GithubHelp home page GithubHelp logo

leont / crypt-rijndael Goto Github PK

View Code? Open in Web Editor NEW
20.0 5.0 13.0 4.17 MB

(Perl) Crypt::CBC compliant Rijndael encryption module

Home Page: http://search.cpan.org/dist/Crypt-Rijndael

License: Other

Perl 1.63% C 7.01% HTML 88.58% CSS 0.47% JavaScript 1.92% Makefile 0.02% XS 0.34% Raku 0.04%

crypt-rijndael's Introduction

The Crypt::Rijndael module

This is the README for the Crypt::Rijndael Perl module. You're probably looking at this because you don't know where else to find what you're looking for. Read this once and you might never have to read one again for any Perl module.

Documentation

To read about Crypt::Rijndael, look at the embedded documentation in the module itself. Inside the distribution, you can format it with perldoc:

% perldoc lib/Crypt/Rijndael.pm

If you have already installed the module, you can specify the module name instead of the file location:

% perldoc Crypt::Rijndael

You can read the documentation and inspect the meta data on one of the CPAN web interfaces, such as CPAN Search or MetaCPAN:

The standard module documentation has example uses in the SYNOPSIS section, but you can also look in the examples/ directory (if it's there), or look at the test files in t/.

Installation

You can install this module with a CPAN client, which will resolve and install the dependencies:

% cpan Crypt::Rijndael
% cpanm Crypt::Rijndael

You can also install directly from the distribution directory, which will also install the dependencies:

% cpan .
% cpanm .

You could install just this module manually:

% perl Makefile.PL
% make
% make test
% make install

You probably don't want to do that unless you're fiddling with the module and only want to run the tests without installing anything.

Source location

The meta data, such as the source repository and bug tracker, is in Makefile.PL or the META.* files it creates. You can find that on those CPAN web interfaces, but you can also look at files directly in the source repository:

If you find a problem, file a ticket in the issue tracker:

Getting help

Although I'm happy to hear from module users in private email, that's the best way for me to forget to do something.

Besides the issue trackers, you can find help at Perlmonks or Stackoverflow, both of which have many competent Perlers who can answer your question, almost in real time. They might not know the particulars of this module, but they can help you diagnose your problem.

You might like to read brian's Guide to Solving Any Perl Problem.

Copyright and License

You should have received a LICENSE file, but the license is also noted in the module files. About the only thing you can't do is pretend that you wrote code that you didn't.

Good luck!

Enjoy,

brian d foy, [email protected]

crypt-rijndael's People

Contributors

briandfoy avatar bsiegert avatar dsteinbrunner avatar leont avatar mwiencek avatar ncopa avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar

Forkers

am0c dsteinbrunner pard4l drzigman zostay mwiencek scetticus zoffixznet manwar amtash ncopa jdp1024 mtelka

crypt-rijndael's Issues

Does not compile on linux with musl libc

Fails with "unkown type name '__uint32_t'". The problem is that musl libc's <sys/types.h> defines _SYS_TYPES_H but not __uint32_t (though it does uint32_t and u_int32_t). musl cannot reliably be detected using macros.

Why can't <stdint.h> types be used by default or just 'unsigned int' for UINT32 and 'unsigned char' for UINT8?

Buffer overwrite in XS code

It looks to me that release 1.15 introduced a buffer overwrite in an unnecessary attempt to end with a \0. the problem is that encrypt() call newSV(size) but then writes buffer[size] which is 1 greater

the \0 is not needed (and wasn't in 1.12) because perl handles lengths and trailing \0. This isn't a string data so \0 doesn't apply

is this module thread safe?

I've seen a segfault in the perl vm on a multi-threaded daemon that uses Crypt::Rijndael (through Net::SNMP actually).

At this point I don't know for sure by what it's caused by I thought I would save some time by asking you if you knew if the module is thread safe or not since it's not explicitly documented.

