switching keyrtrans from Digest::SHA1 to Digest::SHA

diff --git a/packaging/debian/changelog b/packaging/debian/changelog
index b5d067bf92a620823066098807868410c539f54a..ec68e144a0c28829c6e33d8c3b801bfd00a2b26d 100644 (file)
--- a/packaging/debian/changelog
+++ b/packaging/debian/changelog
@@ -9,6 +9,7 @@ monkeysphere (0.25-1~pre) UNRELEASED; urgency=low
       ports
     - add 'sshfpr' subcommand to output the ssh fingerprint of a gpg key
     - pem2openpgp now generates self-sigs over SHA-256 instead of SHA-1
+       (changes dependency to libdigest-sha-perl)
     - some portability improvements
     - properly handle translation of keys with fingerprints with leading
       all-zero bytes.
@@ -16,7 +17,7 @@ monkeysphere (0.25-1~pre) UNRELEASED; urgency=low
       (closes MS #917)
     - explicitly set and use MONKEYSPHERE_GROUP from system "groups"
       (closes: #534008)
-  * update Standard-Version to 3.8.2
+  * update Standard-Version to 3.8.2 (no changes needed)
 
  -- Jameson Graef Rollins <jrollins@finestructure.net>  Sat, 11 Jul 2009 18:55:25 -0400
 

diff --git a/packaging/debian/control b/packaging/debian/control
index 5f1444cf6f3e21bb69ed2d71e93b0adeb47f1545..bbed4b43cffe3b47c30af2b0042dc436bc35b1b6 100644 (file)
--- a/packaging/debian/control
+++ b/packaging/debian/control
@@ -3,7 +3,7 @@ Section: net
 Priority: extra
 Maintainer: Jameson Graef Rollins <jrollins@finestructure.net>
 Uploaders: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-Build-Depends: debhelper (>= 7.0), socat, openssh-server, gnupg, libcrypt-openssl-rsa-perl, libdigest-sha1-perl, lockfile-progs | procmail
+Build-Depends: debhelper (>= 7.0), socat, openssh-server, gnupg, libcrypt-openssl-rsa-perl, libdigest-sha-perl, lockfile-progs | procmail
 Standards-Version: 3.8.2
 Homepage: http://web.monkeysphere.info/
 Vcs-Git: git://git.monkeysphere.info/monkeysphere
@@ -11,7 +11,7 @@ Dm-Upload-Allowed: yes
 
 Package: monkeysphere
 Architecture: all
-Depends: openssh-client, gnupg, libcrypt-openssl-rsa-perl, libdigest-sha1-perl, lockfile-progs | procmail, adduser, ${misc:Depends}
+Depends: openssh-client, gnupg, libcrypt-openssl-rsa-perl, libdigest-sha-perl, lockfile-progs | procmail, adduser, ${misc:Depends}
 Recommends: netcat | socat, ssh-askpass, cron
 Enhances: openssh-client, openssh-server
 Description: use the OpenPGP web of trust to verify ssh connections

diff --git a/src/share/keytrans b/src/share/keytrans
index 326bfb1e6cd0cf590bcfb3c19718038b81746e3e..3e6bdf6ba95ed8560e908e2ade313f03efb3090d 100755 (executable)
--- a/src/share/keytrans
+++ b/src/share/keytrans
@@ -54,7 +54,7 @@ use File::Basename;
 use Crypt::OpenSSL::RSA;
 use Crypt::OpenSSL::Bignum;
 use Crypt::OpenSSL::Bignum::CTX;
-use Digest::SHA1;
+use Digest::SHA;
 use MIME::Base64;
 use POSIX;
 
@@ -416,7 +416,7 @@ sub fingerprint {
 
   my $rsabody = make_rsa_pub_key_body($key, $key_timestamp);
 
-  return Digest::SHA1::sha1(pack('Cn', 0x99, length($rsabody)).$rsabody);
+  return Digest::SHA::sha1(pack('Cn', 0x99, length($rsabody)).$rsabody);
 }
 
 
@@ -446,7 +446,7 @@ sub pem2openpgp {
   my $sigtype = pack('C', $certtype);
   # RSA
   my $pubkey_algo = pack('C', $asym_algos->{rsa});
-  # SHA1
+  # SHA256
   my $hash_algo = pack('C', $digests->{sha256});
 
   # FIXME: i'm worried about generating a bazillion new OpenPGP
@@ -581,7 +581,7 @@ sub pem2openpgp {
        $sig_data_to_be_hashed.
          $trailer;
 
-  my $data_hash = Digest::SHA1::sha1_hex($datatosign);
+  my $data_hash = Digest::SHA::sha256_hex($datatosign);
 
   my $issuer_packet = pack('CCa8', 9, $subpacket_types->{issuer}, $keyid);
 

diff --git a/tests/basic b/tests/basic
index 5907154735f849486d958230299c8100a78aa6f8..3386f762b33e7b02ef5a4c152c3e8eade11b3889 100755 (executable)
--- a/tests/basic
+++ b/tests/basic
@@ -35,7 +35,7 @@ perl -MCrypt::OpenSSL::RSA -e 1 2>/dev/null || { echo "You must have the perl mo
 On debian-derived systems, you can set this up with:
   apt-get install libcrypt-openssl-rsa-perl" ; exit 1; }
 
-perl -MDigest::SHA1 -e 1 2>/dev/null || { echo "You must have the perl module Digest::SHA1 installed to run this test.  
+perl -MDigest::SHA -e 1 2>/dev/null || { echo "You must have the perl module Digest::SHA installed to run this test.  
 On debian-derived systems, you can set this up with:
   apt-get install libdigest-sha1-perl" ; exit 1; }
 

diff --git a/tests/keytrans b/tests/keytrans
index ab95f596d91bfe70abf5608c8c054549e2edcb37..199db3155f133e0c990fe1e62759c60ebbfc4c5c 100755 (executable)
--- a/tests/keytrans
+++ b/tests/keytrans
@@ -22,8 +22,14 @@ export TESTDIR=$(cd $(dirname "$0") && pwd)
 
 source "$TESTDIR"/common
 
-## setup trap
-trap failed_cleanup EXIT
+perl -MCrypt::OpenSSL::RSA -e 1 2>/dev/null || { echo "You must have the perl module Crypt::OpenSSL::RSA installed to run this test.  
+On debian-derived systems, you can set this up with:
+  apt-get install libcrypt-openssl-rsa-perl" ; exit 1; }
+
+perl -MDigest::SHA -e 1 2>/dev/null || { echo "You must have the perl module Digest::SHA installed to run this test.  
+On debian-derived systems, you can set this up with:
+  apt-get install libdigest-sha1-perl" ; exit 1; }
+
 
 ######################################################################
 ### SETUP VARIABLES
@@ -42,6 +48,9 @@ ln -s "$TESTDIR"/../src/share/keytrans "$TEMPDIR"/bin/pem2openpgp
 # This should help us test without installing.
 export PATH="$TEMPDIR"/bin:"$PATH"
 
+## setup trap
+trap failed_cleanup EXIT
+
 ######################################################################
 ### TEST KEYTRANS