From da81a934ea4c81f0b7015c373b6f6590165ca8f0 Mon Sep 17 00:00:00 2001 From: gregor herrmann Date: Sat, 27 Apr 2024 20:49:28 +0200 Subject: New upstream version 1.24 --- Changes | 8 +++- META.json | 10 ++--- META.yml | 8 ++-- Makefile.PL | 13 +++--- SEC.xs | 111 ++++++++++++++++++++++++---------------------- lib/Net/DNS/SEC.pm | 6 +-- lib/Net/DNS/SEC/Digest.pm | 7 ++- t/20-digest.t | 10 ++--- 8 files changed, 92 insertions(+), 81 deletions(-) diff --git a/Changes b/Changes index 1babd71..903fe79 100644 --- a/Changes +++ b/Changes @@ -1,6 +1,12 @@ Revision history for Perl extension Net::DNS::SEC. +**** 1.24 Apr 25, 2024 + + Eliminate deprecated RSA CRT parameter names. + Add support for SM3 digest. + + **** 1.23 Nov 8, 2023 Code refactoring of XS component. @@ -680,4 +686,4 @@ Net::DNS. The history of those is documented below. --------------------------------------------------------------------------- -$Id: Changes 1943 2023-11-08 09:02:03Z willem $ +$Id: Changes 1976 2024-04-25 09:05:27Z willem $ diff --git a/META.json b/META.json index b7b3d5d..8fd532c 100644 --- a/META.json +++ b/META.json @@ -5,7 +5,7 @@ "Olaf Kolkman" ], "dynamic_config" : 1, - "generated_by" : "ExtUtils::MakeMaker version 7.70, CPAN::Meta::Converter version 2.150010", + "generated_by" : "ExtUtils::MakeMaker version 7.64, CPAN::Meta::Converter version 2.150010", "license" : [ "mit" ], @@ -35,10 +35,10 @@ "requires" : { "Carp" : "1.1", "DynaLoader" : "1.09", - "Exporter" : "5.56", + "Exporter" : "5.63", "File::Spec" : "3.29", "IO::File" : "1.14", - "MIME::Base64" : "2.13", + "MIME::Base64" : "3.07", "Net::DNS" : "1.08", "perl" : "5.008009" } @@ -54,6 +54,6 @@ } }, "release_status" : "stable", - "version" : "1.23", - "x_serialization_backend" : "JSON::PP version 4.16" + "version" : "1.24", + "x_serialization_backend" : "JSON::PP version 4.07" } diff --git a/META.yml b/META.yml index a12d3b8..7eb6c8e 100644 --- a/META.yml +++ b/META.yml @@ -12,7 +12,7 @@ build_requires: configure_requires: ExtUtils::MakeMaker: '6.48' dynamic_config: 1 -generated_by: 'ExtUtils::MakeMaker version 7.70, CPAN::Meta::Converter version 2.150010' +generated_by: 'ExtUtils::MakeMaker version 7.64, CPAN::Meta::Converter version 2.150010' license: mit meta-spec: url: http://module-build.sourceforge.net/META-spec-v1.4.html @@ -25,11 +25,11 @@ no_index: requires: Carp: '1.1' DynaLoader: '1.09' - Exporter: '5.56' + Exporter: '5.63' File::Spec: '3.29' IO::File: '1.14' - MIME::Base64: '2.13' + MIME::Base64: '3.07' Net::DNS: '1.08' perl: '5.008009' -version: '1.23' +version: '1.24' x_serialization_backend: 'CPAN::Meta::YAML version 0.018' diff --git a/Makefile.PL b/Makefile.PL index 97f3419..b5f4273 100644 --- a/Makefile.PL +++ b/Makefile.PL @@ -1,5 +1,5 @@ # -# $Id: Makefile.PL 1926 2023-05-31 12:05:13Z willem $ -*-perl-*- +# $Id: Makefile.PL 1971 2024-04-17 09:35:43Z willem $ -*-perl-*- # use 5.008009; @@ -38,10 +38,10 @@ my %metadata = ( my %prerequisite = ( 'Carp' => 1.10, 'DynaLoader' => 1.09, - 'Exporter' => 5.56, + 'Exporter' => 5.63, 'File::Spec' => 3.29, 'IO::File' => 1.14, - 'MIME::Base64' => 2.13, + 'MIME::Base64' => 3.07, 'Net::DNS' => 1.08, ); @@ -170,16 +170,15 @@ sub postamble { return <<"PlanA" if `gcov -v 2>$devnull`; test_cover : cover -delete - HARNESS_PERL_SWITCHES=-MDevel::Cover \$(MAKE) -W SEC.xs test CCFLAGS="$ccflags" OTHERLDFLAGS="$ldflags" - cover + \$(MAKE) -W SEC.xs CCFLAGS="$ccflags" OTHERLDFLAGS="$ldflags" + cover -test \$(NOECHO) \$(TOUCH) SEC.c # force XS rebuild before install PlanA return <<'PlanB'; test_cover : cover -delete - HARNESS_PERL_SWITCHES=-MDevel::Cover $(MAKE) test - cover + cover -test PlanB } diff --git a/SEC.xs b/SEC.xs index 819b799..341fe13 100644 --- a/SEC.xs +++ b/SEC.xs @@ -1,5 +1,5 @@ -#define XS_Id "$Id: SEC.xs 1942 2023-11-07 13:30:39Z willem $" +#define XS_Id "$Id: SEC.xs 1975 2024-04-22 14:41:36Z willem $" =head1 NAME @@ -13,7 +13,7 @@ upon which the Net::DNS::SEC cryptographic components are built. =head1 COPYRIGHT -Copyright (c)2018-2023 Dick Franks +Copyright (c)2018-2024 Dick Franks All Rights Reserved @@ -49,24 +49,18 @@ extern "C" { #include -#ifndef OPENSSL_VERSION_NUMBER /* 0xMMmmmmppL adapt or die! */ -#define OPENSSL_RELEASE \ - ( (OPENSSL_VERSION_MAJOR<<24) | (OPENSSL_VERSION_MINOR<<8) | OPENSSL_VERSION_PATCH | 0x0L ) +#ifdef OPENSSL_VERSION_NUMBER +#define OPENSSL_RELEASE ( OPENSSL_VERSION_NUMBER>>4 ) /* 0xMMmm0000 */ #else -#define OPENSSL_RELEASE (OPENSSL_VERSION_NUMBER>>4) +#define OPENSSL_RELEASE ( OPENSSL_VERSION_MAJOR<<24 | OPENSSL_VERSION_MINOR<<16 ) #endif -#if (OPENSSL_RELEASE < 0x0F000000) +#if (OPENSSL_RELEASE < 0x03000000) #define API_1_1_1 -#undef OSSL_DEPRECATED -#define OSSL_DEPRECATED(since) extern #include #include #include -#endif - -#if !