New Upstream Snapshot - libcrypt-openssl-rsa-perl

Ready changes

Summary

Merged new upstream version: 0.2903+git20220708.1.01fe9b7 (was: 0.33).

Resulting package

Built on 2022-09-10T21:56 (took 6m57s)

The resulting binary packages can be installed (if you have the apt repository enabled) by running one of:

apt install -t fresh-snapshots libcrypt-openssl-rsa-perl-dbgsymapt install -t fresh-snapshots libcrypt-openssl-rsa-perl

Lintian Result

Diff

diff --git a/META.json b/META.json
index 611028e..9e049a4 100644
--- a/META.json
+++ b/META.json
@@ -4,7 +4,7 @@
       "Ian Robertson <iroberts@cpan.org>"
    ],
    "dynamic_config" : 1,
-   "generated_by" : "ExtUtils::MakeMaker version 7.44, CPAN::Meta::Converter version 2.150010",
+   "generated_by" : "ExtUtils::MakeMaker version 7.62, CPAN::Meta::Converter version 2.150010",
    "license" : [
       "perl_5"
    ],
@@ -57,5 +57,5 @@
       }
    },
    "version" : "0.33",
-   "x_serialization_backend" : "JSON::PP version 4.04"
+   "x_serialization_backend" : "JSON::PP version 4.06"
 }
diff --git a/META.yml b/META.yml
index 1ce5810..62ce4b0 100644
--- a/META.yml
+++ b/META.yml
@@ -9,7 +9,7 @@ configure_requires:
   Crypt::OpenSSL::Guess: '0.11'
   ExtUtils::MakeMaker: '0'
 dynamic_config: 1
-generated_by: 'ExtUtils::MakeMaker version 7.44, CPAN::Meta::Converter version 2.150010'
+generated_by: 'ExtUtils::MakeMaker version 7.62, CPAN::Meta::Converter version 2.150010'
 license: perl
 meta-spec:
   url: http://module-build.sourceforge.net/META-spec-v1.4.html
diff --git a/README b/README
index c7d4bb7..4fe1a46 100644
--- a/README
+++ b/README
@@ -10,7 +10,6 @@ SYNOPSIS
       Crypt::OpenSSL::Random::random_seed($good_entropy);
       Crypt::OpenSSL::RSA->import_random_seed();
       $rsa_pub = Crypt::OpenSSL::RSA->new_public_key($key_string);
-      $rsa_pub->use_sslv23_padding(); # use_pkcs1_oaep_padding is the default
       $ciphertext = $rsa->encrypt($plaintext);
 
       $rsa_priv = Crypt::OpenSSL::RSA->new_private_key($key_string);
@@ -25,7 +24,7 @@ SYNOPSIS
       print "public key (in X509 format) is:\n",
             $rsa->get_public_key_x509_string();
 
-      $rsa_priv->use_md5_hash(); # use_sha1_hash is the default
+      $rsa_priv->use_md5_hash(); # insecure. use_sha256_hash or use_sha1_hash are the default
       $signature = $rsa_priv->sign($plaintext);
       print "Signed correctly\n" if ($rsa->verify($plaintext, $signature));
 
@@ -56,26 +55,32 @@ Class Methods
         "-----BEGIN...-----" and "-----END...-----" lines. The padding is
         set to PKCS1_OAEP, but can be changed with "use_xxx_padding".
 
+        An optional parameter can be passed for passphase protected private
+        key:
+
+        passphase
+            The passphase which protects the private key.
+
     generate_key
         Create a new "Crypt::OpenSSL::RSA" object by constructing a
         private/public key pair. The first (mandatory) argument is the key
         size, while the second optional argument specifies the public
         exponent (the default public exponent is 65537). The padding is set
-        to PKCS1_OAEP, but can be changed with "use_xxx_padding" methods.
+        to "PKCS1_OAEP", but can be changed with use_xxx_padding methods.
 
     new_key_from_parameters
-        Given "Crypt::OpenSSL::Bignum" objects for "n", "e", and optionally
-        "d", "p", and "q", where "p" and "q" are the prime factors of "n",
-        "e" is the public exponent and "d" is the private exponent, create a
-        new "Crypt::OpenSSL::RSA" object using these values. If "p" and "q"
-        are provided and "d" is "undef", "d" is computed. Note that while
-        "p" and "q" are not necessary for a private key, their presence will
-        speed up computation.
+        Given Crypt::OpenSSL::Bignum objects for n, e, and optionally d, p,
+        and q, where p and q are the prime factors of n, e is the public
+        exponent and d is the private exponent, create a new
+        Crypt::OpenSSL::RSA object using these values. If p and q are
+        provided and d is undef, d is computed. Note that while p and q are
+        not necessary for a private key, their presence will speed up
+        computation.
 
     import_random_seed
-        Import a random seed from "Crypt::OpenSSL::Random", since the
-        OpenSSL libraries won't allow sharing of random structures across
-        perl XS modules.
+        Import a random seed from Crypt::OpenSSL::Random, since the OpenSSL
+        libraries won't allow sharing of random structures across perl XS
+        modules.
 
