r18116 - in /trunk/libcrypt-cbc-perl: CBC.pm Changes MANIFEST META.yml README.compatibility debian/changelog t/Rijndael_compat.t t/null_data.t t/onezeropadding.t

gregoa-guest at users.alioth.debian.org gregoa-guest at users.alioth.debian.org
Sat Mar 29 16:59:35 UTC 2008


Author: gregoa-guest
Date: Sat Mar 29 16:59:35 2008
New Revision: 18116

URL: http://svn.debian.org/wsvn/pkg-perl/?sc=1&rev=18116
Log:
New upstream release.

Added:
    trunk/libcrypt-cbc-perl/t/onezeropadding.t
      - copied unchanged from r18115, branches/upstream/libcrypt-cbc-perl/current/t/onezeropadding.t
Removed:
    trunk/libcrypt-cbc-perl/README.compatibility
Modified:
    trunk/libcrypt-cbc-perl/CBC.pm
    trunk/libcrypt-cbc-perl/Changes
    trunk/libcrypt-cbc-perl/MANIFEST
    trunk/libcrypt-cbc-perl/META.yml
    trunk/libcrypt-cbc-perl/debian/changelog
    trunk/libcrypt-cbc-perl/t/Rijndael_compat.t
    trunk/libcrypt-cbc-perl/t/null_data.t

Modified: trunk/libcrypt-cbc-perl/CBC.pm
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libcrypt-cbc-perl/CBC.pm?rev=18116&op=diff
==============================================================================
--- trunk/libcrypt-cbc-perl/CBC.pm (original)
+++ trunk/libcrypt-cbc-perl/CBC.pm Sat Mar 29 16:59:35 2008
@@ -4,7 +4,7 @@
 use Carp;
 use strict;
 use vars qw($VERSION);
-$VERSION = '2.24';
+$VERSION = '2.27';
 
 use constant RANDOM_DEVICE => '/dev/urandom';
 
@@ -116,24 +116,29 @@
 	  unless ($rbs == $bs);
       }
     } else {
-      $padding = $padding eq 'null'          ? \&_null_padding
-	        :$padding eq 'space'         ? \&_space_padding
-		:$padding eq 'oneandzeroes'  ? \&_oneandzeroes_padding
-                :$padding eq 'standard'      ? \&_standard_padding
+      $padding = $padding eq 'null'           ? \&_null_padding
+	        :$padding eq 'space'          ? \&_space_padding
+		:$padding eq 'oneandzeroes'   ? \&_oneandzeroes_padding
+		:$padding eq 'rijndael_compat'? \&_rijndael_compat
+                :$padding eq 'standard'       ? \&_standard_padding
 	        :croak "'$padding' padding not supported.  See perldoc Crypt::CBC for instructions on creating your own.";
     }
 
     # CONSISTENCY CHECKS
     # HEADER consistency
     if ($header_mode eq 'salt') {
-      croak "Cannot use salt-based key generation if literal key is specified" if $options->{literal_key};
-      croak "Cannot use salt-based IV generation if literal IV is specified"   if exists $options->{iv};
+      croak "Cannot use salt-based key generation if literal key is specified"
+	if $options->{literal_key};
+      croak "Cannot use salt-based IV generation if literal IV is specified"
+	if exists $options->{iv};
     }
     elsif ($header_mode eq 'randomiv') {
-      croak "Cannot encrypt using a non-8 byte blocksize cipher when using randomiv header mode" unless $bs == 8 || $legacy_hack;
+      croak "Cannot encrypt using a non-8 byte blocksize cipher when using randomiv header mode"
+	unless $bs == 8 || $legacy_hack;
     }
     elsif ($header_mode eq 'none') {
-      croak "You must provide an initialization vector using -iv when using -header=>'none'" unless exists $options->{iv};
+      croak "You must provide an initialization vector using -iv when using -header=>'none'"
+	unless exists $options->{iv};
     }
 
     # KEYSIZE consistency
@@ -222,6 +227,10 @@
 
     my $bs = $self->{'blocksize'};
 
+    croak "When using rijndael_compat padding, plaintext size must be a multiple of $bs"
+      if $self->{'padding'} eq \&_rijndael_compat
+	and length($data) % $bs;
+
     return $result unless (length($self->{'buffer'}) >= $bs);
 
     my @blocks = unpack("a$bs "x(int(length($self->{'buffer'})/$bs)) . "a*", $self->{'buffer'});
@@ -364,10 +373,32 @@
 
   croak "key and/or iv are missing" unless defined $self->{key} && defined $self->{civ};
 
