Projects
Mega:23.09
perl-Net-DNS-SEC
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 3
View file
_service:tar_scm:perl-Net-DNS-SEC.spec
Changed
@@ -1,11 +1,10 @@ Name: perl-Net-DNS-SEC -Version: 1.19 +Version: 1.21 Release: 1 Summary: An extension module of Perl(Net::DNS) package License: MIT URL: https://metacpan.org/release/Net-DNS-SEC Source0: http://www.net-dns.org/download//Net-DNS-SEC-%{version}.tar.gz -Patch0: gost-rm.patch BuildRequires: gcc coreutils make openssl-devel => 1.1 perl-generators perl-interpreter BuildRequires: perl-devel perl(Config) perl(constant) perl(ExtUtils::MakeMaker) >= 6.76 @@ -36,7 +35,6 @@ %prep %autosetup -n Net-DNS-SEC-%{version} -p1 -rm -f lib/Net/DNS/SEC/ECCGOST.pm %build perl Makefile.PL INSTALLDIRS=vendor NO_PACKLIST=1 @@ -58,6 +56,9 @@ %{_mandir}/man3/* %changelog +* Mon Sep 11 2023 xu_ping <707078654@qq.com> - 1.21-1 +- Upgrade to version 1.21 + * Tue Jun 14 2022 SimpleUpdate Robot <tc@openeuler.org> - 1.19-1 - Upgrade to version 1.19
View file
_service:tar_scm:gost-rm.patch
Deleted
@@ -1,15 +0,0 @@ -diff --git a/MANIFEST b/MANIFEST -index afc3e05..c708eec 100644 ---- a/MANIFEST -+++ b/MANIFEST -@@ -15,7 +15,6 @@ lib/Net/DNS/SEC/Keyset.pm - lib/Net/DNS/SEC/Private.pm - lib/Net/DNS/SEC/DSA.pm - lib/Net/DNS/SEC/ECDSA.pm --lib/Net/DNS/SEC/ECCGOST.pm - lib/Net/DNS/SEC/EdDSA.pm - lib/Net/DNS/SEC/RSA.pm - lib/Net/DNS/SEC/libcrypto.pod --- -2.30.0 -
View file
_service
Changed
@@ -2,7 +2,7 @@ <service name="tar_scm"> <param name="url">git@gitee.com:src-openeuler/perl-Net-DNS-SEC.git</param> <param name="scm">git</param> - <param name="revision">openEuler-23.09</param> + <param name="revision">master</param> <param name="exclude">*</param> <param name="extract">*</param> </service>
View file
_service:tar_scm:Net-DNS-SEC-1.19.tar.gz/lib/Net/DNS/SEC/ECCGOST.pm
Deleted
@@ -1,113 +0,0 @@ -package Net::DNS::SEC::ECCGOST; - -use strict; -use warnings; - -our $VERSION = (qw$Id: ECCGOST.pm 1853 2021-10-11 10:40:59Z willem $)2; - - -=head1 NAME - -Net::DNS::SEC::ECCGOST - DNSSEC ECC-GOST digital signature algorithm - - -=head1 SYNOPSIS - - require Net::DNS::SEC::ECCGOST; - - $validated = Net::DNS::SEC::ECCGOST->verify( $sigdata, $keyrr, $sigbin ); - - -=head1 DESCRIPTION - -Implementation of GOST R 34.10-2001 elliptic curve digital signature -verification procedure. - -=head2 sign - -Signature generation is not implemented. - -=head2 verify - - $validated = Net::DNS::SEC::ECCGOST->verify( $sigdata, $keyrr, $sigbin ); - -Verifies the signature over the binary sigdata using the specified -public key resource record. - -=cut - - -use constant Digest_GOST => defined( eval { require Digest::GOST } ); -use constant ECCGOST_configured => Digest_GOST && Net::DNS::SEC::libcrypto->can('ECCGOST_verify'); - -BEGIN { die 'ECCGOST disabled or application has no "use Net::DNS::SEC"' unless ECCGOST_configured } - -my %parameters = ( 12 => 840, 'Digest::GOST::CryptoPro' ); - -sub _index { return keys %parameters } - - -sub sign { - die 'Russian Federation standard GOST R 34.10-2001 is obsolete'; -} - - -sub verify { - my ( $class, $sigdata, $keyrr, $sigbin ) = @_; - - my $algorithm = $keyrr->algorithm; - my ( $nid, $object ) = @{$parameters{$algorithm} || }; - die 'public key not ECC-GOST' unless $nid; - my $hash = $object->new(); - $hash->add($sigdata); - my $H = reverse $hash->digest; - - return unless $sigbin; - - my ( $y, $x ) = unpack 'a32 a32', reverse $keyrr->keybin; # public key - my $eckey = Net::DNS::SEC::libcrypto::EC_KEY_new_ECCGOST( $x, $y ); - - my ( $s, $r ) = unpack 'a32 a32', $sigbin; # RFC5933, RFC4490 - return Net::DNS::SEC::libcrypto::ECCGOST_verify( $H, $r, $s, $eckey ); -} - - -1; - -__END__ - -######################################## - -=head1 COPYRIGHT - -Copyright (c)2014,2018 Dick Franks. - -All rights reserved. - - -=head1 LICENSE - -Permission to use, copy, modify, and distribute this software and its -documentation for any purpose and without fee is hereby granted, provided -that the original copyright notices appear in all copies and that both -copyright notice and this permission notice appear in supporting -documentation, and that the name of the author not be used in advertising -or publicity pertaining to distribution of the software without specific -prior written permission. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL -THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING -FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER -DEALINGS IN THE SOFTWARE. - - -=head1 SEE ALSO - -L<Net::DNS>, L<Net::DNS::SEC>, L<Digest::GOST>, -RFC4357, RFC4490, RFC5832, RFC5933, RFC7091 - -=cut -
View file
_service:tar_scm:Net-DNS-SEC-1.19.tar.gz/Changes -> _service:tar_scm:Net-DNS-SEC-1.21.tar.gz/Changes
Changed
@@ -1,12 +1,25 @@ Revision history for Perl extension Net::DNS::SEC. -**** 1.19 Oct 11, 2021 +**** 1.21 Jun 1, 2023 + + Add new t/TestToolkit.pm + Rework pre-installation test scripts. + +Fix: rt.cpan.org #148367 + libressl-3.7.1 breaks DSA verify + - Use new EVP_PKEY construction API for OpenSSL post 3.x.x. +**** 1.20 Oct 4, 2022 - Remove support for obsolete ECC-GOST. + Circumvent failure of EdDSA test on EBCDIC platforms. + Improve Net::DNS::SEC::Keyset tests and error reporting. + Avoid test failures if/when DSA|MD5|SHA1 become unsupported. + + +**** 1.19 Oct 11, 2021 + Discontinue support for obsolete ECC-GOST. Add LICENSE file to comply with Fedora/RedHat announcement and WARNING of restrictions on use of strong cryptography. @@ -26,9 +39,7 @@ **** 1.16 May 11, 2020 Improve testing of verify() functions. - Rework code in Digest.pm - SEC.xs code reduction. @@ -40,7 +51,6 @@ **** 1.14 October 14, 2019 Improve exception capture in test scripts. - Support more efficient algorithm mapping in Net::DNS. @@ -53,28 +63,24 @@ Avoid use of EC_POINT_set_affine_coordinates_GFp which is deprecated in OpenSSL 3.0.0 - Reduce level of support for OpenSSL non-LTS releases. **** 1.11 Dec 11, 2018 Explain why compilation aborted in Net::DNS::SEC::DSA et al. - Fix Makefile.PL to suppress parallel test execution. **** 1.10 Aug 31, 2018 - make test_cover - now collects SEC.xs test coverage metrics using gcc and gcov. + Collect test coverage metrics for SEC.xs using gcc and gcov. **** 1.09 Jun 4, 2018 Avoid use of EC_GROUP_new, EC_GROUP_set_curve_GFp, and EC_GFp_mont_method which are expected to disappear. - Fix filename conflict when tests run in parallel. @@ -660,4 +666,4 @@ --------------------------------------------------------------------------- -$Id: Changes 1854 2021-10-11 10:43:36Z willem $ +$Id: Changes 1928 2023-06-01 11:33:52Z willem $
View file
_service:tar_scm:Net-DNS-SEC-1.19.tar.gz/MANIFEST -> _service:tar_scm:Net-DNS-SEC-1.21.tar.gz/MANIFEST
Changed
@@ -15,7 +15,6 @@ lib/Net/DNS/SEC/Private.pm lib/Net/DNS/SEC/DSA.pm lib/Net/DNS/SEC/ECDSA.pm -lib/Net/DNS/SEC/ECCGOST.pm lib/Net/DNS/SEC/EdDSA.pm lib/Net/DNS/SEC/RSA.pm lib/Net/DNS/SEC/libcrypto.pod @@ -33,5 +32,6 @@ t/52-ECDSA-P384.t t/61-Ed25519.t t/62-Ed448.t +t/TestToolkit.pm META.yml Module YAML meta-data (added by MakeMaker) META.json Module JSON meta-data (added by MakeMaker)
View file
_service:tar_scm:Net-DNS-SEC-1.19.tar.gz/META.json -> _service:tar_scm:Net-DNS-SEC-1.21.tar.gz/META.json
Changed
@@ -5,7 +5,7 @@ "Olaf Kolkman" , "dynamic_config" : 1, - "generated_by" : "ExtUtils::MakeMaker version 7.44, CPAN::Meta::Converter version 2.150010", + "generated_by" : "ExtUtils::MakeMaker version 7.64, CPAN::Meta::Converter version 2.150010", "license" : "mit" , @@ -28,30 +28,32 @@ }, "configure" : { "requires" : { - "ExtUtils::MakeMaker" : "6.66" + "ExtUtils::MakeMaker" : "6.48" } }, "runtime" : { - "recommends" : {}, "requires" : { "Carp" : "1.1", - "DynaLoader" : "1.04", + "DynaLoader" : "1.09", "Exporter" : "5.56", - "File::Spec" : "0.86", + "File::Spec" : "3.29", + "IO::File" : "1.14", "MIME::Base64" : "2.13", "Net::DNS" : "1.08", - "perl" : "5.008008" + "perl" : "5.008009" } }, "test" : { "requires" : { - "File::Find" : "1.05", - "File::Spec" : "0.86", - "Test::More" : "0.47" + "ExtUtils::MakeMaker" : "0", + "File::Find" : "1.13", + "File::Spec" : "3.29", + "IO::File" : "1.14", + "Test::More" : "0.8" } } }, "release_status" : "stable", - "version" : "1.19", - "x_serialization_backend" : "JSON::PP version 4.00" + "version" : "1.21", + "x_serialization_backend" : "JSON::PP version 4.08" }
