cpan/Digest-SHA/t/sha256.t See if Digest::SHA works
cpan/Digest-SHA/t/sha384.t See if Digest::SHA works
cpan/Digest-SHA/t/sha512.t See if Digest::SHA works
+cpan/Digest-SHA/t/unicode.t
cpan/Digest-SHA/t/woodbury.t See if Digest::SHA works
cpan/Digest-SHA/typemap Typemap for Digest::SHA
cpan/Digest/t/base.t See if Digest extensions work
'Digest::SHA' => {
'MAINTAINER' => 'mshelor',
- 'DISTRIBUTION' => 'MSHELOR/Digest-SHA-5.81.tar.gz',
+ 'DISTRIBUTION' => 'MSHELOR/Digest-SHA-5.82.tar.gz',
'FILES' => q[cpan/Digest-SHA],
'EXCLUDED' => [
qw( t/pod.t
Revision history for Perl extension Digest::SHA.
+5.82 Thu Jan 24 04:54:12 MST 2013
+ - introduced workaround to SvPVbyte bug in Perl 5.6
+ -- module behavior now consistent under all Perls 5.6+
+ -- ref: new test script t/unicode.t
+ -- SHA routines now always croak on wide chars (5.6+)
+ - removed "static" message schedules from C code
+ -- default "auto" is now just as fast
+ -- thread-safe option (-t) no longer necessary
+ -- still allowed, but ignored
+ -- simplifies source and header files
+ -- eliminates SHA_STO_CLASS and SHA_THREAD_SAFE
+ -- ref. Bug #82784
+ -- thanks to Steve Hay for initial patch
+ - provided documentation to describe Unicode handling
+ -- ref: Bug #82378
+ - updated documentation of NIST statement on SHA-1
+
5.81 Mon Jan 14 05:17:08 MST 2013
- corrected load subroutine (SHA.pm) to prevent double-free
-- Bug #82655: Security issue - segfault
my $PM = 'lib/Digest/SHA.pm';
my %opts;
-getopts('tx', \%opts);
+getopts('tx', \%opts); # -t is no longer used, but allow it anyway
my @defines;
push(@defines, '-DSHA_PERL_MODULE') if $] >= 5.004;
-push(@defines, '-DSHA_THREAD_SAFE') if $opts{'t'};
push(@defines, '-DNO_SHA_384_512') if $opts{'x'};
-
- # Configure SHA source to use static arrays for
- # message schedules if compiling on Intel platforms.
- # This seems to speed things up a bit. However,
- # DON'T do this if thread-safe option is in force.
-
-if ($Config{archname} =~ /^i[3456]86/) {
- push(@defines, '-DSHA_STO_CLASS=static') unless $opts{'t'};
-}
my $define = join(' ', @defines);
# Workaround for DEC compiler bug, adapted from Digest::MD5
-Digest::SHA version 5.81
+Digest::SHA version 5.82
========================
Digest::SHA is a complete implementation of the NIST Secure Hash
-t : build a thread-safe version of module
-x : exclude support for SHA-384/512
+ NOTE: Option -t is still allowed but no longer necessary.
+
DEPENDENCIES
None
COPYRIGHT AND LICENSE
-Copyright (C) 2003-2012 Mark Shelor
+Copyright (C) 2003-2013 Mark Shelor
This library is free software; you can redistribute it and/or modify
it under the same terms as Perl itself.
#include "perl.h"
#include "XSUB.h"
-#ifndef SvPVbyte
-#define SvPVbyte SvPV
+#ifdef SvPVbyte
+ #if PERL_REVISION == 5 && PERL_VERSION < 8
+ #undef SvPVbyte
+ #define SvPVbyte(sv, lp) \
+ (sv_utf8_downgrade((sv), 0), SvPV((sv), (lp)))
+ #endif
+#else
+ #define SvPVbyte SvPV
#endif
#include "src/sha.c"
use Fcntl;
use integer;
-$VERSION = '5.81';
+$VERSION = '5.82';
require Exporter;
require DynaLoader;
sharewind($$class);
return($class);
}
- shaclose($$class) if $$class;
+ if ($$class) { shaclose($$class); $$class = undef }
return unless $$class = shaopen($alg);
return($class);
}
$file = "" unless defined $file;
if (ref($class)) { # instance method
- shaclose($$class) if $$class;
+ if ($$class) { shaclose($$class); $$class = undef }
return unless $$class = shaload($file);
return($class);
}
use Digest::SHA qw(hmac_sha256_hex);
print hmac_sha256_hex("Hi There", chr(0x0b) x 32), "\n";
-=head1 NIST STATEMENT ON SHA-1
+=head1 UNICODE AND SIDE EFFECTS
+
+Perl supports Unicode strings as of version 5.6. Such strings may
+contain wide characters, namely, characters whose ordinal values are
+greater than 255. This can cause problems for digest algorithms such
+as SHA that are specified to operate on sequences of bytes.
