diff options
| author | gregor herrmann <gregoa@debian.org> | 2021-10-15 18:14:20 +0200 |
|---|---|---|
| committer | gregor herrmann <gregoa@debian.org> | 2021-10-15 18:14:20 +0200 |
| commit | 79de08a842acc325032d2bb637ca829fa2af0a9a (patch) | |
| tree | 2fd8b36d0bd3f14fee8b57fe69f6e48c8896d4b6 | |
| parent | 442f3e3a33f8c81255f0d5007dfd23bab4f9919b (diff) | |
| parent | cf8f7bec9f41d4ceb1ea90aba855f78aa95c93eb (diff) | |
Update upstream source from tag 'upstream/1.19'
Update to upstream version '1.19'
with Debian dir 2e8c8723c9736fc36abb283ffe45089382c70876
| -rw-r--r-- | Changes | 12 | ||||
| -rw-r--r-- | LICENSE | 23 | ||||
| -rw-r--r-- | MANIFEST | 2 | ||||
| -rw-r--r-- | META.json | 8 | ||||
| -rw-r--r-- | META.yml | 6 | ||||
| -rw-r--r-- | Makefile.PL | 5 | ||||
| -rw-r--r-- | README | 4 | ||||
| -rw-r--r-- | SEC.xs | 398 | ||||
| -rw-r--r-- | WARNING | 16 | ||||
| -rw-r--r-- | lib/Net/DNS/SEC.pm | 27 | ||||
| -rw-r--r-- | lib/Net/DNS/SEC/DSA.pm | 24 | ||||
| -rw-r--r-- | lib/Net/DNS/SEC/Digest.pm | 29 | ||||
| -rw-r--r-- | lib/Net/DNS/SEC/ECCGOST.pm | 7 | ||||
| -rw-r--r-- | lib/Net/DNS/SEC/ECDSA.pm | 19 | ||||
| -rw-r--r-- | lib/Net/DNS/SEC/EdDSA.pm | 4 | ||||
| -rw-r--r-- | lib/Net/DNS/SEC/Keyset.pm | 6 | ||||
| -rw-r--r-- | lib/Net/DNS/SEC/Private.pm | 13 | ||||
| -rw-r--r-- | lib/Net/DNS/SEC/RSA.pm | 23 | ||||
| -rw-r--r-- | lib/Net/DNS/SEC/libcrypto.pod | 4 | ||||
| -rw-r--r-- | t/00-load.t | 6 | ||||
| -rw-r--r-- | t/10-keyset.t | 6 | ||||
| -rw-r--r-- | t/20-digest.t | 8 | ||||
| -rw-r--r-- | t/21-RSA-MD5.t | 6 | ||||
| -rw-r--r-- | t/22-RSA-SHA1.t | 6 | ||||
| -rw-r--r-- | t/23-RSA-SHA256.t | 6 | ||||
| -rw-r--r-- | t/24-RSA-SHA512.t | 6 | ||||
| -rw-r--r-- | t/31-DSA-SHA1.t | 4 | ||||
| -rw-r--r-- | t/51-ECDSA-P256.t | 4 | ||||
| -rw-r--r-- | t/52-ECDSA-P384.t | 4 |
29 files changed, 352 insertions, 334 deletions
@@ -1,6 +1,16 @@ Revision history for Perl extension Net::DNS::SEC. +**** 1.19 Oct 11, 2021 + + Use new EVP_PKEY construction API for OpenSSL post 3.x.x. + + Remove support for obsolete ECC-GOST. + + Add LICENSE file to comply with Fedora/RedHat announcement + and WARNING of restrictions on use of strong cryptography. + + **** 1.18 Oct 2, 2020 Eliminate bareword filehandle usage. @@ -650,4 +660,4 @@ Net::DNS. The history of those is documented below. --------------------------------------------------------------------------- -$Id: Changes 1810 2020-10-02 12:44:37Z willem $ +$Id: Changes 1854 2021-10-11 10:43:36Z willem $ @@ -0,0 +1,23 @@ + + LICENSE + ======= + +Permission to use, copy, modify, and distribute this software and its +documentation for any purpose and without fee is hereby granted, provided +that the original copyright notices appear in all copies and that both +copyright notice and this permission notice appear in supporting +documentation, and that the name of the author not be used in advertising +or publicity pertaining to distribution of the software without specific +prior written permission. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +DEALINGS IN THE SOFTWARE. + + +---- $Id: LICENSE 1849 2021-08-19 08:25:20Z willem $ + @@ -1,7 +1,9 @@ Changes +LICENSE Makefile.PL MANIFEST This list of files README +WARNING SEC.xs typemap demo/getkeyset @@ -5,7 +5,7 @@ "Olaf Kolkman" ], "dynamic_config" : 1, - "generated_by" : "ExtUtils::MakeMaker version 7.34, CPAN::Meta::Converter version 2.150010", + "generated_by" : "ExtUtils::MakeMaker version 7.44, CPAN::Meta::Converter version 2.150010", "license" : [ "mit" ], @@ -40,7 +40,7 @@ "File::Spec" : "0.86", "MIME::Base64" : "2.13", "Net::DNS" : "1.08", - "perl" : "5.006" + "perl" : "5.008008" } }, "test" : { @@ -52,6 +52,6 @@ } }, "release_status" : "stable", - "version" : "1.18", - "x_serialization_backend" : "JSON::PP version 4.04" + "version" : "1.19", + "x_serialization_backend" : "JSON::PP version 4.00" } @@ -11,7 +11,7 @@ build_requires: configure_requires: ExtUtils::MakeMaker: '6.66' dynamic_config: 1 -generated_by: 'ExtUtils::MakeMaker version 7.34, CPAN::Meta::Converter version 2.150010' +generated_by: 'ExtUtils::MakeMaker version 7.44, CPAN::Meta::Converter version 2.150010' license: mit meta-spec: url: http://module-build.sourceforge.net/META-spec-v1.4.html @@ -29,6 +29,6 @@ requires: File::Spec: '0.86' MIME::Base64: '2.13' Net::DNS: '1.08' - perl: '5.006' -version: '1.18' + perl: '5.008008' +version: '1.19' x_serialization_backend: 'CPAN::Meta::YAML version 0.018' diff --git a/Makefile.PL b/Makefile.PL index 2c94b57..d03face 100644 --- a/Makefile.PL +++ b/Makefile.PL @@ -1,7 +1,8 @@ # -# $Id: Makefile.PL 1809 2020-10-02 12:42:17Z willem $ -*-perl-*- +# $Id: Makefile.PL 1853 2021-10-11 10:40:59Z willem $ -*-perl-*- # +use 5.008008; use strict; use warnings; use Config; @@ -20,7 +21,7 @@ my %metadata = ( ABSTRACT_FROM => 'lib/Net/DNS/SEC.pm', AUTHOR => $MM < 6.58 ? "$author[0] et al" : [@author], LICENSE => 'mit', - MIN_PERL_VERSION => 5.006, + MIN_PERL_VERSION => 5.008008, CONFIGURE_REQUIRES => { 'ExtUtils::MakeMaker' => 6.66, }, @@ -165,7 +165,7 @@ in all components is retained by their respective authors. Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided -that the above copyright notice appear in all copies and that both that +that the original copyright notices appear in all copies and that both copyright notice and this permission notice appear in supporting documentation, and that the name of the author not be used in advertising or publicity pertaining to distribution of the software without specific @@ -181,4 +181,4 @@ DEALINGS IN THE SOFTWARE. ------------------------------------------------------------------------------ -$Id: README 1807 2020-09-28 11:38:28Z willem $ +$Id: README 1849 2021-08-19 08:25:20Z willem $ @@ -1,5 +1,5 @@ -#define XS_Id "$Id: SEC.xs 1777 2020-05-07 08:24:01Z willem $" +#define XS_Id "$Id: SEC.xs 1853 2021-10-11 10:40:59Z willem $" =head1 NAME @@ -13,7 +13,7 @@ upon which the Net::DNS::SEC cryptographic components are built. =head1 COPYRIGHT -Copyright (c)2018-2020 Dick Franks +Copyright (c)2018-2021 Dick Franks All Rights Reserved @@ -21,7 +21,7 @@ All Rights Reserved Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided -that the above copyright notice appear in all copies and that both that +that the original copyright notices appear in all copies and that both copyright notice and this permission notice appear in supporting documentation, and that the name of the author not be used in advertising or publicity pertaining to distribution of the software without specific @@ -43,18 +43,35 @@ extern "C" { #endif #define PERL_NO_GET_CONTEXT +#define PERL_REENTRANT #include "EXTERN.h" #include "perl.h" #include "XSUB.h" -#define OPENSSL_SUPPRESS_DEPRECATED #include <openssl/opensslv.h> -#include <openssl/evp.h> #include <openssl/bn.h> +#include <openssl/err.h> + +#ifndef OPENSSL_VERSION_NUMBER /* 0xMNN00PP0L retain backward compatibility */ +#define OPENSSL_VERSION_NUMBER \ + ( (OPENSSL_VERSION_MAJOR<<28) | (OPENSSL_VERSION_MINOR<<20) | (OPENSSL_VERSION_PATCH<<4) | 0x0L ) +#endif + +#if (OPENSSL_VERSION_NUMBER < 0x40000000) +#define OBSOLETE_API +#undef OSSL_DEPRECATED +#define OSSL_DEPRECATED(since) extern +#include <openssl/evp.h> #include <openssl/dsa.h> #include <openssl/ec.h> #include <openssl/ecdsa.h> #include <openssl/rsa.h> +#else +#include <openssl/evp.h> +#include <openssl/core_names.h> +#include <openssl/param_build.h> +static OSSL_LIB_CTX *libctx = NULL; +#endif #ifdef __cplusplus } @@ -70,44 +87,23 @@ extern "C" { #endif #ifdef OPENSSL_NO_EC -#define NO_ECCGOST #define NO_ECDSA #define NO_EdDSA #endif - -#ifndef OPENSSL_VERSION_NUMBER /* 0xMNN00PP0L retain backward compatibility */ -#define OPENSSL_VERSION_NUMBER \ - ( (OPENSSL_VERSION_MAJOR<<28) | (OPENSSL_VERSION_MINOR<<20) | (OPENSSL_VERSION_PATCH<<4) | 0x0L ) +#ifdef OPENSSL_IS_BORINGSSL +#define NO_SHA3 #endif - #ifdef LIBRESSL_VERSION_NUMBER #undef OPENSSL_VERSION_NUMBER #define OPENSSL_VERSION_NUMBER 0x10100000L #endif -#if (OPENSSL_VERSION_NUMBER < 0x10101000) -#define NO_ECCGOST -#define NO_EdDSA -#define NO_SHA3 - -int EVP_DigestSign(EVP_MD_CTX *ctx, - unsigned char *sig, size_t *sig_len, - const unsigned char *data, size_t data_len) -{ - EVP_DigestUpdate( ctx, data, data_len ); - return EVP_DigestSignFinal( ctx, sig, sig_len ); -} - -int EVP_DigestVerify(EVP_MD_CTX *ctx, - const unsigned char *sig, size_t sig_len, - const unsigned char *data, size_t data_len) -{ - EVP_DigestUpdate( ctx, data, data_len ); - return EVP_DigestVerifyFinal( ctx, sig, sig_len ); -} +#if (OPENSSL_VERSION_NUMBER < 0x10001000) +#error unsupported libcrypto version +#include OPENSSL_VERSION_TEXT /* in error log; by any means, however reprehensible! */ #endif @@ -148,30 +144,46 @@ int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q) #endif -#if (OPENSSL_VERSION_NUMBER < 0x10001000) -#define NO_ECDSA -#error unsupported libcrypto version -#include OPENSSL_VERSION_TEXT /* in error log; by any means, however reprehensible! */ -#endif +#if (OPENSSL_VERSION_NUMBER < 0x10101000) +#define NO_EdDSA +#define NO_SHA3 +int EVP_DigestSign(EVP_MD_CTX *ctx, + unsigned char *sig, size_t *sig_len, + const unsigned char *data, size_t data_len) +{ + EVP_DigestUpdate( ctx, data, data_len ); + return EVP_DigestSignFinal( ctx, sig, sig_len ); +} -#ifndef NO_ECCGOST -BIGNUM *bn_new_hex(const char *hex) +int EVP_DigestVerify(EVP_MD_CTX *ctx, + const unsigned char *sig, size_t sig_len, + const unsigned char *data, size_t data_len) { - BIGNUM *bn = BN_new(); - BN_hex2bn( &bn, hex ); - return bn; + EVP_DigestUpdate( ctx, data, data_len ); + return EVP_DigestVerifyFinal( ctx, sig, sig_len ); } #endif +#define checkerr(arg) checkret( (arg), __LINE__ ) void checkret(const int ret, int line) { - if ( ret != 1 ) croak("libcrypto error (%s line %d)", __FILE__, line); + if ( ret <= 0 ) croak( "libcrypto error (%s line %d)", __FILE__, line ); } -#define checkerr(arg) checkret( (arg), __LINE__ ) -#define nocheckerr(arg) /* NOOP */ + +#ifndef OBSOLETE_API +int EVP_PKEY_fromparams(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey, int selection, OSSL_PARAM_BLD *bld) +{ + OSSL_PARAM *params = OSSL_PARAM_BLD_to_param(bld); + int retval; + checkerr( EVP_PKEY_fromdata_init(ctx) ); + retval = EVP_PKEY_fromdata( ctx, ppkey, selection, params ); + OSSL_PARAM_free(params); + return retval; +} +#endif MODULE = Net::DNS::SEC PACKAGE = Net::DNS::SEC::libcrypto @@ -244,7 +256,7 @@ void EVP_DigestUpdate(EVP_MD_CTX *ctx, SV *message) INIT: unsigned char *m = (unsigned char*) SvPVX(message); - unsigned int mlen = SvCUR(message); + STRLEN mlen = SvCUR(message); CODE: checkerr( EVP_DigestUpdate( ctx, m, mlen ) ); @@ -253,10 +265,8 @@ EVP_DigestFinal(EVP_MD_CTX *ctx) INIT: unsigned char digest[EVP_MAX_MD_SIZE]; unsigned int size = sizeof(digest); - const EVP_MD *type = EVP_MD_CTX_md( ctx ); CODE: checkerr( EVP_DigestFinal( ctx, digest, &size ) ); - checkerr( EVP_DigestInit( ctx, type ) ); /* reinitialise; behave like Digest::SHA */ RETVAL = newSVpvn( (char*)digest, size ); OUTPUT: RETVAL @@ -301,30 +311,45 @@ EVP_sha3_512() #ifndef NO_DSA -void -EVP_PKEY_assign_DSA(EVP_PKEY *pkey, DSA *key) - CODE: - checkerr( EVP_PKEY_assign( pkey, EVP_PKEY_DSA, (char*)key ) ); - -DSA* -DSA_new() - -void -DSA_set0_pqg(DSA *d, SV *p_SV, SV *q_SV, SV *g_SV) +EVP_PKEY* +EVP_PKEY_new_DSA(SV *p_SV, SV *q_SV, SV *g_SV, SV *y_SV, SV *x_SV) INIT: BIGNUM *p = BN_bin2bn( (unsigned char*) SvPVX(p_SV), SvCUR(p_SV), NULL ); BIGNUM *q = BN_bin2bn( (unsigned char*) SvPVX(q_SV), SvCUR(q_SV), NULL ); BIGNUM *g = BN_bin2bn( (unsigned char*) SvPVX(g_SV), SvCUR(g_SV), NULL ); - CODE: - checkerr( DSA_set0_pqg( d, p, q, g ) ); - -void -DSA_set0_key(DSA *dsa, SV *y_SV, SV *x_SV) - INIT: BIGNUM *x = BN_bin2bn( (unsigned char*) SvPVX(x_SV), SvCUR(x_SV), NULL ); BIGNUM *y = BN_bin2bn( (unsigned char*) SvPVX(y_SV), SvCUR(y_SV), NULL ); CODE: - checkerr( DSA_set0_key( dsa, y, x ) ); +#ifdef OBSOLETE_API + DSA *dsa = DSA_new(); + DSA_set0_pqg( dsa, p, q, g ); + DSA_set0_key( dsa, y, x ); + RETVAL = EVP_PKEY_new(); + EVP_PKEY_assign( RETVAL, EVP_PKEY_DSA, (char*)dsa ); +#else + EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name( libctx, "DSA", NULL ); + OSSL_PARAM_BLD *bld = OSSL_PARAM_BLD_new(); + checkerr( OSSL_PARAM_BLD_push_BN( bld, OSSL_PKEY_PARAM_FFC_P, p ) ); + checkerr( OSSL_PARAM_BLD_push_BN( bld, OSSL_PKEY_PARAM_FFC_Q, q ) ); + checkerr( OSSL_PARAM_BLD_push_BN( bld, OSSL_PKEY_PARAM_FFC_G, g ) ); + checkerr( OSSL_PARAM_BLD_push_BN( bld, OSSL_PKEY_PARAM_PUB_KEY, y ) ); + RETVAL = NULL; + if ( SvCUR(x_SV) > 0 ) { + checkerr( OSSL_PARAM_BLD_push_BN( bld, OSSL_PKEY_PARAM_PRIV_KEY, x ) ); + checkerr( EVP_PKEY_fromparams( ctx, &RETVAL, EVP_PKEY_KEYPAIR, bld ) ); + } else { + checkerr( EVP_PKEY_fromparams( ctx, &RETVAL, EVP_PKEY_PUBLIC_KEY, bld ) ); + } + OSSL_PARAM_BLD_free(bld); + EVP_PKEY_CTX_free(ctx); + BN_free(p); + BN_free(q); + BN_free(g); + BN_free(x); + BN_free(y); +#endif + OUTPUT: + RETVAL #endif @@ -333,30 +358,45 @@ DSA_set0_key(DSA *dsa, SV *y_SV, SV *x_SV) #ifndef NO_RSA -void -EVP_PKEY_assign_RSA(EVP_PKEY *pkey, RSA *key) - CODE: - checkerr( EVP_PKEY_assign( pkey, EVP_PKEY_RSA, (char*)key ) ); - -RSA* -RSA_new() - -void -RSA_set0_factors(RSA *r, SV *p_SV, SV *q_SV) +EVP_PKEY* +EVP_PKEY_new_RSA(SV *n_SV, SV *e_SV, SV *d_SV, SV *p_SV, SV *q_SV) INIT: + BIGNUM *n = BN_bin2bn( (unsigned char*) SvPVX(n_SV), SvCUR(n_SV), NULL ); + BIGNUM *e = BN_bin2bn( (unsigned char*) SvPVX(e_SV), SvCUR(e_SV), NULL ); + BIGNUM *d = BN_bin2bn( (unsigned char*) SvPVX(d_SV), SvCUR(d_SV), NULL ); BIGNUM *p = BN_bin2bn( (unsigned char*) SvPVX(p_SV), SvCUR(p_SV), NULL ); BIGNUM *q = BN_bin2bn( (unsigned char*) SvPVX(q_SV), SvCUR(q_SV), NULL ); CODE: - checkerr( RSA_set0_factors( r, p, q ) ); - -void -RSA_set0_key(RSA *r, SV *n_SV, SV *e_SV, SV *d_SV) - INIT: - BIGNUM *d = BN_bin2bn( (unsigned char*) SvPVX(d_SV), SvCUR(d_SV), NULL ); - BIGNUM *e = BN_bin2bn( (unsigned char*) SvPVX(e_SV), SvCUR(e_SV), NULL ); - BIGNUM *n = BN_bin2bn( (unsigned char*) SvPVX(n_SV), SvCUR(n_SV), NULL ); - CODE: - checkerr( RSA_set0_key( r, n, e, d ) ); +#ifdef OBSOLETE_API + RSA *rsa = RSA_new(); + RSA_set0_factors( rsa, p, q ); + RSA_set0_key( rsa, n, e, d ); + RETVAL = EVP_PKEY_new(); + EVP_PKEY_assign( RETVAL, EVP_PKEY_RSA, (char*)rsa ); +#else + EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name( libctx, "RSA", NULL ); + OSSL_PARAM_BLD *bld = OSSL_PARAM_BLD_new(); + checkerr( OSSL_PARAM_BLD_push_BN( bld, OSSL_PKEY_PARAM_RSA_N, n ) ); + checkerr( OSSL_PARAM_BLD_push_BN( bld, OSSL_PKEY_PARAM_RSA_E, e ) ); + checkerr( OSSL_PARAM_BLD_push_BN( bld, OSSL_PKEY_PARAM_RSA_D, d ) ); + RETVAL = NULL; + if ( SvCUR(p_SV) > 0 ) { + checkerr( OSSL_PARAM_BLD_push_BN( bld, OSSL_PKEY_PARAM_RSA_FACTOR, p ) ); + checkerr( OSSL_PARAM_BLD_push_BN( bld, OSSL_PKEY_PARAM_RSA_FACTOR, q ) ); + checkerr( EVP_PKEY_fromparams( ctx, &RETVAL, EVP_PKEY_KEYPAIR, bld ) ); + } else { + checkerr( EVP_PKEY_fromparams( ctx, &RETVAL, EVP_PKEY_PUBLIC_KEY, bld ) ); + } + OSSL_PARAM_BLD_free(bld); + EVP_PKEY_CTX_free(ctx); + BN_free(n); + BN_free(e); + BN_free(d); + BN_free(p); + BN_free(q); +#endif + OUTPUT: + RETVAL #endif @@ -365,36 +405,45 @@ RSA_set0_key(RSA *r, SV *n_SV, SV *e_SV, SV *d_SV) #ifndef NO_ECDSA -void -EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey, EC_KEY *key) - CODE: - checkerr( EVP_PKEY_assign( pkey, EVP_PKEY_EC, (char*)key ) ); - -# Creates new EC_KEY object using prescribed curve -EC_KEY* -EC_KEY_new_by_curve_name(int nid) - -void -EC_KEY_set_private_key(EC_KEY *key, SV *prv_SV) - INIT: - BIGNUM *prv = BN_bin2bn( (unsigned char*) SvPVX(prv_SV), SvCUR(prv_SV), NULL ); - int status; - CODE: - status = EC_KEY_set_private_key( key, prv ); - BN_clear_free(prv); - checkerr(status); - -void -EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, SV *x_SV, SV *y_SV) +EVP_PKEY* +EVP_PKEY_new_ECDSA(int nid, SV *qx_SV, SV *qy_SV) INIT: - BIGNUM *x = BN_bin2bn( (unsigned char*) SvPVX(x_SV), SvCUR(x_SV), NULL ); - BIGNUM *y = BN_bin2bn( (unsigned char*) SvPVX(y_SV), SvCUR(y_SV), NULL ); - int status; + BIGNUM *qx = BN_bin2bn( (unsigned char*) SvPVX(qx_SV), SvCUR(qx_SV), NULL ); + BIGNUM *qy = BN_bin2bn( (unsigned char*) SvPVX(qy_SV), SvCUR(qy_SV), NULL ); +#ifdef OBSOLETE_API + EC_KEY *eckey = EC_KEY_new_by_curve_name(nid); +#else + EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name( libctx, "EC", NULL ); + OSSL_PARAM_BLD *bld = OSSL_PARAM_BLD_new(); +#endif CODE: - status = EC_KEY_set_public_key_affine_coordinates( key, x, y ); - BN_free(x); - BN_free(y); - checkerr(status); +#ifdef OBSOLETE_API + if ( SvCUR(qy_SV) > 0 ) { + checkerr( EC_KEY_set_public_key_affine_coordinates( eckey, qx, qy ) ); + } else { + checkerr( EC_KEY_set_private_key( eckey, qx ) ); + } + RETVAL = EVP_PKEY_new(); + checkerr( EVP_PKEY_assign( RETVAL, EVP_PKEY_EC, (char*)eckey ) ); +#else + if ( nid == 415 ) checkerr( OSSL_PARAM_BLD_push_utf8_string( bld, OSSL_PKEY_PARAM_GROUP_NAME, "P-256", 0 ) ); + if ( nid == 715 ) checkerr( OSSL_PARAM_BLD_push_utf8_string( bld, OSSL_PKEY_PARAM_GROUP_NAME, "P-384", 0 ) ); + RETVAL = NULL; + if ( SvCUR(qy_SV) > 0 ) { + checkerr( OSSL_PARAM_BLD_push_BN( bld, OSSL_PKEY_PARAM_EC_PUB_X, qx ) ); + checkerr( OSSL_PARAM_BLD_push_BN( bld, OSSL_PKEY_PARAM_EC_PUB_Y, qy ) ); + checkerr( EVP_PKEY_fromparams( ctx, &RETVAL, EVP_PKEY_PUBLIC_KEY, bld ) ); + } else { + checkerr( OSSL_PARAM_BLD_push_BN( bld, OSSL_PKEY_PARAM_PRIV_KEY, qx ) ); + checkerr( EVP_PKEY_fromparams( ctx, &RETVAL, EVP_PKEY_KEYPAIR, bld ) ); + } + OSSL_PARAM_BLD_free(bld); + EVP_PKEY_CTX_free(ctx); +#endif + BN_clear_free(qx); + BN_clear_free(qy); + OUTPUT: + RETVAL #endif @@ -404,16 +453,37 @@ EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, SV *x_SV, SV *y_SV) #ifndef NO_EdDSA EVP_PKEY* -EVP_PKEY_new_raw_private_key(int nid, SV *key) - CODE: - RETVAL = EVP_PKEY_new_raw_private_key( nid, NULL, (unsigned char*) SvPVX(key) , SvCUR(key) ); - OUTPUT: - RETVAL - -EVP_PKEY* EVP_PKEY_new_raw_public_key(int nid, SV *key) + ALIAS: + EVP_PKEY_new_raw_private_key = 1 + INIT: + unsigned char *rawkey = (unsigned char*) SvPVX(key); + STRLEN keylen = SvCUR(key); +#ifndef OBSOLETE_API + EVP_PKEY_CTX *ctx = NULL; + OSSL_PARAM_BLD *bld = OSSL_PARAM_BLD_new(); +#endif CODE: - RETVAL = EVP_PKEY_new_raw_public_key( nid, NULL, (unsigned char*) SvPVX(key) , SvCUR(key) ); +#ifdef OBSOLETE_API + if ( ix > 0 ) { + RETVAL = EVP_PKEY_new_raw_private_key( nid, NULL, rawkey , keylen ); + } else { + RETVAL = EVP_PKEY_new_raw_public_key( nid, NULL, rawkey , keylen ); + } +#else + if ( nid == 1087 ) ctx = EVP_PKEY_CTX_new_from_name( libctx, "ED25519", NULL ); + if ( nid == 1088 ) ctx = EVP_PKEY_CTX_new_from_name( libctx, "ED448", NULL ); + RETVAL = NULL; + if ( ix > 0 ) { + checkerr( OSSL_PARAM_BLD_push_octet_string( bld, OSSL_PKEY_PARAM_PRIV_KEY, rawkey, keylen ) ); + checkerr( EVP_PKEY_fromparams( ctx, &RETVAL, EVP_PKEY_KEYPAIR, bld ) ); + } else { + checkerr( OSSL_PARAM_BLD_push_octet_string( bld, OSSL_PKEY_PARAM_PUB_KEY, rawkey, keylen ) ); + checkerr( EVP_PKEY_fromparams( ctx, &RETVAL, EVP_PKEY_PUBLIC_KEY, bld ) ); + } + OSSL_PARAM_BLD_free(bld); + EVP_PKEY_CTX_free(ctx); +#endif OUTPUT: RETVAL @@ -422,92 +492,24 @@ EVP_PKEY_new_raw_public_key(int nid, SV *key) #################### -#### Verify-only support for obsolete ECC-GOST #### - -#ifndef NO_ECCGOST - -EC_KEY* -EC_KEY_new_ECCGOST() - PREINIT: # GOST_R_34_10_2001_CryptoPro_A - BIGNUM *a = bn_new_hex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD94"); - BIGNUM *b = bn_new_hex("00A6"); - BIGNUM *p = bn_new_hex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD97"); - BIGNUM *q = bn_new_hex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6C611070995AD10045841B09B761B893"); - BIGNUM *x = bn_new_hex("01"); - BIGNUM *y = bn_new_hex("8D91E471E0989CDA27DF505A453F2B7635294F2DDF23E3B122ACC99C9E9F1E14"); - BIGNUM *h = bn_new_hex("01"); - BN_CTX *ctx = BN_CTX_new(); - EC_GROUP *group = EC_GROUP_new_curve_GFp(p, a, b, ctx); - EC_POINT *G = EC_POINT_new(group); - CODE: - checkerr( EC_POINT_set_affine_coordinates(group, G, x, y, ctx) ); - checkerr( EC_GROUP_set_generator(group, G, q, h) ); - EC_POINT_free(G); - BN_free(a); - BN_free(b); - BN_free(p); - BN_free(q); - BN_free(x); - BN_free(y); - BN_free(h); - nocheckerr( EC_GROUP_check(group, ctx) ); - BN_CTX_free(ctx); - RETVAL = EC_KEY_new(); - checkerr( EC_KEY_set_group(RETVAL, group) ); - EC_GROUP_free(group); - OUTPUT: - RETVAL - -int -ECCGOST_verify(SV *H, SV *r_SV, SV *s_SV, EC_KEY *eckey) - INIT: - STRLEN len = SvCUR(H); - unsigned char *bin = (unsigned char*) SvPVX(H); - BIGNUM *alpha = BN_bin2bn( bin, len, NULL ); - BIGNUM *r = BN_bin2bn( (unsigned char*) SvPVX(r_SV), SvCUR(r_SV), NULL ); - BIGNUM *s = BN_bin2bn( (unsigned char*) SvPVX(s_SV), SvCUR(s_SV), NULL ); - const EC_GROUP *group = EC_KEY_get0_group(eckey); - BN_CTX *ctx = BN_CTX_new(); - BIGNUM *e = BN_new(); - BIGNUM *m = BN_new(); - BIGNUM *q = BN_new(); - ECDSA_SIG *ecsig = ECDSA_SIG_new(); - CODE: - checkerr( EC_GROUP_get_order(group, q, ctx) ); - checkerr( BN_mod(e, alpha, q, ctx) ); - if ( BN_is_zero(e) ) BN_set_word(e, 1); - BN_free(alpha); - - /* algebraic transformation of ECC-GOST into equivalent ECDSA problem */ - checkerr( BN_mod_sub(m, q, s, q, ctx) ); - checkerr( BN_mod_sub(s, q, e, q, ctx) ); - BN_free(e); - BN_free(q); +void +checkerr(int ret) - checkerr( ECDSA_SIG_set0(ecsig, r, s) ); - BN_bn2binpad(m, bin, len); - BN_free(m); - RETVAL = ECDSA_do_verify( bin, len, ecsig, eckey ); - BN_CTX_free(ctx); - EC_KEY_free(eckey); - ECDSA_SIG_free(ecsig); - OUTPUT: - RETVAL +#ifdef croak_memory_wrap +void +croak_memory_wrap() #endif -#################### +#ifdef DEBUG void -checkerr(int ret) +ERR_print_errors(SV *filename) CODE: - checkerr(ret); - - -#ifdef croak_memory_wrap -void -croak_memory_wrap() + BIO *bio = BIO_new_file( SvPVX(filename), "w" ); + ERR_print_errors(bio); + BIO_free(bio); #endif @@ -0,0 +1,16 @@ +------------------------------------------------------------------------------ + + + *************** + ** WARNING ** + *************** + + THE USE AND/OR HANDLING OF STRONG ENCRYPTION TECHNOLOGIES IS + PROHIBITED OR SEVERELY RESTRICTED IN MANY TERRITORIES. + PLEASE BE SURE THAT YOU FULLY UNDERSTAND THE LEGAL POSITION + IN YOUR COUNTRY BEFORE ATTEMPTING TO INSTALL THIS MODULE OR + ANY OF THE PREREQUISITE CRYPTOGRAPHY PACKAGES. + + +------------------------------------------------------------------------------ +$Id: WARNING 1849 2021-08-19 08:25:20Z willem $ diff --git a/lib/Net/DNS/SEC.pm b/lib/Net/DNS/SEC.pm index 6e59ea0..f1acf6d 100644 --- a/lib/Net/DNS/SEC.pm +++ b/lib/Net/DNS/SEC.pm @@ -4,8 +4,8 @@ use strict; use warnings; our $VERSION; -$VERSION = '1.18'; -our $SVNVERSION = (qw$Id: SEC.pm 1810 2020-10-02 12:44:37Z willem $)[2]; +$VERSION = '1.19'; +our $SVNVERSION = (qw$Id: SEC.pm 1854 2021-10-11 10:43:36Z willem $)[2]; =head1 NAME @@ -86,21 +86,14 @@ Fills @result with all keys in array @a that are not in array @b. sub key_difference { my $a = shift; my $b = shift; - my $r = shift || []; ## 0.17 interface + my $r = shift || []; ## 0.17 API - eval { - local $SIG{__DIE__}; - my ($x) = grep { !$_->isa('Net::DNS::RR::DNSKEY') } @$a, @$b; - die sprintf 'unexpected %s object in key list', ref($x) if $x; + local $SIG{__DIE__}; + my ($x) = grep { !$_->isa('Net::DNS::RR::DNSKEY') } @$a, @$b; + croak sprintf( 'unexpected %s object in key list', ref $x ) if $x; - my %index = map { ( $_->privatekeyname => 1 ) } @$b; - @$r = grep { !$index{$_->privatekeyname} } @$a; - 1; - } || do { - croak($@) if wantarray; - }; - - return wantarray ? (@$r) : $@; + my %index = map { ( $_->privatekeyname => 1 ) } @$b; + return @$r = grep { !