View file
_service:tar_scm:Net-DNS-SEC-1.19.tar.gz/META.yml -> _service:tar_scm:Net-DNS-SEC-1.21.tar.gz/META.yml
Changed
@@ -5,13 +5,14 @@ - 'Olaf Kolkman' build_requires: ExtUtils::MakeMaker: '0' - File::Find: '1.05' - File::Spec: '0.86' - Test::More: '0.47' + File::Find: '1.13' + File::Spec: '3.29' + IO::File: '1.14' + Test::More: '0.8' configure_requires: - ExtUtils::MakeMaker: '6.66' + ExtUtils::MakeMaker: '6.48' dynamic_config: 1 -generated_by: 'ExtUtils::MakeMaker version 7.44, CPAN::Meta::Converter version 2.150010' +generated_by: 'ExtUtils::MakeMaker version 7.64, CPAN::Meta::Converter version 2.150010' license: mit meta-spec: url: http://module-build.sourceforge.net/META-spec-v1.4.html @@ -21,14 +22,14 @@ directory: - t - inc -recommends: {} requires: Carp: '1.1' - DynaLoader: '1.04' + DynaLoader: '1.09' Exporter: '5.56' - File::Spec: '0.86' + File::Spec: '3.29' + IO::File: '1.14' MIME::Base64: '2.13' Net::DNS: '1.08' - perl: '5.008008' -version: '1.19' + perl: '5.008009' +version: '1.21' x_serialization_backend: 'CPAN::Meta::YAML version 0.018'
View file
_service:tar_scm:Net-DNS-SEC-1.19.tar.gz/Makefile.PL -> _service:tar_scm:Net-DNS-SEC-1.21.tar.gz/Makefile.PL
Changed
@@ -1,98 +1,106 @@ # -# $Id: Makefile.PL 1853 2021-10-11 10:40:59Z willem $ -*-perl-*- +# $Id: Makefile.PL 1926 2023-05-31 12:05:13Z willem $ -*-perl-*- # -use 5.008008; +use 5.008009; use strict; use warnings; use Config; use ExtUtils::MakeMaker; -my $MM = $ExtUtils::MakeMaker::VERSION; +use constant MSWin32 => $^O eq 'MSWin32'; + +my $distro = 'Net::DNS::SEC'; +my $module = join '/', 'lib', split /::/, "$distro.pm"; +my $author = 'Dick Franks', 'Olaf Kolkman'; +$author = join ', ', @$author if $ExtUtils::MakeMaker::VERSION < 6.58; # See perldoc ExtUtils::MakeMaker for details of how to influence # the contents of the Makefile that is written. -my @author = ( 'Dick Franks', 'Olaf Kolkman' ); - my %metadata = ( - NAME => 'Net::DNS::SEC', - VERSION_FROM => 'lib/Net/DNS/SEC.pm', - ABSTRACT_FROM => 'lib/Net/DNS/SEC.pm', - AUTHOR => $MM < 6.58 ? "$author0 et al" : @author, - LICENSE => 'mit', - MIN_PERL_VERSION => 5.008008, - CONFIGURE_REQUIRES => { - 'ExtUtils::MakeMaker' => 6.66, - }, - TEST_REQUIRES => { - 'File::Find' => 1.05, - 'File::Spec' => 0.86, - 'Test::More' => 0.47, + NAME => $distro, + VERSION_FROM => $module, + ABSTRACT_FROM => $module, + AUTHOR => $author, + LICENSE => 'mit', + MIN_PERL_VERSION => 5.008009, + CONFIGURE_REQUIRES => {'ExtUtils::MakeMaker' => 6.48}, + TEST_REQUIRES => { + 'ExtUtils::MakeMaker' => 0, + 'File::Find' => 1.13, + 'File::Spec' => 3.29, + 'IO::File' => 1.14, + 'Test::More' => 0.80, } ); my %prerequisite = ( 'Carp' => 1.10, - 'DynaLoader' => 1.04, + 'DynaLoader' => 1.09, 'Exporter' => 5.56, - 'File::Spec' => 0.86, + 'File::Spec' => 3.29, + 'IO::File' => 1.14, 'MIME::Base64' => 2.13, 'Net::DNS' => 1.08, ); -my %optional; - - my @debris = qw(*.gcov *.gcda *.gcno *.lock); my $inc = ''; my $lib = '-lcrypto'; -my $nul = $^O eq 'MSWin32' ? 'nul' : '/dev/null'; - -if ( my $dir = $ENV{OPENSSL_PREFIX} ) { - $inc = "-I$dir/include"; - $lib = "-L$dir/lib -lcrypto"; +my $nul = MSWin32 ? 'nul' : '/dev/null'; -} elsif (`pkg-config --modversion libcrypto 2>$nul`) { +if (`pkg-config --modversion libcrypto 2>$nul`) { $inc = `pkg-config --cflags libcrypto 2>$nul`; $lib = `pkg-config --libs libcrypto 2>$nul`; - -} elsif ( $^O eq 'MSWin32' ) { +} elsif (MSWin32) { $lib = '-llibeay32' if $Config{cc} =~ /cl/; $lib = '-leay32' if $Config{cc} =~ /gcc/; } +if ( my $dir = $ENV{OPENSSL_PREFIX} ) { + chomp $dir; + $inc = "-I$dir/include"; + $lib = "-L$dir/lib $lib"; +} + $inc = $ENV{OPENSSL_INCLUDE} if $ENV{OPENSSL_INCLUDE}; $lib = $ENV{OPENSSL_LIB} if $ENV{OPENSSL_LIB}; +chomp $_ for ( $inc, $lib ); + WriteMakefile( %metadata, - PREREQ_PM => {%prerequisite}, - INC => $inc, - LIBS => $lib, - META_MERGE => {recommends => {%optional}}, - clean => {FILES => "@debris"}, + PREREQ_PM => {%prerequisite}, + INC => $inc, + LIBS => $lib, + clean => {FILES => "@debris"}, ); +exit; -package MY; ## customise generated Makefile -sub test { - return shift->SUPER::test() if $^O =~ /cygwin|MSWin/i; +package MY; ## customise generated Makefile - return join '', shift->SUPER::test(), <<'END'; -# suppress parallel test execution -FULLPERLRUN = HARNESS_OPTIONS=c $(FULLPERL) +sub constants { + return join "\n", shift->SUPER::constants(), <<'END' if $^O =~ /MSWin/i; +# include test directory +TEST_DIR = t +FULLPERLRUN = $(FULLPERL) "-I$(TEST_DIR)" +END + return join "\n", shift->SUPER::constants(), <<'END'; +# suppress parallel test execution include test directory +TEST_DIR = t +FULLPERLRUN = HARNESS_OPTIONS=j1:c $(FULLPERL) "-I$(TEST_DIR)" END } sub dist { - return join '', shift->SUPER::dist(), <<'END'; - + return join "\n", shift->SUPER::dist(), <<'END'; # $(PERM_RWX) raises security issues downstream PREOP = $(CHMOD) $(PERM_RW) $(DISTVNAME)$(DFSEP)demo$(DFSEP)* END @@ -109,9 +117,10 @@ s|(/)/+|$1|g; # remove gratuitous //s } - my @version = ( 'version', eval { require Net::DNS::SEC; $Net::DNS::SEC::VERSION; } ); + eval "require $distro"; ## no critic + my @version = ( 'version', eval { $distro->VERSION } ); - my $nameregex = '\W+Net\W+DNS\W+SEC.pm$'; + my $nameregex = join '\W+', '', split /::/, "$distro.pm\$"; my @installed = grep { $_ && m/$nameregex/io } values %INC; my %occluded; @@ -132,12 +141,12 @@ my $message; warn $message = <<"AMEN"; ## -## The install location for this version of Net::DNS::SEC differs -## from the existing @version in your perl library at +## The install location for this version of $distro +## differs from the existing @version in your perl library at ## @installed ## ## The installation would be rendered ineffective because the -## installed version occurs in the library search path before +## existing @version occurs in the library search path before ## $install_site ## ## The generated Makefile supports build and test only. @@ -146,37 +155,32 @@ my $echo = ' $(NOECHO) $(ECHO) "##"'; $message =~ s/##/$echo/eg; - return join '', <<'END', $message; + return join '', <<"END"; install : - $(NOECHO) $(ECHO) "## Makefile supports build and test only" - $(NOECHO) $(ECHO) "## (see message from Makefile.PL)" - $(NOECHO) $(FALSE) - -test :: $(TEST_TYPE) + $message + \$(NOECHO) \$(FALSE) END } sub postamble { - my $devnull = $^O eq 'MSWin32' ? 'nul' : '/dev/null'; - return <<"PlanB" unless `gcov -v 2>$devnull`; -test_cover : - cover -delete - HARNESS_PERL_SWITCHES=-MDevel::Cover \$(MAKE) test - cover -summary -PlanB my $ldflags = "-fprofile-arcs -ftest-coverage"; my $ccflags = "-O0 $ldflags"; - return <<"PlanA"; + my $devnull = $^O eq 'MSWin32' ? 'nul' : '/dev/null'; + return <<"PlanA" if `gcov -v 2>$devnull`; test_cover : cover -delete - \$(NOECHO) \$(TOUCH) SEC.c # recompile XS component HARNESS_PERL_SWITCHES=-MDevel::Cover \$(MAKE) -W SEC.xs test CCFLAGS="$ccflags" OTHERLDFLAGS="$ldflags" - gcov SEC.xs - gcov2perl SEC.xs.gcov - cover -summary + cover \$(NOECHO) \$(TOUCH) SEC.c # force XS rebuild before install PlanA + + return <<'PlanB'; +test_cover : + cover -delete + HARNESS_PERL_SWITCHES=-MDevel::Cover $(MAKE) test + cover +PlanB }
View file
_service:tar_scm:Net-DNS-SEC-1.19.tar.gz/SEC.xs -> _service:tar_scm:Net-DNS-SEC-1.21.tar.gz/SEC.xs
Changed
