Projects
Mega:23.09
perl-Net-DNS-SEC
Sign Up
Log In
Username
Password
We truncated the diff of some files because they were too big. If you want to see the full diff for every file,
click here
.
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 3
View file
_service:tar_scm:perl-Net-DNS-SEC.spec
Changed
@@ -1,11 +1,10 @@ Name: perl-Net-DNS-SEC -Version: 1.19 +Version: 1.21 Release: 1 Summary: An extension module of Perl(Net::DNS) package License: MIT URL: https://metacpan.org/release/Net-DNS-SEC Source0: http://www.net-dns.org/download//Net-DNS-SEC-%{version}.tar.gz -Patch0: gost-rm.patch BuildRequires: gcc coreutils make openssl-devel => 1.1 perl-generators perl-interpreter BuildRequires: perl-devel perl(Config) perl(constant) perl(ExtUtils::MakeMaker) >= 6.76 @@ -36,7 +35,6 @@ %prep %autosetup -n Net-DNS-SEC-%{version} -p1 -rm -f lib/Net/DNS/SEC/ECCGOST.pm %build perl Makefile.PL INSTALLDIRS=vendor NO_PACKLIST=1 @@ -58,6 +56,9 @@ %{_mandir}/man3/* %changelog +* Mon Sep 11 2023 xu_ping <707078654@qq.com> - 1.21-1 +- Upgrade to version 1.21 + * Tue Jun 14 2022 SimpleUpdate Robot <tc@openeuler.org> - 1.19-1 - Upgrade to version 1.19
View file
_service:tar_scm:gost-rm.patch
Deleted
@@ -1,15 +0,0 @@ -diff --git a/MANIFEST b/MANIFEST -index afc3e05..c708eec 100644 ---- a/MANIFEST -+++ b/MANIFEST -@@ -15,7 +15,6 @@ lib/Net/DNS/SEC/Keyset.pm - lib/Net/DNS/SEC/Private.pm - lib/Net/DNS/SEC/DSA.pm - lib/Net/DNS/SEC/ECDSA.pm --lib/Net/DNS/SEC/ECCGOST.pm - lib/Net/DNS/SEC/EdDSA.pm - lib/Net/DNS/SEC/RSA.pm - lib/Net/DNS/SEC/libcrypto.pod --- -2.30.0 -
View file
_service
Changed
@@ -2,7 +2,7 @@ <service name="tar_scm"> <param name="url">git@gitee.com:src-openeuler/perl-Net-DNS-SEC.git</param> <param name="scm">git</param> - <param name="revision">openEuler-23.09</param> + <param name="revision">master</param> <param name="exclude">*</param> <param name="extract">*</param> </service>
View file
_service:tar_scm:Net-DNS-SEC-1.19.tar.gz/lib/Net/DNS/SEC/ECCGOST.pm
Deleted
@@ -1,113 +0,0 @@ -package Net::DNS::SEC::ECCGOST; - -use strict; -use warnings; - -our $VERSION = (qw$Id: ECCGOST.pm 1853 2021-10-11 10:40:59Z willem $)2; - - -=head1 NAME - -Net::DNS::SEC::ECCGOST - DNSSEC ECC-GOST digital signature algorithm - - -=head1 SYNOPSIS - - require Net::DNS::SEC::ECCGOST; - - $validated = Net::DNS::SEC::ECCGOST->verify( $sigdata, $keyrr, $sigbin ); - - -=head1 DESCRIPTION - -Implementation of GOST R 34.10-2001 elliptic curve digital signature -verification procedure. - -=head2 sign - -Signature generation is not implemented. - -=head2 verify - - $validated = Net::DNS::SEC::ECCGOST->verify( $sigdata, $keyrr, $sigbin ); - -Verifies the signature over the binary sigdata using the specified -public key resource record. - -=cut - - -use constant Digest_GOST => defined( eval { require Digest::GOST } ); -use constant ECCGOST_configured => Digest_GOST && Net::DNS::SEC::libcrypto->can('ECCGOST_verify'); - -BEGIN { die 'ECCGOST disabled or application has no "use Net::DNS::SEC"' unless ECCGOST_configured } - -my %parameters = ( 12 => 840, 'Digest::GOST::CryptoPro' ); - -sub _index { return keys %parameters } - - -sub sign { - die 'Russian Federation standard GOST R 34.10-2001 is obsolete'; -} - - -sub verify { - my ( $class, $sigdata, $keyrr, $sigbin ) = @_; - - my $algorithm = $keyrr->algorithm; - my ( $nid, $object ) = @{$parameters{$algorithm} || }; - die 'public key not ECC-GOST' unless $nid; - my $hash = $object->new(); - $hash->add($sigdata); - my $H = reverse $hash->digest; - - return unless $sigbin; - - my ( $y, $x ) = unpack 'a32 a32', reverse $keyrr->keybin; # public key - my $eckey = Net::DNS::SEC::libcrypto::EC_KEY_new_ECCGOST( $x, $y ); - - my ( $s, $r ) = unpack 'a32 a32', $sigbin; # RFC5933, RFC4490 - return Net::DNS::SEC::libcrypto::ECCGOST_verify( $H, $r, $s, $eckey ); -} - - -1; - -__END__ - -######################################## - -=head1 COPYRIGHT - -Copyright (c)2014,2018 Dick Franks. - -All rights reserved. - - -=head1 LICENSE - -Permission to use, copy, modify, and distribute this software and its -documentation for any purpose and without fee is hereby granted, provided -that the original copyright notices appear in all copies and that both -copyright notice and this permission notice appear in supporting -documentation, and that the name of the author not be used in advertising -or publicity pertaining to distribution of the software without specific -prior written permission. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL -THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING -FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER -DEALINGS IN THE SOFTWARE. - - -=head1 SEE ALSO - -L<Net::DNS>, L<Net::DNS::SEC>, L<Digest::GOST>, -RFC4357, RFC4490, RFC5832, RFC5933, RFC7091 - -=cut -
View file
_service:tar_scm:Net-DNS-SEC-1.19.tar.gz/Changes -> _service:tar_scm:Net-DNS-SEC-1.21.tar.gz/Changes
Changed
@@ -1,12 +1,25 @@ Revision history for Perl extension Net::DNS::SEC. -**** 1.19 Oct 11, 2021 +**** 1.21 Jun 1, 2023 + + Add new t/TestToolkit.pm + Rework pre-installation test scripts. + +Fix: rt.cpan.org #148367 + libressl-3.7.1 breaks DSA verify + - Use new EVP_PKEY construction API for OpenSSL post 3.x.x. +**** 1.20 Oct 4, 2022 - Remove support for obsolete ECC-GOST. + Circumvent failure of EdDSA test on EBCDIC platforms. + Improve Net::DNS::SEC::Keyset tests and error reporting. + Avoid test failures if/when DSA|MD5|SHA1 become unsupported. + + +**** 1.19 Oct 11, 2021 + Discontinue support for obsolete ECC-GOST. Add LICENSE file to comply with Fedora/RedHat announcement and WARNING of restrictions on use of strong cryptography. @@ -26,9 +39,7 @@ **** 1.16 May 11, 2020 Improve testing of verify() functions. - Rework code in Digest.pm - SEC.xs code reduction. @@ -40,7 +51,6 @@ **** 1.14 October 14, 2019 Improve exception capture in test scripts. - Support more efficient algorithm mapping in Net::DNS. @@ -53,28 +63,24 @@ Avoid use of EC_POINT_set_affine_coordinates_GFp which is deprecated in OpenSSL 3.0.0 - Reduce level of support for OpenSSL non-LTS releases. **** 1.11 Dec 11, 2018 Explain why compilation aborted in Net::DNS::SEC::DSA et al. - Fix Makefile.PL to suppress parallel test execution. **** 1.10 Aug 31, 2018 - make test_cover - now collects SEC.xs test coverage metrics using gcc and gcov. + Collect test coverage metrics for SEC.xs using gcc and gcov. **** 1.09 Jun 4, 2018 Avoid use of EC_GROUP_new, EC_GROUP_set_curve_GFp, and EC_GFp_mont_method which are expected to disappear. - Fix filename conflict when tests run in parallel. @@ -660,4 +666,4 @@ --------------------------------------------------------------------------- -$Id: Changes 1854 2021-10-11 10:43:36Z willem $ +$Id: Changes 1928 2023-06-01 11:33:52Z willem $
View file
_service:tar_scm:Net-DNS-SEC-1.19.tar.gz/MANIFEST -> _service:tar_scm:Net-DNS-SEC-1.21.tar.gz/MANIFEST
Changed
@@ -15,7 +15,6 @@ lib/Net/DNS/SEC/Private.pm lib/Net/DNS/SEC/DSA.pm lib/Net/DNS/SEC/ECDSA.pm -lib/Net/DNS/SEC/ECCGOST.pm lib/Net/DNS/SEC/EdDSA.pm lib/Net/DNS/SEC/RSA.pm lib/Net/DNS/SEC/libcrypto.pod @@ -33,5 +32,6 @@ t/52-ECDSA-P384.t t/61-Ed25519.t t/62-Ed448.t +t/TestToolkit.pm META.yml Module YAML meta-data (added by MakeMaker) META.json Module JSON meta-data (added by MakeMaker)
View file
_service:tar_scm:Net-DNS-SEC-1.19.tar.gz/META.json -> _service:tar_scm:Net-DNS-SEC-1.21.tar.gz/META.json
Changed
