rebase: apply review feedback on cpan-authors#126

- **Added DER-encoded private key support in `new_private_key()`** per @timlegge's request to support importing private keys from DER format, matching the existing DER support added for public keys.
- **RSA.xs**: Renamed XS `new_private_key` to `_new_private_key_pem` (internal), added `_new_private_key_der` XS function using `OSSL_DECODER` on OpenSSL 3.x and `d2i_PrivateKey_bio` on pre-3.x.
- **RSA.pm**: Added Perl-level `new_private_key` wrapper that detects PEM (starts with `-----`) vs DER (ASN.1 SEQUENCE tag `\x30`) and routes to the appropriate XS function. Passphrase parameter is passed through for PEM keys.
- **RSA.pm POD**: Updated `new_private_key` documentation to describe DER support and clarify passphrase is PEM-only.
- **t/der.t**: Added 8 new tests (14 → 22 total): DER private key loading, round-trip verification, signing with DER-loaded private key, error cases for invalid DER private key data, and regression test that PEM private keys still work through the new wrapper.

Author: Koan-Bot

RSA.pm

@@ -43,6 +43,21 @@ sub new_public_key {
     }
 }
 
+sub new_private_key {
+    my ( $proto, $p_key_string, @rest ) = @_;
+    if ( $p_key_string =~ /^-----/ ) {
+        return $proto->_new_private_key_pem($p_key_string, @rest);
+    }
+    elsif ( length($p_key_string) > 0 && substr($p_key_string, 0, 1) eq "\x30" ) {
+        # ASN.1 SEQUENCE tag detected — likely DER-encoded private key.
+        return $proto->_new_private_key_der($p_key_string);
+    }
+    else {
+        croak "unrecognized key format: expected PEM-encoded key (starting with '-----BEGIN') "
+            . "or DER-encoded key (binary ASN.1 data)";
+    }
+}
+
 sub new_key_from_parameters {
     my ( $proto, $n, $e, $d, $p, $q, %opts ) = @_;
     my $rsa = $proto->_new_key_from_parameters( map { $_ ? $_->pointer_copy() : 0 } $n, $e, $d, $p, $q );
@@ -146,18 +161,23 @@ C<use_pkcs1_pss_padding> or C<use_pkcs1_padding> prior to signing operations.
 =item new_private_key
 
 Create a new C<Crypt::OpenSSL::RSA> object by loading a private key in
-from an string containing the Base64/DER encoding of the PKCS1
-representation of the key.  The string should include the
-C<-----BEGIN...-----> and C<-----END...-----> lines.  The padding is set to
-PKCS1_OAEP, but can be changed with C<use_xxx_padding>.
+from a string containing either PEM or DER encoding of the key.
+
+For PEM keys, the string should include the C<-----BEGIN...-----> and
+C<-----END...-----> lines.  The padding is set to PKCS1_OAEP, but can
+be changed with C<use_xxx_padding>.
 
-An optional parameter can be passed for passphase protected private key:
+DER-encoded keys (raw binary ASN.1) are also accepted.
+
+An optional parameter can be passed for passphrase-protected PEM private
+keys:
 
 =over
 
-=item passphase
+=item passphrase
 
-The passphase which protects the private key.
+The passphrase which protects the private key.  Note: passphrase
+protection is only supported for PEM-encoded keys.
 
 =back
 

RSA.xs

@@ -427,7 +427,7 @@ BOOT:
 #endif
 
 SV*
-new_private_key(proto, key_string_SV, passphase_SV=&PL_sv_undef)
+_new_private_key_pem(proto, key_string_SV, passphase_SV=&PL_sv_undef)
     SV* proto;
     SV* key_string_SV;
     SV* passphase_SV;
@@ -519,6 +519,45 @@ _new_public_key_pkcs1_der(proto, key_string_SV)
   OUTPUT:
     RETVAL
 
+SV*
+_new_private_key_der(proto, key_string_SV)
+    SV* proto;
+    SV* key_string_SV;
+  PREINIT:
+    STRLEN keyStringLength;
+    char* keyString;
+    EVP_PKEY* pkey;
+    BIO* bio;
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+    OSSL_DECODER_CTX* dctx;
+#endif
+  CODE:
+    keyString = SvPV(key_string_SV, keyStringLength);
+    CHECK_OPEN_SSL(bio = BIO_new_mem_buf(keyString, keyStringLength));
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+    pkey = NULL;
+    dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL,
+                                          "RSA", OSSL_KEYMGMT_SELECT_ALL,
+                                          NULL, NULL);
+    if (!dctx) {
+        BIO_free(bio);
+        croakSsl(__FILE__, __LINE__);
+    }
+    if (!OSSL_DECODER_from_bio(dctx, bio)) {
+        OSSL_DECODER_CTX_free(dctx);
+        BIO_free(bio);
+        croakSsl(__FILE__, __LINE__);
+    }
+    OSSL_DECODER_CTX_free(dctx);
+#else
+    pkey = d2i_PrivateKey_bio(bio, NULL);
+#endif
+    BIO_free(bio);
+    CHECK_OPEN_SSL(pkey);
+    RETVAL = make_rsa_obj(proto, pkey);
+  OUTPUT:
+    RETVAL
+
 void
 DESTROY(p_rsa)
     rsaData* p_rsa;

t/der.t

@@ -4,7 +4,7 @@ use Test::More;
 use MIME::Base64;
 use Crypt::OpenSSL::RSA;
 
-BEGIN { plan tests => 14 }
+BEGIN { plan tests => 22 }
 
 # --- Generate a key pair for testing ---
 
@@ -70,6 +70,43 @@ $pub_from_pkcs1_der->use_sha256_hash();
 ok( $pub_from_pkcs1_der->verify($plaintext, $sig),
     "PKCS#1 DER-loaded key verifies signature" );
 
+# --- Private key DER support ---
+
+my $priv_pem = $rsa->get_private_key_string();
+my $priv_der = pem_to_der($priv_pem);
+
+is( ord(substr($priv_der, 0, 1)), 0x30, "Private key DER starts with SEQUENCE tag" );
+
+my $priv_from_der;
+ok( $priv_from_der = Crypt::OpenSSL::RSA->new_private_key($priv_der),
+    "new_private_key loads DER-encoded private key" );
+
+ok( $priv_from_der->is_private(),
+    "DER-loaded private key is recognized as private" );
+
+is( $priv_from_der->get_public_key_x509_string(), $x509_pem,
+    "DER-loaded private key exports same public key" );
+
+# Verify DER-loaded private key can sign and original public key can verify
+$priv_from_der->use_sha256_hash();
+my $sig2 = $priv_from_der->sign($plaintext);
+ok( $pub_from_x509_der->verify($plaintext, $sig2),
+    "signature from DER-loaded private key verifies" );
+
+# Error: DER-like data for private key
+eval { Crypt::OpenSSL::RSA->new_private_key("\x30\x00") };
+ok( $@, "new_private_key croaks on truncated DER data" );
+
+# Error: bogus binary data for private key
+eval { Crypt::OpenSSL::RSA->new_private_key("\x01\x02\x03\x04") };
+like( $@, qr/unrecognized key format/,
+    "new_private_key gives helpful error on random binary data" );
+
+# PEM private keys still work through the wrapper
+my $priv_from_pem;
+ok( $priv_from_pem = Crypt::OpenSSL::RSA->new_private_key($priv_pem),
+    "new_private_key still loads PEM-encoded private key" );
+
 # --- Error cases ---
 
 # DER-like data that isn't a valid key