Here's the stacktrace:

*** glibc detected *** /usr/bin/perl: double free or corruption (fasttop): 0x9e70bc38 ***
... one line omitted ...
======= Backtrace: =========
/lib/libc.so.6[0xa666c5]
/lib/libc.so.6(cfree+0x59)[0xa66b09]
/usr/lib/perl5/5.8.8/i386-linux-thread-multi/CORE/libperl.so(Perl_newCONSTSUB+0x154)[0x150354]
/usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/auto/Crypt/Rijndael/Rijndael.so(boot_Crypt_
_Rijndael+0x491)[0x9
ce201]
/usr/lib/perl5/5.8.8/i386-linux-thread-multi/CORE/libperl.so(Perl_pp_entersub+0x40d)[0x18952d]
/usr/lib/perl5/5.8.8/i386-linux-thread-multi/CORE/libperl.so(Perl_runops_standard+0x1f)[0x18299f]
/usr/lib/perl5/5.8.8/i386-linux-thread-multi/CORE/libperl.so[0x12303e]
/usr/lib/perl5/5.8.8/i386-linux-thread-multi/CORE/libperl.so(Perl_call_sv+0x5e6)[0x127906]
/usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/threads/threads.so(Perl_ithread_run+0x1ae)[0x968a5
e]
/lib/libpthread.so.0[0xba4832]
/lib/libc.so.6(clone+0x5e)[0xacf45e]

Thanks,
Big fan of your work btw.

update: here's a link to the downstream issue

Padding support

Crypt::Rijndael supports various block encoding modes, but not padding. In order to be useful stand-alone one pretty much needs padding support too.

Question is, which formats are sensible? pkcs7 is what most people use, should we support anything else?

Extended constructor?

Crypt::Rijndael has always supported a little more than the bare minimum that block-mode modules such as Crypt::CBC require, in particular it supports several modes by itself, and I've suggested adding padding (#8) and other features (#86385). Given the rather significant speed difference(x6.5) between using MODE_CBC and Crypt::CBC (and the possibilities to further optimize the former even further), I believe it makes sense to develop such features further. For making this convenient to use, a new constructor taking more (named) arguments would be very helpful. Making it accept a hashref is probably the easiest way to make it accept more parameters without breaking backwards compatibility.

Make a new release (1.14)

I'm currently using Data-Entropy perl module that reference Crypt::Rijndael and would like to deploy it on alpine linux but the last available version is 1.13 that do not contain the musl fix. Do you plan to make a new release?

Thanks !

Perl is confused about the string which is returned from decrypt()

This problem is reproducible on v5.10.1 (and on v5.20 it seems to be OK).

Here is an archive with a short code to reproduce it.

The guys at #perl were very helpful to identify the problem.

You can see what happens here:

5.20.2

SV = PV(0xfc0d00) at 0xfe1dd8
  REFCNT = 1
  FLAGS = (PADMY,POK,pPOK)
  PV = 0x108ced0 "Bug\0\0\0\0\0\0\0\0\0\0\0\0\0"
  CUR = 16
  LEN = 18
SV = PV(0xfc0d00) at 0xfe1dd8
  REFCNT = 1
  FLAGS = (PADMY,POK,pPOK)
  PV = 0x1075b60 "Bug"\0
  CUR = 3
  LEN = 10

5.10.1 (with \z)

SV = PV(0x1226018) at 0x1257ef0
  REFCNT = 1
  FLAGS = (PADMY,POK,pPOK)
  PV = 0x1228f80 "Bug\0\0\0\0\0\0\0\0\0\0\0\0\0"
  CUR = 16
  LEN = 24
SV = PV(0x1226018) at 0x1257ef0
  REFCNT = 1
  FLAGS = (PADMY,POK,pPOK)
  PV = 0x1228f80 "Bug"\0
  CUR = 3
  LEN = 24

5.10.1 (with $)

SV = PV(0x1f1e018) at 0x1f4ef38
  REFCNT = 1
  FLAGS = (PADMY,POK,pPOK)
  PV = 0x1f20f80 "Bug\0\0\0\0\0\0\0\0\0\0\0\0\0"
  CUR = 16
  LEN = 24
SV = PV(0x1f1e018) at 0x1f4ef38
  REFCNT = 1
  FLAGS = (PADMY,POK,pPOK)
  PV = 0x1f20f80 "Bug\0\0\0\0\0\0\0\0\0\0\0\0\0"
  CUR = 16
  LEN = 24

Grinnz_ suggested to change $ in regex to \z, and it actually works (although is weird). Later it turned out that if you just copy that string somewhere else (e.g. $copy = $data) then the copy will turn normal.