@@ -5,7 +5,7 @@ "Olaf Kolkman" , "dynamic_config" : 1, - "generated_by" : "ExtUtils::MakeMaker version 7.44, CPAN::Meta::Converter version 2.150010", + "generated_by" : "ExtUtils::MakeMaker version 7.64, CPAN::Meta::Converter version 2.150010", "license" : "mit" , @@ -28,30 +28,32 @@ }, "configure" : { "requires" : { - "ExtUtils::MakeMaker" : "6.66" + "ExtUtils::MakeMaker" : "6.48" } }, "runtime" : { - "recommends" : {}, "requires" : { "Carp" : "1.1", - "DynaLoader" : "1.04", + "DynaLoader" : "1.09", "Exporter" : "5.56", - "File::Spec" : "0.86", + "File::Spec" : "3.29", + "IO::File" : "1.14", "MIME::Base64" : "2.13", "Net::DNS" : "1.08", - "perl" : "5.008008" + "perl" : "5.008009" } }, "test" : { "requires" : { - "File::Find" : "1.05", - "File::Spec" : "0.86", - "Test::More" : "0.47" + "ExtUtils::MakeMaker" : "0", + "File::Find" : "1.13", + "File::Spec" : "3.29", + "IO::File" : "1.14", + "Test::More" : "0.8" } } }, "release_status" : "stable", - "version" : "1.19", - "x_serialization_backend" : "JSON::PP version 4.00" + "version" : "1.21", + "x_serialization_backend" : "JSON::PP version 4.08" }
View file
_service:tar_scm:Net-DNS-SEC-1.19.tar.gz/META.yml -> _service:tar_scm:Net-DNS-SEC-1.21.tar.gz/META.yml
Changed
@@ -5,13 +5,14 @@ - 'Olaf Kolkman' build_requires: ExtUtils::MakeMaker: '0' - File::Find: '1.05' - File::Spec: '0.86' - Test::More: '0.47' + File::Find: '1.13' + File::Spec: '3.29' + IO::File: '1.14' + Test::More: '0.8' configure_requires: - ExtUtils::MakeMaker: '6.66' + ExtUtils::MakeMaker: '6.48' dynamic_config: 1 -generated_by: 'ExtUtils::MakeMaker version 7.44, CPAN::Meta::Converter version 2.150010' +generated_by: 'ExtUtils::MakeMaker version 7.64, CPAN::Meta::Converter version 2.150010' license: mit meta-spec: url: http://module-build.sourceforge.net/META-spec-v1.4.html @@ -21,14 +22,14 @@ directory: - t - inc -recommends: {} requires: Carp: '1.1' - DynaLoader: '1.04' + DynaLoader: '1.09' Exporter: '5.56' - File::Spec: '0.86' + File::Spec: '3.29' + IO::File: '1.14' MIME::Base64: '2.13' Net::DNS: '1.08' - perl: '5.008008' -version: '1.19' + perl: '5.008009' +version: '1.21' x_serialization_backend: 'CPAN::Meta::YAML version 0.018'
View file
_service:tar_scm:Net-DNS-SEC-1.19.tar.gz/Makefile.PL -> _service:tar_scm:Net-DNS-SEC-1.21.tar.gz/Makefile.PL
Changed
@@ -1,98 +1,106 @@ # -# $Id: Makefile.PL 1853 2021-10-11 10:40:59Z willem $ -*-perl-*- +# $Id: Makefile.PL 1926 2023-05-31 12:05:13Z willem $ -*-perl-*- # -use 5.008008; +use 5.008009; use strict; use warnings; use Config; use ExtUtils::MakeMaker; -my $MM = $ExtUtils::MakeMaker::VERSION; +use constant MSWin32 => $^O eq 'MSWin32'; + +my $distro = 'Net::DNS::SEC'; +my $module = join '/', 'lib', split /::/, "$distro.pm"; +my $author = 'Dick Franks', 'Olaf Kolkman'; +$author = join ', ', @$author if $ExtUtils::MakeMaker::VERSION < 6.58; # See perldoc ExtUtils::MakeMaker for details of how to influence # the contents of the Makefile that is written. -my @author = ( 'Dick Franks', 'Olaf Kolkman' ); - my %metadata = ( - NAME => 'Net::DNS::SEC', - VERSION_FROM => 'lib/Net/DNS/SEC.pm', - ABSTRACT_FROM => 'lib/Net/DNS/SEC.pm', - AUTHOR => $MM < 6.58 ? "$author0 et al" : @author, - LICENSE => 'mit', - MIN_PERL_VERSION => 5.008008, - CONFIGURE_REQUIRES => { - 'ExtUtils::MakeMaker' => 6.66, - }, - TEST_REQUIRES => { - 'File::Find' => 1.05, - 'File::Spec' => 0.86, - 'Test::More' => 0.47, + NAME => $distro, + VERSION_FROM => $module, + ABSTRACT_FROM => $module, + AUTHOR => $author, + LICENSE => 'mit', + MIN_PERL_VERSION => 5.008009, + CONFIGURE_REQUIRES => {'ExtUtils::MakeMaker' => 6.48}, + TEST_REQUIRES => { + 'ExtUtils::MakeMaker' => 0, + 'File::Find' => 1.13, + 'File::Spec' => 3.29, + 'IO::File' => 1.14, + 'Test::More' => 0.80, } ); my %prerequisite = ( 'Carp' => 1.10, - 'DynaLoader' => 1.04, + 'DynaLoader' => 1.09, 'Exporter' => 5.56, - 'File::Spec' => 0.86, + 'File::Spec' => 3.29, + 'IO::File' => 1.14, 'MIME::Base64' => 2.13, 'Net::DNS' => 1.08, ); -my %optional; - - my @debris = qw(*.gcov *.gcda *.gcno *.lock); my $inc = ''; my $lib = '-lcrypto'; -my $nul = $^O eq 'MSWin32' ? 'nul' : '/dev/null'; - -if ( my $dir = $ENV{OPENSSL_PREFIX} ) { - $inc = "-I$dir/include"; - $lib = "-L$dir/lib -lcrypto"; +my $nul = MSWin32 ? 'nul' : '/dev/null'; -} elsif (`pkg-config --modversion libcrypto 2>$nul`) { +if (`pkg-config --modversion libcrypto 2>$nul`) { $inc = `pkg-config --cflags libcrypto 2>$nul`; $lib = `pkg-config --libs libcrypto 2>$nul`; - -} elsif ( $^O eq 'MSWin32' ) { +} elsif (MSWin32) { $lib = '-llibeay32' if $Config{cc} =~ /cl/; $lib = '-leay32' if $Config{cc} =~ /gcc/; } +if ( my $dir = $ENV{OPENSSL_PREFIX} ) { + chomp $dir; + $inc = "-I$dir/include"; + $lib = "-L$dir/lib $lib"; +} + $inc = $ENV{OPENSSL_INCLUDE} if $ENV{OPENSSL_INCLUDE}; $lib = $ENV{OPENSSL_LIB} if $ENV{OPENSSL_LIB}; +chomp $_ for ( $inc, $lib ); + WriteMakefile( %metadata, - PREREQ_PM => {%prerequisite}, - INC => $inc, - LIBS => $lib, - META_MERGE => {recommends => {%optional}}, - clean => {FILES => "@debris"}, + PREREQ_PM => {%prerequisite}, + INC => $inc, + LIBS => $lib, + clean => {FILES => "@debris"}, ); +exit; -package MY; ## customise generated Makefile -sub test { - return shift->SUPER::test() if $^O =~ /cygwin|MSWin/i; +package MY; ## customise generated Makefile - return join '', shift->SUPER::test(), <<'END'; -# suppress parallel test execution -FULLPERLRUN = HARNESS_OPTIONS=c $(FULLPERL) +sub constants { + return join "\n", shift->SUPER::constants(), <<'END' if $^O =~ /MSWin/i; +# include test directory +TEST_DIR = t +FULLPERLRUN = $(FULLPERL) "-I$(TEST_DIR)" +END + return join "\n", shift->SUPER::constants(), <<'END'; +# suppress parallel test execution include test directory +TEST_DIR = t +FULLPERLRUN = HARNESS_OPTIONS=j1:c $(FULLPERL) "-I$(TEST_DIR)" END } sub dist { - return join '', shift->SUPER::dist(), <<'END'; - + return join "\n", shift->SUPER::dist(), <<'END'; # $(PERM_RWX) raises security issues downstream PREOP = $(CHMOD) $(PERM_RW) $(DISTVNAME)$(DFSEP)demo$(DFSEP)* END @@ -109,9 +117,10 @@ s|(/)/+|$1|g; # remove gratuitous //s } - my @version = ( 'version', eval { require Net::DNS::SEC; $Net::DNS::SEC::VERSION; } ); + eval "require $distro"; ## no critic + my @version = ( 'version', eval { $distro->VERSION } ); - my $nameregex = '\W+Net\W+DNS\W+SEC.pm$'; + my $nameregex = join '\W+', '', split /::/, "$distro.pm\$"; my @installed = grep { $_ && m/$nameregex/io } values %INC; my %occluded; @@ -132,12 +141,12 @@ my $message; warn $message = <<"AMEN"; ## -## The install location for this version of Net::DNS::SEC differs -## from the existing @version in your perl library at +## The install location for this version of $distro +## differs from the existing @version in your perl library at ## @installed ## ## The installation would be rendered ineffective because the -## installed version occurs in the library search path before +## existing @version occurs in the library search path before ## $install_site ## ## The generated Makefile supports build and test only. @@ -146,37 +155,32 @@ my $echo = ' $(NOECHO) $(ECHO) "##"'; $message =~ s/##/$echo/eg; - return join '', <<'END', $message; + return join '', <<"END"; install : - $(NOECHO) $(ECHO) "## Makefile supports build and test only" - $(NOECHO) $(ECHO) "## (see message from Makefile.PL)" - $(NOECHO) $(FALSE) - -test :: $(TEST_TYPE) + $message + \$(NOECHO) \$(FALSE) END } sub postamble { - my $devnull = $^O eq 'MSWin32' ? 'nul' : '/dev/null';
