* test/openssl/test_ec.rb: added test_dsa_sign_asn1_FIPS186_3. dgst is

truncated with ec_key.group.order.size after openssl 0.9.8m for FIPS 186-3 compliance. WARNING: ruby-openssl aims to wrap an OpenSSL so when you're using openssl 0.9.8l or earlier version, EC.dsa_sign_asn1 raises OpenSSL::PKey::ECError as before and EC.dsa_verify_asn1 just returns false when you pass dgst longer than expected (no truncation performed). * ext/openssl/ossl_pkey_ec.c: rdoc typo fixed. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@27645 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2022-11-09 12:17:21 -05:00 · 2010-05-06 10:13:46 +00:00 · 2010-05-06 10:13:46 +00:00 · bcd0bcc390
commit bcd0bcc390
parent f7050e0e27
3 changed files with 32 additions and 3 deletions
--- a/14
+++ b/14
@ -1,3 +1,17 @@
+Thu May  6 19:13:43 2010  NAKAMURA, Hiroshi  <nahi@ruby-lang.org>
+
+	* test/openssl/test_ec.rb: added test_dsa_sign_asn1_FIPS186_3. dgst is
+	  truncated with ec_key.group.order.size after openssl 0.9.8m for
+	  FIPS 186-3 compliance.
+
+	  WARNING: ruby-openssl aims to wrap an OpenSSL so when you're using
+	  openssl 0.9.8l or earlier version, EC.dsa_sign_asn1 raises
+	  OpenSSL::PKey::ECError as before and EC.dsa_verify_asn1 just returns
+	  false when you pass dgst longer than expected (no truncation
+	  performed).
+
+	* ext/openssl/ossl_pkey_ec.c: rdoc typo fixed.
+
 Thu May  6 18:12:43 2010  Koichi Sasada  <ko1@atdot.net>

 	* cont.c (fiber_setcontext): Fix last commit.
--- a/ext/openssl/ossl_pkey_ec.c
+++ b/ext/openssl/ossl_pkey_ec.c
@ -681,7 +681,7 @@ static VALUE ossl_ec_key_dsa_sign_asn1(VALUE self, VALUE data)

 /*
 *  call-seq:
- *     key.dsa_verify(data, sig)   => true or false
+ *     key.dsa_verify_asn1(data, sig)   => true or false
 *
 *  See the OpenSSL documentation for ECDSA_verify()
 */
--- a/test/openssl/test_ec.rb
+++ b/test/openssl/test_ec.rb
@ -87,9 +87,24 @@ class OpenSSL::TestEC < Test::Unit::TestCase
  def test_dsa_sign_verify
    for key in @keys
      sig = key.dsa_sign_asn1(@data1)
-      assert_equal(key.dsa_verify_asn1(@data1, sig), true)
+      assert(key.dsa_verify_asn1(@data1, sig))
+    end
+  end

-      assert_raise(OpenSSL::PKey::ECError) { key.dsa_sign_asn1(@data2) }
+  def test_dsa_sign_asn1_FIPS186_3
+    for key in @keys
+      size = key.group.order.num_bits / 8 + 1
+      dgst = (1..size).to_a.pack('C*')
+      begin
+        sig = key.dsa_sign_asn1(dgst)
+        # dgst is auto-truncated according to FIPS186-3 after openssl-0.9.8m
+        assert(key.dsa_verify_asn1(dgst + "garbage", sig))
+      rescue OpenSSL::PKey::ECError => e
+        # just an exception for longer dgst before openssl-0.9.8m
+        assert_equal('ECDSA_sign: data too large for key size', e.message)
+        # no need to do following tests
+        return
+      end
    end
  end