Hello community, here is the log from the commit of package perl-Crypt-CBC checked in at Tue Dec 12 23:24:19 CET 2006. -------- --- perl-Crypt-CBC/perl-Crypt-CBC.changes 2006-10-19 17:08:29.000000000 +0200 +++ /mounts/work_src_done/STABLE/perl-Crypt-CBC/perl-Crypt-CBC.changes 2006-12-12 13:51:17.000000000 +0100 @@ -1,0 +2,10 @@ +Tue Dec 12 13:07:03 CET 2006 - anicka@suse.cz + +- update to 2.22 +* Fixed bug in which plaintext encrypted with the + -literal_key option could not be decrypted using a new + object created with the same -literal_key. +* Added documentation confirming that -literal_key must be + accompanied by a -header of 'none' and a manually specificied IV. + +------------------------------------------------------------------- Old: ---- Crypt-CBC-2.21.tar.bz2 New: ---- Crypt-CBC-2.22.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ perl-Crypt-CBC.spec ++++++ --- /var/tmp/diff_new_pack.Z7PzeO/_old 2006-12-12 23:24:14.000000000 +0100 +++ /var/tmp/diff_new_pack.Z7PzeO/_new 2006-12-12 23:24:14.000000000 +0100 @@ -1,5 +1,5 @@ # -# spec file for package perl-Crypt-CBC (Version 2.21) +# spec file for package perl-Crypt-CBC (Version 2.22) # # Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine @@ -13,8 +13,8 @@ Name: perl-Crypt-CBC URL: http://cpan.org/modules/by-module/Crypt/ BuildRequires: perl-Crypt-Blowfish perl-Crypt-DES -Version: 2.21 -Release: 2 +Version: 2.22 +Release: 1 Requires: perl-Crypt-Blowfish perl-Crypt-DES Requires: perl = %{perl_version} Autoreqprov: on @@ -55,6 +55,13 @@ /var/adm/perl-modules/%{name} %changelog -n perl-Crypt-CBC +* Tue Dec 12 2006 - anicka@suse.cz +- update to 2.22 + * Fixed bug in which plaintext encrypted with the + -literal_key option could not be decrypted using a new + object created with the same -literal_key. + * Added documentation confirming that -literal_key must be + accompanied by a -header of 'none' and a manually specificied IV. * Thu Oct 19 2006 - anicka@suse.cz - update to 2.21 * Fixed bug in which new() failed to work when first option is ++++++ Crypt-CBC-2.21.tar.bz2 -> Crypt-CBC-2.22.tar.bz2 ++++++ diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Crypt-CBC-2.21/CBC.pm new/Crypt-CBC-2.22/CBC.pm --- old/Crypt-CBC-2.21/CBC.pm 2006-10-17 01:26:17.000000000 +0200 +++ new/Crypt-CBC-2.22/CBC.pm 2006-10-29 22:51:44.000000000 +0100 @@ -4,7 +4,7 @@ use Carp; use strict; use vars qw($VERSION); -$VERSION = '2.21'; +$VERSION = '2.22'; use constant RANDOM_DEVICE => '/dev/urandom'; @@ -90,8 +90,9 @@ # But if the literal_key option is true, then use key as is croak "The options -literal_key and -regenerate_key are incompatible with each other" if exists $options->{literal_key} && exists $options->{regenerate_key}; - my $key = $pass if $options->{literal_key}; - $key = $pass if exists $options->{regenerate_key} && !$options->{regenerate_key}; + my $key; + $key = $pass if $options->{literal_key}; + $key = $pass if exists $options->{regenerate_key} && !$options->{regenerate_key}; # Get the salt. my $salt = $options->{salt}; @@ -103,6 +104,7 @@ my $random_iv = 1 unless defined $iv; croak "Initialization vector must be exactly $bs bytes long when using the $cipherclass cipher" if defined $iv and length($iv) != $bs; + my $literal_key = $options->{literal_key} || (exists $options->{regenerate_key} && !$options->{regenerate_key}); my $legacy_hack = $options->{insecure_legacy_decrypt}; my $padding = $options->{padding} || 'standard'; @@ -155,6 +157,7 @@ 'keysize' => $ks, 'header_mode' => $header_mode, 'legacy_hack' => $legacy_hack, + 'literal_key' => $literal_key, 'pcbc' => $pcbc, 'make_random_salt' => $random_salt, 'make_random_iv' => $random_iv, @@ -372,6 +375,8 @@ my $pass = shift; my $ks = $self->{keysize}; + return $pass if $self->{literal_key}; + my $material = md5($pass); while (length($material) < $ks) { $material .