$index{$_->privatekeyname} } @$a; } @@ -120,7 +113,7 @@ __END__ =head1 COPYRIGHT -Copyright (c)2014-2018 Dick Franks +Copyright (c)2014-2021 Dick Franks Copyright (c)2001-2005 RIPE NCC. Author Olaf M. Kolkman @@ -131,7 +124,7 @@ All Rights Reserved Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided -that the above copyright notice appear in all copies and that both that +that the original copyright notices appear in all copies and that both copyright notice and this permission notice appear in supporting documentation, and that the name of the author not be used in advertising or publicity pertaining to distribution of the software without specific diff --git a/lib/Net/DNS/SEC/DSA.pm b/lib/Net/DNS/SEC/DSA.pm index 781f6ce..a56851f 100644 --- a/lib/Net/DNS/SEC/DSA.pm +++ b/lib/Net/DNS/SEC/DSA.pm @@ -3,7 +3,7 @@ package Net::DNS::SEC::DSA; use strict; use warnings; -our $VERSION = (qw$Id: DSA.pm 1807 2020-09-28 11:38:28Z willem $)[2]; +our $VERSION = (qw$Id: DSA.pm 1853 2021-10-11 10:40:59Z willem $)[2]; =head1 NAME @@ -44,7 +44,7 @@ public key resource record. use integer; use MIME::Base64; -use constant DSA_configured => Net::DNS::SEC::libcrypto->can('EVP_PKEY_assign_DSA'); +use constant DSA_configured => Net::DNS::SEC::libcrypto->can('EVP_PKEY_new_DSA'); BEGIN { die 'DSA disabled or application has no "use Net::DNS::SEC"' unless DSA_configured } @@ -63,16 +63,11 @@ sub sign { my $index = $private->algorithm; my $evpmd = $parameters{$index} || die 'private key not DSA'; - my ( $p, $q, $g, $x, $y ) = map { decode_base64( $private->$_ ) } - qw(prime subprime base private_value public_value); + my ( $p, $q, $g, $x, $y ) = + map { decode_base64( $private->$_ ) } qw(prime subprime base private_value public_value); my $t = ( length($g) - 64 ) / 8; - my $dsa = Net::DNS::SEC::libcrypto::DSA_new(); - Net::DNS::SEC::libcrypto::DSA_set0_pqg( $dsa, $p, $q, $g ); - Net::DNS::SEC::libcrypto::DSA_set0_key( $dsa, $y, $x ); - - my $evpkey = Net::DNS::SEC::libcrypto::EVP_PKEY_new(); - Net::DNS::SEC::libcrypto::EVP_PKEY_assign_DSA( $evpkey, $dsa ); + my $evpkey = Net::DNS::SEC::libcrypto::EVP_PKEY_new_DSA( $p, $q, $g, $y, $x ); my $asn1 = Net::DNS::SEC::libcrypto::EVP_sign( $sigdata, $evpkey, $evpmd ); return _ASN1decode( $asn1, $t ); @@ -91,12 +86,7 @@ sub verify { my $len = 64 + 8 * unpack( 'C', $key ); # RFC2536, section 2 my ( $q, $p, $g, $y ) = unpack "x a20 a$len a$len a$len", $key; - my $dsa = Net::DNS::SEC::libcrypto::DSA_new(); - Net::DNS::SEC::libcrypto::DSA_set0_pqg( $dsa, $p, $q, $g ); - Net::DNS::SEC::libcrypto::DSA_set0_key( $dsa, $y, '' ); - - my $evpkey = Net::DNS::SEC::libcrypto::EVP_PKEY_new(); - Net::DNS::SEC::libcrypto::EVP_PKEY_assign_DSA( $evpkey, $dsa ); + my $evpkey = Net::DNS::SEC::libcrypto::EVP_PKEY_new_DSA( $p, $q, $g, $y, '' ); my $asn1 = _ASN1encode($sigbin); return Net::DNS::SEC::libcrypto::EVP_verify( $sigdata, $asn1, $evpkey, $evpmd ); @@ -150,7 +140,7 @@ All rights reserved. Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided -that the above copyright notice appear in all copies and that both that +that the original copyright notices appear in all copies and that both copyright notice and this permission notice appear in supporting documentation, and that the name of the author not be used in advertising or publicity pertaining to distribution of the software without specific diff --git a/lib/Net/DNS/SEC/Digest.pm b/lib/Net/DNS/SEC/Digest.pm index 3f3225f..3d2b8c4 100644 --- a/lib/Net/DNS/SEC/Digest.pm +++ b/lib/Net/DNS/SEC/Digest.pm @@ -3,7 +3,7 @@ package Net::DNS::SEC::Digest; use strict; use warnings; -our $VERSION = (qw$Id: Digest.pm 1807 2020-09-28 11:38:28Z willem $)[2]; +our $VERSION = (qw$Id: Digest.pm 1849 2021-08-19 08:25:20Z willem $)[2]; =head1 NAME @@ -29,7 +29,6 @@ implementations within the OpenSSL libcrypto library. =cut - use constant libcrypto_available => Net::DNS::SEC::libcrypto->can('EVP_MD_CTX_new'); BEGIN { die 'Net::DNS::SEC not available' unless libcrypto_available } @@ -55,24 +54,28 @@ sub new { my ( $class, @param ) = @_; my ($index) = reverse split '::', join '_', $class, @param; my $evpmd = $digest{$index}; - my $mdobj = Net::DNS::SEC::libcrypto::EVP_MD_CTX_new(); - Net::DNS::SEC::libcrypto::EVP_DigestInit( $mdobj, &$evpmd ); - return bless( \$mdobj, $class ); + my $mdctx = Net::DNS::SEC::libcrypto::EVP_MD_CTX_new(); + Net::DNS::SEC::libcrypto::EVP_DigestInit( $mdctx, &$evpmd ); + return bless( {ctx => $mdctx, md => &$evpmd}, $class ); } sub add { - my $object = shift; - return Net::DNS::SEC::libcrypto::EVP_DigestUpdate( $$object, shift ); + my $self = shift; + return Net::DNS::SEC::libcrypto::EVP_DigestUpdate( $self->{ctx}, shift ); } sub digest { - my $object = shift; - return Net::DNS::SEC::libcrypto::EVP_DigestFinal($$object); + my $self = shift; + my $dgst = Net::DNS::SEC::libcrypto::EVP_DigestFinal( $self->{ctx} ); + + # reinitialise; emulate API offered by Digest::SHA + Net::DNS::SEC::libcrypto::EVP_DigestInit( $self->{ctx}, $self->{md} ); + return $dgst; } DESTROY { - my $object = shift; - return Net::DNS::SEC::libcrypto::EVP_MD_CTX_free($$object); + my $self = shift; + return Net::DNS::SEC::libcrypto::EVP_MD_CTX_free( $self->{ctx} ); } @@ -127,7 +130,7 @@ contributors to the OpenSSL cryptographic library. =head1 COPYRIGHT -Copyright (c)2020 Dick Franks. +Copyright (c)2020,2021 Dick Franks. All rights reserved. @@ -136,7 +139,7 @@ All rights reserved. Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided -that the above copyright notice appear in all copies and that both that +that the original copyright notices appear in all copies and that both copyright notice and this permission notice appear in supporting documentation, and that the name of the author not be used in advertising or publicity pertaining to distribution of the software without specific diff --git a/lib/Net/DNS/SEC/ECCGOST.pm b/lib/Net/DNS/SEC/ECCGOST.pm index 04a71b4..e251fdc 100644 --- a/lib/Net/DNS/SEC/ECCGOST.pm +++ b/lib/Net/DNS/SEC/ECCGOST.pm @@ -3,7 +3,7 @@ package Net::DNS::SEC::ECCGOST; use strict; use warnings; -our $VERSION = (qw$Id: ECCGOST.pm 1807 2020-09-28 11:38:28Z willem $)[2]; +our $VERSION = (qw$Id: ECCGOST.pm 1853 2021-10-11 10:40:59Z willem $)[2]; =head1 NAME @@ -64,9 +64,8 @@ sub verify { return unless $sigbin; - my $eckey = Net::DNS::SEC::libcrypto::EC_KEY_new_ECCGOST(); my ( $y, $x ) = unpack 'a32 a32', reverse $keyrr->keybin; # public key - Net::DNS::SEC::libcrypto::EC_KEY_set_public_key_affine_coordinates( $eckey, $x, $y ); + my $eckey = Net::DNS::SEC::libcrypto::EC_KEY_new_ECCGOST( $x, $y ); my ( $s, $r ) = unpack 'a32 a32', $sigbin; # RFC5933, RFC4490 return Net::DNS::SEC::libcrypto::ECCGOST_verify( $H, $r, $s, $eckey ); @@ -90,7 +89,7 @@ All rights reserved. Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided -that the above copyright notice appear in all copies and that both that +that the original copyright notices appear in all copies and that both copyright notice and this permission notice appear in supporting documentation, and that the name of the author not be used in advertising or publicity pertaining to distribution of the software without specific diff --git a/lib/Net/DNS/SEC/ECDSA.pm b/lib/Net/DNS/SEC/ECDSA.pm index 93d1506..b9c5d6c 100644 --- a/lib/Net/DNS/SEC/ECDSA.pm +++ b/lib/Net/DNS/SEC/ECDSA.pm @@ -3,7 +3,7 @@ package Net::DNS::SEC::ECDSA; use strict; use warnings; -our $VERSION = (qw$Id: ECDSA.pm 1807 2020-09-28 11:38:28Z willem $)[2]; +our $VERSION = (qw$Id: ECDSA.pm 1853 2021-10-11 10:40:59Z willem $)[2]; =head1 NAME @@ -44,7 +44,7 @@ public key resource record. use integer; use MIME::Base64; -use constant ECDSA_configured => Net::DNS::SEC::libcrypto->can('EVP_PKEY_assign_EC_KEY'); +use constant ECDSA_configured => Net::DNS::SEC::libcrypto->can('EVP_PKEY_new_ECDSA'); BEGIN { die 'ECDSA disabled or application has no "use Net::DNS::SEC"' unless ECDSA_configured } @@ -65,12 +65,7 @@ sub sign { die 'private key not ECDSA' unless $nid; my $rawkey = pack "a$keylen", decode_base64( $private->PrivateKey ); - - my $eckey = Net::DNS::SEC::libcrypto::EC_KEY_new_by_curve_name($nid); - Net::DNS::SEC::libcrypto::EC_KEY_set_private_key( $eckey, $rawkey ); - - my $evpkey = Net::DNS::SEC::libcrypto::EVP_PKEY_new(); - Net::DNS::SEC::libcrypto::EVP_PKEY_assign_EC_KEY( $evpkey, $eckey ); + my $evpkey = Net::DNS::SEC::libcrypto::EVP_PKEY_new_ECDSA( $nid, $rawkey, '' ); my $asn1 = Net::DNS::SEC::libcrypto::EVP_sign( $sigdata, $evpkey, $evpmd ); return _ASN1decode( $asn1, $keylen ); @@ -86,12 +81,8 @@ sub verify { return unless $sigbin; - my $eckey = Net::DNS::SEC::libcrypto::EC_KEY_new_by_curve_name($nid); my ( $x, $y ) = unpack "a$keylen a$keylen", $keyrr->keybin; - Net::DNS::SEC::libcrypto::EC_KEY_set_public_key_affine_coordinates( $eckey, $x, $y ); - - my $evpkey = Net::DNS::SEC::libcrypto::EVP_PKEY_new(); - Net::DNS::SEC::libcrypto::EVP_PKEY_assign_EC_KEY( $evpkey, $eckey ); + my $evpkey = Net::DNS::SEC::libcrypto::EVP_PKEY_new_ECDSA( $nid, $x, $y ); my $asn1 = _ASN1encode( $sigbin, $keylen ); return Net::DNS::SEC::libcrypto::EVP_verify( $sigdata, $asn1, $evpkey, $evpmd ); @@ -146,7 +137,7 @@ All rights reserved. Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided -that the above copyright notice appear in all copies and that both that +that the original copyright notices appear in all copies and that both copyright notice and this permission notice appear in supporting documentation, and that the name of the author not be used in advertising or publicity pertaining to distribution of the software without specific diff --git a/lib/Net/DNS/SEC/EdDSA.pm b/lib/Net/DNS/SEC/EdDSA.pm index 667f3a9..8aee8e0 100644 --- a/lib/Net/DNS/SEC/EdDSA.pm +++ b/lib/Net/DNS/SEC/EdDSA.pm @@ -3,7 +3,7 @@ package Net::DNS::SEC::EdDSA; use strict; use warnings; -our $VERSION = (qw$Id: EdDSA.pm 1807 2020-09-28 11:38:28Z willem $)[2]; +our $VERSION = (qw$Id: EdDSA.pm 1853 2021-10-11 10:40:59Z willem $)[2]; =head1 NAME @@ -111,7 +111,7 @@ All rights reserved. Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided -that the above copyright notice appear in all copies and that both that +that the original copyright notices appear in all copies and that both copyright notice and this permission notice appear in supporting documentation, and that the name of the author not be used in advertising or publicity pertaining to distribution of the software without specific diff --git a/lib/Net/DNS/SEC/Keyset.pm b/lib/Net/DNS/SEC/Keyset.pm index 058e0a1..99dc4ef 100644 --- a/lib/Net/DNS/SEC/Keyset.pm +++ b/lib/Net/DNS/SEC/Keyset.pm @@ -3,7 +3,7 @@ package Net::DNS::SEC::Keyset; use strict; use warnings; -our $VERSION = (qw$Id: Keyset.pm 1809 2020-10-02 12:42:17Z willem $)[2]; +our $VERSION = (qw$Id: Keyset.pm 1853 2021-10-11 10:40:59Z willem $)[2]; =head1 NAME @@ -354,7 +354,7 @@ sub writekeyset { my $keysetname = "$prefix$domainname."; my $filename = File::Spec->catfile( @path, $keysetname ); $filename =~ s/[.]+/\./; ## avoid antisocial consequences of $path with .. - my $handle = IO::File->new( $filename, '>' ) or die qq("$filename": $!); + my $handle = IO::File->new( $filename, '>' ) or croak qq("$filename": $!); select( ( select($handle), $self->print )[0] ); close($handle); return $filename; @@ -379,7 +379,7 @@ All Rights Reserved Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided -that the above copyright notice appear in all copies and that both that +that the original copyright notices appear in all copies and that both copyright notice and this permission notice appear in supporting documentation, and that the name of the author not be used in advertising or publicity pertaining to distribution of the software without specific diff --git a/lib/Net/DNS/SEC/Private.pm b/lib/Net/DNS/SEC/Private.pm index 0fe9997..4d8467f 100644 --- a/lib/Net/DNS/SEC/Private.pm +++ b/lib/Net/DNS/SEC/Private.pm @@ -3,7 +3,7 @@ package Net::DNS::SEC::Private; use strict; use warnings; -our $VERSION = (qw$Id: Private.pm 1807 2020-09-28 11:38:28Z willem $)[2]; +our $VERSION = (qw$Id: Private.pm 1853 2021-10-11 10:40:59Z willem $)[2]; =head1 NAME @@ -36,6 +36,7 @@ with any other system. use integer; +use Carp; use File::Spec; use IO::File; @@ -51,11 +52,11 @@ sub _new_keyfile { my ( $vol, $dir, $name ) = File::Spec->splitpath($keypath); # Format something like: 'Kbla.foo.