@@ -1,5 +1,5 @@ -#define XS_Id "$Id: SEC.xs 1853 2021-10-11 10:40:59Z willem $" +#define XS_Id "$Id: SEC.xs 1926 2023-05-31 12:05:13Z willem $" =head1 NAME @@ -44,9 +44,9 @@ #define PERL_NO_GET_CONTEXT #define PERL_REENTRANT -#include "EXTERN.h" -#include "perl.h" -#include "XSUB.h" +#include <EXTERN.h> +#include <perl.h> +#include <XSUB.h> #include <openssl/opensslv.h> #include <openssl/bn.h> @@ -92,11 +92,13 @@ #endif #ifdef OPENSSL_IS_BORINGSSL +#define NO_DSA +#define NO_EdDSA #define NO_SHA3 #endif #ifdef LIBRESSL_VERSION_NUMBER -#undef OPENSSL_VERSION_NUMBER +#undef OPENSSL_VERSION_NUMBER #define OPENSSL_VERSION_NUMBER 0x10100000L #endif @@ -145,6 +147,7 @@ #if (OPENSSL_VERSION_NUMBER < 0x10101000) +#define EOL #define NO_EdDSA #define NO_SHA3 @@ -166,26 +169,25 @@ #endif -#define checkerr(arg) checkret( (arg), __LINE__ ) -void checkret(const int ret, int line) -{ - if ( ret <= 0 ) croak( "libcrypto error (%s line %d)", __FILE__, line ); -} - - #ifndef OBSOLETE_API int EVP_PKEY_fromparams(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey, int selection, OSSL_PARAM_BLD *bld) { OSSL_PARAM *params = OSSL_PARAM_BLD_to_param(bld); - int retval; - checkerr( EVP_PKEY_fromdata_init(ctx) ); - retval = EVP_PKEY_fromdata( ctx, ppkey, selection, params ); + int retval = EVP_PKEY_fromdata_init(ctx); + if ( retval > 0 ) retval = EVP_PKEY_fromdata( ctx, ppkey, selection, params ); OSSL_PARAM_free(params); return retval; } #endif +#define checkerr(arg) checkret( (arg), __LINE__ ) +void checkret(const int ret, int line) +{ + if ( ret <= 0 ) croak( "libcrypto error (%s line %d)", __FILE__, line ); +} + + MODULE = Net::DNS::SEC PACKAGE = Net::DNS::SEC::libcrypto PROTOTYPES: ENABLE @@ -195,7 +197,11 @@ PREINIT: char *v = SvEND( newSVpv(XS_Id, 17) ); CODE: +#ifdef EOL + RETVAL = newSVpvf( "%s %s UNSUPPORTED", v-5, OPENSSL_VERSION_TEXT ); +#else RETVAL = newSVpvf( "%s %s", v-5, OPENSSL_VERSION_TEXT ); +#endif OUTPUT: RETVAL @@ -208,33 +214,31 @@ SV* EVP_sign(SV *message, EVP_PKEY *pkey, const EVP_MD *md=NULL) INIT: +#define msgbuf (unsigned char*) SvPVX(message) +#define msglen SvCUR(message) EVP_MD_CTX *ctx = EVP_MD_CTX_new(); - unsigned char *m = (unsigned char*) SvPVX(message); unsigned char sigbuf512; /* RFC3110(2) */ - STRLEN mlen = SvCUR(message); - STRLEN slen = sizeof(sigbuf); - int r; + STRLEN buflen = sizeof(sigbuf); + int error; CODE: checkerr( EVP_DigestSignInit( ctx, NULL, md, NULL, pkey ) ); - r = EVP_DigestSign( ctx, sigbuf, &slen, m, mlen ); + error = EVP_DigestSign( ctx, sigbuf, &buflen, msgbuf, msglen ); EVP_MD_CTX_free(ctx); EVP_PKEY_free(pkey); - checkerr(r); - RETVAL = newSVpvn( (char*)sigbuf, slen ); + checkerr(error); + RETVAL = newSVpvn( (char*)sigbuf, buflen ); OUTPUT: RETVAL int EVP_verify(SV *message, SV *signature, EVP_PKEY *pkey, const EVP_MD *md=NULL) INIT: +#define sigbuf (unsigned char*) SvPVX(signature) +#define siglen SvCUR(signature) EVP_MD_CTX *ctx = EVP_MD_CTX_new(); - unsigned char *m = (unsigned char*) SvPVX(message); - unsigned char *s = (unsigned char*) SvPVX(signature); - STRLEN mlen = SvCUR(message); - STRLEN slen = SvCUR(signature); CODE: checkerr( EVP_DigestVerifyInit( ctx, NULL, md, NULL, pkey ) ); - RETVAL = EVP_DigestVerify( ctx, s, slen, m, mlen ); + RETVAL = EVP_DigestVerify( ctx, sigbuf, siglen, msgbuf, msglen ); EVP_MD_CTX_free(ctx); EVP_PKEY_free(pkey); OUTPUT: @@ -254,11 +258,8 @@ void EVP_DigestUpdate(EVP_MD_CTX *ctx, SV *message) - INIT: - unsigned char *m = (unsigned char*) SvPVX(message); - STRLEN mlen = SvCUR(message); CODE: - checkerr( EVP_DigestUpdate( ctx, m, mlen ) ); + checkerr( EVP_DigestUpdate( ctx, msgbuf, msglen ) ); SV* EVP_DigestFinal(EVP_MD_CTX *ctx) @@ -317,15 +318,15 @@ BIGNUM *p = BN_bin2bn( (unsigned char*) SvPVX(p_SV), SvCUR(p_SV), NULL ); BIGNUM *q = BN_bin2bn( (unsigned char*) SvPVX(q_SV), SvCUR(q_SV), NULL ); BIGNUM *g = BN_bin2bn( (unsigned char*) SvPVX(g_SV), SvCUR(g_SV), NULL ); - BIGNUM *x = BN_bin2bn( (unsigned char*) SvPVX(x_SV), SvCUR(x_SV), NULL ); + BIGNUM *x = SvCUR(x_SV) == 0 ? NULL : BN_bin2bn( (unsigned char*) SvPVX(x_SV), SvCUR(x_SV), NULL ); BIGNUM *y = BN_bin2bn( (unsigned char*) SvPVX(y_SV), SvCUR(y_SV), NULL ); CODE: #ifdef OBSOLETE_API DSA *dsa = DSA_new(); - DSA_set0_pqg( dsa, p, q, g ); - DSA_set0_key( dsa, y, x ); + checkerr( DSA_set0_pqg( dsa, p, q, g ) ); + checkerr( DSA_set0_key( dsa, y, x ) ); RETVAL = EVP_PKEY_new(); - EVP_PKEY_assign( RETVAL, EVP_PKEY_DSA, (char*)dsa ); + checkerr( EVP_PKEY_assign( RETVAL, EVP_PKEY_DSA, (char*)dsa ) ); #else EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name( libctx, "DSA", NULL ); OSSL_PARAM_BLD *bld = OSSL_PARAM_BLD_new(); @@ -369,10 +370,10 @@ CODE: #ifdef OBSOLETE_API RSA *rsa = RSA_new(); - RSA_set0_factors( rsa, p, q ); - RSA_set0_key( rsa, n, e, d ); + checkerr( RSA_set0_factors( rsa, p, q ) ); + checkerr( RSA_set0_key( rsa, n, e, d ) ); RETVAL = EVP_PKEY_new(); - EVP_PKEY_assign( RETVAL, EVP_PKEY_RSA, (char*)rsa ); + checkerr( EVP_PKEY_assign( RETVAL, EVP_PKEY_RSA, (char*)rsa ) ); #else EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name( libctx, "RSA", NULL ); OSSL_PARAM_BLD *bld = OSSL_PARAM_BLD_new(); @@ -454,33 +455,38 @@ EVP_PKEY* EVP_PKEY_new_raw_public_key(int nid, SV *key) - ALIAS: - EVP_PKEY_new_raw_private_key = 1 - INIT: - unsigned char *rawkey = (unsigned char*) SvPVX(key); - STRLEN keylen = SvCUR(key); -#ifndef OBSOLETE_API + CODE: +#define rawkey (unsigned char*) SvPVX(key) +#define keylen SvCUR(key) +#ifdef OBSOLETE_API + RETVAL = EVP_PKEY_new_raw_public_key( nid, NULL, rawkey , keylen ); +#else EVP_PKEY_CTX *ctx = NULL; OSSL_PARAM_BLD *bld = OSSL_PARAM_BLD_new(); + RETVAL = NULL; + if ( nid == 1087 ) ctx = EVP_PKEY_CTX_new_from_name( libctx, "ED25519", NULL ); + if ( nid == 1088 ) ctx = EVP_PKEY_CTX_new_from_name( libctx, "ED448", NULL ); + checkerr( OSSL_PARAM_BLD_push_octet_string( bld, OSSL_PKEY_PARAM_PUB_KEY, rawkey, keylen ) ); + checkerr( EVP_PKEY_fromparams( ctx, &RETVAL, EVP_PKEY_PUBLIC_KEY, bld ) ); + OSSL_PARAM_BLD_free(bld); + EVP_PKEY_CTX_free(ctx); #endif + OUTPUT: + RETVAL + +EVP_PKEY* +EVP_PKEY_new_raw_private_key(int nid, SV *key) CODE: #ifdef OBSOLETE_API - if ( ix > 0 ) { - RETVAL = EVP_PKEY_new_raw_private_key( nid, NULL, rawkey , keylen ); - } else { - RETVAL = EVP_PKEY_new_raw_public_key( nid, NULL, rawkey , keylen ); - } + RETVAL = EVP_PKEY_new_raw_private_key( nid, NULL, rawkey , keylen ); #else + EVP_PKEY_CTX *ctx = NULL; + OSSL_PARAM_BLD *bld = OSSL_PARAM_BLD_new(); + RETVAL = NULL; if ( nid == 1087 ) ctx = EVP_PKEY_CTX_new_from_name( libctx, "ED25519", NULL ); if ( nid == 1088 ) ctx = EVP_PKEY_CTX_new_from_name( libctx, "ED448", NULL ); - RETVAL = NULL; - if ( ix > 0 ) { - checkerr( OSSL_PARAM_BLD_push_octet_string( bld, OSSL_PKEY_PARAM_PRIV_KEY, rawkey, keylen ) ); - checkerr( EVP_PKEY_fromparams( ctx, &RETVAL, EVP_PKEY_KEYPAIR, bld ) ); - } else { - checkerr( OSSL_PARAM_BLD_push_octet_string( bld, OSSL_PKEY_PARAM_PUB_KEY, rawkey, keylen ) ); - checkerr( EVP_PKEY_fromparams( ctx, &RETVAL, EVP_PKEY_PUBLIC_KEY, bld ) ); - } + checkerr( OSSL_PARAM_BLD_push_octet_string( bld, OSSL_PKEY_PARAM_PRIV_KEY, rawkey, keylen ) ); + checkerr( EVP_PKEY_fromparams( ctx, &RETVAL, EVP_PKEY_KEYPAIR, bld ) ); OSSL_PARAM_BLD_free(bld); EVP_PKEY_CTX_free(ctx); #endif
View file
_service:tar_scm:Net-DNS-SEC-1.19.tar.gz/demo/getkeyset -> _service:tar_scm:Net-DNS-SEC-1.21.tar.gz/demo/getkeyset
Changed
@@ -1,5 +1,5 @@ #!/usr/bin/perl -#$Id: getkeyset 1807 2020-09-28 11:38:28Z willem $ +#$Id: getkeyset 1862 2021-12-24 10:09:08Z willem $ use strict; use warnings; @@ -63,25 +63,23 @@ =head1 COPYRIGHT Copyright (c) 2002 RIPE NCC. Author Olaf M. Kolkman -<net-dns-sec@ripe.net> All Rights Reserved Permission to use, copy, modify, and distribute this software and its -documentation for any purpose and without fee is hereby granted, -provided that the above copyright notice appear in all copies and that -both that copyright notice and this permission notice appear in -supporting documentation, and that the name of the author not be used -in advertising or publicity pertaining to distribution of the software -without specific, written prior permission. - -THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, -INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS; IN NO -EVENT SHALL AUTHOR BE LIABLE FOR ANY SPECIAL, INDIRECT OR -CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF -USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR -OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. +documentation for any purpose and without fee is hereby granted, provided +that the original copyright notices appear in all copies and that both +copyright notice and this permission notice appear in supporting +documentation, and that the name of the author not be used in advertising +or publicity pertaining to distribution of the software without specific +prior written permission. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +DEALINGS IN THE SOFTWARE. =cut -
View file
_service:tar_scm:Net-DNS-SEC-1.19.tar.gz/demo/key2ds -> _service:tar_scm:Net-DNS-SEC-1.21.tar.gz/demo/key2ds
Changed