View file
_service:tar_scm:Net-DNS-SEC-1.19.tar.gz/SEC.xs -> _service:tar_scm:Net-DNS-SEC-1.21.tar.gz/SEC.xs
Changed
@@ -1,5 +1,5 @@ -#define XS_Id "$Id: SEC.xs 1853 2021-10-11 10:40:59Z willem $" +#define XS_Id "$Id: SEC.xs 1926 2023-05-31 12:05:13Z willem $" =head1 NAME @@ -44,9 +44,9 @@ #define PERL_NO_GET_CONTEXT #define PERL_REENTRANT -#include "EXTERN.h" -#include "perl.h" -#include "XSUB.h" +#include <EXTERN.h> +#include <perl.h> +#include <XSUB.h> #include <openssl/opensslv.h> #include <openssl/bn.h> @@ -92,11 +92,13 @@ #endif #ifdef OPENSSL_IS_BORINGSSL +#define NO_DSA +#define NO_EdDSA #define NO_SHA3 #endif #ifdef LIBRESSL_VERSION_NUMBER -#undef OPENSSL_VERSION_NUMBER +#undef OPENSSL_VERSION_NUMBER #define OPENSSL_VERSION_NUMBER 0x10100000L #endif @@ -145,6 +147,7 @@ #if (OPENSSL_VERSION_NUMBER < 0x10101000) +#define EOL #define NO_EdDSA #define NO_SHA3 @@ -166,26 +169,25 @@ #endif -#define checkerr(arg) checkret( (arg), __LINE__ ) -void checkret(const int ret, int line) -{ - if ( ret <= 0 ) croak( "libcrypto error (%s line %d)", __FILE__, line ); -} - - #ifndef OBSOLETE_API int EVP_PKEY_fromparams(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey, int selection, OSSL_PARAM_BLD *bld) { OSSL_PARAM *params = OSSL_PARAM_BLD_to_param(bld); - int retval; - checkerr( EVP_PKEY_fromdata_init(ctx) ); - retval = EVP_PKEY_fromdata( ctx, ppkey, selection, params ); + int retval = EVP_PKEY_fromdata_init(ctx); + if ( retval > 0 ) retval = EVP_PKEY_fromdata( ctx, ppkey, selection, params ); OSSL_PARAM_free(params); return retval; } #endif +#define checkerr(arg) checkret( (arg), __LINE__ ) +void checkret(const int ret, int line) +{ + if ( ret <= 0 ) croak( "libcrypto error (%s line %d)", __FILE__, line ); +} + + MODULE = Net::DNS::SEC PACKAGE = Net::DNS::SEC::libcrypto PROTOTYPES: ENABLE @@ -195,7 +197,11 @@ PREINIT: char *v = SvEND( newSVpv(XS_Id, 17) ); CODE: +#ifdef EOL + RETVAL = newSVpvf( "%s %s UNSUPPORTED", v-5, OPENSSL_VERSION_TEXT ); +#else RETVAL = newSVpvf( "%s %s", v-5, OPENSSL_VERSION_TEXT ); +#endif OUTPUT: RETVAL @@ -208,33 +214,31 @@ SV* EVP_sign(SV *message, EVP_PKEY *pkey, const EVP_MD *md=NULL) INIT: +#define msgbuf (unsigned char*) SvPVX(message) +#define msglen SvCUR(message) EVP_MD_CTX *ctx = EVP_MD_CTX_new(); - unsigned char *m = (unsigned char*) SvPVX(message); unsigned char sigbuf512; /* RFC3110(2) */ - STRLEN mlen = SvCUR(message); - STRLEN slen = sizeof(sigbuf); - int r; + STRLEN buflen = sizeof(sigbuf); + int error; CODE: checkerr( EVP_DigestSignInit( ctx, NULL, md, NULL, pkey ) ); - r = EVP_DigestSign( ctx, sigbuf, &slen, m, mlen ); + error = EVP_DigestSign( ctx, sigbuf, &buflen, msgbuf, msglen ); EVP_MD_CTX_free(ctx); EVP_PKEY_free(pkey); - checkerr(r); - RETVAL = newSVpvn( (char*)sigbuf, slen ); + checkerr(error); + RETVAL = newSVpvn( (char*)sigbuf, buflen ); OUTPUT: RETVAL int EVP_verify(SV *message, SV *signature, EVP_PKEY *pkey, const EVP_MD *md=NULL) INIT: +#define sigbuf (unsigned char*) SvPVX(signature) +#define siglen SvCUR(signature) EVP_MD_CTX *ctx = EVP_MD_CTX_new(); - unsigned char *m = (unsigned char*) SvPVX(message); - unsigned char *s = (unsigned char*) SvPVX(signature); - STRLEN mlen = SvCUR(message); - STRLEN slen = SvCUR(signature); CODE: checkerr( EVP_DigestVerifyInit( ctx, NULL, md, NULL, pkey ) ); - RETVAL = EVP_DigestVerify( ctx, s, slen, m, mlen ); + RETVAL = EVP_DigestVerify( ctx, sigbuf, siglen, msgbuf, msglen ); EVP_MD_CTX_free(ctx); EVP_PKEY_free(pkey); OUTPUT: @@ -254,11 +258,8 @@ void EVP_DigestUpdate(EVP_MD_CTX *ctx, SV *message) - INIT: - unsigned char *m = (unsigned char*) SvPVX(message); - STRLEN mlen = SvCUR(message); CODE: - checkerr( EVP_DigestUpdate( ctx, m, mlen ) ); + checkerr( EVP_DigestUpdate( ctx, msgbuf, msglen ) ); SV* EVP_DigestFinal(EVP_MD_CTX *ctx) @@ -317,15 +318,15 @@ BIGNUM *p = BN_bin2bn( (unsigned char*) SvPVX(p_SV), SvCUR(p_SV), NULL ); BIGNUM *q = BN_bin2bn( (unsigned char*) SvPVX(q_SV), SvCUR(q_SV), NULL ); BIGNUM *g = BN_bin2bn( (unsigned char*) SvPVX(g_SV), SvCUR(g_SV), NULL ); - BIGNUM *x = BN_bin2bn( (unsigned char*) SvPVX(x_SV), SvCUR(x_SV), NULL ); + BIGNUM *x = SvCUR(x_SV) == 0 ? NULL : BN_bin2bn( (unsigned char*) SvPVX(x_SV), SvCUR(x_SV), NULL ); BIGNUM *y = BN_bin2bn( (unsigned char*) SvPVX(y_SV), SvCUR(y_SV), NULL ); CODE: #ifdef OBSOLETE_API DSA *dsa = DSA_new(); - DSA_set0_pqg( dsa, p, q, g ); - DSA_set0_key( dsa, y, x ); + checkerr( DSA_set0_pqg( dsa, p, q, g ) ); + checkerr( DSA_set0_key( dsa, y, x ) ); RETVAL = EVP_PKEY_new(); - EVP_PKEY_assign( RETVAL, EVP_PKEY_DSA, (char*)dsa ); + checkerr( EVP_PKEY_assign( RETVAL, EVP_PKEY_DSA, (char*)dsa ) ); #else EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name( libctx, "DSA", NULL ); OSSL_PARAM_BLD *bld = OSSL_PARAM_BLD_new(); @@ -369,10 +370,10 @@ CODE: #ifdef OBSOLETE_API RSA *rsa = RSA_new(); - RSA_set0_factors( rsa, p, q ); - RSA_set0_key( rsa, n, e, d ); + checkerr( RSA_set0_factors( rsa, p, q ) ); + checkerr( RSA_set0_key( rsa, n, e, d ) ); RETVAL = EVP_PKEY_new(); - EVP_PKEY_assign( RETVAL, EVP_PKEY_RSA, (char*)rsa ); + checkerr( EVP_PKEY_assign( RETVAL, EVP_PKEY_RSA, (char*)rsa ) ); #else EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name( libctx, "RSA", NULL ); OSSL_PARAM_BLD *bld = OSSL_PARAM_BLD_new(); @@ -454,33 +455,38 @@ EVP_PKEY* EVP_PKEY_new_raw_public_key(int nid, SV *key) - ALIAS: - EVP_PKEY_new_raw_private_key = 1 - INIT: - unsigned char *rawkey = (unsigned char*) SvPVX(key); - STRLEN keylen = SvCUR(key); -#ifndef OBSOLETE_API + CODE: +#define rawkey (unsigned char*) SvPVX(key) +#define keylen SvCUR(key) +#ifdef OBSOLETE_API + RETVAL = EVP_PKEY_new_raw_public_key( nid, NULL, rawkey , keylen ); +#else EVP_PKEY_CTX *ctx = NULL; OSSL_PARAM_BLD *bld = OSSL_PARAM_BLD_new();
View file
_service:tar_scm:Net-DNS-SEC-1.19.tar.gz/demo/getkeyset -> _service:tar_scm:Net-DNS-SEC-1.21.tar.gz/demo/getkeyset
Changed
@@ -1,5 +1,5 @@ #!/usr/bin/perl -#$Id: getkeyset 1807 2020-09-28 11:38:28Z willem $ +#$Id: getkeyset 1862 2021-12-24 10:09:08Z willem $ use strict; use warnings; @@ -63,25 +63,23 @@ =head1 COPYRIGHT Copyright (c) 2002 RIPE NCC. Author Olaf M. Kolkman -<net-dns-sec@ripe.net> All Rights Reserved Permission to use, copy, modify, and distribute this software and its -documentation for any purpose and without fee is hereby granted, -provided that the above copyright notice appear in all copies and that -both that copyright notice and this permission notice appear in -supporting documentation, and that the name of the author not be used -in advertising or publicity pertaining to distribution of the software -without specific, written prior permission. - -THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, -INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS; IN NO -EVENT SHALL AUTHOR BE LIABLE FOR ANY SPECIAL, INDIRECT OR -CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF -USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR -OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. +documentation for any purpose and without fee is hereby granted, provided +that the original copyright notices appear in all copies and that both +copyright notice and this permission notice appear in supporting +documentation, and that the name of the author not be used in advertising +or publicity pertaining to distribution of the software without specific +prior written permission. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +DEALINGS IN THE SOFTWARE. =cut -
