diff --git a/.gitignore b/.gitignore index ca0f8db..8b41638 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ Crypt-OpenSSL-DSA-0.13.tar.gz /Crypt-OpenSSL-DSA-0.14.tar.gz /Crypt-OpenSSL-DSA-0.15.tar.gz +/Crypt-OpenSSL-DSA-0.18.tar.gz diff --git a/Crypt-OpenSSL-DSA-0.13-security_croak-in-do_verify-too.patch b/Crypt-OpenSSL-DSA-0.13-security_croak-in-do_verify-too.patch deleted file mode 100644 index 3ae7057..0000000 --- a/Crypt-OpenSSL-DSA-0.13-security_croak-in-do_verify-too.patch +++ /dev/null @@ -1,35 +0,0 @@ -# Author: Damyan Ivanov -# Description: make do_verify() croak on error in the same way -# verify() already does -# Document that verify()/do_verify() croak on errors -# Debian-Bug: http://bugs.debian.org/511519 ---- a/DSA.xs -+++ b/DSA.xs -@@ -139,6 +139,8 @@ do_verify(dsa, dgst, sig) - CODE: - dgst_pv = SvPV(dgst, dgst_len); - RETVAL = DSA_do_verify(dgst_pv, dgst_len, sig, dsa); -+ if (RETVAL == -1) -+ croak("Error in DSA_do_verify: %s",ERR_error_string(ERR_get_error(), NULL)); - OUTPUT: - RETVAL - ---- a/lib/Crypt/OpenSSL/DSA.pm -+++ b/lib/Crypt/OpenSSL/DSA.pm -@@ -124,10 +124,14 @@ Verifies that the $sig signature for $me - - $dsa is the signer's public key. - -+Note it croaks if the underlying library call returns error (-1). -+ - =item $valid = $dsa->do_verify( $message, $sig_obj ); - - Similar to C, but uses a L object. - -+Note it croaks if the underlying library call returns error (-1). -+ - =item $dsa->write_params( $filename ); - - Writes the parameters into a PEM file. - - diff --git a/Crypt-OpenSSL-DSA-0.15-Adapt-to-OpenSSL-1.1.0.patch b/Crypt-OpenSSL-DSA-0.15-Adapt-to-OpenSSL-1.1.0.patch deleted file mode 100644 index c0be243..0000000 --- a/Crypt-OpenSSL-DSA-0.15-Adapt-to-OpenSSL-1.1.0.patch +++ /dev/null @@ -1,512 +0,0 @@ -From 48707824049eda6a6dd2d8414c2df01a96f44099 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= -Date: Fri, 14 Oct 2016 11:26:01 +0200 -Subject: [PATCH] Adapt to OpenSSL 1.1.0 -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -OpenSSL 1.1.0 hid structure internals and provided methods for reading -and writing them. This patch adapts to the changes so that it's -possible to build it against the new as well as as old OpenSSL -library. - -Because the new OpenSSL does not support setting each prime number -separately, this patch fakes somes otherwise undefined values. This -looks ugly but this cannot be done better. - -I recommend to add new Perl subroutines for setting the prime numbers in a -bulk as new OpenSSL does. These will be a strightforward binding with -less code and higher performance. - -CPAN RT#118346 - -Signed-off-by: Petr Písař ---- - DSA.xs | 282 +++++++++++++++++++++++++++++++++++++++++++++++--- - t/10-selftest.t | 18 +++- - t/90-openssl-compat.t | 2 +- - 3 files changed, 286 insertions(+), 16 deletions(-) - -diff --git a/DSA.xs b/DSA.xs -index 00e6b27..4c5e2ac 100644 ---- a/DSA.xs -+++ b/DSA.xs -@@ -18,6 +18,95 @@ extern "C" { - } - #endif - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+static void DSA_get0_pqg(const DSA *d, -+ const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) -+{ -+ if (p != NULL) -+ *p = d->p; -+ if (q != NULL) -+ *q = d->q; -+ if (g != NULL) -+ *g = d->g; -+} -+ -+static int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g) -+{ -+ /* If the fields p, q and g in d are NULL, the corresponding input -+ * parameters MUST be non-NULL. -+ */ -+ if ((d->p == NULL && p == NULL) -+ || (d->q == NULL && q == NULL) -+ || (d->g == NULL && g == NULL)) -+ return 0; -+ -+ if (p != NULL) { -+ BN_free(d->p); -+ d->p = p; -+ } -+ if (q != NULL) { -+ BN_free(d->q); -+ d->q = q; -+ } -+ if (g != NULL) { -+ BN_free(d->g); -+ d->g = g; -+ } -+ -+ return 1; -+} -+ -+static void DSA_get0_key(const DSA *d, -+ const BIGNUM **pub_key, const BIGNUM **priv_key) -+{ -+ if (pub_key != NULL) -+ *pub_key = d->pub_key; -+ if (priv_key != NULL) -+ *priv_key = d->priv_key; -+} -+ -+static int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key) -+{ -+ /* If the field pub_key in d is NULL, the corresponding input -+ * parameters MUST be non-NULL. The priv_key field may -+ * be left NULL. -+ */ -+ if (d->pub_key == NULL && pub_key == NULL) -+ return 0; -+ -+ if (pub_key != NULL) { -+ BN_free(d->pub_key); -+ d->pub_key = pub_key; -+ } -+ if (priv_key != NULL) { -+ BN_free(d->priv_key); -+ d->priv_key = priv_key; -+ } -+ -+ return 1; -+} -+ -+static void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, -+ const BIGNUM **ps) -+{ -+ if (pr != NULL) -+ *pr = sig->r; -+ if (ps != NULL) -+ *ps = sig->s; -+} -+ -+static int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s) -+{ -+ if (r == NULL || s == NULL) -+ return 0; -+ BN_clear_free(sig->r); -+ BN_clear_free(sig->s); -+ sig->r = r; -+ sig->s = s; -+ return 1; -+} -+#endif -+ - MODULE = Crypt::OpenSSL::DSA PACKAGE = Crypt::OpenSSL::DSA - - PROTOTYPES: DISABLE -@@ -257,11 +346,13 @@ SV * - get_p(dsa) - DSA *dsa - PREINIT: -+ const BIGNUM *p; - char *to; - int len; - CODE: -+ DSA_get0_pqg(dsa, &p, NULL, NULL); - to = malloc(sizeof(char) * 128); -- len = BN_bn2bin(dsa->p, to); -+ len = BN_bn2bin(p, to); - RETVAL = newSVpvn(to, len); - free(to); - OUTPUT: -@@ -271,11 +362,13 @@ SV * - get_q(dsa) - DSA *dsa - PREINIT: -+ const BIGNUM *q; - char *to; - int len; - CODE: -+ DSA_get0_pqg(dsa, NULL, &q, NULL); - to = malloc(sizeof(char) * 20); -- len = BN_bn2bin(dsa->q, to); -+ len = BN_bn2bin(q, to); - RETVAL = newSVpvn(to, len); - free(to); - OUTPUT: -@@ -285,11 +378,13 @@ SV * - get_g(dsa) - DSA *dsa - PREINIT: -+ const BIGNUM *g; - char *to; - int len; - CODE: -+ DSA_get0_pqg(dsa, NULL, NULL, &g); - to = malloc(sizeof(char) * 128); -- len = BN_bn2bin(dsa->g, to); -+ len = BN_bn2bin(g, to); - RETVAL = newSVpvn(to, len); - free(to); - OUTPUT: -@@ -299,11 +394,13 @@ SV * - get_pub_key(dsa) - DSA *dsa - PREINIT: -+ const BIGNUM *pub_key; - char *to; - int len; - CODE: -+ DSA_get0_key(dsa, &pub_key, NULL); - to = malloc(sizeof(char) * 128); -- len = BN_bn2bin(dsa->pub_key, to); -+ len = BN_bn2bin(pub_key, to); - RETVAL = newSVpvn(to, len); - free(to); - OUTPUT: -@@ -313,11 +410,13 @@ SV * - get_priv_key(dsa) - DSA *dsa - PREINIT: -+ const BIGNUM *priv_key; - char *to; - int len; - CODE: -+ DSA_get0_key(dsa, NULL, &priv_key); - to = malloc(sizeof(char) * 128); -- len = BN_bn2bin(dsa->priv_key, to); -+ len = BN_bn2bin(priv_key, to); - RETVAL = newSVpvn(to, len); - free(to); - OUTPUT: -@@ -329,9 +428,40 @@ set_p(dsa, p_SV) - SV * p_SV - PREINIT: - int len; -+ BIGNUM *p; -+ BIGNUM *q; -+ BIGNUM *g; -+ const BIGNUM *old_q; -+ const BIGNUM *old_g; - CODE: - len = SvCUR(p_SV); -- dsa->p = BN_bin2bn(SvPV(p_SV, len), len, NULL); -+ p = BN_bin2bn(SvPV(p_SV, len), len, NULL); -+ DSA_get0_pqg(dsa, NULL, &old_q, &old_g); -+ if (NULL == old_q) { -+ q = BN_new(); -+ } else { -+ q = BN_dup(old_q); -+ } -+ if (NULL == q) { -+ BN_free(p); -+ croak("Could not duplicate another prime"); -+ } -+ if (NULL == old_g) { -+ g = BN_new(); -+ } else { -+ g = BN_dup(old_g); -+ } -+ if (NULL == g) { -+ BN_free(p); -+ BN_free(q); -+ croak("Could not duplicate another prime"); -+ } -+ if (!DSA_set0_pqg(dsa, p, q, g)) { -+ BN_free(p); -+ BN_free(q); -+ BN_free(g); -+ croak("Could not set a prime"); -+ } - - void - set_q(dsa, q_SV) -@@ -339,9 +469,40 @@ set_q(dsa, q_SV) - SV * q_SV - PREINIT: - int len; -+ BIGNUM *p; -+ BIGNUM *q; -+ BIGNUM *g; -+ const BIGNUM *old_p; -+ const BIGNUM *old_g; - CODE: - len = SvCUR(q_SV); -- dsa->q = BN_bin2bn(SvPV(q_SV, len), len, NULL); -+ q = BN_bin2bn(SvPV(q_SV, len), len, NULL); -+ DSA_get0_pqg(dsa, &old_p, NULL, &old_g); -+ if (NULL == old_p) { -+ p = BN_new(); -+ } else { -+ p = BN_dup(old_p); -+ } -+ if (NULL == p) { -+ BN_free(q); -+ croak("Could not duplicate another prime"); -+ } -+ if (NULL == old_g) { -+ g = BN_new(); -+ } else { -+ g = BN_dup(old_g); -+ } -+ if (NULL == g) { -+ BN_free(p); -+ BN_free(q); -+ croak("Could not duplicate another prime"); -+ } -+ if (!DSA_set0_pqg(dsa, p, q, g)) { -+ BN_free(p); -+ BN_free(q); -+ BN_free(g); -+ croak("Could not set a prime"); -+ } - - void - set_g(dsa, g_SV) -@@ -349,9 +510,40 @@ set_g(dsa, g_SV) - SV * g_SV - PREINIT: - int len; -+ BIGNUM *p; -+ BIGNUM *q; -+ BIGNUM *g; -+ const BIGNUM *old_p; -+ const BIGNUM *old_q; - CODE: - len = SvCUR(g_SV); -- dsa->g = BN_bin2bn(SvPV(g_SV, len), len, NULL); -+ g = BN_bin2bn(SvPV(g_SV, len), len, NULL); -+ DSA_get0_pqg(dsa, &old_p, &old_q, NULL); -+ if (NULL == old_p) { -+ p = BN_new(); -+ } else { -+ p = BN_dup(old_p); -+ } -+ if (NULL == p) { -+ BN_free(g); -+ croak("Could not duplicate another prime"); -+ } -+ if (NULL == old_q) { -+ q = BN_new(); -+ } else { -+ q = BN_dup(old_q); -+ } -+ if (NULL == q) { -+ BN_free(p); -+ BN_free(g); -+ croak("Could not duplicate another prime"); -+ } -+ if (!DSA_set0_pqg(dsa, p, q, g)) { -+ BN_free(p); -+ BN_free(q); -+ BN_free(g); -+ croak("Could not set a prime"); -+ } - - void - set_pub_key(dsa, pub_key_SV) -@@ -359,9 +551,14 @@ set_pub_key(dsa, pub_key_SV) - SV * pub_key_SV - PREINIT: - int len; -+ BIGNUM *pub_key; - CODE: - len = SvCUR(pub_key_SV); -- dsa->pub_key = BN_bin2bn(SvPV(pub_key_SV, len), len, NULL); -+ pub_key = BN_bin2bn(SvPV(pub_key_SV, len), len, NULL); -+ if (!DSA_set0_key(dsa, pub_key, NULL)) { -+ BN_free(pub_key); -+ croak("Could not set a key"); -+ } - - void - set_priv_key(dsa, priv_key_SV) -@@ -369,9 +566,27 @@ set_priv_key(dsa, priv_key_SV) - SV * priv_key_SV - PREINIT: - int len; -+ const BIGNUM *old_pub_key; -+ BIGNUM *pub_key; -+ BIGNUM *priv_key; - CODE: -+ DSA_get0_key(dsa, &old_pub_key, NULL); -+ if (NULL == old_pub_key) { -+ pub_key = BN_new(); -+ if (NULL == pub_key) { -+ croak("Could not create a dummy public key"); -+ } -+ if (!DSA_set0_key(dsa, pub_key, NULL)) { -+ BN_free(pub_key); -+ croak("Could not set a dummy public key"); -+ } -+ } - len = SvCUR(priv_key_SV); -- dsa->priv_key = BN_bin2bn(SvPV(priv_key_SV, len), len, NULL); -+ priv_key = BN_bin2bn(SvPV(priv_key_SV, len), len, NULL); -+ if (!DSA_set0_key(dsa, NULL, priv_key)) { -+ BN_free(priv_key); -+ croak("Could not set a key"); -+ } - - MODULE = Crypt::OpenSSL::DSA PACKAGE = Crypt::OpenSSL::DSA::Signature - -@@ -393,11 +608,13 @@ SV * - get_r(dsa_sig) - DSA_SIG *dsa_sig - PREINIT: -+ const BIGNUM *r; - char *to; - int len; - CODE: -+ DSA_SIG_get0(dsa_sig, &r, NULL); - to = malloc(sizeof(char) * 128); -- len = BN_bn2bin(dsa_sig->r, to); -+ len = BN_bn2bin(r, to); - RETVAL = newSVpvn(to, len); - free(to); - OUTPUT: -@@ -407,11 +624,13 @@ SV * - get_s(dsa_sig) - DSA_SIG *dsa_sig - PREINIT: -+ const BIGNUM *s; - char *to; - int len; - CODE: -+ DSA_SIG_get0(dsa_sig, NULL, &s); - to = malloc(sizeof(char) * 128); -- len = BN_bn2bin(dsa_sig->s, to); -+ len = BN_bn2bin(s, to); - RETVAL = newSVpvn(to, len); - free(to); - OUTPUT: -@@ -423,9 +642,27 @@ set_r(dsa_sig, r_SV) - SV * r_SV - PREINIT: - int len; -+ BIGNUM *r; -+ BIGNUM *s; -+ const BIGNUM *old_s; - CODE: - len = SvCUR(r_SV); -- dsa_sig->r = BN_bin2bn(SvPV(r_SV, len), len, NULL); -+ r = BN_bin2bn(SvPV(r_SV, len), len, NULL); -+ DSA_SIG_get0(dsa_sig, NULL, &old_s); -+ if (NULL == old_s) { -+ s = BN_new(); -+ } else { -+ s = BN_dup(old_s); -+ } -+ if (NULL == s) { -+ BN_free(r); -+ croak("Could not duplicate another signature value"); -+ } -+ if (!DSA_SIG_set0(dsa_sig, r, s)) { -+ BN_free(r); -+ BN_free(s); -+ croak("Could not set a signature"); -+ } - - void - set_s(dsa_sig, s_SV) -@@ -433,6 +670,23 @@ set_s(dsa_sig, s_SV) - SV * s_SV - PREINIT: - int len; -+ BIGNUM *s; -+ BIGNUM *r; -+ const BIGNUM *old_r; - CODE: - len = SvCUR(s_SV); -- dsa_sig->s = BN_bin2bn(SvPV(s_SV, len), len, NULL); -+ s = BN_bin2bn(SvPV(s_SV, len), len, NULL); -+ DSA_SIG_get0(dsa_sig, &old_r, NULL); -+ if (NULL == old_r) { -+ r = BN_new(); -+ } else { -+ r = BN_dup(old_r); -+ } -+ if (NULL == r) { -+ BN_free(s); -+ croak("Could not duplicate another signature value"); -+ } -+ if (!DSA_SIG_set0(dsa_sig, r, s)) { -+ BN_free(s); -+ croak("Could not set a signature"); -+ } -diff --git a/t/10-selftest.t b/t/10-selftest.t -index 54b517a..ed89c4f 100644 ---- a/t/10-selftest.t -+++ b/t/10-selftest.t -@@ -5,7 +5,7 @@ use strict; - use Test; - use Crypt::OpenSSL::DSA; - --BEGIN { plan tests => 30 } -+BEGIN { plan tests => 36 } - - my $message = "foo bar"; - -@@ -101,6 +101,22 @@ ok($dsa4->verify($message, $dsa_sig3), 1); - ok($dsa5->verify($message, $dsa_sig3), 1); - ok($dsa6->verify($message, $dsa_sig3), 1); - -+# Check setting private key before public key. -+# This is not suppored by OpenSSL-1.1.0. -+my $dsa7 = Crypt::OpenSSL::DSA->new(); -+$dsa7->set_p($p); -+$dsa7->set_q($q); -+$dsa7->set_g($g); -+ok($dsa7->get_p,$p); -+ok($dsa7->get_q,$q); -+ok($dsa7->get_g,$g); -+$dsa7->set_priv_key($priv_key); -+ok($dsa7->get_priv_key,$priv_key); -+my $dsa_sig4 = $dsa7->sign($message); -+$dsa7->set_pub_key($pub_key); -+ok($dsa7->get_pub_key,$pub_key); -+ok($dsa7->verify($message, $dsa_sig4), 1); -+ - unlink("dsa.param.pem"); - unlink("dsa.priv.pem"); - unlink("dsa.pub.pem"); -diff --git a/t/90-openssl-compat.t b/t/90-openssl-compat.t -index eba43fe..1e0ca96 100644 ---- a/t/90-openssl-compat.t -+++ b/t/90-openssl-compat.t -@@ -74,7 +74,7 @@ sub openssl_verify { - # FIXME: shutup openssl from spewing to STDOUT the "Verification - # OK". can we depend on reading "Verification OK" from the - # open("-|", "openssl") open mode due to portability? -- my $rv = system("openssl", "dgst", "-dss1", "-verify", $public_pem_file, "-signature", "$sig_temp", "$msg_temp"); -+ my $rv = system("openssl", "dgst", "-sha1", "-verify", $public_pem_file, "-signature", "$sig_temp", "$msg_temp"); - return 0 if $rv; - return 1; - } --- -2.7.4 - diff --git a/perl-Crypt-OpenSSL-DSA.spec b/perl-Crypt-OpenSSL-DSA.spec index 1cf90bb..b20b7c7 100644 --- a/perl-Crypt-OpenSSL-DSA.spec +++ b/perl-Crypt-OpenSSL-DSA.spec @@ -1,20 +1,30 @@ Name: perl-Crypt-OpenSSL-DSA -Version: 0.15 -Release: 7%{?dist} +Version: 0.18 +Release: 1%{?dist} Summary: Perl interface to OpenSSL for DSA License: GPL+ or Artistic Group: Development/Libraries URL: http://search.cpan.org/dist/Crypt-OpenSSL-DSA/ Source0: http://search.cpan.org/CPAN/authors/id/K/KM/KMX/Crypt-OpenSSL-DSA-%{version}.tar.gz -# Adapt to OpenSSL 1.1.0, bug #1383651, CPAN RT#118346, -# it copies some code from OpenSSL (OpenSSL license) but it's not compiled -# into the binary package if OpenSSL >= 1.1.0 is available. -Patch0: Crypt-OpenSSL-DSA-0.15-Adapt-to-OpenSSL-1.1.0.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) + +BuildRequires: coreutils +BuildRequires: findutils +BuildRequires: make +BuildRequires: openssl +BuildRequires: openssl-devel +BuildRequires: perl BuildRequires: perl-devel BuildRequires: perl-generators -BuildRequires: openssl openssl-devel perl(Test) perl(ExtUtils::MakeMaker) -BuildRequires: perl(Digest::SHA) perl(File::Temp) +BuildRequires: perl(Config) +BuildRequires: perl(Digest::SHA) +BuildRequires: perl(DynaLoader) +BuildRequires: perl(ExtUtils::MakeMaker) +BuildRequires: perl(File::Temp) +BuildRequires: perl(strict) +BuildRequires: perl(Test) +BuildRequires: perl(vars) +BuildRequires: perl(warnings) Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) @@ -23,7 +33,6 @@ Crypt::OpenSSL::DSA - Digital Signature Algorithm using OpenSSL %prep %setup -q -n Crypt-OpenSSL-DSA-%{version} -%patch0 -p1 %build %{__perl} Makefile.PL INSTALLDIRS=vendor @@ -32,7 +41,7 @@ make %{?_smp_mflags} %install rm -rf %{buildroot} -make pure_install PERL_INSTALL_ROOT=%{buildroot} +make pure_install DESTDIR=%{buildroot} find %{buildroot} -type f -name .packlist -exec rm -f {} \; find %{buildroot} -depth -type d -exec rmdir {} 2>/dev/null \; @@ -54,6 +63,9 @@ rm -rf %{buildroot} %{_mandir}/man3/* %changelog +* Fri Dec 09 2016 Jitka Plesnikova - 0.18-1 +- 0.18 bump + * Tue Nov 01 2016 Petr Pisar - 0.15-7 - Restore support for setting private key before public key (bug #1383651) @@ -92,7 +104,6 @@ rm -rf %{buildroot} * Thu Feb 14 2013 Fedora Release Engineering - 0.14-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild ->>>>>>> 6df59403e51625cb4b2d401da8d71343d2e32209 * Wed Oct 17 2012 Wes Hardaker - 0.14-1 - Update to upstream 0.14 for bug fixes diff --git a/sources b/sources index 5dfbc1f..79b386b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -553cda4c9c34298f96ee562ed64acbd7 Crypt-OpenSSL-DSA-0.15.tar.gz +eeea3cd7d7651bee856697e1c038257c Crypt-OpenSSL-DSA-0.18.tar.gz