r8014 - in /branches/upstream/libcrypt-cbc-perl/current: CBC.pm Changes META.yml README.compatibility
gregoa-guest at users.alioth.debian.org
gregoa-guest at users.alioth.debian.org
Sat Sep 29 11:56:28 UTC 2007
Author: gregoa-guest
Date: Sat Sep 29 11:56:28 2007
New Revision: 8014
URL: http://svn.debian.org/wsvn/?sc=1&rev=8014
Log:
[svn-upgrade] Integrating new upstream version, libcrypt-cbc-perl (2.24)
Modified:
branches/upstream/libcrypt-cbc-perl/current/CBC.pm
branches/upstream/libcrypt-cbc-perl/current/Changes
branches/upstream/libcrypt-cbc-perl/current/META.yml
branches/upstream/libcrypt-cbc-perl/current/README.compatibility
Modified: branches/upstream/libcrypt-cbc-perl/current/CBC.pm
URL: http://svn.debian.org/wsvn/branches/upstream/libcrypt-cbc-perl/current/CBC.pm?rev=8014&op=diff
==============================================================================
--- branches/upstream/libcrypt-cbc-perl/current/CBC.pm (original)
+++ branches/upstream/libcrypt-cbc-perl/current/CBC.pm Sat Sep 29 11:56:28 2007
@@ -4,7 +4,7 @@
use Carp;
use strict;
use vars qw($VERSION);
-$VERSION = '2.22';
+$VERSION = '2.24';
use constant RANDOM_DEVICE => '/dev/urandom';
@@ -422,15 +422,23 @@
} else {
$result = pack("C*",map {rand(256)} 1..$length);
}
- $result;
+ # Clear taint and check length
+ $result =~ /^(.{$length})$/s or croak "Invalid length while gathering $length randim bytes";
+ return $1;
}
sub _standard_padding ($$$) {
my ($b,$bs,$decrypt) = @_;
$b = length $b ? $b : '';
if ($decrypt eq 'd') {
- substr($b, -unpack("C",substr($b,-1)))='';
- return $b;
+ my $pad_length = unpack("C",substr($b,-1));
+
+ # sanity check for implementations that don't pad correctly
+ return $b unless $pad_length >= 0 && $pad_length <= $bs;
+ my @pad_chars = unpack("C*",substr($b,-$pad_length));
+ return $b if grep {$pad_length != $_} @pad_chars;
+
+ return substr($b,0,$bs-$pad_length);
}
my $pad = $bs - length($b) % $bs;
return $b . pack("C*",($pad)x$pad);
Modified: branches/upstream/libcrypt-cbc-perl/current/Changes
URL: http://svn.debian.org/wsvn/branches/upstream/libcrypt-cbc-perl/current/Changes?rev=8014&op=diff
==============================================================================
--- branches/upstream/libcrypt-cbc-perl/current/Changes (original)
+++ branches/upstream/libcrypt-cbc-perl/current/Changes Sat Sep 29 11:56:28 2007
@@ -1,4 +1,14 @@
Revision history for Perl extension Crypt::CBC.
+2.24 Fri Sep 28 11:21:07 EDT 2007
+ - Fixed failure to run under taint checks with Crypt::Rijndael
+ or Crypt::OpenSSL::AES (and maybe other Crypt modules). See
+ http://rt.cpan.org/Public/Bug/Display.html?id=29646.
+
+2.23 Fri Apr 13 14:50:21 EDT 2007
+ - Added checks for other implementations of CBC which add no
+ standard padding at all when cipher text is an even multiple
+ of the block size.
+
2.22 Sun Oct 29 16:50:32 EST 2006
- Fixed bug in which plaintext encrypted with the -literal_key
option could not be decrypted using a new object created with
Modified: branches/upstream/libcrypt-cbc-perl/current/META.yml
URL: http://svn.debian.org/wsvn/branches/upstream/libcrypt-cbc-perl/current/META.yml?rev=8014&op=diff
==============================================================================
--- branches/upstream/libcrypt-cbc-perl/current/META.yml (original)
+++ branches/upstream/libcrypt-cbc-perl/current/META.yml Sat Sep 29 11:56:28 2007
@@ -1,11 +1,12 @@
-# http://module-build.sourceforge.net/META-spec.html
-#XXXXXXX This is a prototype!!! It will change in the future!!! XXXXX#
-name: Crypt-CBC
-version: 2.22
-version_from: CBC.pm
-installdirs: site
-requires:
+--- #YAML:1.0
+name: Crypt-CBC
+version: 2.24
+abstract: ~
+license: ~
+generated_by: ExtUtils::MakeMaker version 6.32
+distribution_type: module
+requires:
Digest::MD5: 2.00
-
-distribution_type: module
-generated_by: ExtUtils::MakeMaker version 6.17
+meta-spec:
+ url: http://module-build.sourceforge.net/META-spec-v1.2.html
+ version: 1.2
Modified: branches/upstream/libcrypt-cbc-perl/current/README.compatibility
URL: http://svn.debian.org/wsvn/branches/upstream/libcrypt-cbc-perl/current/README.compatibility?rev=8014&op=diff
==============================================================================
--- branches/upstream/libcrypt-cbc-perl/current/README.compatibility (original)
+++ branches/upstream/libcrypt-cbc-perl/current/README.compatibility Sat Sep 29 11:56:28 2007
@@ -1,0 +1,44 @@
+Compatibility Notes
+-------------------
+
+Crypt::CBC version 2.17 and higher contains changes designed to make
+encrypted messages more secure. In particular, Crypt::CBC now works
+correctly with ciphers that use block sizes greater than 8 bytes,
+which includes Rijndael, the basis for the AES encryption system. It
+also interoperates seamlessly with the OpenSSL library. Unfortunately,
+these changes break compatibility with messages encrypted with
+versions 2.16 and lower.
+
+To successfully decrypt messages encrypted with Crypt::CBC 2.16 and
+lower, follow these steps:
+
+1) Pass Crypt::CBC->new() the option -header=>'randomiv'. Example:
+
+ my $cbc = Crypt::CBC->new(-key => $key,
+ -cipher => 'Blowfish',
+ -header => 'randomiv');
+
+This tells Crypt::CBC to decrypt messages using the legacy "randomiv"
+style header rather than the default SSL-compatible "salt" style
+header.
+
+2) If the legacy messages were encrypted using Rijndael, also pass
+Crypt::CBC the -insecure_legacy_decrypt=>1 option:
+
+ my $cbc = Crypt::CBC->new(-key => $key,
+ -cipher => 'Rijndael',
+ -header => 'randomiv',
+ -insecure_legacy_decrypt => 1 );
+
+
+This tells Crypt::CBC to allow you to decrypt Rijndael messages that
+were incorrectly encrypted by pre-2.17 versions. It is important to
+realize that Rijndael messages encrypted by version 2.16 and lower
+*ARE NOT SECURE*. New versions of Crypt::CBC will refuse to encrypt
+Rijndael messages in a way that is backward compatible with 2.16 and
+lower.
+
+I apologize for any inconvenience this causes.
+
+Lincoln Stein
+Spring 2006
More information about the Pkg-perl-cvs-commits
mailing list