View file
_service:tar_scm:Net-DNS-SEC-1.19.tar.gz/demo/key2ds -> _service:tar_scm:Net-DNS-SEC-1.21.tar.gz/demo/key2ds
Changed
@@ -1,5 +1,5 @@ #!/usr/bin/perl -#$Id: key2ds 1807 2020-09-28 11:38:28Z willem $ +#$Id: key2ds 1862 2021-12-24 10:09:08Z willem $ # A little util to convert DNSKEY records to DS records # from stdin to stdout @@ -39,8 +39,25 @@ =head1 COPYRIGHT -This program is free software; you can redistribute it and/or modify -it under the same terms as Perl itself. +Copyright (c)2002 Miek Gieben -=cut +All Rights Reserved + + +Permission to use, copy, modify, and distribute this software and its +documentation for any purpose and without fee is hereby granted, provided +that the original copyright notices appear in all copies and that both +copyright notice and this permission notice appear in supporting +documentation, and that the name of the author not be used in advertising +or publicity pertaining to distribution of the software without specific +prior written permission. +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +DEALINGS IN THE SOFTWARE. + +=cut
View file
_service:tar_scm:Net-DNS-SEC-1.19.tar.gz/demo/make-signed-keyset -> _service:tar_scm:Net-DNS-SEC-1.21.tar.gz/demo/make-signed-keyset
Changed
@@ -1,5 +1,5 @@ #!/usr/bin/perl -#$Id: make-signed-keyset 1807 2020-09-28 11:38:28Z willem $ +#$Id: make-signed-keyset 1862 2021-12-24 10:09:08Z willem $ # # takes a bind public key file and creates a self-signed keyset @@ -130,8 +130,28 @@ =back -=head1 AUTHOR -Contributed by Wes Griffin <wgriffin@jtan.com> +=head1 COPYRIGHT + +Copyright (c)2002 Wes Griffin + +All Rights Reserved + + +Permission to use, copy, modify, and distribute this software and its +documentation for any purpose and without fee is hereby granted, provided +that the original copyright notices appear in all copies and that both +copyright notice and this permission notice appear in supporting +documentation, and that the name of the author not be used in advertising +or publicity pertaining to distribution of the software without specific +prior written permission. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +DEALINGS IN THE SOFTWARE. =cut
View file
_service:tar_scm:Net-DNS-SEC-1.19.tar.gz/lib/Net/DNS/SEC.pm -> _service:tar_scm:Net-DNS-SEC-1.21.tar.gz/lib/Net/DNS/SEC.pm
Changed
@@ -2,10 +2,20 @@ use strict; use warnings; +use Carp; +our $SVNVERSION = (qw$Id: SEC.pm 1926 2023-05-31 12:05:13Z willem $)2; our $VERSION; -$VERSION = '1.19'; -our $SVNVERSION = (qw$Id: SEC.pm 1854 2021-10-11 10:43:36Z willem $)2; +$VERSION = '1.21'; + +use base qw(Exporter DynaLoader); + +eval { __PACKAGE__->bootstrap($VERSION) }; +warn "\n\n$@\n" if $@; + +use Net::DNS 1.01 qw(:DEFAULT); + +our @EXPORT = ( @Net::DNS::EXPORT, qw(algorithm digtype key_difference) ); =head1 NAME @@ -33,16 +43,6 @@ =cut -use base qw(Exporter DynaLoader); - -use Net::DNS 1.01 qw(:DEFAULT); - -our @EXPORT = ( @Net::DNS::EXPORT, qw(algorithm digtype key_difference) ); - -use integer; -use Carp; - - =head1 UTILITY FUNCTIONS =head2 algorithm @@ -99,14 +99,10 @@ ######################################## -eval { Net::DNS::SEC->bootstrap($VERSION) } || croak; - - foreach (qw(DS CDS RRSIG)) { Net::DNS::RR->new( type => $_ ); # pre-load to access class methods } - 1; __END__
View file
_service:tar_scm:Net-DNS-SEC-1.19.tar.gz/lib/Net/DNS/SEC/DSA.pm -> _service:tar_scm:Net-DNS-SEC-1.21.tar.gz/lib/Net/DNS/SEC/DSA.pm
Changed
@@ -3,7 +3,7 @@ use strict; use warnings; -our $VERSION = (qw$Id: DSA.pm 1853 2021-10-11 10:40:59Z willem $)2; +our $VERSION = (qw$Id: DSA.pm 1863 2022-03-14 14:59:21Z willem $)2; =head1 NAME @@ -44,14 +44,15 @@ use integer; use MIME::Base64; -use constant DSA_configured => Net::DNS::SEC::libcrypto->can('EVP_PKEY_new_DSA'); +use constant Digest_SHA1 => Net::DNS::SEC::libcrypto->can('EVP_sha1'); +use constant DSA_configured => Digest_SHA1 && Net::DNS::SEC::libcrypto->can('EVP_PKEY_new_DSA'); BEGIN { die 'DSA disabled or application has no "use Net::DNS::SEC"' unless DSA_configured } my %parameters = ( - 3 => Net::DNS::SEC::libcrypto::EVP_sha1(), - 6 => Net::DNS::SEC::libcrypto::EVP_sha1(), + 3 => scalar eval { Net::DNS::SEC::libcrypto::EVP_sha1() }, + 6 => scalar eval { Net::DNS::SEC::libcrypto::EVP_sha1() }, ); sub _index { return keys %parameters } @@ -60,8 +61,8 @@ sub sign { my ( $class, $sigdata, $private ) = @_; - my $index = $private->algorithm; - my $evpmd = $parameters{$index} || die 'private key not DSA'; + my $evpmd = $parameters{$private->algorithm}; + die 'private key not DSA' unless $evpmd; my ( $p, $q, $g, $x, $y ) = map { decode_base64( $private->$_ ) } qw(prime subprime base private_value public_value); @@ -77,8 +78,8 @@ sub verify { my ( $class, $sigdata, $keyrr, $sigbin ) = @_; - my $index = $keyrr->algorithm; - my $evpmd = $parameters{$index} || die 'public key not DSA'; + my $evpmd = $parameters{$keyrr->algorithm}; + die 'public key not DSA' unless $evpmd; return unless $sigbin;
View file
_service:tar_scm:Net-DNS-SEC-1.19.tar.gz/lib/Net/DNS/SEC/Keyset.pm -> _service:tar_scm:Net-DNS-SEC-1.21.tar.gz/lib/Net/DNS/SEC/Keyset.pm
Changed
@@ -3,7 +3,7 @@ use strict; use warnings; -our $VERSION = (qw$Id: Keyset.pm 1853 2021-10-11 10:40:59Z willem $)2; +our $VERSION = (qw$Id: Keyset.pm 1868 2022-08-31 20:13:35Z willem $)2; =head1 NAME @@ -192,7 +192,8 @@ =head2 extract_ds - @ds = $keyset->extract_ds; + @ds = $keyset->extract_ds(); # default SHA-1 + @ds = $keyset->extract_ds( digtype => 'SHA-256' ); die Net::DNS::SEC::Keyset->keyset_err unless @ds; Extracts DS records from the keyset. Note that the keyset will be verified @@ -203,9 +204,9 @@ =cut sub extract_ds { - my $self = shift; + my ( $self, @arg ) = @_; my @ds; - @ds = map { Net::DNS::RR::DS->create($_) } $self->keys if $self->verify; + @ds = map { Net::DNS::RR::DS->create( $_, @arg ) } $self->keys if $self->verify; return @ds; } @@ -261,9 +262,10 @@ my @names = CORE::keys %names; push @keyset_err, "Multiple names in keyset: @names" if scalar(@names) > 1; + if ($keyid) { @sigs = grep { $_->keytag == $keyid } @sigs; - push @keyset_err, "No signature made with $keyid found" unless @sigs; + push @keyset_err, "No signature made with key $keyid" unless @sigs; } elsif ( my @sepkeys = grep { $_->sep } @keys ) { my %sepkey = map { ( $_->keytag => $_ ) } @sepkeys; push @keyset_err, 'No signature found for key with SEP flag' @@ -274,8 +276,7 @@ my $keytag = $sig->keytag; next if $sig->verify( \@keys, $keysbytag{$keytag} || ); my $vrfyerr = $sig->vrfyerrstr; - my $signame = $sig->signame; - push @keyset_err, "$vrfyerr on key $signame $keytag "; + push @keyset_err, "$vrfyerr for keyset @names"; } $keyset_err = join "\n", @keyset_err;
View file
_service:tar_scm:Net-DNS-SEC-1.19.tar.gz/lib/Net/DNS/SEC/RSA.pm -> _service:tar_scm:Net-DNS-SEC-1.21.tar.gz/lib/Net/DNS/SEC/RSA.pm
Changed
