Merge pull request #66 from timlegge/dsa-sha1

timlegge · web-flow · commit 751fc533b018 · 2026-01-10T20:07:28.000-04:00
Make sha1 and DSA optional
diff --git a/Makefile.PL b/Makefile.PL
@@ -21,7 +21,6 @@ my %WriteMakefileArgs = (
     "Crypt::Digest::RIPEMD160" => 0,
     "Crypt::Mac::HMAC" => 0,
     "Crypt::OpenSSL::Bignum" => 0,
-    "Crypt::OpenSSL::DSA" => "0.20",
     "Crypt::OpenSSL::X509" => 0,
     "Crypt::PK::RSA" => 0,
     "CryptX" => "0.036",
@@ -47,7 +46,7 @@ my %WriteMakefileArgs = (
     "Test::Lib" => 0,
     "Test::More" => 0
   },
-  "VERSION" => "0.68",
+  "VERSION" => "0.69",
   "test" => {
     "TESTS" => "t/*.t"
   }
@@ -60,7 +59,6 @@ my %FallbackPrereqs = (
   "Crypt::Digest::RIPEMD160" => 0,
   "Crypt::Mac::HMAC" => 0,
   "Crypt::OpenSSL::Bignum" => 0,
-  "Crypt::OpenSSL::DSA" => "0.20",
   "Crypt::OpenSSL::Guess" => 0,
   "Crypt::OpenSSL::X509" => 0,
   "Crypt::PK::RSA" => 0,
diff --git a/README b/README
@@ -3,7 +3,7 @@ NAME
     Signatures
 
 VERSION
-    version 0.68
+    version 0.69
 
 SYNOPSIS
        my $xml = '<foo ID="abc">123</foo>';
@@ -40,9 +40,9 @@ PREREQUISITES
 
     *   Crypt::OpenSSL::Bignum
 
-    *   Crypt::OpenSSL::RSA
+    *   Crypt::PK::RSA
 
-    *   Crypt::OpenSSL::DSA
+    *   Crypt::OpenSSL::DSA (Optional - required for DSA signatures)
 
     *   Crypt::PK::ECC
 
@@ -304,7 +304,7 @@ AUTHOR
     Timothy Legge <timlegge@gmail.com>
 
 COPYRIGHT AND LICENSE
-    This software is copyright (c) 2025 by Byrne Reese, Chris Andrews and
+    This software is copyright (c) 2026 by Byrne Reese, Chris Andrews and
     Others; in detail:
 
       Copyright 2009       Byrne, Michael Hendricks
@@ -316,7 +316,7 @@ COPYRIGHT AND LICENSE
                 2017       Mike Wisener, xmikew
                 2019-2021  Timothy Legge
                 2022-2023  Timothy Legge, Wesley Schwengle
-                2025       Timothy Legge
+                2025-2026  Timothy Legge
 
     This is free software; you can redistribute it and/or modify it under
     the same terms as the Perl 5 programming language system itself.
diff --git a/cpanfile b/cpanfile
@@ -5,7 +5,6 @@ requires "Class::Accessor" => "0";
 requires "Crypt::Digest::RIPEMD160" => "0";
 requires "Crypt::Mac::HMAC" => "0";
 requires "Crypt::OpenSSL::Bignum" => "0";
-requires "Crypt::OpenSSL::DSA" => "0.20";
 requires "Crypt::OpenSSL::X509" => "0";
 requires "Crypt::PK::RSA" => "0";
 requires "CryptX" => "0.036";
@@ -20,6 +19,7 @@ requires "perl" => "5.008";
 requires "strict" => "0";
 requires "vars" => "0";
 requires "warnings" => "0";
+recommends "Crypt::OpenSSL::DSA" => "0.20";
 
 on 'test' => sub {
   requires "Crypt::OpenSSL::Guess" => "0";
diff --git a/dist.ini b/dist.ini
@@ -20,13 +20,16 @@ contributor = Timothy Legge <timlegge@gmail.com>
 
 [AutoPrereqs]
 skips = Crypt::PK::ECC
+skips = Crypt::OpenSSL::DSA
 
 [Prereqs / RuntimeRequires]
 perl = 5.008
 Crypt::OpenSSL::Bignum = 0
-Crypt::OpenSSL::DSA = 0.20
 CryptX = 0.036
 
+[Prereqs / RuntimeRecommends]
+Crypt::OpenSSL::DSA = 0.20
+
 [PruneCruft]
 [ManifestSkip]
 [MetaYAML]
diff --git a/lib/XML/Sig.pm b/lib/XML/Sig.pm
@@ -56,9 +56,9 @@ XML::Sig->mk_accessors(qw(key));
 