+001+12345.private' as created by BIND dnssec-keygen. - die "$file does not appear to be a BIND private key" + croak "$file does not appear to be a BIND private key" unless $name =~ /^K([^+]+)\+(\d+)\+(\d+)\.private$/; my @identifier = ( signame => $1, algorithm => 0 + $2, keytag => 0 + $3 ); - my $handle = IO::File->new( $file, '<' ) or die qq("$file": $!); + my $handle = IO::File->new( $file, '<' ) or croak qq("$file": $!); my @content; local $_; @@ -82,8 +83,8 @@ sub _new_params { } my $self = bless sub { $hashref->{shift()} }, $class; - die 'no algorithm specified' unless $self->algorithm; - die 'no signame specified' unless $self->signame; + croak 'no algorithm specified' unless $self->algorithm; + croak 'no signame specified' unless $self->signame; return $self; } @@ -181,7 +182,7 @@ All Rights Reserved Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided -that the above copyright notice appear in all copies and that both that +that the original copyright notices appear in all copies and that both copyright notice and this permission notice appear in supporting documentation, and that the name of the author not be used in advertising or publicity pertaining to distribution of the software without specific diff --git a/lib/Net/DNS/SEC/RSA.pm b/lib/Net/DNS/SEC/RSA.pm index 0d52548..bda2bcf 100644 --- a/lib/Net/DNS/SEC/RSA.pm +++ b/lib/Net/DNS/SEC/RSA.pm @@ -3,7 +3,7 @@ package Net::DNS::SEC::RSA; use strict; use warnings; -our $VERSION = (qw$Id: RSA.pm 1807 2020-09-28 11:38:28Z willem $)[2]; +our $VERSION = (qw$Id: RSA.pm 1853 2021-10-11 10:40:59Z willem $)[2]; =head1 NAME @@ -44,7 +44,7 @@ public key resource record. use integer; use MIME::Base64; -use constant RSA_configured => Net::DNS::SEC::libcrypto->can('EVP_PKEY_assign_RSA'); +use constant RSA_configured => Net::DNS::SEC::libcrypto->can('EVP_PKEY_new_RSA'); BEGIN { die 'RSA disabled or application has no "use Net::DNS::SEC"' unless RSA_configured } @@ -66,15 +66,10 @@ sub sign { my $index = $private->algorithm; my $evpmd = $parameters{$index} || die 'private key not RSA'; - my ( $n, $e, $d, $p, $q ) = map { decode_base64( $private->$_ ) } - qw(Modulus PublicExponent PrivateExponent Prime1 Prime2); + my ( $n, $e, $d, $p, $q ) = + map { decode_base64( $private->$_ ) } qw(Modulus PublicExponent PrivateExponent Prime1 Prime2); - my $rsa = Net::DNS::SEC::libcrypto::RSA_new(); - Net::DNS::SEC::libcrypto::RSA_set0_factors( $rsa, $p, $q ); - Net::DNS::SEC::libcrypto::RSA_set0_key( $rsa, $n, $e, $d ); - - my $evpkey = Net::DNS::SEC::libcrypto::EVP_PKEY_new(); - Net::DNS::SEC::libcrypto::EVP_PKEY_assign_RSA( $evpkey, $rsa ); + my $evpkey = Net::DNS::SEC::libcrypto::EVP_PKEY_new_RSA( $n, $e, $d, $p, $q ); return Net::DNS::SEC::libcrypto::EVP_sign( $sigdata, $evpkey, $evpmd ); } @@ -93,11 +88,7 @@ sub verify { my $keyfmt = $short ? "x a$short a*" : "x3 a$long a*"; my ( $exponent, $modulus ) = unpack( $keyfmt, $keybin ); - my $rsa = Net::DNS::SEC::libcrypto::RSA_new(); - Net::DNS::SEC::libcrypto::RSA_set0_key( $rsa, $modulus, $exponent, '' ); - - my $evpkey = Net::DNS::SEC::libcrypto::EVP_PKEY_new(); - Net::DNS::SEC::libcrypto::EVP_PKEY_assign_RSA( $evpkey, $rsa ); + my $evpkey = Net::DNS::SEC::libcrypto::EVP_PKEY_new_RSA( $modulus, $exponent, '', '', '' ); return Net::DNS::SEC::libcrypto::EVP_verify( $sigdata, $sigbin, $evpkey, $evpmd ); } @@ -126,7 +117,7 @@ All rights reserved. Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided -that the above copyright notice appear in all copies and that both that +that the original copyright notices appear in all copies and that both copyright notice and this permission notice appear in supporting documentation, and that the name of the author not be used in advertising or publicity pertaining to distribution of the software without specific diff --git a/lib/Net/DNS/SEC/libcrypto.pod b/lib/Net/DNS/SEC/libcrypto.pod index 1d2710a..49871af 100644 --- a/lib/Net/DNS/SEC/libcrypto.pod +++ b/lib/Net/DNS/SEC/libcrypto.pod @@ -1,5 +1,5 @@ # -# $Id: libcrypto.pod 1807 2020-09-28 11:38:28Z willem $ +# $Id: libcrypto.pod 1853 2021-10-11 10:40:59Z willem $ # =head1 NAME @@ -30,7 +30,7 @@ All rights reserved. Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided -that the above copyright notice appear in all copies and that both that +that the original copyright notices appear in all copies and that both copyright notice and this permission notice appear in supporting documentation, and that the name of the author not be used in advertising or publicity pertaining to distribution of the software without specific diff --git a/t/00-load.t b/t/00-load.t index 26291de..04bb4cf 100644 --- a/t/00-load.t +++ b/t/00-load.t @@ -1,5 +1,5 @@ #!/usr/bin/perl -# $Id: 00-load.t 1809 2020-10-02 12:42:17Z willem $ -*-perl-*- +# $Id: 00-load.t 1831 2021-02-11 23:03:17Z willem $ -*-perl-*- # use strict; @@ -17,7 +17,6 @@ my @module = qw( Net::DNS::SEC::Keyset Net::DNS::SEC::Private Net::DNS::SEC::libcrypto - File::Find File::Spec IO::File MIME::Base64 @@ -68,8 +67,7 @@ eval { my $x = pack 'H*', 'cadb74b9950fcf3728ad232626b0dc63f350c25dd09456cd155f413d35205ce9'; my $y = pack 'H*', '050fd637ab18f8f443eac48c26c12566e655e4d3b15046e0fef296a8835ebeee'; foreach my $H ( $d, $q ) { ## including specific case (alpha mod q) = 0 - my $eckey = Net::DNS::SEC::libcrypto::EC_KEY_new_ECCGOST(); - Net::DNS::SEC::libcrypto::EC_KEY_set_public_key_affine_coordinates( $eckey, $x, $y ); + my $eckey = Net::DNS::SEC::libcrypto::EC_KEY_new_ECCGOST( $x, $y ); Net::DNS::SEC::libcrypto::ECCGOST_verify( $H, $r, $s, $eckey ); } }; diff --git a/t/10-keyset.t b/t/10-keyset.t index 9e02ad7..bc54973 100644 --- a/t/10-keyset.t +++ b/t/10-keyset.t @@ -1,5 +1,5 @@ #!/usr/bin/perl -# $Id: 10-keyset.t 1808 2020-09-28 22:08:11Z willem $ -*-perl-*- +# $Id: 10-keyset.t 1830 2021-01-26 09:08:12Z willem $ -*-perl-*- # use strict; @@ -8,7 +8,7 @@ use IO::File; use Test::More; my %prerequisite = ( - 'Net::DNS::SEC' => 1.01, + 'Net::DNS::SEC' => 1.15, 'Digest::SHA' => 5.23, 'MIME::Base64' => 2.13, ); @@ -21,7 +21,7 @@ foreach my $package ( sort keys %prerequisite ) { } plan skip_all => 'disabled RSA' - unless eval { Net::DNS::SEC::libcrypto->can('EVP_PKEY_assign_RSA') }; + unless eval { Net::DNS::SEC::libcrypto->can('EVP_PKEY_new_RSA') }; plan tests => 29; diff --git a/t/20-digest.t b/t/20-digest.t index 6f2dec0..c14b85f 100644 --- a/t/20-digest.t +++ b/t/20-digest.t @@ -1,5 +1,5 @@ #!