+
+The rule by which Digest::SHA handles a Unicode string is easy to
+state, but potentially confusing to grasp: the string is interpreted
+as a sequence of bytes, where each byte is equal to the ordinal value
+(viz. code point) of its corresponding Unicode character. That way,
+the Unicode version of the string 'abc' has exactly the same digest
+value as the ordinary string 'abc'.
+
+Since a wide character does not fit into a byte, the Digest::SHA routines
+croak if they encounter one. Whereas if a Unicode string contains no
+wide characters, the module accepts it quite happily. The following
+code illustrates the two cases:
-I<NIST was recently informed that researchers had discovered a way
-to "break" the current Federal Information Processing Standard SHA-1
-algorithm, which has been in effect since 1994. The researchers
-have not yet published their complete results, so NIST has not
-confirmed these findings. However, the researchers are a reputable
-research team with expertise in this area.>
+ $str1 = pack('U*', (0..255));
+ print sha1_hex($str1); # ok
+
+ $str2 = pack('U*', (0..256));
+ print sha1_hex($str2); # croaks
+
+Be aware that the digest routines silently convert UTF-8 input into its
+equivalent byte sequence in the native encoding (cf. utf8::downgrade).
+This side effect only influences the way Perl stores data internally.
+
+=head1 NIST STATEMENT ON SHA-1
-I<Due to advances in computing power, NIST already planned to phase
-out SHA-1 in favor of the larger and stronger hash functions (SHA-224,
-SHA-256, SHA-384 and SHA-512) by 2010. New developments should use
-the larger and stronger hash functions.>
+NIST acknowledges that the work of Prof. Xiaoyun Wang constitutes a
+practical collision attack on SHA-1. Therefore, NIST encourages the
+rapid adoption of the SHA-2 hash functions (e.g. SHA-256) for applications
+requiring strong collision resistance, such as digital signatures.
-ref. L<http://www.csrc.nist.gov/pki/HashWorkshop/NIST%20Statement/Burr_Mar2005.html>
+ref. L<http://csrc.nist.gov/groups/ST/hash/statement.html>
=head1 PADDING OF BASE64 DIGESTS
=head1 COPYRIGHT AND LICENSE
-Copyright (C) 2003-2012 Mark Shelor
+Copyright (C) 2003-2013 Mark Shelor
This library is free software; you can redistribute it and/or modify
it under the same terms as Perl itself.
## shasum: filter for computing SHA digests (ref. sha1sum/md5sum)
##
- ## Copyright (C) 2003-2012 Mark Shelor, All Rights Reserved
+ ## Copyright (C) 2003-2013 Mark Shelor, All Rights Reserved
##
- ## Version: 5.81
- ## Mon Jan 14 05:17:08 MST 2013
+ ## Version: 5.82
+ ## Thu Jan 24 04:54:12 MST 2013
## shasum SYNOPSIS adapted from GNU Coreutils sha1sum.
## Add an "-a" option for algorithm selection, a "-p"
=head1 AUTHOR
-Copyright (c) 2003-2012 Mark Shelor <mshelor@cpan.org>.
+Copyright (c) 2003-2013 Mark Shelor <mshelor@cpan.org>.
