEY-----(.*?)-----END/sg) { - $data = pem_to_der($data, $password); + $data = pem_to_der($data, $password) or croak "FATAL: PEM/key decode failed"; return $self->_import_pkcs8($data, $password); } elsif ($data =~ /^\s*(\{.*?\})\s*$/s) { # JSON