(OPENSSL_RELEASE < 0x03000000) -#define API_3_0_0 +#else #include #include static OSSL_LIB_CTX *libctx = NULL; @@ -98,6 +92,10 @@ static OSSL_LIB_CTX *libctx = NULL; #define NO_EdDSA #endif +#ifdef OPENSSL_NO_SM3 +#define NO_SM3 +#endif + #if (OPENSSL_RELEASE < 0x01000100) #error ancient libcrypto version @@ -105,11 +103,32 @@ static OSSL_LIB_CTX *libctx = NULL; #endif +#if (OPENSSL_RELEASE < 0x03040000) +#define EOL 20260409 +#endif + +#if (OPENSSL_RELEASE < 0x03030000) +#undef EOL +#define EOL 20251123 +#endif + +#if (OPENSSL_RELEASE < 0x03020000) +#undef EOL +#define EOL 20250314 +#endif + +#if (OPENSSL_RELEASE < 0x03010000) +#undef EOL #define EOL 20260907 +#endif #if (OPENSSL_RELEASE < 0x03000000) #undef EOL #define EOL 20230911 +#define NO_SM3 +#ifndef NID_ED25519 +#define NO_EdDSA +#endif #endif @@ -150,8 +169,6 @@ int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q) #if (OPENSSL_RELEASE < 0x01010100) -#define NO_EdDSA -#define NO_SHA3 int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sig, size_t *sig_len, const unsigned char *data, size_t data_len) @@ -171,21 +188,13 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, #ifdef OPENSSL_IS_BORINGSSL -#undef EOL -#ifndef NID_ED25519 -#define NO_EdDSA -#endif +#undef EOL #define NO_DSA -#define NO_SHA3 #endif #ifdef LIBRESSL_VERSION_NUMBER -#undef EOL -#if (LIBRESSL_VERSION_NUMBER < 0x30702000) -#define NO_EdDSA -#endif +#undef EOL #define NO_DSA -#define NO_SHA3 #endif @@ -200,7 +209,7 @@ void checkret(const int ret, int line) } -#ifdef API_3_0_0 +#ifdef EVP_PKEY_PUBLIC_KEY int EVP_PKEY_fromparams(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey, int selection, OSSL_PARAM_BLD *bld) { int retval; @@ -236,7 +245,7 @@ VERSION(void) #endif CODE: #ifdef EOL - strftime( buf, sizeof buf, "%Y%m00", gmtime(&today) ); + strftime( buf, sizeof buf, "%Y%m%d", gmtime(&today) ); txt = selecttxt( EOL, atoi(buf), "" ); /* get 100% coverage by calling this twice */ txt = selecttxt( atoi(buf), EOL, " [UNSUPPORTED]" ); RETVAL = newSVpvf( "%s %s%s", v-5, OPENSSL_VERSION_TEXT, txt ); @@ -333,18 +342,9 @@ const EVP_MD* EVP_sha512() -#ifndef NO_SHA3 -const EVP_MD* -EVP_sha3_224() - +#ifndef NO_SM3 const EVP_MD* -EVP_sha3_256() - -const EVP_MD* -EVP_sha3_384() - -const EVP_MD* -EVP_sha3_512() +EVP_sm3() #endif @@ -356,7 +356,7 @@ EVP_sha3_512() EVP_PKEY* EVP_PKEY_new_DSA(SV *p_SV, SV *q_SV, SV *g_SV, SV *y_SV, SV *x_SV=UNDEF ) INIT: -#ifndef API_3_0_0 +#ifdef API_1_1_1 DSA *dsa = DSA_new(); #else EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name( libctx, "DSA", NULL ); @@ -364,7 +364,7 @@ EVP_PKEY_new_DSA(SV *p_SV, SV *q_SV, SV *g_SV, SV *y_SV, SV *x_SV=UNDEF ) BIGNUM *p, *q, *g, *x, *y; #endif CODE: -#ifndef API_3_0_0 +#ifdef