commit perl-Crypt-CBC

12 Dec 2006

Hello community,

here is the log from the commit of package perl-Crypt-CBC
checked in at Tue Dec 12 23:24:19 CET 2006.

--------

--- perl-Crypt-CBC/perl-Crypt-CBC.changes	2006-10-19 17:08:29.000000000 +0200
+++ /mounts/work_src_done/STABLE/perl-Crypt-CBC/perl-Crypt-CBC.changes	2006-12-12 13:51:17.000000000 +0100
@@ -1,0 +2,10 @@
+Tue Dec 12 13:07:03 CET 2006 - anicka@suse.cz
+
+- update to 2.22
+* Fixed bug in which plaintext encrypted with the 
+  -literal_key option could not be decrypted using a new 
+  object created with the same -literal_key.
+* Added documentation confirming that -literal_key must be 
+  accompanied by a -header of 'none' and a manually specificied IV.
+
+-------------------------------------------------------------------

Old:
----
  Crypt-CBC-2.21.tar.bz2

New:
----
  Crypt-CBC-2.22.tar.bz2

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ perl-Crypt-CBC.spec ++++++
--- /var/tmp/diff_new_pack.Z7PzeO/_old	2006-12-12 23:24:14.000000000 +0100
+++ /var/tmp/diff_new_pack.Z7PzeO/_new	2006-12-12 23:24:14.000000000 +0100
@@ -1,5 +1,5 @@
 #
-# spec file for package perl-Crypt-CBC (Version 2.21)
+# spec file for package perl-Crypt-CBC (Version 2.22)
 #
 # Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany.
 # This file and all modifications and additions to the pristine
@@ -13,8 +13,8 @@
 Name:           perl-Crypt-CBC
 URL:            http://cpan.org/modules/by-module/Crypt/
 BuildRequires:  perl-Crypt-Blowfish perl-Crypt-DES
-Version:        2.21
-Release:        2
+Version:        2.22
+Release:        1
 Requires:       perl-Crypt-Blowfish perl-Crypt-DES
 Requires:       perl = %{perl_version}
 Autoreqprov:    on
@@ -55,6 +55,13 @@
 /var/adm/perl-modules/%{name}
 
 %changelog -n perl-Crypt-CBC
+* Tue Dec 12 2006 - anicka@suse.cz
+- update to 2.22
+  * Fixed bug in which plaintext encrypted with the
+  -literal_key option could not be decrypted using a new
+  object created with the same -literal_key.
+  * Added documentation confirming that -literal_key must be
+  accompanied by a -header of 'none' and a manually specificied IV.
 * Thu Oct 19 2006 - anicka@suse.cz
 - update to 2.21
   * Fixed bug in which new() failed to work when first option is

++++++ Crypt-CBC-2.21.tar.bz2 -> Crypt-CBC-2.22.tar.bz2 ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Crypt-CBC-2.21/CBC.pm new/Crypt-CBC-2.22/CBC.pm
--- old/Crypt-CBC-2.21/CBC.pm	2006-10-17 01:26:17.000000000 +0200
+++ new/Crypt-CBC-2.22/CBC.pm	2006-10-29 22:51:44.000000000 +0100
@@ -4,7 +4,7 @@
 use Carp;
 use strict;
 use vars qw($VERSION);
-$VERSION = '2.21';
+$VERSION = '2.22';
 
 use constant RANDOM_DEVICE => '/dev/urandom';
 
@@ -90,8 +90,9 @@
     # But if the literal_key option is true, then use key as is
     croak "The options -literal_key and -regenerate_key are incompatible with each other" 
       if exists $options->{literal_key} && exists $options->{regenerate_key};
-    my $key  =  $pass if $options->{literal_key};
-    $key     = $pass  if exists $options->{regenerate_key} && !$options->{regenerate_key};
+    my $key;
+    $key     = $pass if $options->{literal_key};
+    $key     = $pass if exists $options->{regenerate_key} && !$options->{regenerate_key};
 
     # Get the salt.
     my $salt        = $options->{salt};
@@ -103,6 +104,7 @@
     my $random_iv = 1 unless defined $iv;
     croak "Initialization vector must be exactly $bs bytes long when using the $cipherclass cipher" if defined $iv and length($iv) != $bs;
 
+    my $literal_key = $options->{literal_key} || (exists $options->{regenerate_key} && !$options->{regenerate_key});
     my $legacy_hack = $options->{insecure_legacy_decrypt};
     my $padding     = $options->{padding} || 'standard';
 
@@ -155,6 +157,7 @@
 		  'keysize'     => $ks,
                   'header_mode' => $header_mode,
 		  'legacy_hack' => $legacy_hack,
+                  'literal_key' => $literal_key,
                   'pcbc'        => $pcbc,
 		  'make_random_salt' => $random_salt,
 		  'make_random_iv'   => $random_iv,
@@ -372,6 +375,8 @@
   my $pass  = shift;
   my $ks    = $self->{keysize};
 
+  return $pass if $self->{literal_key};
+
   my $material = md5($pass);
   while (length($material) < $ks)  {
     $material .= md5($material);
@@ -690,7 +695,8 @@
 be at least equal to the cipher's blocksize. To skip this hashing
 operation and specify the key directly, pass a true value to the
 B<-literal_key> option. In this case, you should choose a key of
-length exactly equal to the cipher's key length.
+length exactly equal to the cipher's key length. You should also
+specify the IV yourself and a -header mode of 'none'.
 
