diff -Nru libnet-ssleay-perl-1.78/Changes libnet-ssleay-perl-1.80/Changes --- libnet-ssleay-perl-1.78/Changes 2016-08-12 23:49:26.000000000 +0000 +++ libnet-ssleay-perl-1.80/Changes 2017-01-04 21:38:18.000000000 +0000 @@ -1,5 +1,24 @@ Revision history for Perl extension Net::SSLeay. +1.80 2017-01-05 + Patch from Steffen Ulrich that fixed unexpected changes in the + control flow of the Perl program which seemed to be triggered by the + ticket key callback. Thanks Steffen. +1.79 2017-01-03 + Patch to fix a few inline variable declarations that cause errors for + older compilers. From Andy Grundman. Thanks. + Patch: Generated C code is not compatible with MSVC, AIX cc, + probably others. Added some PREINIT blocks and replaced 2 cases of INIT with + PREINIT. From Andy Grundman. Thanks. + Patch to fix: Fails to compile if the OpenSSL library it's built + against has compression support compiled out. From Stephan + Wall. Thanks. + Added RSA_get_key_parameters() to return a list of pointers to RSA key + internals. + Patch to fix some documentation typos courtesy gregor herrmann. + RSA_get_key_parameters() is now only available prior OpenSSL 1.1. + Testing with openssl-1.1.0b. + 1.78 2016-08-13 Fixed broken OCSP code and tests. Broken since 1.75. Patched by Steffen Ullrich. Thanks. diff -Nru libnet-ssleay-perl-1.78/debian/changelog libnet-ssleay-perl-1.80/debian/changelog --- libnet-ssleay-perl-1.78/debian/changelog 2017-01-02 19:37:01.000000000 +0000 +++ libnet-ssleay-perl-1.80/debian/changelog 2017-01-10 05:35:36.000000000 +0000 @@ -1,3 +1,10 @@ +libnet-ssleay-perl (1.80-1) unstable; urgency=medium + + * Team upload. + * Import upstream version 1.80 + + -- Salvatore Bonaccorso Tue, 10 Jan 2017 06:35:36 +0100 + libnet-ssleay-perl (1.78-2) unstable; urgency=medium * Team upload. diff -Nru libnet-ssleay-perl-1.78/debian/patches/0001-fix-typo-in-manpage.patch libnet-ssleay-perl-1.80/debian/patches/0001-fix-typo-in-manpage.patch --- libnet-ssleay-perl-1.78/debian/patches/0001-fix-typo-in-manpage.patch 2017-01-01 12:23:38.000000000 +0000 +++ libnet-ssleay-perl-1.80/debian/patches/0001-fix-typo-in-manpage.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,65 +0,0 @@ -Description: Fix typo in manpage -Author: Lucas Kanashiro -Reviewed-by: gregor herrmann -Last-Update: 2016-10-31 -Forwarded: https://rt.cpan.org/Ticket/Display.html?id=118565 -Bug: https://rt.cpan.org/Ticket/Display.html?id=118565 - ---- a/lib/Net/SSLeay.pod -+++ b/lib/Net/SSLeay.pod -@@ -493,7 +493,7 @@ - die "certificate is not valid: $@"; - } - -- # But in array context it will return detailled information about each given -+ # But in array context it will return detailed information about each given - # OCSP_CERTID instead croaking on errors: - # if no @ids are given it will return information about all single responses - # in the OCSP_RESPONSE -@@ -626,7 +626,7 @@ - =head3 Using callbacks - - Do not use callbacks across threads (the module blocks cross-thread callback operations --and throws a warning). Allways do the callback setup, callback use and callback destruction -+and throws a warning). Always do the callback setup, callback use and callback destruction - within the same thread. - - =head3 Using openssl elements -@@ -3114,7 +3114,7 @@ - my $rv = Net::SSLeay::accept($ssl); - # $ssl - value corresponding to openssl's SSL structure - # -- # returns: 1 = success, 0 = handshake not successfull, <0 = fatal error during handshake -+ # returns: 1 = success, 0 = handshake not successful, <0 = fatal error during handshake - - Check openssl doc L - -@@ -3174,7 +3174,7 @@ - my $rv = Net::SSLeay::connect($ssl); - # $ssl - value corresponding to openssl's SSL structure - # -- # returns: 1 = success, 0 = handshake not successfull, <0 = fatal error during