@@ -3,7 +3,7 @@ use strict; use warnings; -our $VERSION = (qw$Id: RSA.pm 1853 2021-10-11 10:40:59Z willem $)2; +our $VERSION = (qw$Id: RSA.pm 1863 2022-03-14 14:59:21Z willem $)2; =head1 NAME @@ -50,11 +50,11 @@ my %parameters = ( - 1 => Net::DNS::SEC::libcrypto::EVP_md5(), - 5 => Net::DNS::SEC::libcrypto::EVP_sha1(), - 7 => Net::DNS::SEC::libcrypto::EVP_sha1(), - 8 => Net::DNS::SEC::libcrypto::EVP_sha256(), - 10 => Net::DNS::SEC::libcrypto::EVP_sha512(), + 1 => scalar eval { Net::DNS::SEC::libcrypto::EVP_md5() }, + 5 => scalar eval { Net::DNS::SEC::libcrypto::EVP_sha1() }, + 7 => scalar eval { Net::DNS::SEC::libcrypto::EVP_sha1() }, + 8 => scalar eval { Net::DNS::SEC::libcrypto::EVP_sha256() }, + 10 => scalar eval { Net::DNS::SEC::libcrypto::EVP_sha512() }, ); sub _index { return keys %parameters } @@ -63,8 +63,8 @@ sub sign { my ( $class, $sigdata, $private ) = @_; - my $index = $private->algorithm; - my $evpmd = $parameters{$index} || die 'private key not RSA'; + my $evpmd = $parameters{$private->algorithm}; + die 'private key not RSA' unless $evpmd; my ( $n, $e, $d, $p, $q ) = map { decode_base64( $private->$_ ) } qw(Modulus PublicExponent PrivateExponent Prime1 Prime2); @@ -78,8 +78,8 @@ sub verify { my ( $class, $sigdata, $keyrr, $sigbin ) = @_; - my $index = $keyrr->algorithm; - my $evpmd = $parameters{$index} || die 'public key not RSA'; + my $evpmd = $parameters{$keyrr->algorithm}; + die 'public key not RSA' unless $evpmd; return unless $sigbin;
View file
_service:tar_scm:Net-DNS-SEC-1.19.tar.gz/t/00-load.t -> _service:tar_scm:Net-DNS-SEC-1.21.tar.gz/t/00-load.t
Changed
@@ -1,39 +1,49 @@ #!/usr/bin/perl -# $Id: 00-load.t 1831 2021-02-11 23:03:17Z willem $ -*-perl-*- +# $Id: 00-load.t 1924 2023-05-17 13:56:25Z willem $ -*-perl-*- # use strict; use warnings; -use Test::More tests => 4; +use IO::File; +use Test::More tests => 3; +use TestToolkit; my @module = qw( + Net::DNS Net::DNS::SEC - Net::DNS::SEC::DSA - Net::DNS::SEC::ECDSA - Net::DNS::SEC::ECCGOST - Net::DNS::SEC::EdDSA - Net::DNS::SEC::RSA - Net::DNS::SEC::Digest - Net::DNS::SEC::Keyset - Net::DNS::SEC::Private Net::DNS::SEC::libcrypto - File::Spec - IO::File - MIME::Base64 - Net::DNS - Test::More ); +my %metadata; +my $handle = IO::File->new('MYMETA.json') || IO::File->new('META.json'); +if ($handle) { + my $json = join '', (<$handle>); + for ($json) { + s/\s:\s/ => /g; # Perl? en voilà! + my $hashref = eval $_; + %metadata = %$hashref; + } + close $handle; +} -my @diag = "\nThese tests were run using:"; -foreach my $module ( sort @module ) { +my %prerequisite; +foreach ( values %{$metadata{prereqs}} ) { # build, runtime, etc. + foreach ( values %$_ ) { # requires + $prerequisite{$_}++ for keys %$_; + } + delete @prerequisite{@module}; + delete $prerequisite{perl}; +} + +my @diag; +foreach my $module ( @module, sort keys %prerequisite ) { eval "require $module"; ## no critic for ( eval { $module->VERSION || () } ) { s/^(\d+\.\d)$/${1}0/; push @diag, sprintf "%-25s %s", $module, $_; } } -diag join "\n\t", @diag; +diag join "\n\t", "\nThese tests were run using:", @diag; ok( eval { Net::DNS::SEC::libcrypto->VERSION }, 'XS component SEC.xs loaded' ) @@ -42,35 +52,8 @@ use_ok('Net::DNS::SEC'); -my @index; -foreach my $class ( map {"Net::DNS::SEC::$_"} qw(RSA DSA ECCGOST ECDSA EdDSA) ) { - my @algorithms = eval join '', qw(r e q u i r e), " $class; $class->_index"; ## no critic - push @index, map { $_ => $class } @algorithms; -} -ok( scalar(@index), 'create consolidated algorithm index' ); - - -eval { - # Exercise checkerr() response to failed OpenSSL operation - Net::DNS::SEC::libcrypto::checkerr(0); -}; -my ($exception) = split /\n/, "$@\n"; -ok( $exception, "XS libcrypto error\t$exception" ); - - -eval { - # Exercise residual XS support for deprecated ECCGOST algorithm - my $d = pack 'H*', '9df69fc32cd2d369a42ecb63512bc7e25d71b1af7a303ec38a8326809cdef349'; - my $q = pack 'H*', 'ffffffffffffffffffffffffffffffff6c611070995ad10045841b09b761b893'; - my $r = pack 'H*', '36b98722d79b1cce42cdb9a6503d2fa16ce85969eae711b758aabfe3a39f5d0c'; - my $s = pack 'H*', '22c1d462f790afab1624e211531d1d455d285978bb0d4875c428811d7028fc33'; - my $x = pack 'H*', 'cadb74b9950fcf3728ad232626b0dc63f350c25dd09456cd155f413d35205ce9'; - my $y = pack 'H*', '050fd637ab18f8f443eac48c26c12566e655e4d3b15046e0fef296a8835ebeee'; - foreach my $H ( $d, $q ) { ## including specific case (alpha mod q) = 0 - my $eckey = Net::DNS::SEC::libcrypto::EC_KEY_new_ECCGOST( $x, $y ); - Net::DNS::SEC::libcrypto::ECCGOST_verify( $H, $r, $s, $eckey ); - } -}; +# Exercise checkerr() response to failed OpenSSL operation +exception( 'XS libcrypto error', sub { Net::DNS::SEC::libcrypto::checkerr(0) } ); exit;
View file
_service:tar_scm:Net-DNS-SEC-1.19.tar.gz/t/10-keyset.t -> _service:tar_scm:Net-DNS-SEC-1.21.tar.gz/t/10-keyset.t
Changed
@@ -1,11 +1,12 @@ #!/usr/bin/perl -# $Id: 10-keyset.t 1830 2021-01-26 09:08:12Z willem $ -*-perl-*- +# $Id: 10-keyset.t 1924 2023-05-17 13:56:25Z willem $ -*-perl-*- # use strict; use warnings; use IO::File; use Test::More; +use TestToolkit; my %prerequisite = ( 'Net::DNS::SEC' => 1.15, @@ -23,7 +24,7 @@ plan skip_all => 'disabled RSA' unless eval { Net::DNS::SEC::libcrypto->can('EVP_PKEY_new_RSA') }; -plan tests => 29; +plan tests => 27; use_ok('Net::DNS::SEC::Keyset'); @@ -46,10 +47,12 @@ # RSA keypair 1 # my $keyrr1 = Net::DNS::RR->new( <<'END' ); -test.tld. IN DNSKEY ( 256 3 5 - AQO1gY5UFltQ4f0ZHnXPFQZfcQQNpXK5r0Rk05rLLmY0XeA1lu8ek7W1VHsBjkge9WU7efdp3U4a - mxULRMQj7F0ByOK318agap2sIWYN13jV1RLxF5GPyLq+tp2ihEyI8x0P8c9RzgVn1ix4Xcoq+vKm - WqDT1jHE4oBY/DzI8gyuJw== ) ; Key ID = 15791 +test.tld. IN DNSKEY ( 257 3 10 + AwEAAb/7yz0lSf3nFy7MPhkbnqOlaExKlJ8rMmYVEhFYZ5qS/ufQbfQ3stb0opr68eitrauolthm + P325OvNxdzSq5rgURjx9ZitDlhxDyPfQhDzY+/CBhY/z++DRIr+v3AN/7kRW8sYwC+2Hoa1+VxQZ + 1fSQ4J46ZwoN5slpar9G/Gv5aPgsvweQDI285eQVlIQ9NL00bODOHzoKvh9BAx07MOOcT9q6r9xs + MPg6M4C8ykH2zVY5x1iGxT8Syzh/mecSiJtv+b1W4j49pCNj19uenW3oUnyfHg/FBmQpxTiHqs6b + 1ZfVH7akvsQqwk12xT0hDEfeyj4jswDiSsEsLqt1DM0= ) ; Key ID = 39948 END ok( $keyrr1, join ' ', algorithm( $keyrr1->algorithm ), 'public key created' ); @@ -58,15 +61,15 @@ my $handle1 = IO::File->new( $keyfile1, '>' ) or die qq(open: "$keyfile1" $!); print $handle1 <<'END'; Private-key-format: v1.2 -Algorithm: 5 (RSASHA1) -Modulus: tYGOVBZbUOH9GR51zxUGX3EEDaVyua9EZNOayy5mNF3gNZbvHpO1tVR7AY5IHvVlO3n3ad1OGpsVC0TEI+xdAcjit9fGoGqdrCFmDdd41dUS8ReRj8i6vradooRMiPMdD/HPUc4FZ9YseF3KKvryplqg09YxxOKAWPw8yPIMric= -PublicExponent: Aw== -PrivateExponent: eQEJjWQ84Jaou2mj32NZlPYCs8Oh0R+C7eJnMh7uzZPqzmSfabfOeOL8q7QwFKOY0lFPm+jevGdjXNiCwp2TVWZrFINEMwUpxPJCvQQLh0k9Ah3NN2ELPBSlUjkRa10KaRSVSdDaYUM9X1/ZT/9RQagi4ckuy0x6UcRmoSng/Ms= -Prime1: 3SNqKvY2geGDxgpqUKy2gGKq2LBRZ0CruBsVQXtoBH2dwq1bUScC9HxrTYaGxn2BELZsYRMeGVqZ1WqzsLXeTw== -Prime2: 0h6u5+odYP2A7/eIALrUZtTDEi1rT+k434qR7Tb/4w/UkEIHw5bS/NP+AH2sNXtCzbYUx1h11m5EgDgjgoVUqQ== -Exponent1: k2zxcfl5q+utLrGcNch5quxx5crg74Byery41lJFWFO+gcjni29XTahHiQRZ2akAtc7y62IUEOcROPHNIHk+3w== -Exponent2: jBR0mpwTlf5V9U+wAHyNmeMstsjyNUYl6lxhSM9VQgqNtYFagmSMqI1UAFPII6eB3nljL5BOjvQtqtAXrFjjGw== -Coefficient: YJYWzNpbdj/11mE4kUwaiH9GQbY+uA28tv4aVAwAEcKPaU1QQ2k8Jlm+VXxh9v02QCFJYln3416972oeCx9eyw== +Algorithm: 10 (RSASHA512) +Modulus: v/vLPSVJ/ecXLsw+GRueo6VoTEqUnysyZhUSEVhnmpL+59Bt9Dey1vSimvrx6K2tq6iW2GY/fbk683F3NKrmuBRGPH1mK0OWHEPI99CEPNj78IGFj/P74NEiv6/cA3/uRFbyxjAL7YehrX5XFBnV9JDgnjpnCg3myWlqv0b8a/lo+Cy/B5AMjbzl5BWUhD00vTRs4M4fOgq+H0EDHTsw45xP2rqv3Gww+DozgLzKQfbNVjnHWIbFPxLLOH+Z5xKIm2/5vVbiPj2kI2PX256dbehSfJ8eD8UGZCnFOIeqzpvVl9UftqS+xCrCTXbFPSEMR97KPiOzAOJKwSwuq3UMzQ== +PublicExponent: AQAB +PrivateExponent: MnqyZdF4MxqgLd3mNhPdEopbcjPqADALgGvp5EWqeCpOfAWB48UBcSPB3Z4+HUANeiVKBHxeFWCu73PWNDL7l0s9bIpMYvPSdHweS4q4OoeTNxnXVJKCmAplaKGE6CarL6ztCM95U2tmR4gAvXhNmZC+ftw8W5hsJmlheAniNUFaRK28K0+Tlge7XkRxSwK63sjMRHHxAbclr8K2j/GUVkXG9yOrMqgXUJ0WOg9E5BTW+gdkGl4kB5U2gvgRwxkEwY9x7yzrg2cUxrEi9hDlS9HiG5NZizcQqAWkKcdHo28ZB5E4NZBLrKQFjrkOQz3ZjtpUcsTRf/lOvkCOoaveAQ== +Prime1: 