+  $self->_taintcheck($self->{key});
   $self->{crypt} = ref $self->{cipher} ? $self->{cipher}
                                        : $self->{cipher}->new($self->{key})
 					 or croak "Could not create $self->{cipher} object: $@";
   return $result;
+}
+
+sub _taintcheck {
+    my $self = shift;
+    my $key  = shift;
+    return unless ${^TAINT};
+
+    my $has_scalar_util = eval "require Scalar::Util; 1";
+    my $tainted;
+
+    if ($has_scalar_util) {
+	$tainted = Scalar::Util::tainted($key);
+    } else {
+	local($@, $SIG{__DIE__}, $SIG{__WARN__});
+	local $^W = 0;
+	eval { kill 0 * $key };
+	$tainted = $@ =~ /^Insecure/;
+    }
+
+    croak "Taint checks are turned on and your key is tainted. Please untaint the key and try again"
+	if $tainted;
 }
 
 sub _key_from_key {
@@ -468,8 +499,18 @@
 
 sub _oneandzeroes_padding ($$$) {
   my ($b,$bs,$decrypt) = @_;
+  $b = length $b ? $b : '';
+  if ($decrypt eq 'd') {
+     my $hex = unpack("H*", $b);
+     $hex =~ s/80*$//s;
+     return pack("H*", $hex);
+  }
+  return $b . pack("C*", 128, (0) x ($bs - length($b) % $bs - 1) );
+}
+
+sub _rijndael_compat ($$$) {
+  my ($b,$bs,$decrypt) = @_;
   return unless length $b;
-  $b = length $b ? $b : '';
   if ($decrypt eq 'd') {
      my $hex = unpack("H*", $b);
      $hex =~ s/80*$//s;
@@ -628,8 +669,9 @@
                     'randomiv' -- Randomiv-compatible "RandomIV" header
                     'none'   -- prepend no header at all
 
-  -padding        The padding method, one of "standard", "space",
-                     "onesandzeroes", or "null". (default "standard")
+  -padding        The padding method, one of "standard" (default),
+                     "space", "oneandzeroes", "rijndael_compat",
+                     or "null" (default "standard").
 
   -literal_key    If true, the key provided by "key" is used directly
                       for encryption/decryption.  Otherwise the actual
@@ -925,7 +967,7 @@
 
 When the last block of plaintext is shorter than the block size,
 it must be padded. Padding methods include: "standard" (i.e., PKCS#5),
-"oneandzeroes", "space", and "null".
+"oneandzeroes", "space", "rijndael_compat" and "null".
 
    standard: (default) Binary safe
       pads with the number of bytes that should be truncated. So, if 
@@ -938,14 +980,21 @@
       block. If the last block is a full block and blocksize is 8, a
       block of "8000000000000000" will be appended.
 
+   rijndael_compat: Binary safe, with caveats
+      similar to oneandzeroes, except that no padding is performed if
+      the last block is a full block. This is provided for
+      compatibility with Crypt::Rijndael only and can only be used
+      with messages that are a multiple of the Rijndael blocksize
+      of 16 bytes.
+
    null: text only
       pads with as many "00" necessary to fill the block. If the last 
-      block is a full block and blocksize is 8, a block of 
+      block is a full block and blocksize is 8, a block of
       "0000000000000000" will be appended.
 
    space: text only
       same as "null", but with "20".
-      
+
 Both the standard and oneandzeroes paddings are binary safe.  The
 space and null paddings are recommended only for text data.  Which
 type of padding you use depends on whether you wish to communicate

Modified: trunk/libcrypt-cbc-perl/Changes
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libcrypt-cbc-perl/Changes?rev=18116&op=diff
==============================================================================
--- trunk/libcrypt-cbc-perl/Changes (original)
+++ trunk/libcrypt-cbc-perl/Changes Sat Mar 29 16:59:35 2008
@@ -1,4 +1,20 @@
 Revision history for Perl extension Crypt::CBC.
+2.27	 Fri Mar 28 10:13:32 EDT 2008
+ 	 - When taint mode is turned on and user is using a tainted key, explicitly check
+	   tainting of key in order to avoid "cryptic" failure messages from some crypt
+	   modules.
+
+2.26	Thu Mar 20 16:41:23 EDT 2008
+	- Fixed onezeropadding test, which was not reporting its test count
+	  properly.
+
+2.25	Fri Jan 11 15:26:27 EST 2008
+	- Fixed failure of oneandzeroes padding when plaintext size is
+	an even multiple of blocksize.
+	- Added new "rijndael_compat" padding method, which is compatible
+	with the oneandzeroes padding method used by Crypt::Rijndael in
+	CBC mode.
+
 2.24	Fri Sep 28 11:21:07 EDT 2007
 	- Fixed failure to run under taint checks with Crypt::Rijndael
 	or Crypt::OpenSSL::AES (and maybe other Crypt modules). See 