API_1_1_1 RETVAL = EVP_PKEY_new(); checkerr( DSA_set0_pqg( dsa, SV2BN(p_SV), SV2BN(q_SV), SV2BN(g_SV) ) ); checkerr( DSA_set0_key( dsa, SV2BN(y_SV), SV2BN(x_SV) ) ); @@ -402,7 +402,7 @@ EVP_PKEY_new_DSA(SV *p_SV, SV *q_SV, SV *g_SV, SV *y_SV, SV *x_SV=UNDEF ) EVP_PKEY* EVP_PKEY_new_RSA(SV *n_SV, SV *e_SV, SV *d_SV=UNDEF, SV *p1_SV=UNDEF, SV *p2_SV=UNDEF, SV *e1_SV=UNDEF, SV *e2_SV=UNDEF, SV *c_SV=UNDEF ) INIT: -#ifndef API_3_0_0 +#ifdef API_1_1_1 RSA *rsa = RSA_new(); #else EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name( libctx, "RSA", NULL ); @@ -410,7 +410,7 @@ EVP_PKEY_new_RSA(SV *n_SV, SV *e_SV, SV *d_SV=UNDEF, SV *p1_SV=UNDEF, SV *p2_SV= BIGNUM *n, *e, *d, *p1, *p2, *e1, *e2, *c; #endif CODE: -#ifndef API_3_0_0 +#ifdef API_1_1_1 RETVAL = EVP_PKEY_new(); checkerr( RSA_set0_factors( rsa, SV2BN(p1_SV), SV2BN(p2_SV) ) ); checkerr( RSA_set0_key( rsa, SV2BN(n_SV), SV2BN(e_SV), SV2BN(d_SV) ) ); @@ -422,11 +422,11 @@ EVP_PKEY_new_RSA(SV *n_SV, SV *e_SV, SV *d_SV=UNDEF, SV *p1_SV=UNDEF, SV *p2_SV= checkerr( OSSL_PARAM_BLD_push_BN( bld, OSSL_PKEY_PARAM_RSA_E, e=SV2BN(e_SV) ) ); if ( SvCUR(d_SV) > 0 ) { checkerr( OSSL_PARAM_BLD_push_BN( bld, OSSL_PKEY_PARAM_RSA_D, d=SV2BN(d_SV) ) ); - checkerr( OSSL_PARAM_BLD_push_BN( bld, OSSL_PKEY_PARAM_RSA_FACTOR, p1=SV2BN(p1_SV) ) ); - checkerr( OSSL_PARAM_BLD_push_BN( bld, OSSL_PKEY_PARAM_RSA_FACTOR, p2=SV2BN(p2_SV) ) ); - checkerr( OSSL_PARAM_BLD_push_BN( bld, OSSL_PKEY_PARAM_RSA_EXPONENT, e1=SV2BN(e1_SV) ) ); - checkerr( OSSL_PARAM_BLD_push_BN( bld, OSSL_PKEY_PARAM_RSA_EXPONENT, e2=SV2BN(e2_SV) ) ); - checkerr( OSSL_PARAM_BLD_push_BN( bld, OSSL_PKEY_PARAM_RSA_COEFFICIENT, c=SV2BN(c_SV) ) ); + checkerr( OSSL_PARAM_BLD_push_BN( bld, OSSL_PKEY_PARAM_RSA_FACTOR1, p1=SV2BN(p1_SV) ) ); + checkerr( OSSL_PARAM_BLD_push_BN( bld, OSSL_PKEY_PARAM_RSA_FACTOR2, p2=SV2BN(p2_SV) ) ); + checkerr( OSSL_PARAM_BLD_push_BN( bld, OSSL_PKEY_PARAM_RSA_EXPONENT1, e1=SV2BN(e1_SV) ) ); + checkerr( OSSL_PARAM_BLD_push_BN( bld, OSSL_PKEY_PARAM_RSA_EXPONENT2, e2=SV2BN(e2_SV) ) ); + checkerr( OSSL_PARAM_BLD_push_BN( bld, OSSL_PKEY_PARAM_RSA_COEFFICIENT1, c=SV2BN(c_SV) ) ); checkerr( EVP_PKEY_fromparams( ctx, &RETVAL, EVP_PKEY_KEYPAIR, bld ) ); BN_free(d); BN_free(p1); @@ -457,12 +457,14 @@ EVP_PKEY_new_ECDSA(SV *curve, SV *qx_SV, SV *qy_SV=UNDEF ) INIT: #ifdef API_1_1_1 EC_KEY *eckey = NULL; + BIGNUM *qx, *qy; #else EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name( libctx, "EC", NULL ); OSSL_PARAM_BLD *bld = OSSL_PARAM_BLD_new(); + SV *ksv = newSVpvn("\4",1); + BIGNUM *qx; #endif char *name = SvPVX(curve); - BIGNUM *qx, *qy; CODE: #ifdef API_1_1_1 RETVAL = EVP_PKEY_new(); @@ -470,20 +472,21 @@ EVP_PKEY_new_ECDSA(SV *curve, SV *qx_SV, SV *qy_SV=UNDEF ) if ( strcmp(name,"P-384") == 0 ) eckey = EC_KEY_new_by_curve_name(NID_secp384r1); if ( SvCUR(qy_SV) > 0 ) { checkerr( EC_KEY_set_public_key_affine_coordinates( eckey, qx=SV2BN(qx_SV), qy=SV2BN(qy_SV) ) ); + BN_free(qx); BN_free(qy); } else { checkerr( EC_KEY_set_private_key( eckey, qx=SV2BN(qx_SV) ) ); + BN_clear_free(qx); } checkerr( EVP_PKEY_assign( RETVAL, EVP_PKEY_EC, (char*)eckey ) ); #else RETVAL = NULL; checkerr( OSSL_PARAM_BLD_push_utf8_string( bld, OSSL_PKEY_PARAM_GROUP_NAME, name, 0 ) ); if ( SvCUR(qy_SV) > 0 ) { - checkerr( OSSL_PARAM_BLD_push_BN( bld, OSSL_PKEY_PARAM_EC_PUB_X, qx=SV2BN(qx_SV) ) ); - checkerr( OSSL_PARAM_BLD_push_BN( bld, OSSL_PKEY_PARAM_EC_PUB_Y, qy=SV2BN(qy_SV) ) ); + sv_catpvn_nomg(ksv, SvPVX(qx_SV), SvCUR(qx_SV)); + sv_catpvn_nomg(ksv, SvPVX(qy_SV), SvCUR(qy_SV)); + checkerr( OSSL_PARAM_BLD_push_octet_string( bld, OSSL_PKEY_PARAM_PUB_KEY, SvPVX(ksv), SvCUR(ksv) ) ); checkerr( EVP_PKEY_fromparams( ctx, &RETVAL, EVP_PKEY_PUBLIC_KEY, bld ) ); - BN_free(qx); - BN_free(qy); } else { checkerr( OSSL_PARAM_BLD_push_BN( bld, OSSL_PKEY_PARAM_PRIV_KEY, qx=SV2BN(qx_SV) ) ); checkerr( EVP_PKEY_fromparams( ctx, &RETVAL, EVP_PKEY_KEYPAIR, bld ) ); @@ -505,7 +508,7 @@ EVP_PKEY_new_ECDSA(SV *curve, SV *qx_SV, SV *qy_SV=UNDEF ) EVP_PKEY* EVP_PKEY_new_EdDSA(SV *curve, SV *public, SV *private=NULL) INIT: -#ifndef API_3_0_0 +#ifdef API_1_1_1 char *name = SvPVX(curve); int nid = 0; #else @@ -514,7 +517,7 @@ EVP_PKEY_new_EdDSA(SV *curve, SV *public, SV *private=NULL) #endif CODE: RETVAL = NULL; -#ifndef API_3_0_0 +#ifdef API_1_1_1 if ( strcmp(name,"ED25519") == 0 ) nid = NID_ED25519; #ifdef NID_ED448 /* not yet implemented in BoringSSL & LibreSSL */ if ( strcmp(name,"ED448") == 0 ) nid = NID_ED448; diff --git a/lib/Net/DNS/SEC.pm b/lib/Net/DNS/SEC.pm index ee33301..09988f5 100644 --- a/lib/Net/DNS/SEC.pm +++ b/lib/Net/DNS/SEC.pm @@ -4,9 +4,9 @@ use strict; use warnings; use Carp; -our $SVNVERSION = (qw$Id: SEC.pm 1943 2023-11-08 09:02:03Z willem $)[2]; +our $SVNVERSION = (qw$Id: SEC.pm 1976 2024-04-25 09:05:27Z willem $)[2]; our $VERSION; -$VERSION = '1.23'; +$VERSION = '1.24'; use base qw(Exporter DynaLoader); @@ -99,7 +99,7 @@ sub key_difference { ######################################## -foreach (qw(DS CDS