7lgM8XyKy3IHYC3+GX1bS0LZFqBhUvYuZ52i2dfKoG9XglVKKe0Pmu/Hkgkdc2/mottVdYHpMZ4t/Wt0OXdqfttoYTgIOFTw4t3Jk9HV4aPIRvVD7LRnRQiKEW9OiS9ixplatrlgMqyOIpx3bou6eRzOs1yfBsNSr+LZbHQ50/U= +Prime2: zjSQ7ylj386G6bFXMKLAjApYy7cQA9T4/URnonUYjXwzQRaDvfAGoRNRA4e0RagVd/x2Dk5hs2UYLMIhpmQWNoSK/ZAFS02RzapMZTV2jya4cJZ83qjYtMYEx8Lff5dHX3lz/uAkcJCasIbyEodi0btJkCZQFAsCMbGlhguTpnk= +Exponent1: U8jEFAfRyp61FQxV7KPyecxv/9I1JDLCMU5qtuVyp188heZxgbeB6tcrcpydq7zEeK9dpUcbsIOIazNg0eq2lw2N7c8CpLrHSxjoCXyUERPADaGeVRE91DiiQGq+Ut9De8jg6KbVuDqMZIJYQZYA4R5NUyPWC0ySPp4iDEv3IBk= +Exponent2: tJ867SM2Rs6jQoSCuSl2u7Q8f4UE1DZzO3X1yUoEjbpjMvpDv9ZGGEXRSuRNtk47L/TGfFWQIxHEkUAjNZqqEmsbTGwhFwsFUj9/149zIIVsPcKz8l24JPDnMwuxthOPA0RhpLo1cRxZQ5OQ60YH+2qwT0IgFs5lx52yPa5aURE= +Coefficient: Y7KhcJe8vcW9h/bxClHMjlB0sYYvdqo7/iwjxiaCD4suPAUpLMxNgeR3TJHT1RYaHQSuFB3Mc9f58hoHe3dncxF+Eey9SdTH53c0+V95tJpAsqirFaqvei+xgikcmhYsWLOQHayul5ZMsfpiph3R90QUYg3Kpbni4W0ALeGswv4= END close($handle1); @@ -104,18 +107,18 @@ # Create keysets -my $datarrset = $keyrr1, $keyrr2; +my $keyrrset = $keyrr1, $keyrr2; -my $sigrr1 = Net::DNS::RR::RRSIG->create( $datarrset, $keyfile1, ttl => 3600 ); +my $sigrr1 = Net::DNS::RR::RRSIG->create( $keyrrset, $keyfile1, ttl => 3600 ); ok( $sigrr1, join ' ', algorithm( $sigrr1->algorithm ), 'signature created' ); -my $sigrr2 = Net::DNS::RR::RRSIG->create( $datarrset, $keyfile2, ttl => 3600 ); +my $sigrr2 = Net::DNS::RR::RRSIG->create( $keyrrset, $keyfile2, ttl => 3600 ); ok( $sigrr2, join ' ', algorithm( $sigrr2->algorithm ), 'signature created' ); -my $keyset = Net::DNS::SEC::Keyset->new($datarrset); +my $keyset = Net::DNS::SEC::Keyset->new($keyrrset); is( ref($keyset), "Net::DNS::SEC::Keyset", "Keyset object created" ); @@ -131,13 +134,13 @@ is( ref($read), "Net::DNS::SEC::Keyset", "read Keyset object" ); -my @ds = $keyset->extract_ds; +my @ds = $keyset->extract_ds( digtype => 'SHA-256' ); my $string0 = $ds0->string; my $string1 = $ds1->string; -my $expect0 = Net::DNS::RR->new('test.tld. IN DS 15791 5 1 C355F0F3F30C69BF2F7EA253ED82FBC280C2496B')->string; -my $expect1 = Net::DNS::RR->new('test.tld. IN DS 63426 8 1 6173eae9bf79853e2c041b1cda02a3d70c86a20b')->string; +my $expect0 = Net::DNS::RR->new('test.tld. IN DS 39948 10 2 94e22598a45d485926d8e3944f871dc605ef52db59f346066bf2b0d20d6d8ed4')->string; +my $expect1 = Net::DNS::RR->new('test.tld. IN DS 63426 8 2 ee74fe86f0d9499ef1abe414039ffaf34f05d3e71a4899882c714395d9047368')->string; my $alg0 = algorithm( $ds0->algorithm ); my $dig0 = digtype( $ds0->digtype ); @@ -168,152 +171,17 @@ my $corrupt = Net::DNS::SEC::Keyset->new( $filename{set3} ); ok( !$corrupt, "Corrupted keyset not loaded" ); -like( Net::DNS::SEC::Keyset->keyset_err, '/failed.+key/', 'Expected error message' ); - - -# -# The packet contains a keyset as returned from a bind nameserver -# the keyset is signed with a signature valid until 2030 06 .. -# After that the test may fail :-( - -# This is the code snippet used to get such a little packet as below. -#use Net::DNS::Resolver; -#my $res=Net::DNS::Resolver->new(); -#$res->nameserver("10.0.53.204"); -#$res->dnssec(1); -#my $a_packet=$res->send("sub.tld","DNSKEY"); -#$a_packet->print; -#print unpack("H*",$a_packet->data); - - -my $HexadecimalPacket = "e6cc81a000010004000000010373756203746c - 640000300001c00c00300001000000200086010103050103bc54beaee1 - 1dc1a29ba945bf69d0db27b364b2dfe60396efff4c6fb359127ea696e1 - 4c66e1c6d23cd6f6c335e1679c61dd3fa4d68a689b8709ea686e43f175 - 6831193903613f6a5f3ff039b21eed9faad4edcb43191c76490ca0947a - 9fa726740bc4449d6c58472a605913337d2dbddc94a7271d25c358fdaa - 60fe1272a5f8b9c00c00300001000000200086010003050103f6d63a8a - b9f775a0c7194d67edb5f249bf398c3d27d2985facf6fb7e25cc35c876 - 2eb8ea22200c847963442fb6634916dc2ec21cdbf2c7378799b8e7e399 - e751ca1e25133349cab52ebf3fe8a5bc0239c28d64f4d8f609c191a7d2 - d364578a159701ef73af93946b281f0aac42b42be17362c68d7a54bbb8 - fa7bc6f70f455a75c00c002e000100000020009b003005020000006470 - dc814040c02ced39d40373756203746c6400a7d9db75a4115794f871ec - 71fc7469c74a6be1cf95434a00363506b354bf15656f7556c51355c8dc - ac7f6c0a4061c0923e0bf341094e586619c2cb316949772ce5bd1e9949 - f91b016f7e6bee0f6878e16b6e59ece086f8d5df68f048524e1bff3c09 - dd15c203d28416600e936451d1646e71611ec95e12d709839369cbc442 - c0c00c002e000100000020009b003005020000006470dc814040c02ced - fbaf0373756203746c640017c6e59f317119da812c6b1e175e8aaec742 - 35a4bfad777e7759fa2daf7959f9611c26e11adde9bdc901c624ca6965 - 7b79653495e22647c5e0e5bedfe5524397d769d816746d10b2067472b4 - f9b04fbde8e39d7861bd6773c80f632f55b46c7a537a83f0b5a50200c9 - d2847b71d9dfaa643f558383e6e13d4e75f70029849444000029100000 - 0080000000"; - -$HexadecimalPacket =~ s/\n//g; -$HexadecimalPacket =~ s/\s//g; - -my $packetdata = pack( "H*", $HexadecimalPacket ); -my $packet = Net::DNS::Packet->new( \$packetdata ); - - -$keyset = Net::DNS::SEC::Keyset->new($packet); -is( ref($keyset), "Net::DNS::SEC::Keyset", "Keyset object from packet" ); - -is( join( " ", sort( $keyset->verify ) ), "14804 64431", "Verify method returned the two proper keytags" ); - - -my $keyset2 = Net::DNS::SEC::Keyset->new($datarrset); -is( ref($keyset2), "Net::DNS::SEC::Keyset", "Keyset object from DNSKEY RRset" ); - -#print $Net::DNS::SEC::Keyset->keyset_err; -#$keyset->print; - -######### - -my $rr; -my @keyrr; -my @sigrr; - - -# Note that the order of pushing the RRs is important for successful testing. - -# All signatures have expiration date in 2030... this test should work for a while - -push( @keyrr, Net::DNS::RR->new( <<'END' ) ); -example.com 100 IN DNSKEY 256 3 5 ( - AQOxFlzX8vShSG3JG2J/fngkgy64RoWr8ovGe7MuvPJqOMHTLM5V8+TJIahSoyUd990ictNv - hDegUqLtZ8k5oQq44viFCU/H1apdEaJnLnXscVo+08ATlEb90MYznK9K0pm2ixbyspzRrrXp - nPi9vo9iU2xqWqw/Efha4vfi6QVs4w== ) -END - - -push( @keyrr, Net::DNS::RR->new( <<'END' ) ); -example.com 100 IN DNSKEY 256 3 5 ( - AQO4jhl6ilWV2mYjwWl7kcxrYyQsnnbV7pxXm48p+SgAr+R5SKyihkjg86IjZBQHFJKZ8RsZ - dhclH2dikM+53uUEhrqVGhsqF8FsNi4nE9aMISiX9Zs61pTYGYboYDvgpD1WwFbD4YVVlfk7 - rCDP/zOE7H/AhkOenK2w7oiO0Jehcw== ) -END +my $corrupt_keyset = Net::DNS::SEC::Keyset->keyset_err; +like( $corrupt_keyset, '/failed.+key/', "Expected error $corrupt_keyset" );
View file
_service:tar_scm:Net-DNS-SEC-1.19.tar.gz/t/20-digest.t -> _service:tar_scm:Net-DNS-SEC-1.21.tar.gz/t/20-digest.t
Changed
@@ -1,5 +1,5 @@ #!/usr/bin/perl -# $Id: 20-digest.t 1830 2021-01-26 09:08:12Z willem $ -*-perl-*- +# $Id: 20-digest.t 1863 2022-03-14 14:59:21Z willem $ -*-perl-*- # use strict; @@ -42,38 +42,33 @@ sub test { my ( $mnemonic, $class, @parameter ) = @_; - my $object = $class->new(@parameter); my ( $head, $tail ) = unpack 'a20 a*', $text; - $object->add($text); - is( unpack( 'H*', $object->digest ), $digest{$mnemonic}, "message digest $mnemonic" ); - $object->add($head); - $object->add($tail); - is( unpack( 'H*', $object->digest ), $digest{$mnemonic}, "concatenated digest $mnemonic" ); +SKIP: { + my $object = eval { $class->new(@parameter) }; + skip( "digest algorithm $mnemonic not supported", 2 ) unless $object; + $object->add($text); + is( unpack( 'H*', $object->digest ), $digest{$mnemonic}, "digest algorithm $mnemonic" ); + $object->add($head); + $object->add($tail); + is( unpack( 'H*', $object->digest ), $digest{$mnemonic}, "digest algorithm $mnemonic (concatenated)" ); + } return; } -SKIP: { - skip( 'MD5 digest algorithm not supported', 1 ) - unless eval { Net::DNS::SEC::libcrypto->can('EVP_md5') }; - test( 'MD5', 'Net::DNS::SEC::Digest::MD5' ); -} +test( 'MD5', 'Net::DNS::SEC::Digest::MD5' ); test( 'SHA1', 'Net::DNS::SEC::Digest::SHA', 1 ); + test( 'SHA224', 'Net::DNS::SEC::Digest::SHA', 224 ); test( 'SHA256', 'Net::DNS::SEC::Digest::SHA', 256 ); test( 'SHA384', 'Net::DNS::SEC::Digest::SHA', 384 ); test( 'SHA512', 'Net::DNS::SEC::Digest::SHA', 512 ); -SKIP: { - skip( 'SHA3 digest algorithm not supported', 8 ) - unless eval { Net::DNS::SEC::libcrypto->can('EVP_sha3_256') }; - test( 'SHA3_224', 'Net::DNS::SEC::Digest::SHA3', 224 ); - test( 'SHA3_256', 'Net::DNS::SEC::Digest::SHA3', 256 ); - test( 'SHA3_384', 'Net::DNS::SEC::Digest::SHA3', 384 ); - test( 'SHA3_512', 'Net::DNS::SEC::Digest::SHA3', 512 ); -} - +test( 'SHA3_224', 'Net::DNS::SEC::Digest::SHA3', 224 ); +test( 'SHA3_256', 'Net::DNS::SEC::Digest::SHA3', 256 ); +test( 'SHA3_384', 'Net::DNS::SEC::Digest::SHA3', 384 ); +test( 'SHA3_512', 'Net::DNS::SEC::Digest::SHA3', 512 ); exit;