Modified: trunk/libcrypt-cbc-perl/MANIFEST
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libcrypt-cbc-perl/MANIFEST?rev=18116&op=diff
==============================================================================
--- trunk/libcrypt-cbc-perl/MANIFEST (original)
+++ trunk/libcrypt-cbc-perl/MANIFEST Sat Mar 29 16:59:35 2008
@@ -4,7 +4,6 @@
 META.yml			Module meta-data (added by MakeMaker)
 Makefile.PL
 README
-README.compatibility
 Crypt-CBC-2.16-vulnerability.txt
 eg/aes.pl
 eg/des.pl
@@ -16,6 +15,7 @@
 t/IDEA.t
 t/PCBC.t
 t/Rijndael.t
+t/onezeropadding.t
 t/Rijndael_compat.t
 t/func.t
 t/null_data.t

Modified: trunk/libcrypt-cbc-perl/META.yml
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libcrypt-cbc-perl/META.yml?rev=18116&op=diff
==============================================================================
--- trunk/libcrypt-cbc-perl/META.yml (original)
+++ trunk/libcrypt-cbc-perl/META.yml Sat Mar 29 16:59:35 2008
@@ -1,12 +1,11 @@
---- #YAML:1.0
-name:                Crypt-CBC
-version:             2.24
-abstract:            ~
-license:             ~
-generated_by:        ExtUtils::MakeMaker version 6.32
-distribution_type:   module
-requires:     
+# http://module-build.sourceforge.net/META-spec.html
+#XXXXXXX This is a prototype!!!  It will change in the future!!! XXXXX#
+name:         Crypt-CBC
+version:      2.27
+version_from: CBC.pm
+installdirs:  site
+requires:
     Digest::MD5:                   2.00
-meta-spec:
-    url:     http://module-build.sourceforge.net/META-spec-v1.2.html
-    version: 1.2
+
+distribution_type: module
+generated_by: ExtUtils::MakeMaker version 6.30_01

Modified: trunk/libcrypt-cbc-perl/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libcrypt-cbc-perl/debian/changelog?rev=18116&op=diff
==============================================================================
--- trunk/libcrypt-cbc-perl/debian/changelog (original)
+++ trunk/libcrypt-cbc-perl/debian/changelog Sat Mar 29 16:59:35 2008
@@ -1,3 +1,9 @@
+libcrypt-cbc-perl (2.27-1) UNRELEASED; urgency=low
+
+  * New upstream release.
+
+ -- gregor herrmann <gregor+debian at comodo.priv.at>  Sat, 29 Mar 2008 17:58:34 +0100
+
 libcrypt-cbc-perl (2.24-2) unstable; urgency=low
 
   [ Frank Lichtenheld ]

Modified: trunk/libcrypt-cbc-perl/t/Rijndael_compat.t
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libcrypt-cbc-perl/t/Rijndael_compat.t?rev=18116&op=diff
==============================================================================
--- trunk/libcrypt-cbc-perl/t/Rijndael_compat.t (original)
+++ trunk/libcrypt-cbc-perl/t/Rijndael_compat.t Sat Mar 29 16:59:35 2008
@@ -48,7 +48,7 @@
 			    -iv          => 'f' x $bs,
 			    -literal_key => 1,
 			    -header      => 'none',
-			    -padding     => 'oneandzeroes'
+			    -padding     => 'rijndael_compat',
                            ),
                            "Couldn't create new object");
 test(3,$j = Crypt::Rijndael->new('a' x $ks, Crypt::Rijndael->MODE_CBC),

Modified: trunk/libcrypt-cbc-perl/t/null_data.t
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libcrypt-cbc-perl/t/null_data.t?rev=18116&op=diff
==============================================================================
--- trunk/libcrypt-cbc-perl/t/null_data.t (original)
+++ trunk/libcrypt-cbc-perl/t/null_data.t Sat Mar 29 16:59:35 2008
@@ -40,8 +40,8 @@
 
 for my $mod (@in) {
   for my $pad (@pads) {
-    my $cipher = Crypt::CBC->new(-key => 'secret',
-				 -cipher => $mod,
+    my $cipher = Crypt::CBC->new(-key     => 'secret',
+				 -cipher  => $mod,
 				 -padding => $pad,
 				);
     for my $length (1..128) {




More information about the Pkg-perl-cvs-commits mailing list