=head1 SEE ALSO
use Fcntl;
use Getopt::Long;
-my $VERSION = "5.81";
+my $VERSION = "5.82";
## Try to use Digest::SHA. If not installed, use the slower
*
* Ref: FIPS PUB 198 The Keyed-Hash Message Authentication Code
*
- * Copyright (C) 2003-2012 Mark Shelor, All Rights Reserved
+ * Copyright (C) 2003-2013 Mark Shelor, All Rights Reserved
*
- * Version: 5.81
- * Mon Jan 14 05:17:08 MST 2013
+ * Version: 5.82
+ * Thu Jan 24 04:54:12 MST 2013
*
*/
*
* Ref: FIPS PUB 198 The Keyed-Hash Message Authentication Code
*
- * Copyright (C) 2003-2012 Mark Shelor, All Rights Reserved
+ * Copyright (C) 2003-2013 Mark Shelor, All Rights Reserved
*
- * Version: 5.81
- * Mon Jan 14 05:17:08 MST 2013
+ * Version: 5.82
+ * Thu Jan 24 04:54:12 MST 2013
*
*/
*
* Ref: NIST FIPS PUB 180-2 Secure Hash Standard
*
- * Copyright (C) 2003-2012 Mark Shelor, All Rights Reserved
+ * Copyright (C) 2003-2013 Mark Shelor, All Rights Reserved
*
- * Version: 5.81
- * Mon Jan 14 05:17:08 MST 2013
+ * Version: 5.82
+ * Thu Jan 24 04:54:12 MST 2013
*
*/
static void sha1(SHA *s, UCHR *block) /* SHA-1 transform */
{
W32 a, b, c, d, e;
- SHA_STO_CLASS W32 W[16];
+ W32 W[16];
W32 *wp = W;
W32 *H = (W32 *) s->H;
static void sha256(SHA *s, UCHR *block) /* SHA-224/256 transform */
{
W32 a, b, c, d, e, f, g, h, T1;
- SHA_STO_CLASS W32 W[16];
+ W32 W[16];
W32 *kp = K256;
W32 *wp = W;
W32 *H = (W32 *) s->H;
*
* Ref: NIST FIPS PUB 180-2 Secure Hash Standard
*
- * Copyright (C) 2003-2012 Mark Shelor, All Rights Reserved
+ * Copyright (C) 2003-2013 Mark Shelor, All Rights Reserved
*
- * Version: 5.81
- * Mon Jan 14 05:17:08 MST 2013
+ * Version: 5.82
+ * Thu Jan 24 04:54:12 MST 2013
*
*/
(SHA64) b[6] << 8 | (SHA64) b[7]; }
#endif
-/*
- * SHA_STO_CLASS: default to auto storage class for message schedule
- * arrays inside transform routines. Note that redefining this to
- * static might improve performance on some platforms (e.g. Intel).
- */
-
-#if !defined(SHA_STO_CLASS)
- #define SHA_STO_CLASS auto
-#endif
-
-/* Override use of static arrays if compiling for thread-safety */
-#ifdef SHA_THREAD_SAFE
- #undef SHA_STO_CLASS
- #define SHA_STO_CLASS auto
-#endif
-
/* Configure memory management and I/O for Perl or standalone C */
#ifdef SHA_PERL_MODULE
#define SHA_new New
static void sha512(SHA *s, unsigned char *block) /* SHA-384/512 transform */
{
W64 a, b, c, d, e, f, g, h, T1, T2;
- SHA_STO_CLASS W64 W[80];
+ W64 W[80];
W64 *H = (W64 *) s->H;
int t;
--- /dev/null
+use strict;
+
+my $MODULE;
+
+BEGIN {
+ $MODULE = (-d "src") ? "Digest::SHA" : "Digest::SHA::PurePerl";
+ eval "require $MODULE" || die $@;
+ $MODULE->import(qw(sha1_hex));
+}
+
+BEGIN {
+ if ($ENV{PERL_CORE}) {
+ chdir 't' if -d 't';
+ @INC = '../lib';
+ }
+}
+
+my $skip = $] < 5.006 ? 1 : 0;
+
+my $TEMPLATE = $] >= 5.006 ? 'U*' : 'C*';
+my $empty_unicode = pack($TEMPLATE, ());
+my $ok_unicode = pack($TEMPLATE, (0..255));
+my $wide_unicode = pack($TEMPLATE, (0..256));
+
+print "1..3\n";
+
+unless ($skip) {
+ print "not " unless sha1_hex($empty_unicode."abc") eq
+ "a9993e364706816aba3e25717850c26c9cd0d89d";
+}
+print "ok 1", $skip ? " # skip: no Unicode" : "", "\n";
+
+unless ($skip) {
+ print "not " unless sha1_hex($ok_unicode) eq
+ "4916d6bdb7f78e6803698cab32d1586ea457dfc8";
+}
+print "ok 2", $skip ? " # skip: no Unicode" : "", "\n";
+
+unless ($skip) {
+ eval { sha1_hex($wide_unicode) };
+ print "not " unless $@ =~ /Wide character/;
+}
+print "ok 3", $skip ? " # skip: no Unicode" : "", "\n";
projects / perl.git / commitdiff