handshake -+ # returns: 1 = success, 0 = handshake not successful, <0 = fatal error during handshake - - Check openssl doc L - -@@ -3215,7 +3215,7 @@ - my $rv = Net::SSLeay::do_handshake($ssl); - # $ssl - value corresponding to openssl's SSL structure - # -- # returns: 1 = success, 0 = handshake not successfull, <0 = fatal error during handshake -+ # returns: 1 = success, 0 = handshake not successful, <0 = fatal error during handshake - - Check openssl doc L - ---- a/lib/Net/SSLeay/Handle.pm -+++ b/lib/Net/SSLeay/Handle.pm -@@ -187,7 +187,7 @@ - my $debug = Net::SSLeay::Handle->debug() - Net::SSLeay::Handle->debug(1) - --Get/set debuging mode. Always returns the debug value before the function call. -+Get/set debugging mode. Always returns the debug value before the function call. - if an additional argument is given the debug option will be set to this value. - - =cut diff -Nru libnet-ssleay-perl-1.78/debian/patches/series libnet-ssleay-perl-1.80/debian/patches/series --- libnet-ssleay-perl-1.78/debian/patches/series 2016-06-03 11:55:33.000000000 +0000 +++ libnet-ssleay-perl-1.80/debian/patches/series 2017-01-10 05:35:36.000000000 +0000 @@ -1,2 +1 @@ -0001-fix-typo-in-manpage.patch 20no-stray-libz-link.patch diff -Nru libnet-ssleay-perl-1.78/lib/Net/SSLeay/Handle.pm libnet-ssleay-perl-1.80/lib/Net/SSLeay/Handle.pm --- libnet-ssleay-perl-1.78/lib/Net/SSLeay/Handle.pm 2006-09-14 22:56:45.000000000 +0000 +++ libnet-ssleay-perl-1.80/lib/Net/SSLeay/Handle.pm 2016-10-31 00:27:21.000000000 +0000 @@ -187,7 +187,7 @@ my $debug = Net::SSLeay::Handle->debug() Net::SSLeay::Handle->debug(1) -Get/set debuging mode. Always returns the debug value before the function call. +Get/set debugging mode. Always returns the debug value before the function call. if an additional argument is given the debug option will be set to this value. =cut diff -Nru libnet-ssleay-perl-1.78/lib/Net/SSLeay.pm libnet-ssleay-perl-1.80/lib/Net/SSLeay.pm --- libnet-ssleay-perl-1.78/lib/Net/SSLeay.pm 2016-08-12 23:53:46.000000000 +0000 +++ libnet-ssleay-perl-1.80/lib/Net/SSLeay.pm 2017-01-04 21:39:39.000000000 +0000 @@ -4,7 +4,7 @@ # Copyright (C) 2005 Florian Ragwitz , All Rights Reserved. # Copyright (C) 2005 Mike McCauley , All Rights Reserved. # -# $Id: SSLeay.pm 478 2016-08-12 23:53:46Z mikem-guest $ +# $Id: SSLeay.pm 483 2017-01-03 07:55:54Z mikem-guest $ # # Change data removed from here. See Changes # The distribution and use of this module are subject to the conditions @@ -63,7 +63,7 @@ $Net::SSLeay::random_device = '/dev/urandom'; $Net::SSLeay::how_random = 512; -$VERSION = '1.78'; # Dont forget to set version in META.yml too +$VERSION = '1.80'; # Dont forget to set version in META.yml too @ISA = qw(Exporter); #BEWARE: diff -Nru libnet-ssleay-perl-1.78/lib/Net/SSLeay.pod libnet-ssleay-perl-1.80/lib/Net/SSLeay.pod --- libnet-ssleay-perl-1.78/lib/Net/SSLeay.pod 2016-07-15 06:28:13.000000000 +0000 +++ libnet-ssleay-perl-1.80/lib/Net/SSLeay.pod 2016-10-31 00:27:16.000000000 +0000 @@ -493,7 +493,7 @@ die "certificate is not valid: $@"; } - # But in array context it will return detailled information about each given + # But in array context it will return detailed information about each given # OCSP_CERTID instead croaking on errors: # if no @ids are given it will return information about all single responses # in the OCSP_RESPONSE @@ -626,7 +626,7 @@ =head3 Using callbacks Do not use callbacks across threads (the module blocks cross-thread callback operations -and throws a warning). Allways do the callback setup, callback use and callback destruction +and throws a warning). Always do the callback setup, callback use and callback destruction within the same thread. =head3 Using openssl elements @@ -3114,7 +3114,7 @@ my $rv = Net::SSLeay::accept($ssl); # $ssl - value corresponding to openssl's SSL structure # - # returns: 1 = success, 0 = handshake not successfull, <0 = fatal error during handshake + # returns: 1 = success, 0 = handshake not successful, <0 = fatal error during handshake Check openssl doc L @@ -3174,7 +3174,7 @@ my $rv = Net::SSLeay::connect($ssl); # $ssl - value corresponding to openssl's SSL structure # - # returns: 1 = success, 0 = handshake not successfull, <0 = fatal error during handshake + # returns: 1 = success, 0 = handshake not successful, <0 = fatal error during handshake Check openssl doc L @@ -3215,7 +3215,7 @@ my $rv = Net::SSLeay::do_handshake($ssl); # $ssl - value corresponding to openssl's SSL structure # - # returns: 1 = success, 0 = handshake not successfull, <0 = fatal error during handshake + # returns: 1 = success, 0 = handshake not successful, <0 = fatal error during handshake Check openssl doc L @@ -7422,6 +7422,15 @@ Check openssl doc L +=item * RSA_get_key_parameters + +Returns a list of pointers to BIGNUMs representing the parameters of the key in +this order: +(n, e, d, p, q, dmp1, dmq1, iqmp) +Caution: returned list consists of SV pointers to BIGNUMs, which would need to be blessed as Crypt::OpenSSL::Bignum for further use + +my (@params) = RSA_get_key_parameters($r); + =back =head3 Low level API: BIO_* related functions diff -Nru libnet-ssleay-perl-1.78/META.yml libnet-ssleay-perl-1.80/META.yml --- libnet-ssleay-perl-1.78/META.yml 2016-08-12 23:53:52.000000000 +0000 +++ libnet-ssleay-perl-1.80/META.yml 2017-01-04 21:39:58.000000000 +0000 @@ -29,4 +29,4 @@ bugtracker: https://rt.cpan.org/Public/Dist/Display.html?Name=net-ssleay license: http://dev.perl.org/licenses/ repository: http://svn.debian.org/wsvn/net-ssleay -version: '1.78' +version: '1.80' diff -Nru libnet-ssleay-perl-1.78/SSLeay.xs libnet-ssleay-perl-1.80/SSLeay.xs --- libnet-ssleay-perl-1.78/SSLeay.xs 2016-08-12 23:53:46.000000000 +0000 +++ libnet-ssleay-perl-1.80/SSLeay.xs 2017-01-04 21:39:08.000000000 +0000 @@ -8,7 +8,7 @@ * * Change data removed. See Changes * - * $Id: SSLeay.xs 478 2016-08-12 23:53:46Z mikem-guest $ + * $Id: SSLeay.xs 484 2017-01-04 21:39:08Z mikem-guest $ * * The distribution and use of this module are subject to the conditions * listed in LICENSE file at the root of the Net-SSLeay @@ -166,7 +166,9 @@ #include #include #include +#ifndef OPENSSL_NO_COMP #include /* openssl-0.9.6a forgets to include this */ +#endif #ifndef OPENSSL_NO_MD2 #include #endif @@ -1256,12 +1258,11 @@ ){ dSP; - int count; + int count,usable_rv_count; SV *cb_func, *cb_data; - SV *sv_name, *sv_key; STRLEN svlen; - unsigned char *key; /* key[0..15] aes, key[16..32] hmac */ - unsigned char *name; + unsigned char key[32]; /* key[0..15] aes, key[16..32] hmac */ + unsigned char name[16]; SSL_CTX *ctx = SSL_get_SSL_CTX(ssl); PR1("STARTED: tlsext_ticket_key_cb_invoke\n"); @@ -1274,6 +1275,7 @@ ENTER; SAVETMPS; PUSHMARK(SP); + XPUSHs(sv_2mortal(newSVsv(cb_data))); if (!enc) { @@ -1283,47 +1285,64 @@ /* call as getkey(data) -> (key,current_name) */ } - PUTBACK; + count = call_sv( cb_func, G_ARRAY ); SPAGAIN; - if (count>0) sv_name = POPs; - if (count>1) sv_key = POPs; - if (!enc && ( !count || !SvOK(sv_key) )) { + if (count>2) + croak("too much return values - only (name,key) should be returned"); + + usable_rv_count = 0; + if (count>0) { + SV *sname = POPs; + if (SvOK(sname)) { + unsigned char *pname = SvPV(sname,svlen); + if (svlen > 16) + croak("name must be at at most 16 bytes, got %d",svlen); + if (svlen == 0) + croak("name should not be empty"); + memset(name, 0, 16); + memcpy(name,pname,svlen); + usable_rv_count++; + } + } + if (count>1) { + SV *skey = POPs; + if (SvOK(skey)) { + unsigned char *pkey = SvPV(skey,svlen); + if (svlen != 32) + croak("key must be exactly 