 Instance Methods
     DESTROY
@@ -106,6 +111,16 @@ Instance Methods
           -----BEGIN RSA PRIVATE KEY------
           -----END RSA PRIVATE KEY------
 
+        2 optional parameters can be passed for passphase protected private
+        key string:
+
+        passphase
+            The passphase which protects the private key.
+
+        cipher name
+            The cipher algorithm used to protect the private key. Default to
+            'des3'.
+
     encrypt
         Encrypt a binary "string" using the public (portion of the) key.
 
@@ -135,31 +150,42 @@ Instance Methods
         mode of padding.
 
     use_pkcs1_oaep_padding
-        Use EME-OAEP padding as defined in PKCS #1 v2.0 with SHA-1, MGF1 and
-        an empty encoding parameter. This mode of padding is recommended for
-        all new applications. It is the default mode used by
+        Use "EME-OAEP" padding as defined in PKCS #1 v2.0 with SHA-1, MGF1
+        and an empty encoding parameter. This mode of padding is recommended
+        for all new applications. It is the default mode used by
         "Crypt::OpenSSL::RSA".
 
     use_sslv23_padding
-        Use PKCS #1 v1.5 padding with an SSL-specific modification that
+        Use "PKCS #1 v1.5" padding with an SSL-specific modification that
         denotes that the server is SSL3 capable.
 
+        Not available since OpenSSL 3.
+
     use_md5_hash
         Use the RFC 1321 MD5 hashing algorithm by Ron Rivest when signing
         and verifying messages.
 
+        Note that this is considered insecure.
+
     use_sha1_hash
         Use the RFC 3174 Secure Hashing Algorithm (FIPS 180-1) when signing
-        and verifying messages. This is the default.
+        and verifying messages. This is the default, when use_sha256_hash is
+        not available.
 
     use_sha224_hash, use_sha256_hash, use_sha384_hash, use_sha512_hash
         These FIPS 180-2 hash algorithms, for use when signing and verifying
         messages, are only available with newer openssl versions (>= 0.9.8).
 
+        use_sha256_hash is the default hash mode when available.
+
     use_ripemd160_hash
         Dobbertin, Bosselaers and Preneel's RIPEMD hashing algorithm when
         signing and verifying messages.
 
+    use_whirlpool_hash
+        Vincent Rijmen und Paulo S. L. M. Barreto ISO/IEC 10118-3:2004
+        WHIRLPOOL hashing algorithm when signing and verifying messages.
+
     size
         Returns the size, in bytes, of the key. All encrypted text will be
         of this size, and depending on the padding mode used, the length of
@@ -207,7 +233,11 @@ LICENSE
     as Perl itself.
 
 SEE ALSO
-    perl(1), Crypt::OpenSSL::Random(3), Crypt::OpenSSL::Bignum(3), rsa(3),
-    RSA_new(3), RSA_public_encrypt(3), RSA_size(3), RSA_generate_key(3),
-    RSA_check_key(3)
+    perl(1), Crypt::OpenSSL::Random, Crypt::OpenSSL::Bignum, rsa(3),
+    RSA_new(3) <http://man.he.net/?topic=RSA_new&section=3>,
+    RSA_public_encrypt(3)
+    <http://man.he.net/?topic=RSA_public_encrypt&section=3>, RSA_size(3)
+    <http://man.he.net/?topic=RSA_size&section=3>, RSA_generate_key(3)
+    <http://man.he.net/?topic=RSA_generate_key&section=3>, RSA_check_key(3)
+    <http://man.he.net/?topic=RSA_check_key&section=3>
 
diff --git a/README.md b/README.md
index ffb7872..d0f37a8 100644
--- a/README.md
+++ b/README.md
@@ -13,7 +13,6 @@ Crypt::OpenSSL::RSA - RSA encoding and decoding, using the openSSL libraries
     Crypt::OpenSSL::Random::random_seed($good_entropy);
     Crypt::OpenSSL::RSA->import_random_seed();
     $rsa_pub = Crypt::OpenSSL::RSA->new_public_key($key_string);
-    $rsa_pub->use_sslv23_padding(); # use_pkcs1_oaep_padding is the default
     $ciphertext = $rsa->encrypt($plaintext);
 