@@ -1,5 +1,5 @@ #!/usr/bin/perl -#$Id: key2ds 1807 2020-09-28 11:38:28Z willem $ +#$Id: key2ds 1862 2021-12-24 10:09:08Z willem $ # A little util to convert DNSKEY records to DS records # from stdin to stdout @@ -39,8 +39,25 @@ =head1 COPYRIGHT -This program is free software; you can redistribute it and/or modify -it under the same terms as Perl itself. +Copyright (c)2002 Miek Gieben -=cut +All Rights Reserved + + +Permission to use, copy, modify, and distribute this software and its +documentation for any purpose and without fee is hereby granted, provided +that the original copyright notices appear in all copies and that both +copyright notice and this permission notice appear in supporting +documentation, and that the name of the author not be used in advertising +or publicity pertaining to distribution of the software without specific +prior written permission. +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +DEALINGS IN THE SOFTWARE. + +=cut
View file
_service:tar_scm:Net-DNS-SEC-1.19.tar.gz/demo/make-signed-keyset -> _service:tar_scm:Net-DNS-SEC-1.21.tar.gz/demo/make-signed-keyset
Changed
@@ -1,5 +1,5 @@ #!/usr/bin/perl -#$Id: make-signed-keyset 1807 2020-09-28 11:38:28Z willem $ +#$Id: make-signed-keyset 1862 2021-12-24 10:09:08Z willem $ # # takes a bind public key file and creates a self-signed keyset @@ -130,8 +130,28 @@ =back -=head1 AUTHOR -Contributed by Wes Griffin <wgriffin@jtan.com> +=head1 COPYRIGHT + +Copyright (c)2002 Wes Griffin + +All Rights Reserved + + +Permission to use, copy, modify, and distribute this software and its +documentation for any purpose and without fee is hereby granted, provided +that the original copyright notices appear in all copies and that both +copyright notice and this permission notice appear in supporting +documentation, and that the name of the author not be used in advertising +or publicity pertaining to distribution of the software without specific +prior written permission. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +DEALINGS IN THE SOFTWARE. =cut
View file
_service:tar_scm:Net-DNS-SEC-1.19.tar.gz/lib/Net/DNS/SEC.pm -> _service:tar_scm:Net-DNS-SEC-1.21.tar.gz/lib/Net/DNS/SEC.pm
Changed
@@ -2,10 +2,20 @@ use strict; use warnings; +use Carp; +our $SVNVERSION = (qw$Id: SEC.pm 1926 2023-05-31 12:05:13Z willem $)2; our $VERSION; -$VERSION = '1.19'; -our $SVNVERSION = (qw$Id: SEC.pm 1854 2021-10-11 10:43:36Z willem $)2; +$VERSION = '1.21'; + +use base qw(Exporter DynaLoader); + +eval { __PACKAGE__->bootstrap($VERSION) }; +warn "\n\n$@\n" if $@; + +use Net::DNS 1.01 qw(:DEFAULT); + +our @EXPORT = ( @Net::DNS::EXPORT, qw(algorithm digtype key_difference) ); =head1 NAME @@ -33,16 +43,6 @@ =cut -use base qw(Exporter DynaLoader); - -use Net::DNS 1.01 qw(:DEFAULT); - -our @EXPORT = ( @Net::DNS::EXPORT, qw(algorithm digtype key_difference) ); - -use integer; -use Carp; - - =head1 UTILITY FUNCTIONS =head2 algorithm @@ -99,14 +99,10 @@ ######################################## -eval { Net::DNS::SEC->bootstrap($VERSION) } || croak; - - foreach (qw(DS CDS RRSIG)) { Net::DNS::RR->new( type => $_ ); # pre-load to access class methods } - 1; __END__
View file
_service:tar_scm:Net-DNS-SEC-1.19.tar.gz/lib/Net/DNS/SEC/DSA.pm -> _service:tar_scm:Net-DNS-SEC-1.21.tar.gz/lib/Net/DNS/SEC/DSA.pm
Changed
@@ -3,7 +3,7 @@ use strict; use warnings; -our $VERSION = (qw$Id: DSA.pm 1853 2021-10-11 10:40:59Z willem $)2; +our $VERSION = (qw$Id: DSA.pm 1863 2022-03-14 14:59:21Z willem $)2; =head1 NAME @@ -44,14 +44,15 @@ use integer; use MIME::Base64; -use constant DSA_configured => Net::DNS::SEC::libcrypto->can('EVP_PKEY_new_DSA'); +use constant Digest_SHA1 => Net::DNS::SEC::libcrypto->can('EVP_sha1'); +use constant DSA_configured => Digest_SHA1 && Net::DNS::SEC::libcrypto->can('EVP_PKEY_new_DSA'); BEGIN { die 'DSA disabled or application has no "use Net::DNS::SEC"' unless DSA_configured } my %parameters = ( - 3 => Net::DNS::SEC::libcrypto::EVP_sha1(), - 6 => Net::DNS::SEC::libcrypto::EVP_sha1(), + 3 => scalar eval { Net::DNS::SEC::libcrypto::EVP_sha1() }, + 6 => scalar eval { Net::DNS::SEC::libcrypto::EVP_sha1() }, ); sub _index { return keys %parameters } @@ -60,8 +61,8 @@ sub sign { my ( $class, $sigdata, $private ) = @_; - my $index = $private->algorithm; - my $evpmd = $parameters{$index} || die 'private key not DSA'; + my $evpmd = $parameters{$private->algorithm}; + die 'private key not DSA' unless $evpmd; my ( $p, $q, $g, $x, $y ) = map { decode_base64( $private->$_ ) } qw(prime subprime base private_value public_value); @@ -77,8 +78,8 @@ sub verify { my ( $class, $sigdata, $keyrr, $sigbin ) = @_; - my $index = $keyrr->algorithm; - my $evpmd = $parameters{$index} || die 'public key not DSA'; + my $evpmd = $parameters{$keyrr->algorithm}; + die 'public key not DSA' unless $evpmd; return unless $sigbin;
View file
_service:tar_scm:Net-DNS-SEC-1.19.tar.gz/lib/Net/DNS/SEC/Keyset.pm -> _service:tar_scm:Net-DNS-SEC-1.21.tar.gz/lib/Net/DNS/SEC/Keyset.pm
Changed
@@ -3,7 +3,7 @@ use strict; use warnings; -our $VERSION = (qw$Id: Keyset.pm 1853 2021-10-11 10:40:59Z willem $)2; +our $VERSION = (qw$Id: Keyset.pm 1868 2022-08-31 20:13:35Z willem $)2; =head1 NAME @@ -192,7 +192,8 @@ =head2 extract_ds - @ds = $keyset->extract_ds; + @ds = $keyset->extract_ds(); # default SHA-1 + @ds = $keyset->extract_ds( digtype => 'SHA-256' ); die Net::DNS::SEC::Keyset->keyset_err unless @ds; Extracts DS records from the keyset. Note that the keyset will be verified @@ -203,9 +204,9 @@ =cut sub extract_ds { - my $self = shift; + my ( $self, @arg ) = @_; my @ds; - @ds = map { Net::DNS::RR::DS->create($_) } $self->keys if $self->verify; + @ds = map { Net::DNS::RR::DS->create( $_, @arg ) } $self->keys if $self->verify; return @ds; } @@ -261,9 +262,10 @@ my @names = CORE::keys %names; push @keyset_err, "Multiple names in keyset: @names" if scalar(@names) > 1; + if ($keyid) { @sigs = grep { $_->keytag == $keyid } @sigs; - push @keyset_err, "No signature made with $keyid found" unless @sigs; + push @keyset_err, "No signature made with key $keyid" unless @sigs; } elsif ( my @sepkeys = grep { $_->sep } @keys ) { my %sepkey = map { ( $_->keytag => $_ ) } @sepkeys; push @keyset_err, 'No signature found for key with SEP flag' @@ -274,8 +276,7 @@ my $keytag = $sig->keytag; next if $sig->verify( \@keys, $keysbytag{$keytag} || ); my $vrfyerr = $sig->vrfyerrstr; - my $signame = $sig->signame; - push @keyset_err, "$vrfyerr on key $signame $keytag "; + push @keyset_err, "$vrfyerr for keyset @names"; } $keyset_err = join "\n", @keyset_err;
View file
_service:tar_scm:Net-DNS-SEC-1.19.tar.gz/lib/Net/DNS/SEC/RSA.pm -> _service:tar_scm:Net-DNS-SEC-1.21.tar.gz/lib/Net/DNS/SEC/RSA.pm
Changed
@@ -3,7 +3,7 @@ use strict; use warnings; -our $VERSION = (qw$Id: RSA.pm 1853 2021-10-11 10:40:59Z willem $)2; +our $VERSION = (qw$Id: RSA.pm 1863 2022-03-14 14:59:21Z willem $)2; =head1 NAME @@ -50,11 +50,11 @@ my %parameters = ( - 1 => Net::DNS::SEC::libcrypto::EVP_md5(), - 5 => Net::DNS::SEC::libcrypto::EVP_sha1(), - 7 => Net::DNS::SEC::libcrypto::EVP_sha1(), - 8 => Net::DNS::SEC::libcrypto::EVP_sha256(), - 10 => Net::DNS::SEC::libcrypto::EVP_sha512(), + 1 => scalar eval { Net::DNS::SEC::libcrypto::EVP_md5() }, + 5 => scalar eval { Net::DNS::SEC::libcrypto::EVP_sha1() }, + 7 => scalar eval { Net::DNS::SEC::libcrypto::EVP_sha1() }, + 8 => scalar eval { Net::DNS::SEC::libcrypto::EVP_sha256() }, + 10 => scalar eval { Net::DNS::SEC::libcrypto::EVP_sha512() }, ); sub _index { return keys %parameters } @@ -63,8 +63,8 @@ sub sign { my ( $class, $sigdata, $private ) = @_; - my $index = $private->algorithm; - my $evpmd = $parameters{$index} || die 'private key not RSA'; + my $evpmd = $parameters{$private->algorithm}; + die 'private key not RSA' unless $evpmd; my ( $n, $e, $d, $p, $q ) = map { decode_base64( $private->$_ ) } qw(Modulus PublicExponent PrivateExponent Prime1 Prime2); @@ -78,8 +78,8 @@ sub verify { my ( $class, $sigdata, $keyrr, $sigbin ) = @_; - my $index = $keyrr->algorithm; - my $evpmd = $parameters{$index} || die 'public key not RSA'; + my $evpmd = $parameters{$keyrr->algorithm}; + die 'public key not RSA' unless $evpmd; return unless $sigbin;
View file
_service:tar_scm:Net-DNS-SEC-1.19.tar.gz/t/00-load.t -> _service:tar_scm:Net-DNS-SEC-1.21.tar.gz/t/00-load.t
Changed