View file
_service:tar_scm:Net-DNS-SEC-1.19.tar.gz/t/21-RSA-MD5.t -> _service:tar_scm:Net-DNS-SEC-1.21.tar.gz/t/21-RSA-MD5.t
Changed
@@ -1,5 +1,5 @@ #!/usr/bin/perl -# $Id: 21-RSA-MD5.t 1830 2021-01-26 09:08:12Z willem $ -*-perl-*- +# $Id: 21-RSA-MD5.t 1863 2022-03-14 14:59:21Z willem $ -*-perl-*- # use strict; @@ -22,6 +22,9 @@ plan skip_all => 'disabled RSA' unless eval { Net::DNS::SEC::libcrypto->can('EVP_PKEY_new_RSA') }; +plan skip_all => 'disabled MD5' + unless eval { Net::DNS::SEC::libcrypto->can('EVP_md5') }; + plan tests => 8; @@ -83,7 +86,7 @@ my $verifiable = $class->verify( $corrupt, $key, $signature ); -is( $verifiable, 0, 'signature not verifiable if data corrupt' ); +is( $verifiable, 0, 'signature not verifiable if data corrupted' ); exit;
View file
_service:tar_scm:Net-DNS-SEC-1.19.tar.gz/t/22-RSA-SHA1.t -> _service:tar_scm:Net-DNS-SEC-1.21.tar.gz/t/22-RSA-SHA1.t
Changed
@@ -1,5 +1,5 @@ #!/usr/bin/perl -# $Id: 22-RSA-SHA1.t 1830 2021-01-26 09:08:12Z willem $ -*-perl-*- +# $Id: 22-RSA-SHA1.t 1863 2022-03-14 14:59:21Z willem $ -*-perl-*- # use strict; @@ -22,7 +22,10 @@ plan skip_all => 'disabled RSA' unless eval { Net::DNS::SEC::libcrypto->can('EVP_PKEY_new_RSA') }; -plan tests => 17; +plan skip_all => 'disabled SHA1' + unless eval { Net::DNS::SEC::libcrypto->can('EVP_sha1') }; + +plan tests => 8; my %filename; @@ -56,9 +59,6 @@ my $privatekey = IO::File->new( $keyfile, '>' ) or die qq(open: "$keyfile" $!); print $privatekey <<'END'; Private-key-format: v1.2 -; comment discarded - -; empty line discarded Algorithm: 5 (RSASHA1) Modulus: 58/RHMrcrf1rnDOeN5YDU+ywjZ3Go9v1Iv6mljzByKY64QGZIk/mfr9vCD3bdUWVGJgkd7mJ/ixrFYJh6dDjqFbPjiwr3jcrTe18eTGjnhrICT/t0yPXBDsNvLkUnUAAwZlk7rkGUpIP7YFNzCkgv2YBi6Edh+QboVMQQqAdWY5Wa3IpYDeCXdGtJKBfNNadRLlv+MR6HZJ+Vcb15dptqhVcQdA36gl1OICIStlbj5mXHmkitLJxkGkh1a+fi3vUveKToZy1Cob2WfXaPaeCOLduVUjcQ0ydRzbfuNR5izKTsTlO6CFBy0tg4Vcdp5MyAm3QtRPK/eAiANNGa+BANQ== PublicExponent: AQAB @@ -90,75 +90,6 @@ is( $verifiable, 0, 'signature not verifiable if data corrupted' ); -# The following tests are not replicated for other RSA/SHA flavours - -my $wrongkey = Net::DNS::RR->new( <<'END' ); -DSA.example. IN DNSKEY 256 3 3 ( - CMKzsCaT2Jy1w/sPdpigEE+nbeJ/x5C6cruWvStVum6/YulcR7MHeujx9c2iBDbo3kW4X8/l+qgk - 7ZEZ+yV5lphWtJMmMtOHIU+YdAhgLpt84NKhcupWL8wfuBW/97cqIv5Z+51fwn0YEAcZsoCrE0nL - 5+31VfkK9LTNuVo38hsbWa3eWZFalID5NesF6sJRgXZoAyeAH46EQVCq1UBnnaHslvSDkdb+Z1kT - bMQ64ZVI/sBRXRbqIcDlXVZurCTDV7JL9KZwwfeyrQcnVyYh5mdHPsXbpX5NQJvoqPgvRZWBpP4h - pjkAm9UrUbow9maPCQ1JQ3JuiU5buh9cjAI+QIyGMujKLT2OsogSZD2IFUciaZBL/rSe0gmAUv0q - XrczmIYFUCoRGZ6+lKVqQQ6f2U7Gsr6zRbeJN+JCVD6BJ52zjLUaWUPHbakhZb/wMO7roX/tnA/w - zoDYBIIF7yuRYWblgPXBJTK2Bp07xre8lKCRbzY4J/VXZFziZgHgcn9tkHnrfov04UG9zlWEdT6X - E/60HjrP ; Key ID = 53244 - ) -END - -ok( $wrongkey, 'set up non-RSA public key' ); - - -my $wrongfile = $filename{wrongfile} = $wrongkey->privatekeyname; - -my $handle = IO::File->new( $wrongfile, '>' ) or die qq(open: "$wrongfile" $!); -print $handle <<'END'; -Private-key-format: v1.2 -Algorithm: 3 (DSA) -Prime(p): x5C6cruWvStVum6/YulcR7MHeujx9c2iBDbo3kW4X8/l+qgk7ZEZ+yV5lphWtJMmMtOHIU+YdAhgLpt84NKhcupWL8wfuBW/97cqIv5Z+51fwn0YEAcZsoCrE0nL5+31VfkK9LTNuVo38hsbWa3eWZFalID5NesF6sJRgXZoAyc= -Subprime(q): wrOwJpPYnLXD+w92mKAQT6dt4n8= -Base(g): gB+OhEFQqtVAZ52h7Jb0g5HW/mdZE2zEOuGVSP7AUV0W6iHA5V1Wbqwkw1eyS/SmcMH3sq0HJ1cmIeZnRz7F26V+TUCb6Kj4L0WVgaT+IaY5AJvVK1G6MPZmjwkNSUNybolOW7ofXIwCPkCMhjLoyi09jrKIEmQ9iBVHImmQS/4= -Private_value(x): vdClrOqZ1qONKg0CZH5hVnq1i40= -Public_value(y): tJ7SCYBS/SpetzOYhgVQKhEZnr6UpWpBDp/ZTsayvrNFt4k34kJUPoEnnbOMtRpZQ8dtqSFlv/Aw7uuhf+2cD/DOgNgEggXvK5FhZuWA9cElMrYGnTvGt7yUoJFvNjgn9VdkXOJmAeByf22Qeet+i/ThQb3OVYR1PpcT/rQeOs8= -END -close($handle); - -my $wrongprivate = Net::DNS::SEC::Private->new($wrongfile); -ok( $wrongprivate, 'set up non-RSA private key' ); - - -is( eval { $class->sign( $sigdata, $wrongprivate ) }, undef, 'signature not created using wrong private key' ); - -is( eval { $class->verify( $sigdata, $wrongkey, $signature ) }, undef, 'verify fails using wrong public key' ); - -is( eval { $class->verify( $sigdata, $key, undef ) }, undef, 'verify fails if signature undefined' ); - - -# test detection of invalid private key descriptors -eval { Net::DNS::SEC::Private->new('Kinvalid.private') }; -my ($exception1) = split /\n/, "$@\n"; -ok( $exception1, "invalid keyfile: $exception1" ); - -eval { Net::DNS::SEC::Private->new('Kinvalid.+0+0.private') }; -my ($exception2) = split /\n/, "$@\n"; -ok( $exception2, "missing keyfile: $exception2" ); - -eval { Net::DNS::SEC::Private->new( signame => 'private' ) }; -my ($exception3) = split /\n/, "$@\n"; -ok( $exception3, "unspecified algorithm: $exception3" ); - -eval { Net::DNS::SEC::Private->new( algorithm => 1 ) }; -my ($exception4) = split /\n/, "$@\n"; -ok( $exception4, "unspecified signame: $exception4" ); - - -# exercise code for key with long exponent (not required for DNSSEC) -eval { - my $longformat = pack 'xn a*', unpack 'C a*', $key->keybin; - $key->keybin($longformat); - $class->verify( $sigdata, $key, $signature ); -}; - - exit; __END__
View file
_service:tar_scm:Net-DNS-SEC-1.19.tar.gz/t/23-RSA-SHA256.t -> _service:tar_scm:Net-DNS-SEC-1.21.tar.gz/t/23-RSA-SHA256.t
Changed
@@ -1,11 +1,12 @@ #!/usr/bin/perl -# $Id: 23-RSA-SHA256.t 1830 2021-01-26 09:08:12Z willem $ -*-perl-*- +# $Id: 23-RSA-SHA256.t 1924 2023-05-17 13:56:25Z willem $ -*-perl-*- # use strict; use warnings; use IO::File; use Test::More; +use TestToolkit; my %prerequisite = ( 'Net::DNS::SEC' => 1.15, @@ -22,7 +23,7 @@ plan skip_all => 'disabled RSA' unless eval { Net::DNS::SEC::libcrypto->can('EVP_PKEY_new_RSA') }; -plan tests => 8; +plan tests => 17; my %filename; @@ -83,7 +84,62 @@ my $verifiable = $class->verify( $corrupt, $key, $signature ); -is( $verifiable, 0, 'signature not verifiable if data corrupt' ); +is( $verifiable, 0, 'signature not verifiable if data corrupted' ); + + +# The following tests are not replicated for other RSA/SHA flavours + +my $wrongkey = Net::DNS::RR->new( <<'END' ); +ECDSAP256SHA256.example. IN DNSKEY ( 257 3 13 + IYHbvpnqrhxM4i0SuOyAq9hk19tNXpjja7jCQnfAjZBFBfcLorJPnq4FWMVDg6QT2C4JeW0yCxK4 + iEhb4w9KWQ== ) ; Key ID = 27566 +END +ok( $wrongkey, 'set up non-RSA public key' ); + + +my $wrongfile = $filename{wrongfile} = $wrongkey->privatekeyname; + +my $handle = IO::File->new( $wrongfile, '>' ) or die qq(open: "$wrongfile" $!); +print $handle <<'END'; +Private-key-format: v1.3 +; comment discarded +; empty line discarded + +Algorithm: 13 (ECDSAP256SHA256) +PrivateKey: w+AjPo650IA8DWeEq5QqZ2LWYpuC/oeEaYaGE1ZvKyA= +Created: 20141209015301 +Publish: 20141209015301 +Activate: 20141209015301 +END +close($handle); + +my $wrongprivate = Net::DNS::SEC::Private->new($wrongfile); +ok( $wrongprivate, 'set up non-RSA private key' ); + + +is( eval { $class->sign( $sigdata, $wrongprivate ) }, undef, 'signature not created using wrong private key' ); + +is( eval { $class->verify( $sigdata, $wrongkey, $signature ) }, undef, 'verify fails using wrong public key' ); + +is( eval { $class->verify( $sigdata, $key, undef ) }, undef, 'verify fails if signature undefined' ); + + +# test detection of invalid private key descriptors +exception( 'invalid keyfile', sub { Net::DNS::SEC::Private->new('Kinvalid.private') } ); + +exception( 'missing keyfile', sub { Net::DNS::SEC::Private->new('Kinvalid.