fix: thread-safe digest buffer in get_message_digest()

.github/dependabot.yml

@@ -0,0 +1,6 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "monthly"

.github/workflows/testsuite.yml

@@ -0,0 +1,175 @@
+name: linux
+
+on:
+  push:
+    branches:
+      - '*'
+    tags-ignore:
+      - '*'
+  pull_request:
+    types: [ opened, synchronize, reopened, edited, ready_for_review ]
+
+jobs:
+
+#
+# A quick and cheap test first before running other jobs
+#
+
+  ubuntu:
+    env:
+      PERL_USE_UNSAFE_INC: 0
+      AUTHOR_TESTING: 1
+      AUTOMATED_TESTING: 1
+      RELEASE_TESTING: 1
+
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+
+    steps:
+      - uses: actions/checkout@v6
+      - run: openssl version
+      - run: perl -V
+      - name: uses install-with-cpm
+        uses: perl-actions/install-with-cpm@v1
+        with:
+          cpanfile: "cpanfile"
+      - name: Makefile.PL
+        run: perl -I$(pwd) Makefile.PL
+      - run: make && ( make test || prove -wbvm t/*.t )
+
+  openssl-matrix:
+    env:
+      PERL_USE_UNSAFE_INC: 0
+      AUTHOR_TESTING: 1
+      AUTOMATED_TESTING: 1
+      RELEASE_TESTING: 1
+
+    runs-on: ubuntu-latest
+    needs: [ubuntu]
+    name: "OpenSSL ${{ matrix.os-version }}"
+
+    strategy:
+      fail-fast: false
+      matrix:
+        os-version:
+        #  - debian:buster       # OpenSSL 1.1.1
+          - debian:bullseye     # OpenSSL 1.1.1
+          - debian:bookworm     # OpenSSL 3.0.x
+          - debian:trixie       # OpenSSL 3.4.x (Debian 13)
+          - almalinux:9         # OpenSSL with new crypto policies (RHEL-compatible)
+
+    container: ${{ matrix.os-version }}
+    steps:
+      - uses: actions/checkout@v6
+      - name: Install dependencies using apt-get
+        if: ${{ startsWith(matrix.os-version, 'debian:') }}
+        run: |
+          apt-get update
+          apt-get install -y openssl perl make gcc libssl-dev sudo curl
+      - name: Install dependencies using yum
+        if: ${{ matrix.os-version == 'almalinux:9' }}
+        run: |
+          yum install --skip-broken -y openssl perl make gcc openssl-devel sudo curl
+      - run: openssl version
+      - run: perl -V
+      - name: uses install-with-cpm
+        uses: perl-actions/install-with-cpm@v1
+        with:
+          cpanfile: "cpanfile"
+      - name: Makefile.PL
+        run: perl -I$(pwd) Makefile.PL
+      - run: make && prove -wbvm t/*.t
+
+#
+# List of Perl Versions available
+#
+
+  perl-versions:
+      runs-on: ubuntu-latest
+      needs: [openssl-matrix]
+      name: List Perl versions
+      outputs:
+        perl-versions: ${{ steps.action.outputs.perl-versions }}
+      steps:
+        - id: action
+          uses: perl-actions/perl-versions@v1
+          with:
+            since-perl: v5.10
+            with-devel: true
+
+#
+# The Perl matrix on linux
+#
+
+  perl:
+    env:
+      PERL_USE_UNSAFE_INC: 0
+      AUTHOR_TESTING: 1
+      AUTOMATED_TESTING: 1
+      RELEASE_TESTING: 1
+
+    runs-on: ubuntu-latest
+    needs: [openssl-matrix,perl-versions]
+    name: "Perl ${{ matrix.perl-version }}"
+
+    strategy:
+      fail-fast: false
+      matrix:
+        perl-version: ${{ fromJson (needs.perl-versions.outputs.perl-versions) }}
+
+    container: perldocker/perl-tester:${{ matrix.perl-version }}
+
+    steps:
+      - uses: actions/checkout@v6
+      - run: openssl version
+      - run: perl -V
+      - name: Deps for testing
+        run: |
+          cpanm --notest Crypt::OpenSSL::Random Crypt::OpenSSL::Guess Test::CPAN::Meta Perl::MinimumVersion Test::Pod::Coverage Test::Pod Test::MinimumVersion Crypt::OpenSSL::Bignum ||:
+          cpanm --notest Crypt::OpenSSL::Random Crypt::OpenSSL::Guess Test::CPAN::Meta Perl::MinimumVersion Test::Pod::Coverage Test::Pod Test::MinimumVersion Crypt::OpenSSL::Bignum
+          # not available < 5.12
+          cpanm --notest Test::Kwalitee ||:
+      - run: perl Makefile.PL
+      - run: make && ( make test || prove -wbvm t/*.t )
+
+#
+# Windows
+#
+
+  windows:
+    env:
+      PERL_USE_UNSAFE_INC: 0
+      AUTHOR_TESTING: 0
+      AUTOMATED_TESTING: 1
+      RELEASE_TESTING: 0
+
+    needs: [openssl-matrix, perl-versions]
+    runs-on: windows-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        perl-version: [latest]
+
+    steps:
+      - uses: actions/checkout@v6
+      - name: Set up Perl
+        run: |
+          # skip installing perl if it is already installed.
+          if (!(Test-Path "C:\strawberry\perl\bin")) {
+            choco install strawberryperl
+          }
+          echo @"
+          C:\strawberry\c\bin
+          C:\strawberry\perl\site\bin
+          C:\strawberry\perl\bin
+          "@ |
+            Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
+      - run: openssl version
+      - run: perl -V
+      - name: Deps for testing
+        run: cpanm --notest Crypt::OpenSSL::Random Crypt::OpenSSL::Guess
+      - run: perl Makefile.PL
+      - run: make && ( make test || prove -wbvm t/*.t )

.gitignore

@@ -15,7 +15,5 @@
 *.o
 *.gcov
 *.gcno
-*.gcov
 *.gcda
-*.gcno
 *.ERR

Changes

@@ -1,5 +1,38 @@
 Revision history for Perl extension Crypt::OpenSSL::RSA.
 
+0.37 Oct 29 2025
+     - Fix libressl bitwise logic error in RSA.xs
+
+0.36 Oct 29 2025
+     - Fix old openssl on strawberry does not include whrlpool.h
+     - libressl message digest functions md cannot be NULL
+     - Don't support whirlpool in libressl
+     - Add support for use_pkcs1_pss_padding with fatal error if RSA-PSS is used for encryption operations
+
+0.35 May 7 2025
+    - Disable PKCS#1 v1.5 padding. It's not practical to mitigate marvin attacks so we will instead disable this and require alternatives to address the issue.
+      - Resolves #42 - CVE-2024-2467.
+
+0.34 May 5 2025
+    - Production release.
+
+0.34_03 May 4 2025
+    - Fix bug in rsa_crypt. Need to pass NULL
+
+0.34_02 May 4 2025
+    - t/rsa.t needs to tolerate sha1 being disabled on rhel.
+
+0.34_01 May 3 2025
+    - docs - plaintext = decrypt(cyphertext)
+    - #44 - Fix issue when libz is not linked on AIX
+    - #50 - Correct openssl version may not be found
+    - #52 - Out of memory on openssl 1.1.1w hpux
+    - #47 - Update FSF address and LGPL name in LICENSE
+    - #55 - stop using AutoLoader
+    - #48 - Whirlpool is missing the header
+    - Move github repo to cpan-authors
+    - Fully support openSSL 3.x API
+
 0.33 July 7 2022
     - Update for windows github CI
     - Remove duplicit 'LICENSE' key