     $rsa_priv = Crypt::OpenSSL::RSA->new_private_key($key_string);
@@ -28,7 +27,7 @@ Crypt::OpenSSL::RSA - RSA encoding and decoding, using the openSSL libraries
     print "public key (in X509 format) is:\n",
           $rsa->get_public_key_x509_string();
 
-    $rsa_priv->use_md5_hash(); # use_sha1_hash is the default
+    $rsa_priv->use_md5_hash(); # insecure. use_sha256_hash or use_sha1_hash are the default
     $signature = $rsa_priv->sign($plaintext);
     print "Signed correctly\n" if ($rsa->verify($plaintext, $signature));
 
@@ -63,27 +62,33 @@ this (never documented) behavior is no longer the case.
     `-----BEGIN...-----` and `-----END...-----` lines.  The padding is set to
     PKCS1\_OAEP, but can be changed with `use_xxx_padding`.
 
+    An optional parameter can be passed for passphase protected private key:
+
+    - passphase
+
+        The passphase which protects the private key.
+
 - generate\_key
 
     Create a new `Crypt::OpenSSL::RSA` object by constructing a
     private/public key pair.  The first (mandatory) argument is the key
     size, while the second optional argument specifies the public exponent
     (the default public exponent is 65537).  The padding is set to
-    PKCS1\_OAEP, but can be changed with `use_xxx_padding` methods.
+    `PKCS1_OAEP`, but can be changed with use\_xxx\_padding methods.
 
 - new\_key\_from\_parameters
 
-    Given `Crypt::OpenSSL::Bignum` objects for `n`, `e`, and optionally `d`,
-    `p`, and `q`, where `p` and `q` are the prime factors of `n`, `e` is
-    the public exponent and `d` is the private exponent, create a new
-    `Crypt::OpenSSL::RSA` object using these values.  If `p` and `q` are
-    provided and `d` is `undef`, `d` is computed.  Note that while `p` and
-    `q` are not necessary for a private key, their presence will speed up
+    Given [Crypt::OpenSSL::Bignum](https://metacpan.org/pod/Crypt%3A%3AOpenSSL%3A%3ABignum) objects for n, e, and optionally d, p,
+    and q, where p and q are the prime factors of n, e is the public
+    exponent and d is the private exponent, create a new
+    Crypt::OpenSSL::RSA object using these values.  If p and q are
+    provided and d is undef, d is computed.  Note that while p and q are
+    not necessary for a private key, their presence will speed up
     computation.
 
 - import\_random\_seed
 
-    Import a random seed from `Crypt::OpenSSL::Random`, since the OpenSSL
+    Import a random seed from [Crypt::OpenSSL::Random](https://metacpan.org/pod/Crypt%3A%3AOpenSSL%3A%3ARandom), since the OpenSSL
     libraries won't allow sharing of random structures across perl XS
     modules.
 
@@ -123,6 +128,18 @@ this (never documented) behavior is no longer the case.
         -----BEGIN RSA PRIVATE KEY------
         -----END RSA PRIVATE KEY------
 
+    2 optional parameters can be passed for passphase protected private key
+    string:
+
+    - passphase
+
+        The passphase which protects the private key.
+
+    - cipher name
+
+        The cipher algorithm used to protect the private key. Default to
+        'des3'.
+
 - encrypt
 
     Encrypt a binary "string" using the public (portion of the) key.
@@ -161,36 +178,48 @@ this (never documented) behavior is no longer the case.
 
 - use\_pkcs1\_oaep\_padding
 
-    Use EME-OAEP padding as defined in PKCS #1 v2.0 with SHA-1, MGF1 and
+    Use `EME-OAEP` padding as defined in PKCS #1 v2.0 with SHA-1, MGF1 and
     an empty encoding parameter. This mode of padding is recommended for
     all new applications.  It is the default mode used by
     `Crypt::OpenSSL::RSA`.
 
 - use\_sslv23\_padding
 
-    Use PKCS #1 v1.5 padding with an SSL-specific modification that
+    Use `PKCS #1 v1.5` padding with an SSL-specific modification that
     denotes that the server is SSL3 capable.
 
+    Not available since OpenSSL 3.
+
 - use\_md5\_hash
 
     Use the RFC 1321 MD5 hashing algorithm by Ron Rivest when signing and
     verifying messages.
 