@@ -1,39 +1,49 @@ #!/usr/bin/perl -# $Id: 00-load.t 1831 2021-02-11 23:03:17Z willem $ -*-perl-*- +# $Id: 00-load.t 1924 2023-05-17 13:56:25Z willem $ -*-perl-*- # use strict; use warnings; -use Test::More tests => 4; +use IO::File; +use Test::More tests => 3; +use TestToolkit; my @module = qw( + Net::DNS Net::DNS::SEC - Net::DNS::SEC::DSA - Net::DNS::SEC::ECDSA - Net::DNS::SEC::ECCGOST - Net::DNS::SEC::EdDSA - Net::DNS::SEC::RSA - Net::DNS::SEC::Digest - Net::DNS::SEC::Keyset - Net::DNS::SEC::Private Net::DNS::SEC::libcrypto - File::Spec - IO::File - MIME::Base64 - Net::DNS - Test::More ); +my %metadata; +my $handle = IO::File->new('MYMETA.json') || IO::File->new('META.json'); +if ($handle) { + my $json = join '', (<$handle>); + for ($json) { + s/\s:\s/ => /g; # Perl? en voilà! + my $hashref = eval $_; + %metadata = %$hashref; + } + close $handle; +} -my @diag = "\nThese tests were run using:"; -foreach my $module ( sort @module ) { +my %prerequisite; +foreach ( values %{$metadata{prereqs}} ) { # build, runtime, etc. + foreach ( values %$_ ) { # requires + $prerequisite{$_}++ for keys %$_; + } + delete @prerequisite{@module}; + delete $prerequisite{perl}; +} + +my @diag; +foreach my $module ( @module, sort keys %prerequisite ) { eval "require $module"; ## no critic for ( eval { $module->VERSION || () } ) { s/^(\d+\.\d)$/${1}0/; push @diag, sprintf "%-25s %s", $module, $_; } } -diag join "\n\t", @diag; +diag join "\n\t", "\nThese tests were run using:", @diag; ok( eval { Net::DNS::SEC::libcrypto->VERSION }, 'XS component SEC.xs loaded' ) @@ -42,35 +52,8 @@ use_ok('Net::DNS::SEC'); -my @index; -foreach my $class ( map {"Net::DNS::SEC::$_"} qw(RSA DSA ECCGOST ECDSA EdDSA) ) { - my @algorithms = eval join '', qw(r e q u i r e), " $class; $class->_index"; ## no critic - push @index, map { $_ => $class } @algorithms; -} -ok( scalar(@index), 'create consolidated algorithm index' ); - - -eval { - # Exercise checkerr() response to failed OpenSSL operation - Net::DNS::SEC::libcrypto::checkerr(0); -}; -my ($exception) = split /\n/, "$@\n"; -ok( $exception, "XS libcrypto error\t$exception" ); - - -eval { - # Exercise residual XS support for deprecated ECCGOST algorithm - my $d = pack 'H*', '9df69fc32cd2d369a42ecb63512bc7e25d71b1af7a303ec38a8326809cdef349'; - my $q = pack 'H*', 'ffffffffffffffffffffffffffffffff6c611070995ad10045841b09b761b893'; - my $r = pack 'H*', '36b98722d79b1cce42cdb9a6503d2fa16ce85969eae711b758aabfe3a39f5d0c'; - my $s = pack 'H*', '22c1d462f790afab1624e211531d1d455d285978bb0d4875c428811d7028fc33'; - my $x = pack 'H*', 'cadb74b9950fcf3728ad232626b0dc63f350c25dd09456cd155f413d35205ce9'; - my $y = pack 'H*', '050fd637ab18f8f443eac48c26c12566e655e4d3b15046e0fef296a8835ebeee'; - foreach my $H ( $d, $q ) { ## including specific case (alpha mod q) = 0 - my $eckey = Net::DNS::SEC::libcrypto::EC_KEY_new_ECCGOST( $x, $y ); - Net::DNS::SEC::libcrypto::ECCGOST_verify( $H, $r, $s, $eckey ); - } -}; +# Exercise checkerr() response to failed OpenSSL operation +exception( 'XS libcrypto error', sub { Net::DNS::SEC::libcrypto::checkerr(0) } ); exit;
View file
_service:tar_scm:Net-DNS-SEC-1.19.tar.gz/t/10-keyset.t -> _service:tar_scm:Net-DNS-SEC-1.21.tar.gz/t/10-keyset.t
Changed
@@ -1,11 +1,12 @@ #!/usr/bin/perl -# $Id: 10-keyset.t 1830 2021-01-26 09:08:12Z willem $ -*-perl-*- +# $Id: 10-keyset.t 1924 2023-05-17 13:56:25Z willem $ -*-perl-*- # use strict; use warnings; use IO::File; use Test::More; +use TestToolkit; my %prerequisite = ( 'Net::DNS::SEC' => 1.15, @@ -23,7 +24,7 @@ plan skip_all => 'disabled RSA' unless eval { Net::DNS::SEC::libcrypto->can('EVP_PKEY_new_RSA') }; -plan tests => 29; +plan tests => 27; use_ok('Net::DNS::SEC::Keyset'); @@ -46,10 +47,12 @@ # RSA keypair 1 # my $keyrr1 = Net::DNS::RR->new( <<'END' ); -test.tld. IN DNSKEY ( 256 3 5 - AQO1gY5UFltQ4f0ZHnXPFQZfcQQNpXK5r0Rk05rLLmY0XeA1lu8ek7W1VHsBjkge9WU7efdp3U4a - mxULRMQj7F0ByOK318agap2sIWYN13jV1RLxF5GPyLq+tp2ihEyI8x0P8c9RzgVn1ix4Xcoq+vKm - WqDT1jHE4oBY/DzI8gyuJw== ) ; Key ID = 15791 +test.tld. IN DNSKEY ( 257 3 10 + AwEAAb/7yz0lSf3nFy7MPhkbnqOlaExKlJ8rMmYVEhFYZ5qS/ufQbfQ3stb0opr68eitrauolthm + P325OvNxdzSq5rgURjx9ZitDlhxDyPfQhDzY+/CBhY/z++DRIr+v3AN/7kRW8sYwC+2Hoa1+VxQZ + 1fSQ4J46ZwoN5slpar9G/Gv5aPgsvweQDI285eQVlIQ9NL00bODOHzoKvh9BAx07MOOcT9q6r9xs + MPg6M4C8ykH2zVY5x1iGxT8Syzh/mecSiJtv+b1W4j49pCNj19uenW3oUnyfHg/FBmQpxTiHqs6b + 1ZfVH7akvsQqwk12xT0hDEfeyj4jswDiSsEsLqt1DM0= ) ; Key ID = 39948 END ok( $keyrr1, join ' ', algorithm( $keyrr1->algorithm ), 'public key created' ); @@ -58,15 +61,15 @@ my $handle1 = IO::File->new( $keyfile1, '>' ) or die qq(open: "$keyfile1" $!); print $handle1 <<'END'; Private-key-format: v1.2 -Algorithm: 5 (RSASHA1) -Modulus: tYGOVBZbUOH9GR51zxUGX3EEDaVyua9EZNOayy5mNF3gNZbvHpO1tVR7AY5IHvVlO3n3ad1OGpsVC0TEI+xdAcjit9fGoGqdrCFmDdd41dUS8ReRj8i6vradooRMiPMdD/HPUc4FZ9YseF3KKvryplqg09YxxOKAWPw8yPIMric= -PublicExponent: Aw== -PrivateExponent: eQEJjWQ84Jaou2mj32NZlPYCs8Oh0R+C7eJnMh7uzZPqzmSfabfOeOL8q7QwFKOY0lFPm+jevGdjXNiCwp2TVWZrFINEMwUpxPJCvQQLh0k9Ah3NN2ELPBSlUjkRa10KaRSVSdDaYUM9X1/ZT/9RQagi4ckuy0x6UcRmoSng/Ms= -Prime1: 3SNqKvY2geGDxgpqUKy2gGKq2LBRZ0CruBsVQXtoBH2dwq1bUScC9HxrTYaGxn2BELZsYRMeGVqZ1WqzsLXeTw== -Prime2: 0h6u5+odYP2A7/eIALrUZtTDEi1rT+k434qR7Tb/4w/UkEIHw5bS/NP+AH2sNXtCzbYUx1h11m5EgDgjgoVUqQ== -Exponent1: k2zxcfl5q+utLrGcNch5quxx5crg74Byery41lJFWFO+gcjni29XTahHiQRZ2akAtc7y62IUEOcROPHNIHk+3w== -Exponent2: jBR0mpwTlf5V9U+wAHyNmeMstsjyNUYl6lxhSM9VQgqNtYFagmSMqI1UAFPII6eB3nljL5BOjvQtqtAXrFjjGw== -Coefficient: YJYWzNpbdj/11mE4kUwaiH9GQbY+uA28tv4aVAwAEcKPaU1QQ2k8Jlm+VXxh9v02QCFJYln3416972oeCx9eyw== +Algorithm: 10 (RSASHA512) +Modulus: v/vLPSVJ/ecXLsw+GRueo6VoTEqUnysyZhUSEVhnmpL+59Bt9Dey1vSimvrx6K2tq6iW2GY/fbk683F3NKrmuBRGPH1mK0OWHEPI99CEPNj78IGFj/P74NEiv6/cA3/uRFbyxjAL7YehrX5XFBnV9JDgnjpnCg3myWlqv0b8a/lo+Cy/B5AMjbzl5BWUhD00vTRs4M4fOgq+H0EDHTsw45xP2rqv3Gww+DozgLzKQfbNVjnHWIbFPxLLOH+Z5xKIm2/5vVbiPj2kI2PX256dbehSfJ8eD8UGZCnFOIeqzpvVl9UftqS+xCrCTXbFPSEMR97KPiOzAOJKwSwuq3UMzQ== +PublicExponent: AQAB +PrivateExponent: MnqyZdF4MxqgLd3mNhPdEopbcjPqADALgGvp5EWqeCpOfAWB48UBcSPB3Z4+HUANeiVKBHxeFWCu73PWNDL7l0s9bIpMYvPSdHweS4q4OoeTNxnXVJKCmAplaKGE6CarL6ztCM95U2tmR4gAvXhNmZC+ftw8W5hsJmlheAniNUFaRK28K0+Tlge7XkRxSwK63sjMRHHxAbclr8K2j/GUVkXG9yOrMqgXUJ0WOg9E5BTW+gdkGl4kB5U2gvgRwxkEwY9x7yzrg2cUxrEi9hDlS9HiG5NZizcQqAWkKcdHo28ZB5E4NZBLrKQFjrkOQz3ZjtpUcsTRf/lOvkCOoaveAQ== +Prime1: 7lgM8XyKy3IHYC3+GX1bS0LZFqBhUvYuZ52i2dfKoG9XglVKKe0Pmu/Hkgkdc2/mottVdYHpMZ4t/Wt0OXdqfttoYTgIOFTw4t3Jk9HV4aPIRvVD7LRnRQiKEW9OiS9ixplatrlgMqyOIpx3bou6eRzOs1yfBsNSr+LZbHQ50/U= +Prime2: zjSQ7ylj386G6bFXMKLAjApYy7cQA9T4/URnonUYjXwzQRaDvfAGoRNRA4e0RagVd/x2Dk5hs2UYLMIhpmQWNoSK/ZAFS02RzapMZTV2jya4cJZ83qjYtMYEx8Lff5dHX3lz/uAkcJCasIbyEodi0btJkCZQFAsCMbGlhguTpnk= +Exponent1: U8jEFAfRyp61FQxV7KPyecxv/9I1JDLCMU5qtuVyp188heZxgbeB6tcrcpydq7zEeK9dpUcbsIOIazNg0eq2lw2N7c8CpLrHSxjoCXyUERPADaGeVRE91DiiQGq+Ut9De8jg6KbVuDqMZIJYQZYA4R5NUyPWC0ySPp4iDEv3IBk= +Exponent2: tJ867SM2Rs6jQoSCuSl2u7Q8f4UE1DZzO3X1yUoEjbpjMvpDv9ZGGEXRSuRNtk47L/TGfFWQIxHEkUAjNZqqEmsbTGwhFwsFUj9/149zIIVsPcKz8l24JPDnMwuxthOPA0RhpLo1cRxZQ5OQ60YH+2qwT0IgFs5lx52yPa5aURE= +Coefficient: Y7KhcJe8vcW9h/bxClHMjlB0sYYvdqo7/iwjxiaCD4suPAUpLMxNgeR3TJHT1RYaHQSuFB3Mc9f58hoHe3dncxF+Eey9SdTH53c0+V95tJpAsqirFaqvei+xgikcmhYsWLOQHayul5ZMsfpiph3R90QUYg3Kpbni4W0ALeGswv4= END close($handle1); @@ -104,18 +107,18 @@ # Create keysets -my $datarrset = $keyrr1, $keyrr2; +my $keyrrset = $keyrr1, $keyrr2; -my $sigrr1 = Net::DNS::RR::RRSIG->create( $datarrset, $keyfile1, ttl => 3600 ); +my $sigrr1 = Net::DNS::RR::RRSIG->create( $keyrrset, $keyfile1, ttl => 3600 ); ok( $sigrr1, join ' ', algorithm( $sigrr1->algorithm ), 'signature created' ); -my $sigrr2 = Net::DNS::RR::RRSIG->create( $datarrset, $keyfile2, ttl => 3600 ); +my $sigrr2 = Net::DNS::RR::RRSIG->create( $keyrrset, $keyfile2, ttl => 3600 ); ok( $sigrr2, join ' ', algorithm( $sigrr2->algorithm ), 'signature created' ); -my $keyset = Net::DNS::SEC::Keyset->new($datarrset); +my $keyset = Net::DNS::SEC::Keyset->new($keyrrset); is( ref($keyset), "Net::DNS::SEC::Keyset", "Keyset object created" ); @@ -131,13 +134,13 @@ is( ref($read), "Net::DNS::SEC::Keyset", "read Keyset object" ); -my @ds = $keyset->extract_ds; +my @ds = $keyset->extract_ds( digtype => 'SHA-256' ); my $string0 = $ds0->string; my $string1 = $ds1->string; -my $expect0 = Net::DNS::RR->new('test.tld. IN DS 15791 5 1 C355F0F3F30C69BF2F7EA253ED82FBC280C2496B')->string; -my $expect1 = Net::DNS::RR->new('test.tld. IN DS 63426 8 1 6173eae9bf79853e2c041b1cda02a3d70c86a20b')->string; +my $expect0 = Net::DNS::RR->new('test.tld. IN DS 39948 10 2 94e22598a45d485926d8e3944f871dc605ef52db59f346066bf2b0d20d6d8ed4')->string; +my $expect1 = Net::DNS::RR->new('test.tld. IN DS 63426 8 2 ee74fe86f0d9499ef1abe414039ffaf34f05d3e71a4899882c714395d9047368')->string; my $alg0 = algorithm( $ds0->algorithm ); my $dig0 = digtype( $ds0->digtype ); @@ -168,152 +171,17 @@ my $corrupt = Net::DNS::SEC::Keyset->new( $filename{set3} ); ok( !