Also:

02:20:30 tm604: also try http://fpaste.scsys.co.uk/472847
02:21:10 tm604: it's a hack and I'm sure there are cleaner ways to do that but if the issue is trailing \0 handling then I'd expect that to "fix" the issue on 5.10.1

If the paste expires, here is the copy:

diff --git a/Rijndael.xs b/Rijndael.xs
index 14be659..8b469e2 100644
--- a/Rijndael.xs
+++ b/Rijndael.xs
@@ -183,11 +183,12 @@ encrypt(self, data)
            if (size % RIJNDAEL_BLOCKSIZE)
              croak ("encrypt: datasize not multiple of blocksize (%d bytes)", RIJNDAEL_BLOCKSIZE);

-           RETVAL = NEWSV (0, size);
+           RETVAL = NEWSV (0, size + 1);
            SvPOK_only (RETVAL);
            SvCUR_set (RETVAL, size);
            (ix ? block_decrypt : block_encrypt)
              (&self->ctx, rawbytes, size, (UINT8 *) SvPV_nolen(RETVAL), self->iv);
+             *(size + (UINT8 *) SvPV_nolen(RETVAL)) = "\0";
           } else
             RETVAL = newSVpv ("", 0);
         }

build fails with musl libc 1.2

Build fails when building on alpine linux with musl 1.2 on 32 bit architectures (armv6, armv7 and x86). I have not tested 64 bit architectures yet.

Running Mkbootstrap for Rijndael ()
cc -c   -D_REENTRANT -D_GNU_SOURCE -D_GNU_SOURCE -fwrapv -fno-strict-aliasing -pipe -fstack-protector-strong -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -Os -fomit-frame-pointer   -DVERSION=\"1.14\" -DXS_VERSION=\"1.14\" -fPIC "-I/usr/lib/perl5/core_perl/CORE"   _rijndael.c
cc -c   -D_REENTRANT -D_GNU_SOURCE -D_GNU_SOURCE -fwrapv -fno-strict-aliasing -pipe -fstack-protector-strong -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -Os -fomit-frame-pointer   -DVERSION=\"1.14\" -DXS_VERSION=\"1.14\" -fPIC "-I/usr/lib/perl5/core_perl/CORE"   Rijndael.c
chmod 644 "Rijndael.bs"
"/usr/bin/perl" -MExtUtils::Command::MM -e 'cp_nonempty' -- Rijndael.bs blib/arch/auto/Crypt/Rijndael/Rijndael.bs 644
Skip blib/lib/Crypt/Rijndael.pm (unchanged)                                    
In file included from _rijndael.c:21:
rijndael.h:85:10: error: unknown type name '__uint32_t'                        
   85 |  typedef __uint32_t UINT32;
      |          ^~~~~~~~~~
rijndael.h:86:10: error: unknown type name '__uint8_t'                         
   86 |  typedef __uint8_t  UINT8;
      |          ^~~~~~~~~
make: *** [Makefile:341: _rijndael.o] Error 1                                  
make: *** Waiting for unfinished jobs....                                      
In file included from Rijndael.xs:28:
ppport.h:4476: warning: "WIDEST_UTYPE" redefined                               
 4476 | # define WIDEST_UTYPE U32
      |
In file included from /usr/lib/perl5/core_perl/CORE/perl.h:2508,               
                 from Rijndael.xs:25:
/usr/lib/perl5/core_perl/CORE/handy.h:1072: note: this is the location of the previous definition
 1072 | #   define WIDEST_UTYPE U64
      |

License

I'm confused regarding license that covers the Crypt-Rijndael-1.13.

Rijndael.xs states LGPLv2+.
Rijandel.pm stated LGPLv3.
ppport.h comes from perl and requires (GPL+ or Artistic).
COPYING quotes LGPLv3+.

While it's fine that each file has different license, after compiling the code and executing it, the effective license becomes GPLv3. Is that what you intended?

Metadata

The metadata of the latest release on CPAN are broken. The prereqs are missing, the license is "open source" instead of "lgpl", and possibly more things I've missed.

I don't understand how this can happen, but it's suboptimal

GCM and CCM modes

This module supports various modes, but not the relatively recent Galois/Counter and Counter with CBC-MAC modes. These would probably make a good addition.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.