 =item * L<Crypt::OpenSSL::Bignum>
 
-=item * L<Crypt::OpenSSL::RSA>
+=item * L<Crypt::PK::RSA>
 
-=item * L<Crypt::OpenSSL::DSA>
+=item * L<Crypt::OpenSSL::DSA> (Optional - required for DSA signatures)
 
 =item * L<Crypt::PK::ECC>
 
diff --git a/t/002_xmlsec.t b/t/002_xmlsec.t
@@ -10,9 +10,16 @@ my $xml = '<?xml version="1.0"?>'."\n".'<foo ID="XML-SIG_1">'."\n".'    <bar>123
 my $sig = XML::Sig->new( { key => 't/rsa.private.key', cert => 't/rsa.cert.pem' } );
 my $signed = $sig->sign($xml);
 ok($signed, "XML is signed");
-my $sig2 = XML::Sig->new( { key => 't/dsa.private.key' } );
-my $result = $sig2->verify($signed);
-ok($result, "XML verified" );
+
+SKIP: {
+    eval {
+        require Crypt::OpenSSL::DSA;
+    };
+    skip "Crypt::OpenSSL::DSA is not installed", 1 if ($@);
+    my $sig2 = XML::Sig->new( { key => 't/dsa.private.key' } );
+    my $result = $sig2->verify($signed);
+    ok($result, "XML verified with DSA key" );
+}
 
 SKIP: {
 
diff --git a/t/008_sign_saml.t b/t/008_sign_saml.t
@@ -21,6 +21,11 @@ ok($ret, "RSA: Verifed Successfully");
 ok($sig->signer_cert);
 
 # Test signing with a DSA key
+SKIP: {
+    eval {
+        require Crypt::OpenSSL::DSA;
+    };
+    skip "Crypt::OpenSSL::DSA not installed", 1 if ($@);
 foreach my $key ('t/dsa.private-2048.key', 't/dsa.private-3072.key', 't/dsa.private.key') {
 
     my $dsasig = XML::Sig->new({ key => $key });
@@ -50,7 +55,6 @@ foreach my $key ('t/dsa.private-2048.key', 't/dsa.private-3072.key', 't/dsa.priv
 
     }
 }
-
 # Ensure xmlsec still verifies properly
 {
     # Test that XML::Sig can verify a xmlsec1 DSA signed xml
@@ -74,6 +78,7 @@ foreach my $key ('t/dsa.private-2048.key', 't/dsa.private-3072.key', 't/dsa.priv
     }
 }
 
+}
 # Test that XML::Sig can verify a xmlsec1 RSA signed xml
 $xml = slurp_file('t/signed/saml_request-xmlsec1-rsa-signed.xml');
 my $xmlsec1_rsasig = XML::Sig->new({ x509 => 1, cert => 't/rsa.cert.pem' });
diff --git a/t/011-sign_multiple_sections.t b/t/011-sign_multiple_sections.t
@@ -44,6 +44,12 @@ SKIP: {
     );
 }
 
+
+SKIP: {
+    eval {
+        require Crypt::OpenSSL::DSA;
+    };
+    skip "Crypt::OpenSSL::DSA not installed", 3 if ($@);
 # Test signing with a DSA key
 my $dsasig = XML::Sig->new({ key => 't/dsa.private.key' });
 my $dsa_signed_xml = $dsasig->sign($xml);
@@ -71,7 +77,7 @@ SKIP: {
         )
     );
 }
-
+}
 # Test that XML::Sig can verify an xmlsec1 RSA signed xml
 $xml = slurp_file('t/signed/xmlsec1-signed-rsa-multiple.xml');
 my $xmlsec1_rsasig = XML::Sig->new({ x509 => 1, cert => 't/rsa.cert.pem' });
diff --git a/t/016-SigningAlgorithms.t b/t/016-SigningAlgorithms.t
@@ -4,8 +4,15 @@ use File::Which;
 
 my $xmlsec = get_xmlsec_features;
 
-my @hash_alg = qw/sha1 sha224 sha256 sha384 sha512/;
-
+my @hash_alg = qw/sha224 sha256 sha384 sha512/;
+push @hash_alg, 'sha1' if $xmlsec->{sha1_support};
+
+SKIP: {
+    eval {
+        require Crypt::OpenSSL::DSA;
+    };
+    my $algs = scalar @hash_alg;
+    skip "Crypt::OpenSSL::DSA not installed", $algs * 4 if ($@);
 foreach my $alg (@hash_alg) {
 
     my $sig = XML::Sig->new(
@@ -35,7 +42,7 @@ foreach my $alg (@hash_alg) {
             $signed, qw(--verify --id-attr:ID "foo"));
     }
 }
-
+}
 foreach my $alg (@hash_alg) {
     my $sig = XML::Sig->new(
         {
diff --git a/t/017-DigestAlgorithms.t b/t/017-DigestAlgorithms.t
@@ -4,8 +4,15 @@ use Test::XML::Sig;
 my $xmlsec  = get_xmlsec_features;
 my $openssl = get_openssl_features;
 