= md5($material); @@ -690,7 +695,8 @@ be at least equal to the cipher's blocksize. To skip this hashing operation and specify the key directly, pass a true value to the B<-literal_key> option. In this case, you should choose a key of -length exactly equal to the cipher's key length. +length exactly equal to the cipher's key length. You should also +specify the IV yourself and a -header mode of 'none'. If you pass an existing Crypt::* object to new(), then the -key argument is ignored and the module will generate a warning. diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Crypt-CBC-2.21/Changes new/Crypt-CBC-2.22/Changes --- old/Crypt-CBC-2.21/Changes 2006-10-17 01:26:51.000000000 +0200 +++ new/Crypt-CBC-2.22/Changes 2006-10-29 22:51:38.000000000 +0100 @@ -1,10 +1,18 @@ Revision history for Perl extension Crypt::CBC. +2.22 Sun Oct 29 16:50:32 EST 2006 + - Fixed bug in which plaintext encrypted with the -literal_key + option could not be decrypted using a new object created with + the same -literal_key. + - Added documentation confirming that -literal_key must be accompanied by a + -header of 'none' and a manually specificied IV. + 2.21 Mon Oct 16 19:26:26 EDT 2006 - Fixed bug in which new() failed to work when first option is -literal_key. 2.20 Sat Aug 12 22:30:53 EDT 2006 - Added ability to pass a preinitialized Crypt::* block cipher object instead of the class name. + - Fixed a bug when processing -literal_key. 2.19 Tue Jul 18 18:39:57 EDT 2006 - Renamed Crypt::CBC-2.16-vulnerability.txt so that package installs correctly under diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Crypt-CBC-2.21/META.yml new/Crypt-CBC-2.22/META.yml --- old/Crypt-CBC-2.21/META.yml 2006-10-17 01:39:10.000000000 +0200 +++ new/Crypt-CBC-2.22/META.yml 2006-10-29 22:54:23.000000000 +0100 @@ -1,7 +1,7 @@ # http://module-build.sourceforge.net/META-spec.html #XXXXXXX This is a prototype!!! It will change in the future!!! XXXXX# name: Crypt-CBC -version: 2.21 +version: 2.22 version_from: CBC.pm installdirs: site requires: diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Crypt-CBC-2.21/README.compatibility new/Crypt-CBC-2.22/README.compatibility --- old/Crypt-CBC-2.21/README.compatibility 2006-06-07 01:15:10.000000000 +0200 +++ new/Crypt-CBC-2.22/README.compatibility 2006-08-25 05:51:35.000000000 +0200 @@ -1,44 +0,0 @@ -Compatibility Notes -------------------- - -Crypt::CBC version 2.17 and higher contains changes designed to make -encrypted messages more secure. In particular, Crypt::CBC now works -correctly with ciphers that use block sizes greater than 8 bytes, -which includes Rijndael, the basis for the AES encryption system. It -also interoperates seamlessly with the OpenSSL library. Unfortunately, -these changes break compatibility with messages encrypted with -versions 2.16 and lower. - -To successfully decrypt messages encrypted with Crypt::CBC 2.16 and -lower, follow these steps: - -1) Pass Crypt::CBC->new() the option -header=>'randomiv'. Example: - - my $cbc = Crypt::CBC->new(-key => $key, - -cipher => 'Blowfish', - -header => 'randomiv'); - -This tells Crypt::CBC to decrypt messages using the legacy "randomiv" -style header rather than the default SSL-compatible "salt" style -header. - -2) If the legacy messages were encrypted using Rijndael, also pass -Crypt::CBC the -insecure_legacy_decrypt=>1 option: - - my $cbc = Crypt::CBC->new(-key => $key, - -cipher => 'Rijndael', - -header => 'randomiv', - -insecure_legacy_decrypt => 1 ); - - -This tells Crypt::CBC to allow you to decrypt Rijndael messages that -were incorrectly encrypted by pre-2.17 versions. It is important to -realize that Rijndael messages encrypted by version 2.16 and lower -*ARE NOT SECURE*. New versions of Crypt::CBC will refuse to encrypt -Rijndael messages in a way that is backward compatible with 2.16 and -lower. - -I apologize for any inconvenience this causes. - -Lincoln Stein -Spring 2006 diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Crypt-CBC-2.21/t/parameters.t new/Crypt-CBC-2.22/t/parameters.t --- old/Crypt-CBC-2.21/t/parameters.t 2006-01-10 00:28:39.000000000 +0100 +++ new/Crypt-CBC-2.22/t/parameters.t 2006-10-29 22:50:24.000000000 +0100 @@ -13,7 +13,7 @@ END ; -print "1..61\n"; +print "1..63\n"; eval "use Crypt::CBC"; test(1,!$@,"Couldn't load module"); @@ -216,6 +216,15 @@ }, "module allowed initialization of header_mode 'none' without a key"); +$crypt = eval {Crypt::CBC->new(-cipher => 'Crypt::Crypt8', + -literal_key => 1, + -header => 'none', + -key => 'a'x56, + -iv => 'b'x8, + ) }; +test(62,defined $crypt,"unable to create a Crypt::CBC object with the -literal_key option: $@"); +test(63,$plaintext eq $crypt->decrypt($crypt->encrypt($plaintext)),'cannot decrypt encrypted data using -literal_key'); + exit 0; sub test ($$$){ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org
participants (1)
-
root@suse.de