$corrupt, "Corrupted keyset not loaded" ); -like( Net::DNS::SEC::Keyset->keyset_err, '/failed.+key/', 'Expected error message' ); - - -# -# The packet contains a keyset as returned from a bind nameserver -# the keyset is signed with a signature valid until 2030 06 .. -# After that the test may fail :-( - -# This is the code snippet used to get such a little packet as below. -#use Net::DNS::Resolver; -#my $res=Net::DNS::Resolver->new(); -#$res->nameserver("10.0.53.204"); -#$res->dnssec(1); -#my $a_packet=$res->send("sub.tld","DNSKEY"); -#$a_packet->print; -#print unpack("H*",$a_packet->data); - - -my $HexadecimalPacket = "e6cc81a000010004000000010373756203746c - 640000300001c00c00300001000000200086010103050103bc54beaee1 - 1dc1a29ba945bf69d0db27b364b2dfe60396efff4c6fb359127ea696e1 - 4c66e1c6d23cd6f6c335e1679c61dd3fa4d68a689b8709ea686e43f175 - 6831193903613f6a5f3ff039b21eed9faad4edcb43191c76490ca0947a - 9fa726740bc4449d6c58472a605913337d2dbddc94a7271d25c358fdaa - 60fe1272a5f8b9c00c00300001000000200086010003050103f6d63a8a - b9f775a0c7194d67edb5f249bf398c3d27d2985facf6fb7e25cc35c876 - 2eb8ea22200c847963442fb6634916dc2ec21cdbf2c7378799b8e7e399 - e751ca1e25133349cab52ebf3fe8a5bc0239c28d64f4d8f609c191a7d2 - d364578a159701ef73af93946b281f0aac42b42be17362c68d7a54bbb8 - fa7bc6f70f455a75c00c002e000100000020009b003005020000006470 - dc814040c02ced39d40373756203746c6400a7d9db75a4115794f871ec - 71fc7469c74a6be1cf95434a00363506b354bf15656f7556c51355c8dc - ac7f6c0a4061c0923e0bf341094e586619c2cb316949772ce5bd1e9949 - f91b016f7e6bee0f6878e16b6e59ece086f8d5df68f048524e1bff3c09 - dd15c203d28416600e936451d1646e71611ec95e12d709839369cbc442 - c0c00c002e000100000020009b003005020000006470dc814040c02ced - fbaf0373756203746c640017c6e59f317119da812c6b1e175e8aaec742 - 35a4bfad777e7759fa2daf7959f9611c26e11adde9bdc901c624ca6965 - 7b79653495e22647c5e0e5bedfe5524397d769d816746d10b2067472b4 - f9b04fbde8e39d7861bd6773c80f632f55b46c7a537a83f0b5a50200c9 - d2847b71d9dfaa643f558383e6e13d4e75f70029849444000029100000 - 0080000000"; - -$HexadecimalPacket =~ s/\n//g; -$HexadecimalPacket =~ s/\s//g; - -my $packetdata = pack( "H*", $HexadecimalPacket ); -my $packet = Net::DNS::Packet->new( \$packetdata ); - - -$keyset = Net::DNS::SEC::Keyset->new($packet); -is( ref($keyset), "Net::DNS::SEC::Keyset", "Keyset object from packet" ); - -is( join( " ", sort( $keyset->verify ) ), "14804 64431", "Verify method returned the two proper keytags" ); - - -my $keyset2 = Net::DNS::SEC::Keyset->new($datarrset); -is( ref($keyset2), "Net::DNS::SEC::Keyset", "Keyset object from DNSKEY RRset" ); - -#print $Net::DNS::SEC::Keyset->keyset_err; -#$keyset->print; - -######### - -my $rr; -my @keyrr; -my @sigrr; - - -# Note that the order of pushing the RRs is important for successful testing. - -# All signatures have expiration date in 2030... this test should work for a while - -push( @keyrr, Net::DNS::RR->new( <<'END' ) ); -example.com 100 IN DNSKEY 256 3 5 ( - AQOxFlzX8vShSG3JG2J/fngkgy64RoWr8ovGe7MuvPJqOMHTLM5V8+TJIahSoyUd990ictNv - hDegUqLtZ8k5oQq44viFCU/H1apdEaJnLnXscVo+08ATlEb90MYznK9K0pm2ixbyspzRrrXp - nPi9vo9iU2xqWqw/Efha4vfi6QVs4w== ) -END - - -push( @keyrr, Net::DNS::RR->new( <<'END' ) ); -example.com 100 IN DNSKEY 256 3 5 ( - AQO4jhl6ilWV2mYjwWl7kcxrYyQsnnbV7pxXm48p+SgAr+R5SKyihkjg86IjZBQHFJKZ8RsZ - dhclH2dikM+53uUEhrqVGhsqF8FsNi4nE9aMISiX9Zs61pTYGYboYDvgpD1WwFbD4YVVlfk7 - rCDP/zOE7H/AhkOenK2w7oiO0Jehcw== ) -END +my $corrupt_keyset = Net::DNS::SEC::Keyset->keyset_err; +like( $corrupt_keyset, '/failed.+key/', "Expected error $corrupt_keyset" ); -push( @keyrr, Net::DNS::RR->new( <<'END' ) ); -example.com 100 IN DNSKEY 256 3 5 ( - AQO5fWabr7bNxDXT8YrIeclI9nvYYdKni3efgJfU749O3QVX9MON6WK0ed00odQF4cLeN3vP - SdhasLDI3Z3TzyAPBQS926oodxe78K9zwtPT1kzJxvunOdJr6+6a7/+B6rF/cwfWTW50I0+q - FykldldB44a1uS34u3HgZRQXDmAesw== ) -END - - -push( @keyrr, Net::DNS::RR->new( <<'END' ) ); -example.com 100 IN DNSKEY 256 3 5 ( - AQO6uGWsox2oH36zusGA0+w3uxkZMdByanSCjiaRHtkOA+gIxT8jmFvohxQBpVfYD+xG2pt+ - qUWauWPFPjsIUBoFqHNpqr2/B4CTiZm/rSayHDghZBIMceMa6t4NpaOep79QmiE6oGq6yWRB - swBkPZx9uZE7BqG+WLKEp136iwWyyQ== ) -END - - -push( @sigrr, Net::DNS::RR->new( <<'END' ) ); -example.com 100 IN RRSIG DNSKEY 5 2 100 20300101000000 ( - 20040601105519 11354 example.com. - GTqyJTRbKJ0LuWbAnNni1M4JZ1pn+nXY1ZuzZ0Kvt6OMTYCAFMFt0Wv9bncYkUuUSMGM7yGG - 9Z7g7tcdb4TKCqQPYo4gr3Qj/xgC4LESoQs0yAsJtLUiDfO6e4aWHmanpMGyGixYzHriS1pt - SRzirL1fTgV+kdNs5zBatUHRnQc= ) -END - - -push( @sigrr, Net::DNS::RR->new( <<'END' ) ); -example.com 100 IN RRSIG DNSKEY 5 2 100 20300101000000 ( - 20040601105519 28109 example.com. - WemQqA+uaeKqCy6sEVBU3LDORG3f+Zmix6qK9j1WL83UMWdd6sxNh0QJ0YL54lh9NBx+Viz7 - gajO+IM4MmayxKY4QVjp+6mHeE5zBVHMpTTur5T0reNtTsa8sHr15fsI49yn5KOvuq+DKG1C - gI6siM5RdFpDsS3Rmf8fiK1PyTs= ) -END - - -push( @sigrr, Net::DNS::RR->new( <<'END' ) ); -example.com 100 IN RRSIG DNSKEY 5 2 100 20300101000000 ( - 20040601105519 33695 example.com. - M3yVwTOMw+jAKYY5c6oS4DH7OjOdfMOevpIezdKqWXkehoDg9YOwz8ai17AmfgkjZnsoNu0W - NMIcaVubR3n02bkVhJb7dEd8bhbegF8T1xkL7rf9EQrPmM5GhHmVC90BGrcEhe//94hdXSVU - CRBi6KPFWSZDldd1go133bk/b/o= ) -END - - -push( @sigrr, Net::DNS::RR->new( <<'END' ) ); -example.com 100 IN RRSIG DNSKEY 5 2 100 20300101000000 ( - 20040601105519 39800 example.com. - Mmhn2Ql6ExmyHvZFWgt+CBRw5No8yM0rdH1beU4is5gRbd3I0j5z6PdtpYjAkWiZNdYsRT0o - P7TQIsADfB0FLIFojoREg8kp+OmbpRTsLTgOQYC95u5WodYGz03O0EbnQ7k4gkje6385G40D - JVl0xVfujHBMbB+keiSphD3mG4I= ) -END - +my @keyrr = ( $keyrr1, $keyrr2 ); +my @sigrr = ( $sigrr1, $sigrr2 ); my $ks = Net::DNS::SEC::Keyset->new( @keyrr, @sigrr ); ok( $ks, "Keyset created from two arrays." ); - my @ks_sigs = $ks->sigs; ok( eq_array( @ks_sigs, @sigrr ), "Sigs out equal to sigs in" ); @@ -323,28 +191,20 @@ is( scalar(@keydiff), 0, "Keys out equal to keys in" ); -$datarrset = $keyrr1, $keyrr2; - -$sigrr1 = Net::DNS::RR::RRSIG->create( $datarrset, $keyfile1, ttl => 3600 ); - -$sigrr2 = Net::DNS::RR::RRSIG->create( $datarrset, $keyfile2, ttl => 3600 ); +my @keytags = $ks->verify; +is( scalar(@keytags), 2, "Verify method returned the keytags" ); -ok( $sigrr1, 'RSA signature created' ); +my $good_tag = 39948; +ok( $ks->verify($good_tag), "Verification against keytag $good_tag" ); +my $bad_tag = 9734; +ok( !$ks->verify($bad_tag), "Verification against keytag $bad_tag failed" ); +my $missing_signature = Net::DNS::SEC::Keyset->keyset_err; +like( $missing_signature, "/No signature.+$bad_tag/", "Expected error $missing_signature" ); -$keyset = Net::DNS::SEC::Keyset->new( $datarrset, $sigrr1 ); -my @keytags = $keyset->verify; -is( scalar(@keytags), 1, "Verify method returned the keytags" ); - -ok( $keyset->verify(15791), "Verification against keytag 15791" ); - -ok( !$keyset->verify(9734), "Verification against keytag 9734 failed" ); -is( $keyset->keyset_err, "No signature made with 9734 found", "Expected error message" ); - - -my $corruptible = Net::DNS::RR::RRSIG->create( $datarrset, $keyfile1, ttl => 3600 ); -my $unverifiable = Net::DNS::SEC::Keyset->new( $datarrset, $corruptible ); +my $corruptible = Net::DNS::RR::RRSIG->create( $keyrrset, $keyfile1, ttl => 3600 ); +my $unverifiable = Net::DNS::SEC::Keyset->new( $keyrrset, $corruptible ); my $badsig = Net::DNS::RR::RRSIG->create( $sigrr1, $keyfile1, ttl => 3600 ); $corruptible->sigbin( $badsig->sigbin ); @@ -355,20 +215,25 @@ bogus.tld. IN DNSKEY 257 3 5 ( AQO1gY5UFltQ4f0ZHnXPFQZfcQQNpXK5r0Rk05rLLmY0XeA1lu8ek7W1VHsBjkge9WU7efdp3U4a mxULRMQj7F0ByOK318agap2sIWYN13jV1RLxF5GPyLq+tp2ihEyI8x0P8c9RzgVn1ix4Xcoq+vKm - WqDT1jHE4oBY/DzI8gyuJw== ; Key ID = 15791 + WqDT1jHE4oBY/DzI8gyuJw== ; Key ID = 15792 ) END my $mixed = Net::DNS::SEC::Keyset->new( $bogus, $sigrr1 ); - ok( !$mixed, "Mixed keyset not loaded" ); -like( Net::DNS::SEC::Keyset->keyset_err, '/No signature.+SEP/', 'Expected error message' ); -like( Net::DNS::SEC::Keyset->keyset_err, '/Multiple names/', 'Expected error message' ); +like( Net::DNS::SEC::Keyset->keyset_err, '/No signature.+SEP/', 'Expected "No signature for KSK" error' ); +like( Net::DNS::SEC::Keyset->keyset_err, '/Multiple names/', 'Expected "Multiple names" error' ); + + +my $packet = Net::DNS::Packet->new( 'test.tld', 'DNSKEY' ); +$packet->push( answer => @keyrr, @sigrr ); +ok( Net::DNS::SEC::Keyset->new($packet)->verify(), "Verify keyset extracted from packet" ); + + +ok( Net::DNS::SEC::Keyset->new( $keyrr2 )->verify(), "Verify keyset with no KSK" ); -eval { $keyset->writekeyset( File::Spec->rel2abs('nonexdir') ) }; -my ($exception) = split /\n/, "$@\n"; -ok( $exception, "unwritable file\t$exception" ); +exception( 'unwritable file', sub { $keyset->writekeyset( File::Spec->rel2abs('nonexdir') ) } ); # 0.17 backward compatibility (exercise code for test coverage only)
