1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00

* test/openssl/utils.rb

test/openssl/test_pair.rb
  test/openssl/test_pkey_dh.rb: Use 1024 bit DH parameters to satisfy
  OpenSSL FIPS requirements. Patch by Vit Ondruch.
  [Bug #6938] [ruby-core:47326]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36843 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
emboss 2012-08-28 20:03:32 +00:00
parent 9b9e6875e8
commit 9871dd5783
4 changed files with 23 additions and 14 deletions

View file

@ -1,3 +1,11 @@
Wed Aug 29 04:50:04 2012 Martin Bosslet <Martin.Bosslet@googlemail.com>
* test/openssl/utils.rb
test/openssl/test_pair.rb
test/openssl/test_pkey_dh.rb: Use 1024 bit DH parameters to satisfy
OpenSSL FIPS requirements. Patch by Vit Ondruch.
[Bug #6938] [ruby-core:47326]
Tue Aug 28 22:31:49 2012 CHIKANAGA Tomoyuki <nagachika@ruby-lang.org>
* insns.def (checkmatch): suppress warnings. [ruby-core:47339]

View file

@ -6,13 +6,12 @@ require 'socket'
require_relative '../ruby/ut_eof'
module SSLPair
DHParam = OpenSSL::PKey::DH.new(128)
def server
host = "127.0.0.1"
port = 0
ctx = OpenSSL::SSL::SSLContext.new()
ctx.ciphers = "ADH"
ctx.tmp_dh_callback = proc { DHParam }
ctx.tmp_dh_callback = proc { OpenSSL::TestUtils::TEST_KEY_DH1024 }
tcps = TCPServer.new(host, port)
ssls = OpenSSL::SSL::SSLServer.new(tcps, ctx)
return ssls
@ -192,7 +191,7 @@ class OpenSSL::TestPair < Test::Unit::TestCase
port = 0
ctx = OpenSSL::SSL::SSLContext.new()
ctx.ciphers = "ADH"
ctx.tmp_dh_callback = proc { DHParam }
ctx.tmp_dh_callback = proc { OpenSSL::TestUtils::TEST_KEY_DH1024 }
serv = TCPServer.new(host, port)
port = serv.connect_address.ip_port

View file

@ -4,19 +4,19 @@ if defined?(OpenSSL)
class OpenSSL::TestPKeyDH < Test::Unit::TestCase
def test_new
dh = OpenSSL::PKey::DH.new(256)
dh = OpenSSL::PKey::DH.new(1024)
assert_key(dh)
end
def test_new_break
assert_nil(OpenSSL::PKey::DH.new(256) { break })
assert_nil(OpenSSL::PKey::DH.new(1024) { break })
assert_raises(RuntimeError) do
OpenSSL::PKey::DH.new(256) { raise }
OpenSSL::PKey::DH.new(1024) { raise }
end
end
def test_to_der
dh = OpenSSL::PKey::DH.new(256)
dh = OpenSSL::TestUtils::TEST_KEY_DH1024
der = dh.to_der
dh2 = OpenSSL::PKey::DH.new(der)
assert_equal_params(dh, dh2)
@ -24,7 +24,7 @@ class OpenSSL::TestPKeyDH < Test::Unit::TestCase
end
def test_to_pem
dh = OpenSSL::PKey::DH.new(256)
dh = OpenSSL::TestUtils::TEST_KEY_DH1024
pem = dh.to_pem
dh2 = OpenSSL::PKey::DH.new(pem)
assert_equal_params(dh, dh2)
@ -32,7 +32,7 @@ class OpenSSL::TestPKeyDH < Test::Unit::TestCase
end
def test_public_key
dh = OpenSSL::PKey::DH.new(256)
dh = OpenSSL::TestUtils::TEST_KEY_DH1024
public_key = dh.public_key
assert_no_key(public_key) #implies public_key.public? is false!
assert_equal(dh.to_der, public_key.to_der)
@ -40,14 +40,14 @@ class OpenSSL::TestPKeyDH < Test::Unit::TestCase
end
def test_generate_key
dh = OpenSSL::TestUtils::TEST_KEY_DH512.public_key # creates a copy
dh = OpenSSL::TestUtils::TEST_KEY_DH512_PUB.public_key # creates a copy
assert_no_key(dh)
dh.generate_key!
assert_key(dh)
end
def test_key_exchange
dh = OpenSSL::TestUtils::TEST_KEY_DH512
dh = OpenSSL::TestUtils::TEST_KEY_DH512_PUB
dh2 = dh.public_key
dh.generate_key!
dh2.generate_key!

View file

@ -92,13 +92,16 @@ CeBUl+MahZtn9fO1JKdF4qJmS39dXnpENg==
end
TEST_KEY_DH512 = OpenSSL::PKey::DH.new <<-_end_of_pem_
TEST_KEY_DH512_PUB = OpenSSL::PKey::DH.new <<-_end_of_pem_
-----BEGIN DH PARAMETERS-----
MEYCQQDmWXGPqk76sKw/edIOdhAQD4XzjJ+AR/PTk2qzaGs+u4oND2yU5D2NN4wr
aPgwHyJBiK1/ebK3tYcrSKrOoRyrAgEC
-----END DH PARAMETERS-----
_end_of_pem_
TEST_KEY_DH1024 = OpenSSL::PKey::DH.new(1024)
module_function
def issue_cert(dn, key, serial, not_before, not_after, extensions,
@ -238,7 +241,6 @@ aPgwHyJBiK1/ebK3tYcrSKrOoRyrAgEC
rescue Errno::EBADF, IOError, Errno::EINVAL, Errno::ECONNABORTED, Errno::ENOTSOCK, Errno::ECONNRESET
end
DHParam = OpenSSL::PKey::DH.new(128)
def start_server(port0, verify_mode, start_immediately, args = {}, &block)
ctx_proc = args[:ctx_proc]
server_proc = args[:server_proc]
@ -252,7 +254,7 @@ aPgwHyJBiK1/ebK3tYcrSKrOoRyrAgEC
#ctx.extra_chain_cert = [ ca_cert ]
ctx.cert = @svr_cert
ctx.key = @svr_key
ctx.tmp_dh_callback = proc { DHParam }
ctx.tmp_dh_callback = proc { OpenSSL::TestUtils::TEST_KEY_DH1024 }
ctx.verify_mode = verify_mode
ctx_proc.call(ctx) if ctx_proc