-my @hash_alg = qw/sha1 sha224 sha256 sha384 sha512/;
+my @hash_alg = qw/sha224 sha256 sha384 sha512/;
 push @hash_alg, 'ripemd160' if $xmlsec->{ripemd160};
+push @hash_alg, 'sha1' if $xmlsec->{sha1_support};
+SKIP: {
+    eval {
+        require Crypt::OpenSSL::DSA;
+    };
+    my $algs = scalar @hash_alg;
+    skip "Crypt::OpenSSL::DSA not installed", 4 * $algs if ($@);
 foreach my $alg (@hash_alg) {
     my $sig = XML::Sig->new(
         {
@@ -34,7 +41,7 @@ foreach my $alg (@hash_alg) {
             $signed, qw(--verify --id-attr:ID "foo"));
     }
 }
-
+}
 foreach my $alg (@hash_alg) {
     my $sig = XML::Sig->new(
         {
diff --git a/t/018-DigestSignatureAlgorithms.t b/t/018-DigestSignatureAlgorithms.t
@@ -4,9 +4,16 @@ use Test::XML::Sig;
 my $xmlsec = get_xmlsec_features;
 my $openssl = get_openssl_features;
 
-my @hash = qw/sha1 sha224 sha256 sha384 sha512/;
+my @hash = qw/sha224 sha256 sha384 sha512/;
 push @hash, 'ripemd160' if $xmlsec->{ripemd160};
-
+push @hash, 'sha1' if $xmlsec->{sha1_support};
+
+SKIP: {
+    eval {
+        require Crypt::OpenSSL::DSA;
+    };
+    my $algs = scalar @hash;
+    skip "Crypt::OpenSSL::DSA not installed", 3 * $algs * 9 if ($@);
 # DSA key size determinst the signature length and therfore the signature hashing algorithm
 foreach my $key ('t/dsa.private.key', 't/dsa.private-2048.key', 't/dsa.private-3072.key') {
     # DSA Keys with noX509
@@ -89,7 +96,7 @@ foreach my $key ('t/dsa.private.key', 't/dsa.private-2048.key', 't/dsa.private-3
         }
     }
 }
-
+}
 foreach my $sigalg (@hash) {
     # RSA Keys with no X509
     foreach my $digalg (@hash) {
diff --git a/t/019_dsakeys.t b/t/019_dsakeys.t
@@ -5,6 +5,11 @@ use Test::XML::Sig;
 
 my $xmlsec  = get_xmlsec_features;
 
+SKIP: {
+    eval {
+        require Crypt::OpenSSL::DSA;
+    };
+    skip "Crypt::OpenSSL::DSA not installed", 5 if ($@);
 my $sig = XML::Sig->new(
     {
         x509 => 1,
@@ -36,5 +41,5 @@ SKIP: {
 $sig = XML::Sig->new();
 ok($sig->verify($signed),
     "XML::Sig signed Validated using DSA X509Certificate");
-
+}
 done_testing;
diff --git a/t/020_dsakeys-2048.t b/t/020_dsakeys-2048.t
@@ -4,6 +4,11 @@ use Test::XML::Sig;
 
 my $xmlsec = get_xmlsec_features;
 
+SKIP: {
+    eval {
+        require Crypt::OpenSSL::DSA;
+    };
+    skip "Crypt::OpenSSL::DSA not installed", 5 if ($@);
 my $sig = XML::Sig->new({ key => 't/dsa.private-2048.key', });
 isa_ok($sig, 'XML::Sig');
 isa_ok($sig->{key_obj}, 'Crypt::OpenSSL::DSA', 'Key object is valid');
@@ -30,5 +35,5 @@ SKIP: {
 $sig = XML::Sig->new();
 ok($sig->verify($signed),
     "XML::Sig signed Validated using DSA X509Certificate");
-
+}
 done_testing;
diff --git a/t/021_dsakeys-3072.t b/t/021_dsakeys-3072.t
@@ -3,6 +3,11 @@
 use Test::Lib;
 use Test::XML::Sig;
 
+SKIP: {
+    eval {
+        require Crypt::OpenSSL::DSA;
+    };
+    skip "Crypt::OpenSSL::DSA not installed", 5 if ($@);
 my $xmlsec = get_xmlsec_features;
 
 my $sig = XML::Sig->new(
@@ -33,5 +38,5 @@ SKIP: {
 $sig = XML::Sig->new();
 ok($sig->verify($signed),
     "XML::Sig signed Validated using DSA X509Certificate");
-
+}
 done_testing;
diff --git a/t/024-sign-wide-char.t b/t/024-sign-wide-char.t
@@ -79,12 +79,18 @@ my $signed2 = $sig2->sign($xml);
 my $is_valid2 = $sig2->verify( $signed2 );
 ok( $is_valid2 == 1 );
 
