From: Daniel Kahn Gillmor Date: Sat, 11 Jul 2009 23:13:25 +0000 (-0400) Subject: switching keyrtrans from Digest::SHA1 to Digest::SHA X-Git-Tag: monkeysphere_0.25~24^2 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=028617f7160596fabfc5f9123a4cc9a6445aaa59;p=monkeysphere.git switching keyrtrans from Digest::SHA1 to Digest::SHA --- diff --git a/packaging/debian/changelog b/packaging/debian/changelog index b5d067b..ec68e14 100644 --- a/packaging/debian/changelog +++ b/packaging/debian/changelog @@ -9,6 +9,7 @@ monkeysphere (0.25-1~pre) UNRELEASED; urgency=low ports - add 'sshfpr' subcommand to output the ssh fingerprint of a gpg key - pem2openpgp now generates self-sigs over SHA-256 instead of SHA-1 + (changes dependency to libdigest-sha-perl) - some portability improvements - properly handle translation of keys with fingerprints with leading all-zero bytes. @@ -16,7 +17,7 @@ monkeysphere (0.25-1~pre) UNRELEASED; urgency=low (closes MS #917) - explicitly set and use MONKEYSPHERE_GROUP from system "groups" (closes: #534008) - * update Standard-Version to 3.8.2 + * update Standard-Version to 3.8.2 (no changes needed) -- Jameson Graef Rollins Sat, 11 Jul 2009 18:55:25 -0400 diff --git a/packaging/debian/control b/packaging/debian/control index 5f1444c..bbed4b4 100644 --- a/packaging/debian/control +++ b/packaging/debian/control @@ -3,7 +3,7 @@ Section: net Priority: extra Maintainer: Jameson Graef Rollins Uploaders: Daniel Kahn Gillmor -Build-Depends: debhelper (>= 7.0), socat, openssh-server, gnupg, libcrypt-openssl-rsa-perl, libdigest-sha1-perl, lockfile-progs | procmail +Build-Depends: debhelper (>= 7.0), socat, openssh-server, gnupg, libcrypt-openssl-rsa-perl, libdigest-sha-perl, lockfile-progs | procmail Standards-Version: 3.8.2 Homepage: http://web.monkeysphere.info/ Vcs-Git: git://git.monkeysphere.info/monkeysphere @@ -11,7 +11,7 @@ Dm-Upload-Allowed: yes Package: monkeysphere Architecture: all -Depends: openssh-client, gnupg, libcrypt-openssl-rsa-perl, libdigest-sha1-perl, lockfile-progs | procmail, adduser, ${misc:Depends} +Depends: openssh-client, gnupg, libcrypt-openssl-rsa-perl, libdigest-sha-perl, lockfile-progs | procmail, adduser, ${misc:Depends} Recommends: netcat | socat, ssh-askpass, cron Enhances: openssh-client, openssh-server Description: use the OpenPGP web of trust to verify ssh connections diff --git a/src/share/keytrans b/src/share/keytrans index 326bfb1..3e6bdf6 100755 --- a/src/share/keytrans +++ b/src/share/keytrans @@ -54,7 +54,7 @@ use File::Basename; use Crypt::OpenSSL::RSA; use Crypt::OpenSSL::Bignum; use Crypt::OpenSSL::Bignum::CTX; -use Digest::SHA1; +use Digest::SHA; use MIME::Base64; use POSIX; @@ -416,7 +416,7 @@ sub fingerprint { my $rsabody = make_rsa_pub_key_body($key, $key_timestamp); - return Digest::SHA1::sha1(pack('Cn', 0x99, length($rsabody)).$rsabody); + return Digest::SHA::sha1(pack('Cn', 0x99, length($rsabody)).$rsabody); } @@ -446,7 +446,7 @@ sub pem2openpgp { my $sigtype = pack('C', $certtype); # RSA my $pubkey_algo = pack('C', $asym_algos->{rsa}); - # SHA1 + # SHA256 my $hash_algo = pack('C', $digests->{sha256}); # FIXME: i'm worried about generating a bazillion new OpenPGP @@ -581,7 +581,7 @@ sub pem2openpgp { $sig_data_to_be_hashed. $trailer; - my $data_hash = Digest::SHA1::sha1_hex($datatosign); + my $data_hash = Digest::SHA::sha256_hex($datatosign); my $issuer_packet = pack('CCa8', 9, $subpacket_types->{issuer}, $keyid); diff --git a/tests/basic b/tests/basic index 5907154..3386f76 100755 --- a/tests/basic +++ b/tests/basic @@ -35,7 +35,7 @@ perl -MCrypt::OpenSSL::RSA -e 1 2>/dev/null || { echo "You must have the perl mo On debian-derived systems, you can set this up with: apt-get install libcrypt-openssl-rsa-perl" ; exit 1; } -perl -MDigest::SHA1 -e 1 2>/dev/null || { echo "You must have the perl module Digest::SHA1 installed to run this test. +perl -MDigest::SHA -e 1 2>/dev/null || { echo "You must have the perl module Digest::SHA installed to run this test. On debian-derived systems, you can set this up with: apt-get install libdigest-sha1-perl" ; exit 1; } diff --git a/tests/keytrans b/tests/keytrans index ab95f59..199db31 100755 --- a/tests/keytrans +++ b/tests/keytrans @@ -22,8 +22,14 @@ export TESTDIR=$(cd $(dirname "$0") && pwd) source "$TESTDIR"/common -## setup trap -trap failed_cleanup EXIT +perl -MCrypt::OpenSSL::RSA -e 1 2>/dev/null || { echo "You must have the perl module Crypt::OpenSSL::RSA installed to run this test. +On debian-derived systems, you can set this up with: + apt-get install libcrypt-openssl-rsa-perl" ; exit 1; } + +perl -MDigest::SHA -e 1 2>/dev/null || { echo "You must have the perl module Digest::SHA installed to run this test. +On debian-derived systems, you can set this up with: + apt-get install libdigest-sha1-perl" ; exit 1; } + ###################################################################### ### SETUP VARIABLES @@ -42,6 +48,9 @@ ln -s "$TESTDIR"/../src/share/keytrans "$TEMPDIR"/bin/pem2openpgp # This should help us test without installing. export PATH="$TEMPDIR"/bin:"$PATH" +## setup trap +trap failed_cleanup EXIT + ###################################################################### ### TEST KEYTRANS