+0+0.private') } ); + +exception( 'unspecified algorithm', sub { Net::DNS::SEC::Private->new( signame => 'private' ) } ); + +exception( 'unspecified signame', sub { Net::DNS::SEC::Private->new( algorithm => 1 ) } ); + + +# exercise code for key with long exponent (not required for DNSSEC) +eval { + my $longformat = pack 'xn a*', unpack 'C a*', $key->keybin; + $key->keybin($longformat); + $class->verify( $sigdata, $key, $signature ); +}; exit;
View file
_service:tar_scm:Net-DNS-SEC-1.19.tar.gz/t/24-RSA-SHA512.t -> _service:tar_scm:Net-DNS-SEC-1.21.tar.gz/t/24-RSA-SHA512.t
Changed
@@ -1,5 +1,5 @@ #!/usr/bin/perl -# $Id: 24-RSA-SHA512.t 1830 2021-01-26 09:08:12Z willem $ -*-perl-*- +# $Id: 24-RSA-SHA512.t 1862 2021-12-24 10:09:08Z willem $ -*-perl-*- # use strict; @@ -86,7 +86,7 @@ my $verifiable = $class->verify( $corrupt, $key, $signature ); -is( $verifiable, 0, 'signature not verifiable if data corrupt' ); +is( $verifiable, 0, 'signature not verifiable if data corrupted' ); exit;
View file
_service:tar_scm:Net-DNS-SEC-1.19.tar.gz/t/31-DSA-SHA1.t -> _service:tar_scm:Net-DNS-SEC-1.21.tar.gz/t/31-DSA-SHA1.t
Changed
@@ -1,5 +1,5 @@ #!/usr/bin/perl -# $Id: 31-DSA-SHA1.t 1830 2021-01-26 09:08:12Z willem $ -*-perl-*- +# $Id: 31-DSA-SHA1.t 1863 2022-03-14 14:59:21Z willem $ -*-perl-*- # use strict; @@ -23,6 +23,9 @@ plan skip_all => "disabled DSA" unless eval { Net::DNS::SEC::libcrypto->can('EVP_PKEY_new_DSA') }; +plan skip_all => "disabled SHA1" + unless eval { Net::DNS::SEC::libcrypto->can('EVP_sha1') }; + plan tests => 13;
View file
_service:tar_scm:Net-DNS-SEC-1.19.tar.gz/t/61-Ed25519.t -> _service:tar_scm:Net-DNS-SEC-1.21.tar.gz/t/61-Ed25519.t
Changed
@@ -1,5 +1,5 @@ #!/usr/bin/perl -# $Id: 61-Ed25519.t 1808 2020-09-28 22:08:11Z willem $ -*-perl-*- +# $Id: 61-Ed25519.t 1868 2022-08-31 20:13:35Z willem $ -*-perl-*- # use strict; @@ -87,7 +87,7 @@ ok( $wrongprivate, 'set up non-EdDSA private key' ); -my $sigdata = 'arbitrary data'; ## Note: ED25519 signing is deterministic +my $sigdata = Net::DNS::RR->new('. TXT arbitrary data')->txtdata; # character set independent my $corrupt = 'corrupted data'; my $signature = pack 'H*', join '', qw( @@ -95,7 +95,7 @@ c14292cf8c28af0efe6ee30cbf9d643cba3ab56f1e1ae27b6074147ed9c55a0e ); -my $signed = eval { $class->sign( $sigdata, $private ); } || ''; +my $signed = eval { $class->sign( $sigdata, $private ); } || ''; # Note: ED25519 signing is deterministic ok( $signed eq $signature, 'signature created using private key' );
View file
_service:tar_scm:Net-DNS-SEC-1.19.tar.gz/t/62-Ed448.t -> _service:tar_scm:Net-DNS-SEC-1.21.tar.gz/t/62-Ed448.t
Changed
@@ -1,5 +1,5 @@ #!/usr/bin/perl -# $Id: 62-Ed448.t 1808 2020-09-28 22:08:11Z willem $ -*-perl-*- +# $Id: 62-Ed448.t 1868 2022-08-31 20:13:35Z willem $ -*-perl-*- # use strict; @@ -64,7 +64,7 @@ ok( $private, 'set up EdDSA private key' ); -my $sigdata = 'arbitrary data'; ## Note: ED448 signing is deterministic +my $sigdata = Net::DNS::RR->new('. TXT arbitrary data')->txtdata; # character set independent my $corrupt = 'corrupted data'; my $signature = pack 'H*', join '', qw( @@ -74,7 +74,7 @@ f7651f828fb64c200e2ee5d0686490910c00 ); -my $signed = eval { $class->sign( $sigdata, $private ) } || ''; +my $signed = eval { $class->sign( $sigdata, $private ); } || ''; # Note: ED448 signing is deterministic ok( $signed eq $signature, 'signature created using private key' ); @@ -83,7 +83,7 @@ my $verifiable = $class->verify( $corrupt, $key, $signature ); -is( $verifiable, 0, 'signature not verifiable if data corrupt' ); +is( $verifiable, 0, 'signature not verifiable if data corrupted' ); exit;
View file
_service:tar_scm:Net-DNS-SEC-1.21.tar.gz/t/TestToolkit.pm
Added
@@ -0,0 +1,116 @@ +# $Id: TestToolkit.pm 1924 2023-05-17 13:56:25Z willem $ -*-perl-*- + +package TestToolkit; + +=head1 NAME + +TestToolkit - Convenient tools to simplify test script construction. + +=cut + +use strict; +use warnings; +use Carp; +use Test::Builder; +use Test::More; + +use base qw(Exporter); +our @EXPORT = qw(exception noexception NonFatalBegin NonFatalEnd); + + +=head1 exception noexception + + noexception( 'test description', sub { code fragment } ); + +Executes the supplied code fragment and reports a raised exception or +warning using the Test::More ok() mechanism. + +=cut + +sub exception { + my ( $name, $code ) = @_; + + my $exception = _execute($code); + my $boolean = $exception ? 1 : 0; + + my $tb = Test::Builder->new; + return $tb->ok( $boolean, "$name\t$exception" ); +} + +sub noexception { + my ( $name, $code ) = @_; + + my $exception = _execute($code); + my $boolean = $exception ? 0 : 1; + + my $tb = Test::Builder->new; + return $tb->ok( $boolean, $exception ? "$name\t$exception" : $name ); +} + +sub _execute { + my $code = shift; + my @warning; + local $SIG{__WARN__} = sub { push @warning, "@_" }; + local ( $@, $!, $SIG{__DIE__} ); ## isolate eval + eval { + &$code; + croak shift(@warning) if @warning; + }; + my ($exception) = split /\r\n+/, "$@\n"; + return $exception; +} + + +######################################## +# +# Test::More test functions all eventually call Test::Builder::ok +# (on the (singular) builder instance) to report the status. +# The NonFatal package defines a subclass derived from Test::Builder, +# with a redefined ok method that overrides the completion status +# seen by the test harness. +# +# Note: Modified behaviour is enabled by the 't/online.nonfatal' file. +# + +=head1 NonFatalBegin NonFatalEnd + +Tests that are between these functions will always appear to succeed. +The failure report itself is not suppressed. + +=cut + +sub NonFatalBegin { return bless Test::Builder->new, qw(NonFatal) } + +sub NonFatalEnd { return bless Test::Builder->new, qw(Test::Builder) } + + +package NonFatal; +use base qw(Test::Builder); + +my $enabled = eval { -e 't/online.nonfatal' }; +my @failed; + +sub ok { + my ( $self, $test, @name ) = @_; + return $self->SUPER::ok( $test, @name ) if $test; + + if ($enabled) { + my $number = $self->current_test + 1; + push @failed, join( "\t", $number, @name ); + @name = "NOT OK (tolerating failure) @name"; + } + + return $self->SUPER::ok( $enabled, @name ); +} + +END { + my $n = scalar(@failed) || return; + my $s = ( $n == 1 ) ? '' : 's'; + my $tb = __PACKAGE__->SUPER::new(); + $tb->diag( join "\n", "\nDisregarding $n failed sub-test$s", @failed ); +} + +1; + +__END__ +
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2