kotovalexarian-likes-github/ruby--ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Code Releases Activity

* test/openssl/test_ec.rb: added test_dsa_sign_asn1_FIPS186_3. dgst is

Browse source 
truncated with ec_key.group.order.size after openssl 0.9.8m for
  FIPS 186-3 compliance.

  WARNING: ruby-openssl aims to wrap an OpenSSL so when you're using
  openssl 0.9.8l or earlier version, EC.dsa_sign_asn1 raises
  OpenSSL::PKey::ECError as before and EC.dsa_verify_asn1 just returns
  false when you pass dgst longer than expected (no truncation
  performed).

* ext/openssl/ossl_pkey_ec.c: rdoc typo fixed.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@27645 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
nobu 2010-05-06 10:13:46 +00:00
parent f7050e0e27
commit bcd0bcc390
3 changed files with 32 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

14
ChangeLog
View file

@ -1,3 +1,17 @@
Thu May 6 19:13:43 2010 NAKAMURA, Hiroshi <nahi@ruby-lang.org>
* test/openssl/test_ec.rb: added test_dsa_sign_asn1_FIPS186_3. dgst is
truncated with ec_key.group.order.size after openssl 0.9.8m for
FIPS 186-3 compliance.
WARNING: ruby-openssl aims to wrap an OpenSSL so when you're using
openssl 0.9.8l or earlier version, EC.dsa_sign_asn1 raises
OpenSSL::PKey::ECError as before and EC.dsa_verify_asn1 just returns
false when you pass dgst longer than expected (no truncation
performed).
* ext/openssl/ossl_pkey_ec.c: rdoc typo fixed.
Thu May 6 18:12:43 2010 Koichi Sasada <ko1@atdot.net> Thu May 6 18:12:43 2010 Koichi Sasada <ko1@atdot.net>
* cont.c (fiber_setcontext): Fix last commit. * cont.c (fiber_setcontext): Fix last commit.

2
ext/openssl/ossl_pkey_ec.c
View file

@ -681,7 +681,7 @@ static VALUE ossl_ec_key_dsa_sign_asn1(VALUE self, VALUE data)
/* /*
* call-seq: * call-seq:
* key.dsa_verify(data, sig) => true or false * key.dsa_verify_asn1(data, sig) => true or false
* *
* See the OpenSSL documentation for ECDSA_verify() * See the OpenSSL documentation for ECDSA_verify()
*/ */

19
test/openssl/test_ec.rb
View file

@ -87,9 +87,24 @@ class OpenSSL::TestEC < Test::Unit::TestCase
def test_dsa_sign_verify def test_dsa_sign_verify
for key in @keys for key in @keys
sig = key.dsa_sign_asn1(@data1) sig = key.dsa_sign_asn1(@data1)
assert_equal(key.dsa_verify_asn1(@data1, sig), true) assert(key.dsa_verify_asn1(@data1, sig))
end
end
assert_raise(OpenSSL::PKey::ECError) { key.dsa_sign_asn1(@data2) } def test_dsa_sign_asn1_FIPS186_3
for key in @keys
size = key.group.order.num_bits / 8 + 1
dgst = (1..size).to_a.pack('C*')
begin
sig = key.dsa_sign_asn1(dgst)
# dgst is auto-truncated according to FIPS186-3 after openssl-0.9.8m
assert(key.dsa_verify_asn1(dgst + "garbage", sig))
rescue OpenSSL::PKey::ECError => e
# just an exception for longer dgst before openssl-0.9.8m
assert_equal('ECDSA_sign: data too large for key size', e.message)
# no need to do following tests
return
end
end end
end end