View file
_service:tar_scm:Net-DNS-SEC-1.19.tar.gz/t/20-digest.t -> _service:tar_scm:Net-DNS-SEC-1.21.tar.gz/t/20-digest.t
Changed
@@ -1,5 +1,5 @@ #!/usr/bin/perl -# $Id: 20-digest.t 1830 2021-01-26 09:08:12Z willem $ -*-perl-*- +# $Id: 20-digest.t 1863 2022-03-14 14:59:21Z willem $ -*-perl-*- # use strict; @@ -42,38 +42,33 @@ sub test { my ( $mnemonic, $class, @parameter ) = @_; - my $object = $class->new(@parameter); my ( $head, $tail ) = unpack 'a20 a*', $text; - $object->add($text); - is( unpack( 'H*', $object->digest ), $digest{$mnemonic}, "message digest $mnemonic" ); - $object->add($head); - $object->add($tail); - is( unpack( 'H*', $object->digest ), $digest{$mnemonic}, "concatenated digest $mnemonic" ); +SKIP: { + my $object = eval { $class->new(@parameter) }; + skip( "digest algorithm $mnemonic not supported", 2 ) unless $object; + $object->add($text); + is( unpack( 'H*', $object->digest ), $digest{$mnemonic}, "digest algorithm $mnemonic" ); + $object->add($head); + $object->add($tail); + is( unpack( 'H*', $object->digest ), $digest{$mnemonic}, "digest algorithm $mnemonic (concatenated)" ); + } return; } -SKIP: { - skip( 'MD5 digest algorithm not supported', 1 ) - unless eval { Net::DNS::SEC::libcrypto->can('EVP_md5') }; - test( 'MD5', 'Net::DNS::SEC::Digest::MD5' ); -} +test( 'MD5', 'Net::DNS::SEC::Digest::MD5' ); test( 'SHA1', 'Net::DNS::SEC::Digest::SHA', 1 ); + test( 'SHA224', 'Net::DNS::SEC::Digest::SHA', 224 ); test( 'SHA256', 'Net::DNS::SEC::Digest::SHA', 256 ); test( 'SHA384', 'Net::DNS::SEC::Digest::SHA', 384 ); test( 'SHA512', 'Net::DNS::SEC::Digest::SHA', 512 ); -SKIP: { - skip( 'SHA3 digest algorithm not supported', 8 ) - unless eval { Net::DNS::SEC::libcrypto->can('EVP_sha3_256') }; - test( 'SHA3_224', 'Net::DNS::SEC::Digest::SHA3', 224 ); - test( 'SHA3_256', 'Net::DNS::SEC::Digest::SHA3', 256 ); - test( 'SHA3_384', 'Net::DNS::SEC::Digest::SHA3', 384 ); - test( 'SHA3_512', 'Net::DNS::SEC::Digest::SHA3', 512 ); -} - +test( 'SHA3_224', 'Net::DNS::SEC::Digest::SHA3', 224 ); +test( 'SHA3_256', 'Net::DNS::SEC::Digest::SHA3', 256 ); +test( 'SHA3_384', 'Net::DNS::SEC::Digest::SHA3', 384 ); +test( 'SHA3_512', 'Net::DNS::SEC::Digest::SHA3', 512 ); exit;
View file
_service:tar_scm:Net-DNS-SEC-1.19.tar.gz/t/21-RSA-MD5.t -> _service:tar_scm:Net-DNS-SEC-1.21.tar.gz/t/21-RSA-MD5.t
Changed
@@ -1,5 +1,5 @@ #!/usr/bin/perl -# $Id: 21-RSA-MD5.t 1830 2021-01-26 09:08:12Z willem $ -*-perl-*- +# $Id: 21-RSA-MD5.t 1863 2022-03-14 14:59:21Z willem $ -*-perl-*- # use strict; @@ -22,6 +22,9 @@ plan skip_all => 'disabled RSA' unless eval { Net::DNS::SEC::libcrypto->can('EVP_PKEY_new_RSA') }; +plan skip_all => 'disabled MD5' + unless eval { Net::DNS::SEC::libcrypto->can('EVP_md5') }; + plan tests => 8; @@ -83,7 +86,7 @@ my $verifiable = $class->verify( $corrupt, $key, $signature ); -is( $verifiable, 0, 'signature not verifiable if data corrupt' ); +is( $verifiable, 0, 'signature not verifiable if data corrupted' ); exit;
View file
_service:tar_scm:Net-DNS-SEC-1.19.tar.gz/t/22-RSA-SHA1.t -> _service:tar_scm:Net-DNS-SEC-1.21.tar.gz/t/22-RSA-SHA1.t
Changed
@@ -1,5 +1,5 @@ #!/usr/bin/perl -# $Id: 22-RSA-SHA1.t 1830 2021-01-26 09:08:12Z willem $ -*-perl-*- +# $Id: 22-RSA-SHA1.t 1863 2022-03-14 14:59:21Z willem $ -*-perl-*- # use strict; @@ -22,7 +22,10 @@ plan skip_all => 'disabled RSA' unless eval { Net::DNS::SEC::libcrypto->can('EVP_PKEY_new_RSA') }; -plan tests => 17; +plan skip_all => 'disabled SHA1' + unless eval { Net::DNS::SEC::libcrypto->can('EVP_sha1') }; + +plan tests => 8; my %filename; @@ -56,9 +59,6 @@ my $privatekey = IO::File->new( $keyfile, '>' ) or die qq(open: "$keyfile" $!); print $privatekey <<'END'; Private-key-format: v1.2 -; comment discarded - -; empty line discarded Algorithm: 5 (RSASHA1) Modulus: 58/RHMrcrf1rnDOeN5YDU+ywjZ3Go9v1Iv6mljzByKY64QGZIk/mfr9vCD3bdUWVGJgkd7mJ/ixrFYJh6dDjqFbPjiwr3jcrTe18eTGjnhrICT/t0yPXBDsNvLkUnUAAwZlk7rkGUpIP7YFNzCkgv2YBi6Edh+QboVMQQqAdWY5Wa3IpYDeCXdGtJKBfNNadRLlv+MR6HZJ+Vcb15dptqhVcQdA36gl1OICIStlbj5mXHmkitLJxkGkh1a+fi3vUveKToZy1Cob2WfXaPaeCOLduVUjcQ0ydRzbfuNR5izKTsTlO6CFBy0tg4Vcdp5MyAm3QtRPK/eAiANNGa+BANQ== PublicExponent: AQAB @@ -90,75 +90,6 @@ is( $verifiable, 0, 'signature not verifiable if data corrupted' ); -# The following tests are not replicated for other RSA/SHA flavours - -my $wrongkey = Net::DNS::RR->new( <<'END' ); -DSA.example. IN DNSKEY 256 3 3 ( - CMKzsCaT2Jy1w/sPdpigEE+nbeJ/x5C6cruWvStVum6/YulcR7MHeujx9c2iBDbo3kW4X8/l+qgk - 7ZEZ+yV5lphWtJMmMtOHIU+YdAhgLpt84NKhcupWL8wfuBW/97cqIv5Z+51fwn0YEAcZsoCrE0nL - 5+31VfkK9LTNuVo38hsbWa3eWZFalID5NesF6sJRgXZoAyeAH46EQVCq1UBnnaHslvSDkdb+Z1kT - bMQ64ZVI/sBRXRbqIcDlXVZurCTDV7JL9KZwwfeyrQcnVyYh5mdHPsXbpX5NQJvoqPgvRZWBpP4h - pjkAm9UrUbow9maPCQ1JQ3JuiU5buh9cjAI+QIyGMujKLT2OsogSZD2IFUciaZBL/rSe0gmAUv0q - XrczmIYFUCoRGZ6+lKVqQQ6f2U7Gsr6zRbeJN+JCVD6BJ52zjLUaWUPHbakhZb/wMO7roX/tnA/w - zoDYBIIF7yuRYWblgPXBJTK2Bp07xre8lKCRbzY4J/VXZFziZgHgcn9tkHnrfov04UG9zlWEdT6X - E/60HjrP ; Key ID = 53244 - ) -END - -ok( $wrongkey, 'set up non-RSA public key' ); - - -my $wrongfile = $filename{wrongfile} = $wrongkey->privatekeyname; - -my $handle = IO::File->new( $wrongfile, '>' ) or die qq(open: "$wrongfile" $!); -print $handle <<'END'; -Private-key-format: v1.2 -Algorithm: 3 (DSA) -Prime(p): x5C6cruWvStVum6/YulcR7MHeujx9c2iBDbo3kW4X8/l+qgk7ZEZ+yV5lphWtJMmMtOHIU+YdAhgLpt84NKhcupWL8wfuBW/97cqIv5Z+51fwn0YEAcZsoCrE0nL5+31VfkK9LTNuVo38hsbWa3eWZFalID5NesF6sJRgXZoAyc= -Subprime(q): wrOwJpPYnLXD+w92mKAQT6dt4n8= -Base(g): gB+OhEFQqtVAZ52h7Jb0g5HW/mdZE2zEOuGVSP7AUV0W6iHA5V1Wbqwkw1eyS/SmcMH3sq0HJ1cmIeZnRz7F26V+TUCb6Kj4L0WVgaT+IaY5AJvVK1G6MPZmjwkNSUNybolOW7ofXIwCPkCMhjLoyi09jrKIEmQ9iBVHImmQS/4= -Private_value(x): vdClrOqZ1qONKg0CZH5hVnq1i40= -Public_value(y): tJ7SCYBS/SpetzOYhgVQKhEZnr6UpWpBDp/ZTsayvrNFt4k34kJUPoEnnbOMtRpZQ8dtqSFlv/Aw7uuhf+2cD/DOgNgEggXvK5FhZuWA9cElMrYGnTvGt7yUoJFvNjgn9VdkXOJmAeByf22Qeet+i/ThQb3OVYR1PpcT/rQeOs8= -END -close($handle); - -my $wrongprivate = Net::DNS::SEC::Private->new($wrongfile); -ok( $wrongprivate, 'set up non-RSA private key' ); - - -is( eval { $class->sign( $sigdata, $wrongprivate ) }, undef, 'signature not created using wrong private key' ); - -is( eval { $class->verify( $sigdata, $wrongkey, $signature ) }, undef, 'verify fails using wrong public key' ); - -is( eval { $class->verify( $sigdata, $key, undef ) }, undef, 'verify fails if signature undefined' ); - - -# test detection of invalid private key descriptors -eval { Net::DNS::SEC::Private->new('Kinvalid.private') }; -my ($exception1) = split /\n/, "$@\n"; -ok( $exception1, "invalid keyfile: $exception1" ); - -eval { Net::DNS::SEC::Private->new('Kinvalid.+0+0.private') }; -my ($exception2) = split /\n/, "$@\n"; -ok( $exception2, "missing keyfile: $exception2" ); - -eval { Net::DNS::SEC::Private->new( signame => 'private' ) }; -my ($exception3) = split /\n/, "$@\n"; -ok( $exception3, "unspecified algorithm: $exception3" ); - -eval { Net::DNS::SEC::Private->new( algorithm => 1 ) }; -my ($exception4) = split /\n/, "$@\n"; -ok( $exception4, "unspecified signame: $exception4" ); - - -# exercise code for key with long exponent (not required for DNSSEC) -eval { - my $longformat = pack 'xn a*', unpack 'C a*', $key->keybin; - $key->keybin($longformat); - $class->verify( $sigdata, $key, $signature ); -}; - - exit; __END__
View file
_service:tar_scm:Net-DNS-SEC-1.19.tar.gz/t/23-RSA-SHA256.t -> _service:tar_scm:Net-DNS-SEC-1.21.tar.gz/t/23-RSA-SHA256.t
Changed