/usr/bin/perl -# $Id: 20-digest.t 1808 2020-09-28 22:08:11Z willem $ -*-perl-*- +# $Id: 20-digest.t 1830 2021-01-26 09:08:12Z willem $ -*-perl-*- # use strict; @@ -29,13 +29,11 @@ my %digest = ( SHA224 => '730e109bd7a8a32b1cb9d9a09aa2325d2430587ddbc0c38bad911525', SHA256 => 'd7a8fbb307d7809469ca9abcb0082e4f8d5651e46d3cdb762d02d0bf37c9e592', SHA384 => 'ca737f1014a48f4c0b6dd43cb177b0afd9e5169367544c494011e3317dbf9a509cb1e5dc1e85a941bbee3d7f2afbc9b1', - SHA512 => -'07e547d9586f6a73f73fbac0435ed76951218fb7d0c8d788a309d785436bbb642e93a252a954f23912547d1e8a3b5ed6e1bfd7097821233fa0538f3db854fee6', + SHA512 => '07e547d9586f6a73f73fbac0435ed76951218fb7d0c8d788a309d785436bbb642e93a252a954f23912547d1e8a3b5ed6e1bfd7097821233fa0538f3db854fee6', SHA3_224 => 'd15dadceaa4d5d7bb3b48f446421d542e08ad8887305e28d58335795', SHA3_256 => '69070dda01975c8c120c3aada1b282394e7f032fa9cf32f4cb2259a0897dfc04', SHA3_384 => '7063465e08a93bce31cd89d2e3ca8f602498696e253592ed26f07bf7e703cf328581e1471a7ba7ab119b1a9ebdf8be41', - SHA3_512 => -'01dedd5de4ef14642445ba5f5b97c15e47b9ad931326e4b0727cd94cefc44fff23f07bf543139939b49128caf436dc1bdee54fcb24023a08d9403f9b4bf0d450', + SHA3_512 => '01dedd5de4ef14642445ba5f5b97c15e47b9ad931326e4b0727cd94cefc44fff23f07bf543139939b49128caf436dc1bdee54fcb24023a08d9403f9b4bf0d450', ); diff --git a/t/21-RSA-MD5.t b/t/21-RSA-MD5.t index caecb15..5e06983 100644 --- a/t/21-RSA-MD5.t +++ b/t/21-RSA-MD5.t @@ -1,5 +1,5 @@ #!/usr/bin/perl -# $Id: 21-RSA-MD5.t 1808 2020-09-28 22:08:11Z willem $ -*-perl-*- +# $Id: 21-RSA-MD5.t 1830 2021-01-26 09:08:12Z willem $ -*-perl-*- # use strict; @@ -8,7 +8,7 @@ use IO::File; use Test::More; my %prerequisite = ( - 'Net::DNS::SEC' => 1.01, + 'Net::DNS::SEC' => 1.15, 'MIME::Base64' => 2.13, ); @@ -20,7 +20,7 @@ foreach my $package ( sort keys %prerequisite ) { } plan skip_all => 'disabled RSA' - unless eval { Net::DNS::SEC::libcrypto->can('EVP_PKEY_assign_RSA') }; + unless eval { Net::DNS::SEC::libcrypto->can('EVP_PKEY_new_RSA') }; plan tests => 8; diff --git a/t/22-RSA-SHA1.t b/t/22-RSA-SHA1.t index 772e527..3597b55 100644 --- a/t/22-RSA-SHA1.t +++ b/t/22-RSA-SHA1.t @@ -1,5 +1,5 @@ #!/usr/bin/perl -# $Id: 22-RSA-SHA1.t 1808 2020-09-28 22:08:11Z willem $ -*-perl-*- +# $Id: 22-RSA-SHA1.t 1830 2021-01-26 09:08:12Z willem $ -*-perl-*- # use strict; @@ -8,7 +8,7 @@ use IO::File; use Test::More; my %prerequisite = ( - 'Net::DNS::SEC' => 1.01, + 'Net::DNS::SEC' => 1.15, 'MIME::Base64' => 2.13, ); @@ -20,7 +20,7 @@ foreach my $package ( sort keys %prerequisite ) { } plan skip_all => 'disabled RSA' - unless eval { Net::DNS::SEC::libcrypto->can('EVP_PKEY_assign_RSA') }; + unless eval { Net::DNS::SEC::libcrypto->can('EVP_PKEY_new_RSA') }; plan tests => 17; diff --git a/t/23-RSA-SHA256.t b/t/23-RSA-SHA256.t index 88af34c..83c38f9 100644 --- a/t/23-RSA-SHA256.t +++ b/t/23-RSA-SHA256.t @@ -1,5 +1,5 @@ #!/usr/bin/perl -# $Id: 23-RSA-SHA256.t 1808 2020-09-28 22:08:11Z willem $ -*-perl-*- +# $Id: 23-RSA-SHA256.t 1830 2021-01-26 09:08:12Z willem $ -*-perl-*- # use strict; @@ -8,7 +8,7 @@ use IO::File; use Test::More; my %prerequisite = ( - 'Net::DNS::SEC' => 1.01, + 'Net::DNS::SEC' => 1.15, 'MIME::Base64' => 2.13, ); @@ -20,7 +20,7 @@ foreach my $package ( sort keys %prerequisite ) { } plan skip_all => 'disabled RSA' - unless eval { Net::DNS::SEC::libcrypto->can('EVP_PKEY_assign_RSA') }; + unless eval { Net::DNS::SEC::libcrypto->can('EVP_PKEY_new_RSA') }; plan tests => 8; diff --git a/t/24-RSA-SHA512.t b/t/24-RSA-SHA512.t index eb14279..8c6f3e7 100644 --- a/t/24-RSA-SHA512.t +++ b/t/24-RSA-SHA512.t @@ -1,5 +1,5 @@ #!/usr/bin/perl -# $Id: 24-RSA-SHA512.t 1808 2020-09-28 22:08:11Z willem $ -*-perl-*- +# $Id: 24-RSA-SHA512.t 1830 2021-01-26 09:08:12Z willem $ -*-perl-*- # use strict; @@ -8,7 +8,7 @@ use IO::File; use Test::More; my %prerequisite = ( - 'Net::DNS::SEC' => 1.01, + 'Net::DNS::SEC' => 1.15, 'MIME::Base64' => 2.13, ); @@ -20,7 +20,7 @@ foreach my $package ( sort keys %prerequisite ) { } plan skip_all => 'disabled RSA' - unless eval { Net::DNS::SEC::libcrypto->can('EVP_PKEY_assign_RSA') }; + unless eval { Net::DNS::SEC::libcrypto->can('EVP_PKEY_new_RSA') }; plan tests => 8; diff --git a/t/31-DSA-SHA1.t b/t/31-DSA-SHA1.t index 76a927f..38c1400 100644 --- a/t/31-DSA-SHA1.t +++ b/t/31-DSA-SHA1.t @@ -1,5 +1,5 @@ #!/usr/bin/perl -# $Id: 31-DSA-SHA1.t 1808 2020-09-28 22:08:11Z willem $ -*-perl-*- +# $Id: 31-DSA-SHA1.t 1830 2021-01-26 09:08:12Z willem $ -*-perl-*- # use strict; @@ -21,7 +21,7 @@ foreach my $package ( sort keys %prerequisite ) { plan skip_all => "disabled DSA" - unless eval { Net::DNS::SEC::libcrypto->can('EVP_PKEY_assign_DSA') }; + unless eval { Net::DNS::SEC::libcrypto->can('EVP_PKEY_new_DSA') }; plan tests => 13; diff --git a/t/51-ECDSA-P256.t b/t/51-ECDSA-P256.t index 05b5604..22504f1 100644 --- a/t/51-ECDSA-P256.t +++ b/t/51-ECDSA-P256.t @@ -1,5 +1,5 @@ #!/usr/bin/perl -# $Id: 51-ECDSA-P256.t 1808 2020-09-28 22:08:11Z willem $ -*-perl-*- +# $Id: 51-ECDSA-P256.t 1830 2021-01-26 09:08:12Z willem $ -*-perl-*- # use strict; @@ -20,7 +20,7 @@ foreach my $package ( sort keys %prerequisite ) { } plan skip_all => 'disabled ECDSA' - unless eval { Net::DNS::SEC::libcrypto->can('EVP_PKEY_assign_EC_KEY') }; + unless eval { Net::DNS::SEC::libcrypto->can('EVP_PKEY_new_ECDSA') }; plan tests => 13; diff --git a/t/52-ECDSA-P384.t b/t/52-ECDSA-P384.t index 3c98be3..8978370 100644 --- a/t/52-ECDSA-P384.t +++ b/t/52-ECDSA-P384.t @@ -1,5 +1,5 @@ #!/usr/bin/perl -# $Id: 52-ECDSA-P384.t 1808 2020-09-28 22:08:11Z willem $ -*-perl-*- +# $Id: 52-ECDSA-P384.t 1830 2021-01-26 09:08:12Z willem $ -*-perl-*- # use strict; @@ -20,7 +20,7 @@ foreach my $package ( sort keys %prerequisite ) { } plan skip_all => 'disabled ECDSA' - unless eval { Net::DNS::SEC::libcrypto->can('EVP_PKEY_assign_EC_KEY') }; + unless eval { Net::DNS::SEC::libcrypto->can('EVP_PKEY_new_ECDSA') }; plan tests => 8; |