RRSIG)) { +foreach (qw(RRSIG DS CDS)) { Net::DNS::RR->new( type => $_ ); # pre-load to access class methods } diff --git a/lib/Net/DNS/SEC/Digest.pm b/lib/Net/DNS/SEC/Digest.pm index 3d2b8c4..d80780b 100644 --- a/lib/Net/DNS/SEC/Digest.pm +++ b/lib/Net/DNS/SEC/Digest.pm @@ -3,7 +3,7 @@ package Net::DNS::SEC::Digest; use strict; use warnings; -our $VERSION = (qw$Id: Digest.pm 1849 2021-08-19 08:25:20Z willem $)[2]; +our $VERSION = (qw$Id: Digest.pm 1971 2024-04-17 09:35:43Z willem $)[2]; =head1 NAME @@ -47,6 +47,8 @@ my %digest = ( SHA3_256 => sub { Net::DNS::SEC::libcrypto::EVP_sha3_256() }, SHA3_384 => sub { Net::DNS::SEC::libcrypto::EVP_sha3_384() }, SHA3_512 => sub { Net::DNS::SEC::libcrypto::EVP_sha3_512() }, + + SM3 => sub { Net::DNS::SEC::libcrypto::EVP_sm3() }, ); @@ -89,6 +91,9 @@ our @ISA = qw(Net::DNS::SEC::Digest); package Net::DNS::SEC::Digest::SHA3; our @ISA = qw(Net::DNS::SEC::Digest); +package Net::DNS::SEC::Digest::SM3; +our @ISA = qw(Net::DNS::SEC::Digest); + 1; diff --git a/t/20-digest.t b/t/20-digest.t index 8b10351..2e07d59 100644 --- a/t/20-digest.t +++ b/t/20-digest.t @@ -1,5 +1,5 @@ #!/usr/bin/perl -# $Id: 20-digest.t 1863 2022-03-14 14:59:21Z willem $ -*-perl-*- +# $Id: 20-digest.t 1971 2024-04-17 09:35:43Z willem $ -*-perl-*- # use strict; @@ -18,7 +18,7 @@ foreach my $package ( sort keys %prerequisite ) { plan skip_all => 'unable to access OpenSSL libcrypto library' unless eval { Net::DNS::SEC::libcrypto->can('EVP_MD_CTX_new') }; -plan tests => 22; +plan tests => 16; my $text = 'The quick brown fox jumps over the lazy dog'; @@ -34,6 +34,7 @@ my %digest = ( SHA3_256 => '69070dda01975c8c120c3aada1b282394e7f032fa9cf32f4cb2259a0897dfc04', SHA3_384 => '7063465e08a93bce31cd89d2e3ca8f602498696e253592ed26f07bf7e703cf328581e1471a7ba7ab119b1a9ebdf8be41', SHA3_512 => '01dedd5de4ef14642445ba5f5b97c15e47b9ad931326e4b0727cd94cefc44fff23f07bf543139939b49128caf436dc1bdee54fcb24023a08d9403f9b4bf0d450', + SM3 => '5fdfe814b8573ca021983970fc79b2218c9570369b4859684e2e4c3fc76cb8ea', ); @@ -65,10 +66,7 @@ test( 'SHA256', 'Net::DNS::SEC::Digest::SHA', 256 ); test( 'SHA384', 'Net::DNS::SEC::Digest::SHA', 384 ); test( 'SHA512', 'Net::DNS::SEC::Digest::SHA', 512 ); -test( 'SHA3_224', 'Net::DNS::SEC::Digest::SHA3', 224 ); -test( 'SHA3_256', 'Net::DNS::SEC::Digest::SHA3', 256 ); -test( 'SHA3_384', 'Net::DNS::SEC::Digest::SHA3', 384 ); -test( 'SHA3_512', 'Net::DNS::SEC::Digest::SHA3', 512 ); +test( 'SM3', 'Net::DNS::SEC::Digest::SM3' ); exit; -- cgit v1.2.3