+    Note that this is considered **insecure**.
+
 - use\_sha1\_hash
 
     Use the RFC 3174 Secure Hashing Algorithm (FIPS 180-1) when signing
-    and verifying messages. This is the default.
+    and verifying messages. This is the default, when use\_sha256\_hash is
+    not available.
 
 - use\_sha224\_hash, use\_sha256\_hash, use\_sha384\_hash, use\_sha512\_hash
 
     These FIPS 180-2 hash algorithms, for use when signing and verifying
     messages, are only available with newer openssl versions (>= 0.9.8).
 
+    use\_sha256\_hash is the default hash mode when available.
+
 - use\_ripemd160\_hash
 
     Dobbertin, Bosselaers and Preneel's RIPEMD hashing algorithm when
     signing and verifying messages.
 
+- use\_whirlpool\_hash
+
+    Vincent Rijmen und Paulo S. L. M. Barreto ISO/IEC 10118-3:2004
+    WHIRLPOOL hashing algorithm when signing and verifying messages.
+
 - size
 
     Returns the size, in bytes, of the key.  All encrypted text will be of
@@ -246,6 +275,9 @@ terms as Perl itself.
 
 # SEE ALSO
 
-[perl(1)](http://man.he.net/man1/perl), [Crypt::OpenSSL::Random(3)](http://man.he.net/man3/Crypt::OpenSSL::Random), [Crypt::OpenSSL::Bignum(3)](http://man.he.net/man3/Crypt::OpenSSL::Bignum),
-[rsa(3)](http://man.he.net/man3/rsa), [RSA\_new(3)](http://man.he.net/man3/RSA_new), [RSA\_public\_encrypt(3)](http://man.he.net/man3/RSA_public_encrypt), [RSA\_size(3)](http://man.he.net/man3/RSA_size),
-[RSA\_generate\_key(3)](http://man.he.net/man3/RSA_generate_key), [RSA\_check\_key(3)](http://man.he.net/man3/RSA_check_key)
+[perl(1)](http://man.he.net/man1/perl), [Crypt::OpenSSL::Random](https://metacpan.org/pod/Crypt%3A%3AOpenSSL%3A%3ARandom), [Crypt::OpenSSL::Bignum](https://metacpan.org/pod/Crypt%3A%3AOpenSSL%3A%3ABignum),
+[rsa(3)](http://man.he.net/man3/rsa), [RSA\_new(3)](http://man.he.net/?topic=RSA_new&section=3),
+[RSA\_public\_encrypt(3)](http://man.he.net/?topic=RSA_public_encrypt&section=3),
+[RSA\_size(3)](http://man.he.net/?topic=RSA_size&section=3),
+[RSA\_generate\_key(3)](http://man.he.net/?topic=RSA_generate_key&section=3),
+[RSA\_check\_key(3)](http://man.he.net/?topic=RSA_check_key&section=3)
diff --git a/debian/changelog b/debian/changelog
index e9b1dcf..d5964b0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+libcrypt-openssl-rsa-perl (0.2903+git20220708.1.01fe9b7-1) UNRELEASED; urgency=low
+
+  * New upstream snapshot.
+
+ -- Debian Janitor <janitor@jelmer.uk>  Sat, 10 Sep 2022 21:49:46 -0000
+
 libcrypt-openssl-rsa-perl (0.33-3) unstable; urgency=medium
 
   * Team upload.
diff --git a/debian/patches/Makefile.PL-no-ssl-in-LIBS.patch b/debian/patches/Makefile.PL-no-ssl-in-LIBS.patch
index c6ac651..bdb63ec 100644
--- a/debian/patches/Makefile.PL-no-ssl-in-LIBS.patch
+++ b/debian/patches/Makefile.PL-no-ssl-in-LIBS.patch
@@ -5,9 +5,11 @@ Author: Damyan Ivanov <dmn@debian.org>
 Reviewed-by: gregor herrmann <gregoa@debian.org>
 Last-Update: 2022-09-10
 
---- a/Makefile.PL
-+++ b/Makefile.PL
-@@ -22,7 +22,7 @@
+Index: libcrypt-openssl-rsa-perl/Makefile.PL
+===================================================================
+--- libcrypt-openssl-rsa-perl.orig/Makefile.PL
++++ libcrypt-openssl-rsa-perl/Makefile.PL
+@@ -22,7 +22,7 @@ WriteMakefile(
          'Test::More'             => 0,
      },
      'OBJECT' => 'RSA.o',

Debdiff

File lists identical (after any substitutions)

No differences were encountered between the control files of package libcrypt-openssl-rsa-perl

No differences were encountered between the control files of package libcrypt-openssl-rsa-perl-dbgsym

More details

Full run details