 If you pass an existing Crypt::* object to new(), then the -key
 argument is ignored and the module will generate a warning.
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Crypt-CBC-2.21/Changes new/Crypt-CBC-2.22/Changes
--- old/Crypt-CBC-2.21/Changes	2006-10-17 01:26:51.000000000 +0200
+++ new/Crypt-CBC-2.22/Changes	2006-10-29 22:51:38.000000000 +0100
@@ -1,10 +1,18 @@
 Revision history for Perl extension Crypt::CBC.
+2.22	Sun Oct 29 16:50:32 EST 2006
+	- Fixed bug in which plaintext encrypted with the -literal_key
+	option could not be decrypted using a new object created with
+	the same -literal_key.
+ 	- Added documentation confirming that -literal_key must be accompanied by a 
+	-header of 'none' and a manually specificied IV.
+
 2.21	Mon Oct 16 19:26:26 EDT 2006
 	- Fixed bug in which new() failed to work when first option is -literal_key.
 
 2.20	Sat Aug 12 22:30:53 EDT 2006
 	- Added ability to pass a preinitialized Crypt::* block cipher object instead of
 	the class name.
+        - Fixed a bug when processing -literal_key.
 
 2.19    Tue Jul 18 18:39:57 EDT 2006
 	- Renamed Crypt::CBC-2.16-vulnerability.txt so that package installs correctly under
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Crypt-CBC-2.21/META.yml new/Crypt-CBC-2.22/META.yml
--- old/Crypt-CBC-2.21/META.yml	2006-10-17 01:39:10.000000000 +0200
+++ new/Crypt-CBC-2.22/META.yml	2006-10-29 22:54:23.000000000 +0100
@@ -1,7 +1,7 @@
 # http://module-build.sourceforge.net/META-spec.html
 #XXXXXXX This is a prototype!!!  It will change in the future!!! XXXXX#
 name:         Crypt-CBC
-version:      2.21
+version:      2.22
 version_from: CBC.pm
 installdirs:  site
 requires:
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Crypt-CBC-2.21/README.compatibility new/Crypt-CBC-2.22/README.compatibility
--- old/Crypt-CBC-2.21/README.compatibility	2006-06-07 01:15:10.000000000 +0200
+++ new/Crypt-CBC-2.22/README.compatibility	2006-08-25 05:51:35.000000000 +0200
@@ -1,44 +0,0 @@
-Compatibility Notes
--------------------
-
-Crypt::CBC version 2.17 and higher contains changes designed to make
-encrypted messages more secure. In particular, Crypt::CBC now works
-correctly with ciphers that use block sizes greater than 8 bytes,
-which includes Rijndael, the basis for the AES encryption system. It
-also interoperates seamlessly with the OpenSSL library. Unfortunately,
-these changes break compatibility with messages encrypted with
-versions 2.16 and lower.
-
-To successfully decrypt messages encrypted with Crypt::CBC 2.16 and
-lower, follow these steps:
-
-1) Pass Crypt::CBC->new() the option -header=>'randomiv'. Example:
-
- my $cbc = Crypt::CBC->new(-key     => $key,
-                           -cipher  => 'Blowfish',
-			   -header  => 'randomiv');
-
-This tells Crypt::CBC to decrypt messages using the legacy "randomiv"
-style header rather than the default SSL-compatible "salt" style
-header.
-
-2) If the legacy messages were encrypted using Rijndael, also pass
-Crypt::CBC the -insecure_legacy_decrypt=>1 option:
-
- my $cbc = Crypt::CBC->new(-key                     => $key,
-                           -cipher                  => 'Rijndael',
-			   -header                  => 'randomiv',
-                           -insecure_legacy_decrypt => 1 );
-
-
-This tells Crypt::CBC to allow you to decrypt Rijndael messages that
-were incorrectly encrypted by pre-2.17 versions. It is important to
-realize that Rijndael messages encrypted by version 2.16 and lower
-*ARE NOT SECURE*. New versions of Crypt::CBC will refuse to encrypt
-Rijndael messages in a way that is backward compatible with 2.16 and
-lower.
-
-I apologize for any inconvenience this causes.
-
-Lincoln Stein
-Spring 2006
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Crypt-CBC-2.21/t/parameters.t new/Crypt-CBC-2.22/t/parameters.t
--- old/Crypt-CBC-2.21/t/parameters.t	2006-01-10 00:28:39.000000000 +0100
+++ new/Crypt-CBC-2.22/t/parameters.t	2006-10-29 22:50:24.000000000 +0100
@@ -13,7 +13,7 @@
 END
     ;
 
-print "1..61\n";
+print "1..63\n";
 
 eval "use Crypt::CBC";
 test(1,!$@,"Couldn't load module");
@@ -216,6 +216,15 @@
      },
      "module allowed initialization of header_mode 'none' without a key");
 
+$crypt = eval {Crypt::CBC->new(-cipher         => 'Crypt::Crypt8',
+			       -literal_key    => 1,
+			       -header         => 'none',
+			       -key            => 'a'x56,
+			       -iv             => 'b'x8,
+			      ) };
+test(62,defined $crypt,"unable to create a Crypt::CBC object with the -literal_key option: $@");
+test(63,$plaintext eq $crypt->decrypt($crypt->encrypt($plaintext)),'cannot decrypt encrypted data using -literal_key');
+
 exit 0;
 
 sub test ($$$){


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Remember to have fun...

---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org

    

commit perl-Crypt-CBC

root＠suse.de