-my $sig3 = XML::Sig->new( { key => 't/dsa.private.key' } );
-isa_ok( $sig3, 'XML::Sig' );
-my $signed3 = $sig3->sign($xml);
-my $is_valid3 = $sig3->verify( $signed3 );
-ok( $is_valid3 == 1 );
 
+SKIP: {
+    eval {
+        require Crypt::OpenSSL::DSA;
+    };
+    skip "Crypt::OpenSSL::DSA not installed", 2 if ($@);
+    my $sig3 = XML::Sig->new( { key => 't/dsa.private.key' } );
+    isa_ok( $sig3, 'XML::Sig' );
+    my $signed3 = $sig3->sign($xml);
+    my $is_valid3 = $sig3->verify( $signed3 );
+    ok( $is_valid3 == 1 );
+}
 my $sig4 = XML::Sig->new( { key => 't/pkcs8.private.key' } );
 isa_ok( $sig4, 'XML::Sig' );
 my $signed4 = $sig4->sign($xml);

Original file line number	Diff line number	Diff line change
`@@ -21,6 +21,11 @@ ok($ret, "RSA: Verifed Successfully");`
`21`	`21`	`ok($sig->signer_cert);`
`22`	`22`
`23`	`23`	`# Test signing with a DSA key`
	`24`	`+SKIP: {`
	`25`	`+ eval {`
	`26`	`+ require Crypt::OpenSSL::DSA;`
	`27`	`+ };`
	`28`	`+ skip "Crypt::OpenSSL::DSA not installed", 1 if ($@);`
`24`	`29`	`foreach my $key ('t/dsa.private-2048.key', 't/dsa.private-3072.key', 't/dsa.private.key') {`
`25`	`30`
`26`	`31`	`my $dsasig = XML::Sig->new({ key => $key });`
`@@ -50,7 +55,6 @@ foreach my $key ('t/dsa.private-2048.key', 't/dsa.private-3072.key', 't/dsa.priv`
`50`	`55`
`51`	`56`	`}`
`52`	`57`	`}`
`53`		`-`
`54`	`58`	`# Ensure xmlsec still verifies properly`
`55`	`59`	`{`
`56`	`60`	`# Test that XML::Sig can verify a xmlsec1 DSA signed xml`
`@@ -74,6 +78,7 @@ foreach my $key ('t/dsa.private-2048.key', 't/dsa.private-3072.key', 't/dsa.priv`
`74`	`78`	`}`
`75`	`79`	`}`
`76`	`80`
	`81`	`+}`
`77`	`82`	`# Test that XML::Sig can verify a xmlsec1 RSA signed xml`
`78`	`83`	`$xml = slurp_file('t/signed/saml_request-xmlsec1-rsa-signed.xml');`
`79`	`84`	`my $xmlsec1_rsasig = XML::Sig->new({ x509 => 1, cert => 't/rsa.cert.pem' });`
Original file line number	Diff line number	Diff line change
`@@ -4,8 +4,15 @@ use Test::XML::Sig;`
`4`	`4`	`my $xmlsec = get_xmlsec_features;`
`5`	`5`	`my $openssl = get_openssl_features;`
`6`	`6`
`7`		`-my @hash_alg = qw/sha1 sha224 sha256 sha384 sha512/;`
	`7`	`+my @hash_alg = qw/sha224 sha256 sha384 sha512/;`
`8`	`8`	`push @hash_alg, 'ripemd160' if $xmlsec->{ripemd160};`
	`9`	`+push @hash_alg, 'sha1' if $xmlsec->{sha1_support};`
	`10`	`+SKIP: {`
	`11`	`+ eval {`
	`12`	`+ require Crypt::OpenSSL::DSA;`
	`13`	`+ };`
	`14`	`+ my $algs = scalar @hash_alg;`
	`15`	`+ skip "Crypt::OpenSSL::DSA not installed", 4 * $algs if ($@);`
`9`	`16`	`foreach my $alg (@hash_alg) {`
`10`	`17`	`my $sig = XML::Sig->new(`
`11`	`18`	`{`
`@@ -34,7 +41,7 @@ foreach my $alg (@hash_alg) {`
`34`	`41`	`$signed, qw(--verify --id-attr:ID "foo"));`
`35`	`42`	`}`
`36`	`43`	`}`
`37`		`-`
	`44`	`+}`
`38`	`45`	`foreach my $alg (@hash_alg) {`
`39`	`46`	`my $sig = XML::Sig->new(`
`40`	`47`	`{`