@@ -1,11 +1,12 @@ #!/usr/bin/perl -# $Id: 23-RSA-SHA256.t 1830 2021-01-26 09:08:12Z willem $ -*-perl-*- +# $Id: 23-RSA-SHA256.t 1924 2023-05-17 13:56:25Z willem $ -*-perl-*- # use strict; use warnings; use IO::File; use Test::More; +use TestToolkit; my %prerequisite = ( 'Net::DNS::SEC' => 1.15, @@ -22,7 +23,7 @@ plan skip_all => 'disabled RSA' unless eval { Net::DNS::SEC::libcrypto->can('EVP_PKEY_new_RSA') }; -plan tests => 8; +plan tests => 17; my %filename; @@ -83,7 +84,62 @@ my $verifiable = $class->verify( $corrupt, $key, $signature ); -is( $verifiable, 0, 'signature not verifiable if data corrupt' ); +is( $verifiable, 0, 'signature not verifiable if data corrupted' ); + + +# The following tests are not replicated for other RSA/SHA flavours + +my $wrongkey = Net::DNS::RR->new( <<'END' ); +ECDSAP256SHA256.example. IN DNSKEY ( 257 3 13 + IYHbvpnqrhxM4i0SuOyAq9hk19tNXpjja7jCQnfAjZBFBfcLorJPnq4FWMVDg6QT2C4JeW0yCxK4 + iEhb4w9KWQ== ) ; Key ID = 27566 +END +ok( $wrongkey, 'set up non-RSA public key' ); + + +my $wrongfile = $filename{wrongfile} = $wrongkey->privatekeyname; + +my $handle = IO::File->new( $wrongfile, '>' ) or die qq(open: "$wrongfile" $!); +print $handle <<'END'; +Private-key-format: v1.3 +; comment discarded +; empty line discarded + +Algorithm: 13 (ECDSAP256SHA256) +PrivateKey: w+AjPo650IA8DWeEq5QqZ2LWYpuC/oeEaYaGE1ZvKyA= +Created: 20141209015301 +Publish: 20141209015301 +Activate: 20141209015301 +END +close($handle); + +my $wrongprivate = Net::DNS::SEC::Private->new($wrongfile); +ok( $wrongprivate, 'set up non-RSA private key' ); + + +is( eval { $class->sign( $sigdata, $wrongprivate ) }, undef, 'signature not created using wrong private key' ); + +is( eval { $class->verify( $sigdata, $wrongkey, $signature ) }, undef, 'verify fails using wrong public key' ); + +is( eval { $class->verify( $sigdata, $key, undef ) }, undef, 'verify fails if signature undefined' ); + + +# test detection of invalid private key descriptors +exception( 'invalid keyfile', sub { Net::DNS::SEC::Private->new('Kinvalid.private') } ); + +exception( 'missing keyfile', sub { Net::DNS::SEC::Private->new('Kinvalid.+0+0.private') } ); + +exception( 'unspecified algorithm', sub { Net::DNS::SEC::Private->new( signame => 'private' ) } ); + +exception( 'unspecified signame', sub { Net::DNS::SEC::Private->new( algorithm => 1 ) } ); + + +# exercise code for key with long exponent (not required for DNSSEC) +eval { + my $longformat = pack 'xn a*', unpack 'C a*', $key->keybin; + $key->keybin($longformat); + $class->verify( $sigdata, $key, $signature ); +}; exit;
View file
_service:tar_scm:Net-DNS-SEC-1.19.tar.gz/t/24-RSA-SHA512.t -> _service:tar_scm:Net-DNS-SEC-1.21.tar.gz/t/24-RSA-SHA512.t
Changed
@@ -1,5 +1,5 @@ #!/usr/bin/perl -# $Id: 24-RSA-SHA512.t 1830 2021-01-26 09:08:12Z willem $ -*-perl-*- +# $Id: 24-RSA-SHA512.t 1862 2021-12-24 10:09:08Z willem $ -*-perl-*- # use strict; @@ -86,7 +86,7 @@ my $verifiable = $class->verify( $corrupt, $key, $signature ); -is( $verifiable, 0, 'signature not verifiable if data corrupt' ); +is( $verifiable, 0, 'signature not verifiable if data corrupted' ); exit;
View file
_service:tar_scm:Net-DNS-SEC-1.19.tar.gz/t/31-DSA-SHA1.t -> _service:tar_scm:Net-DNS-SEC-1.21.tar.gz/t/31-DSA-SHA1.t
Changed
@@ -1,5 +1,5 @@ #!/usr/bin/perl -# $Id: 31-DSA-SHA1.t 1830 2021-01-26 09:08:12Z willem $ -*-perl-*- +# $Id: 31-DSA-SHA1.t 1863 2022-03-14 14:59:21Z willem $ -*-perl-*- # use strict; @@ -23,6 +23,9 @@ plan skip_all => "disabled DSA" unless eval { Net::DNS::SEC::libcrypto->can('EVP_PKEY_new_DSA') }; +plan skip_all => "disabled SHA1" + unless eval { Net::DNS::SEC::libcrypto->can('EVP_sha1') }; + plan tests => 13;
View file
_service:tar_scm:Net-DNS-SEC-1.19.tar.gz/t/61-Ed25519.t -> _service:tar_scm:Net-DNS-SEC-1.21.tar.gz/t/61-Ed25519.t
Changed
@@ -1,5 +1,5 @@ #!/usr/bin/perl -# $Id: 61-Ed25519.t 1808 2020-09-28 22:08:11Z willem $ -*-perl-*- +# $Id: 61-Ed25519.t 1868 2022-08-31 20:13:35Z willem $ -*-perl-*- # use strict; @@ -87,7 +87,7 @@ ok( $wrongprivate, 'set up non-EdDSA private key' ); -my $sigdata = 'arbitrary data'; ## Note: ED25519 signing is deterministic +my $sigdata = Net::DNS::RR->new('. TXT arbitrary data')->txtdata; # character set independent my $corrupt = 'corrupted data'; my $signature = pack 'H*', join '', qw( @@ -95,7 +95,7 @@ c14292cf8c28af0efe6ee30cbf9d643cba3ab56f1e1ae27b6074147ed9c55a0e ); -my $signed = eval { $class->sign( $sigdata, $private ); } || ''; +my $signed = eval { $class->sign( $sigdata, $private ); } || ''; # Note: ED25519 signing is deterministic ok( $signed eq $signature, 'signature created using private key' );
View file
_service:tar_scm:Net-DNS-SEC-1.19.tar.gz/t/62-Ed448.t -> _service:tar_scm:Net-DNS-SEC-1.21.tar.gz/t/62-Ed448.t
Changed
@@ -1,5 +1,5 @@ #!/usr/bin/perl -# $Id: 62-Ed448.t 1808 2020-09-28 22:08:11Z willem $ -*-perl-*- +# $Id: 62-Ed448.t 1868 2022-08-31 20:13:35Z willem $ -*-perl-*- # use strict; @@ -64,7 +64,7 @@ ok( $private, 'set up EdDSA private key' ); -my $sigdata = 'arbitrary data'; ## Note: ED448 signing is deterministic +my $sigdata = Net::DNS::RR->new('. TXT arbitrary data')->txtdata; # character set independent my $corrupt = 'corrupted data'; my $signature = pack 'H*', join '', qw( @@ -74,7 +74,7 @@ f7651f828fb64c200e2ee5d0686490910c00 ); -my $signed = eval { $class->sign( $sigdata, $private ) } || ''; +my $signed = eval { $class->sign( $sigdata, $private ); } || ''; # Note: ED448 signing is deterministic ok( $signed eq $signature, 'signature created using private key' ); @@ -83,7 +83,7 @@ my $verifiable = $class->verify( $corrupt, $key, $signature ); -is( $verifiable, 0, 'signature not verifiable if data corrupt' ); +is( $verifiable, 0, 'signature not verifiable if data corrupted' ); exit;
View file
_service:tar_scm:Net-DNS-SEC-1.21.tar.gz/t/TestToolkit.pm
Added
@@ -0,0 +1,116 @@ +# $Id: TestToolkit.pm 1924 2023-05-17 13:56:25Z willem $ -*-perl-*- + +package TestToolkit; + +=head1 NAME + +TestToolkit - Convenient tools to simplify test script construction. + +=cut + +use strict; +use warnings; +use Carp; +use Test::Builder; +use Test::More; + +use base qw(Exporter); +our @EXPORT = qw(exception noexception NonFatalBegin NonFatalEnd); + + +=head1 exception noexception + + noexception( 'test description', sub { code fragment } ); + +Executes the supplied code fragment and reports a raised exception or +warning using the Test::More ok() mechanism. + +=cut + +sub exception { + my ( $name, $code ) = @_; + + my $exception = _execute($code); + my $boolean = $exception ? 1 : 0; + + my $tb = Test::Builder->new; + return $tb->ok( $boolean, "$name\t$exception" ); +} + +sub noexception { + my ( $name, $code ) = @_; + + my $exception = _execute($code); + my $boolean = $exception ? 0 : 1; + + my $tb = Test::Builder->new; + return $tb->ok( $boolean, $exception ? "$name\t$exception" : $name ); +} + +sub _execute { + my $code = shift; + my @warning; + local $SIG{__WARN__} = sub { push @warning, "@_" }; + local ( $@, $!, $SIG{__DIE__} ); ## isolate eval + eval { + &$code; + croak shift(@warning) if @warning; + }; + my ($exception) = split /\r\n+/, "$@\n"; + return $exception; +} + + +######################################## +# +# Test::More test functions all eventually call Test::Builder::ok +# (on the (singular) builder instance) to report the status. +# The NonFatal package defines a subclass derived from Test::Builder, +# with a redefined ok method that overrides the completion status +# seen by the test harness. +# +# Note: Modified behaviour is enabled by the 't/online.nonfatal' file. +# + +=head1 NonFatalBegin NonFatalEnd + +Tests that are between these functions will always appear to succeed. +The failure report itself is not suppressed. + +=cut + +sub NonFatalBegin { return bless Test::Builder->new, qw(NonFatal) } + +sub NonFatalEnd { return bless Test::Builder->new, qw(Test::Builder) } + + +package NonFatal; +use base qw(Test::Builder); + +my $enabled = eval { -e 't/online.nonfatal' }; +my @failed; + +sub ok { + my ( $self, $test, @name ) = @_; + return $self->SUPER::ok( $test, @name ) if $test; + + if ($enabled) { + my $number = $self->current_test + 1; + push @failed, join( "\t", $number, @name ); + @name = "NOT OK (tolerating failure) @name"; + } + + return $self->SUPER::ok( $enabled, @name ); +} + +END { + my $n = scalar(@failed) || return; + my $s = ( $n == 1 ) ? '' : 's'; + my $tb = __PACKAGE__->SUPER::new(); + $tb->diag( join "\n", "\nDisregarding $n failed sub-test$s", @failed ); +} + +1; + +__END__ +
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2