32 random bytes, got %d",svlen); + memcpy(key,pkey,32); + usable_rv_count++; + } + } + + PUTBACK; + FREETMPS; + LEAVE; + + if (!enc && usable_rv_count == 0) { TRACE(2,"no key returned for ticket"); return 0; } - - if (count != 2) + if (usable_rv_count != 2) croak("key functions needs to return (key,name)"); - key = SvPV(sv_key,svlen); - if (svlen < 32) - croak("key must be at least 32 random bytes, got %d",svlen); - name = SvPV(sv_name,svlen); - if (svlen != 16) - croak("name should be exactly 16 characters, got %d",svlen); - if (svlen == 0) - croak("name should not be empty"); if (enc) { /* encrypt ticket information with given key */ RAND_bytes(iv, 16); EVP_EncryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, key, iv); HMAC_Init_ex(hctx,key+16,16,EVP_sha256(),NULL); - memset(key_name, 0, 16); - memcpy(key_name,name,svlen); + memcpy(key_name,name,16); return 1; - } else { - unsigned char new_name[16]; - memset(new_name, 0, sizeof(new_name)); - memcpy(new_name,name,svlen); + } else { HMAC_Init_ex(hctx,key+16,16,EVP_sha256(),NULL); EVP_DecryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, key, iv); - if (memcmp(new_name,key_name,16) == 0) + if (memcmp(name,key_name,16) == 0) return 1; /* current key was used */ else return 2; /* different key was used, need to be renewed */ @@ -1440,6 +1459,13 @@ return issuer; } +SV* bn2sv(BIGNUM* p_bn) +{ + return p_bn != NULL + ? sv_2mortal(newSViv((IV) BN_dup(p_bn))) + : &PL_sv_undef; +} + /* ============= end of helper functions ============== */ MODULE = Net::SSLeay PACKAGE = Net::SSLeay PREFIX = SSL_ @@ -4146,11 +4172,15 @@ #endif +#ifndef OPENSSL_NO_COMP + int SSL_COMP_add_compression_method(id,cm) int id COMP_METHOD * cm +#endif + int SSL_CTX_add_client_CA(ctx,x) SSL_CTX * ctx @@ -4959,6 +4989,26 @@ #endif +#if OPENSSL_VERSION_NUMBER < 0x10100000L + +void +RSA_get_key_parameters(rsa) + RSA * rsa +PPCODE: +{ + /* Caution: returned list consists of SV pointers to BIGNUMs, which would need to be blessed as Crypt::OpenSSL::Bignum for further use */ + XPUSHs(bn2sv(rsa->n)); + XPUSHs(bn2sv(rsa->e)); + XPUSHs(bn2sv(rsa->d)); + XPUSHs(bn2sv(rsa->p)); + XPUSHs(bn2sv(rsa->q)); + XPUSHs(bn2sv(rsa->dmp1)); + XPUSHs(bn2sv(rsa->dmq1)); + XPUSHs(bn2sv(rsa->iqmp)); +} + +#endif + void RSA_free(r) RSA * r @@ -6043,6 +6093,8 @@ OCSP_SINGLERESP *sir = NULL; OCSP_CERTID *certid = NULL; SV *idsv = NULL; + int first, status, revocationReason; + ASN1_GENERALIZEDTIME *revocationTime, *thisupdate, *nextupdate; if(getall) { sir = OCSP_resp_get0(bsr,i); @@ -6057,13 +6109,11 @@ error = "failed to get OCSP certid from string"; goto end; } - int first = OCSP_resp_find(bsr, certid, -1); /* Find the first matching */ + first = OCSP_resp_find(bsr, certid, -1); /* Find the first matching */ if (first >= 0) sir = OCSP_resp_get0(bsr,first); } - int status, revocationReason; - ASN1_GENERALIZEDTIME *revocationTime, *thisupdate, *nextupdate; if (sir) { #if OPENSSL_VERSION_NUMBER >= 0x10100000L diff -Nru libnet-ssleay-perl-1.78/t/local/33_x509_create_cert.t libnet-ssleay-perl-1.80/t/local/33_x509_create_cert.t --- libnet-ssleay-perl-1.78/t/local/33_x509_create_cert.t 2015-12-15 21:19:52.000000000 +0000 +++ libnet-ssleay-perl-1.80/t/local/33_x509_create_cert.t 2016-11-01 21:46:12.000000000 +0000 @@ -32,6 +32,10 @@ ok(my $rsa = Net::SSLeay::RSA_generate_key(2048, &Net::SSLeay::RSA_F4), "RSA_generate_key"); ok(Net::SSLeay::EVP_PKEY_assign_RSA($pk,$rsa), "EVP_PKEY_assign_RSA"); +# ONly in pre 1.1: +# my @params = Net::SSLeay::RSA_get_key_parameters($rsa); +# ok(@params == 8, "RSA_get_key_parameters"); + ok(my $x509 = Net::SSLeay::X509_new(), "X509_new"); ok(Net::SSLeay::X509_set_pubkey($x509,$pk), "X509_set_pubkey"); ok(my $name = Net::SSLeay::X509_get_subject_name($x509), "X509_get_subject_name");