From 0fdb4b8cc308c0ffb6eb343d15e611b4d7930add Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C5=8Dan?= Date: Sat, 21 Mar 2026 00:11:59 -0600 Subject: [PATCH] fix: add Perl stub for use_sslv23_padding() on OpenSSL 3.x On OpenSSL 3.x, the XS implementation of use_sslv23_padding() is compiled out by a preprocessor guard (#if OPENSSL_VERSION_NUMBER < 0x30000000L). This left callers with a confusing "Can't locate object method" error instead of a helpful message. Add a Perl-level fallback that croaks with a clear deprecation message explaining SSLv23 padding was removed and suggesting use_pkcs1_oaep_padding() or use_pkcs1_pss_padding() as alternatives. The stub is only installed when the XS function is absent (pre-3.x builds retain the native implementation). Updated padding.t to verify the error message content. Co-Authored-By: Claude Opus 4.6 --- RSA.pm | 14 +++++++++++++- t/padding.t | 7 ++++--- 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/RSA.pm b/RSA.pm index 838cb02..0c2f580 100644 --- a/RSA.pm +++ b/RSA.pm @@ -52,6 +52,15 @@ sub get_key_parameters { *get_public_key_pkcs1_string = \&get_public_key_string; +unless ( defined &use_sslv23_padding ) { + *use_sslv23_padding = sub { + croak( "use_sslv23_padding is not available: " + . "SSLv23 padding was removed in OpenSSL 3.x. " + . "Use use_pkcs1_oaep_padding() for encryption " + . "or use_pkcs1_pss_padding() for signatures instead." ); + }; +} + 1; __END__ @@ -321,7 +330,10 @@ fatal error. Call C for encryption operations. Use C padding with an SSL-specific modification that denotes that the server is SSL3 capable. -Not available since OpenSSL 3. +B Calling this method will +croak with a descriptive error message suggesting alternatives. +Use C for encryption or +C for signatures. =back diff --git a/t/padding.t b/t/padding.t index 3da9b65..595c30b 100644 --- a/t/padding.t +++ b/t/padding.t @@ -8,7 +8,7 @@ use Crypt::OpenSSL::Guess qw(openssl_version); my ($major, $minor, $patch) = openssl_version; BEGIN { - plan tests => 123 + ( UNIVERSAL::can( "Crypt::OpenSSL::RSA", "use_sha512_hash" ) ? 4 * 5 : 0 ); + plan tests => 124 + ( UNIVERSAL::can( "Crypt::OpenSSL::RSA", "use_sha512_hash" ) ? 4 * 5 : 0 ); } sub _Test_Encrypt_And_Decrypt { @@ -84,12 +84,13 @@ my $rsa_pub = Crypt::OpenSSL::RSA->new_public_key($public_key_string); $plaintext .= $plaintext x 5; # sslv23 is unsupported on OpenSSL 3.x SKIP: { - skip "OpenSSL version less than 3.0 supports sslv23", 1 + skip "OpenSSL version less than 3.0 supports sslv23", 2 if $major lt '3.0'; eval { $rsa->use_sslv23_padding; }; - ok($@, "Padding method sslv23 unsupported on OpenSSL 3.x"); + ok($@, "use_sslv23_padding croaks on OpenSSL 3.x"); + like($@, qr/SSLv23 padding was removed/, "error message explains deprecation"); } # pkcs1 is supported (for signatures, not encryption)