Skip to content

Commit 9871dd5

Browse files
author
emboss
committed
* test/openssl/utils.rb
 test/openssl/test_pair.rb test/openssl/test_pkey_dh.rb: Use 1024 bit DH parameters to satisfy OpenSSL FIPS requirements. Patch by Vit Ondruch. [Bug #6938] [ruby-core:47326] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36843 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
1 parent 9b9e687 commit 9871dd5

File tree

4 files changed

+23
-14
lines changed

4 files changed

+23
-14
lines changed

ChangeLog

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,11 @@
1+
Wed Aug 29 04:50:04 2012 Martin Bosslet <Martin.Bosslet@googlemail.com>
2+
3+
* test/openssl/utils.rb
4+
test/openssl/test_pair.rb
5+
test/openssl/test_pkey_dh.rb: Use 1024 bit DH parameters to satisfy
6+
OpenSSL FIPS requirements. Patch by Vit Ondruch.
7+
[Bug #6938] [ruby-core:47326]
8+
19
Tue Aug 28 22:31:49 2012 CHIKANAGA Tomoyuki <nagachika@ruby-lang.org>
210

311
* insns.def (checkmatch): suppress warnings. [ruby-core:47339]

test/openssl/test_pair.rb

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,13 +6,12 @@
66
require_relative '../ruby/ut_eof'
77

88
module SSLPair
9-
DHParam = OpenSSL::PKey::DH.new(128)
109
def server
1110
host = "127.0.0.1"
1211
port = 0
1312
ctx = OpenSSL::SSL::SSLContext.new()
1413
ctx.ciphers = "ADH"
15-
ctx.tmp_dh_callback = proc { DHParam }
14+
ctx.tmp_dh_callback = proc { OpenSSL::TestUtils::TEST_KEY_DH1024 }
1615
tcps = TCPServer.new(host, port)
1716
ssls = OpenSSL::SSL::SSLServer.new(tcps, ctx)
1817
return ssls
@@ -192,7 +191,7 @@ def test_connect_accept_nonblock
192191
port = 0
193192
ctx = OpenSSL::SSL::SSLContext.new()
194193
ctx.ciphers = "ADH"
195-
ctx.tmp_dh_callback = proc { DHParam }
194+
ctx.tmp_dh_callback = proc { OpenSSL::TestUtils::TEST_KEY_DH1024 }
196195
serv = TCPServer.new(host, port)
197196

198197
port = serv.connect_address.ip_port

test/openssl/test_pkey_dh.rb

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -4,50 +4,50 @@
44

55
class OpenSSL::TestPKeyDH < Test::Unit::TestCase
66
def test_new
7-
dh = OpenSSL::PKey::DH.new(256)
7+
dh = OpenSSL::PKey::DH.new(1024)
88
assert_key(dh)
99
end
1010

1111
def test_new_break
12-
assert_nil(OpenSSL::PKey::DH.new(256) { break })
12+
assert_nil(OpenSSL::PKey::DH.new(1024) { break })
1313
assert_raises(RuntimeError) do
14-
OpenSSL::PKey::DH.new(256) { raise }
14+
OpenSSL::PKey::DH.new(1024) { raise }
1515
end
1616
end
1717

1818
def test_to_der
19-
dh = OpenSSL::PKey::DH.new(256)
19+
dh = OpenSSL::TestUtils::TEST_KEY_DH1024
2020
der = dh.to_der
2121
dh2 = OpenSSL::PKey::DH.new(der)
2222
assert_equal_params(dh, dh2)
2323
assert_no_key(dh2)
2424
end
2525

2626
def test_to_pem
27-
dh = OpenSSL::PKey::DH.new(256)
27+
dh = OpenSSL::TestUtils::TEST_KEY_DH1024
2828
pem = dh.to_pem
2929
dh2 = OpenSSL::PKey::DH.new(pem)
3030
assert_equal_params(dh, dh2)
3131
assert_no_key(dh2)
3232
end
3333

3434
def test_public_key
35-
dh = OpenSSL::PKey::DH.new(256)
35+
dh = OpenSSL::TestUtils::TEST_KEY_DH1024
3636
public_key = dh.public_key
3737
assert_no_key(public_key) #implies public_key.public? is false!
3838
assert_equal(dh.to_der, public_key.to_der)
3939
assert_equal(dh.to_pem, public_key.to_pem)
4040
end
4141

4242
def test_generate_key
43-
dh = OpenSSL::TestUtils::TEST_KEY_DH512.public_key # creates a copy
43+
dh = OpenSSL::TestUtils::TEST_KEY_DH512_PUB.public_key # creates a copy
4444
assert_no_key(dh)
4545
dh.generate_key!
4646
assert_key(dh)
4747
end
4848

4949
def test_key_exchange
50-
dh = OpenSSL::TestUtils::TEST_KEY_DH512
50+
dh = OpenSSL::TestUtils::TEST_KEY_DH512_PUB
5151
dh2 = dh.public_key
5252
dh.generate_key!
5353
dh2.generate_key!

test/openssl/utils.rb

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -92,13 +92,16 @@ module OpenSSL::TestUtils
9292

9393
end
9494

95-
TEST_KEY_DH512 = OpenSSL::PKey::DH.new <<-_end_of_pem_
95+
TEST_KEY_DH512_PUB = OpenSSL::PKey::DH.new <<-_end_of_pem_
9696
-----BEGIN DH PARAMETERS-----
9797
MEYCQQDmWXGPqk76sKw/edIOdhAQD4XzjJ+AR/PTk2qzaGs+u4oND2yU5D2NN4wr
9898
aPgwHyJBiK1/ebK3tYcrSKrOoRyrAgEC
9999
-----END DH PARAMETERS-----
100100
_end_of_pem_
101101

102+
103+
TEST_KEY_DH1024 = OpenSSL::PKey::DH.new(1024)
104+
102105
module_function
103106

104107
def issue_cert(dn, key, serial, not_before, not_after, extensions,
@@ -238,7 +241,6 @@ def server_loop(ctx, ssls, server_proc)
238241
rescue Errno::EBADF, IOError, Errno::EINVAL, Errno::ECONNABORTED, Errno::ENOTSOCK, Errno::ECONNRESET
239242
end
240243

241-
DHParam = OpenSSL::PKey::DH.new(128)
242244
def start_server(port0, verify_mode, start_immediately, args = {}, &block)
243245
ctx_proc = args[:ctx_proc]
244246
server_proc = args[:server_proc]
@@ -252,7 +254,7 @@ def start_server(port0, verify_mode, start_immediately, args = {}, &block)
252254
#ctx.extra_chain_cert = [ ca_cert ]
253255
ctx.cert = @svr_cert
254256
ctx.key = @svr_key
255-
ctx.tmp_dh_callback = proc { DHParam }
257+
ctx.tmp_dh_callback = proc { OpenSSL::TestUtils::TEST_KEY_DH1024 }
256258
ctx.verify_mode = verify_mode
257259
ctx_proc.call(ctx) if ctx_proc
258260

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy