perl-net-saml2/perl-XML-Enc

Replace Crypt::Random with Crypt::PRNG?

Closed this issue · 1 comments

NGEfreak commented

XML::Enc depends on Crypt::Random which in turn depends on Math::Pari. On systems without direct internet access it is a little inconvenient to install Math::Pari because it requires the sourcecode of PARI/GP. It also needs a very specific and very old version of PARI/GP.

Since XML::Enc already depends on CryptX (via Crypt::AuthEnc::GCM, Crypt::PK::RSA and Crypt::Mode::CBC) would it be possible to replace Crypt::Random with Crypt::PRNG? Crypt::PRNG is also part of CryptX.

The replacement is very simple:

# OLD
use Crypt::Random qw( makerandom_octet );

...

my $iv      = makerandom_octet ( Length => $ivsize);
${$key}     = makerandom_octet ( Length => $keysize);

##########################################################################

# NEW
use Crypt::PRNG qw( random_bytes );

...

my $iv      = random_bytes ( $ivsize);
${$key}     = random_bytes ( $keysize);
``
timlegge commented

I had been giving that some thought anyway. I can probably get it sorted by this weekend or early next week