[前][次][番号順一覧][スレッド一覧]

ruby-changes:14966

From: nahi <ko1@a...>
Date: Sun, 7 Mar 2010 06:43:56 +0900 (JST)
Subject: [ruby-changes:14966] Ruby:r26837 (ruby_1_8): * test/openssl/test_ec.rb: added test_dsa_sign_asn1_FIPS186_3. dgst is

nahi	2010-03-07 06:43:31 +0900 (Sun, 07 Mar 2010)

  New Revision: 26837

  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=26837

  Log:
    * test/openssl/test_ec.rb: added test_dsa_sign_asn1_FIPS186_3. dgst is
              truncated with ec_key.group.order.size after openssl 0.9.8m for
              FIPS 186-3 compliance.
    
              WARNING: ruby-openssl aims to wrap an OpenSSL so when you're using
              openssl 0.9.8l or earlier version, EC.dsa_sign_asn1 raises
              OpenSSL::PKey::ECError as before and EC.dsa_verify_asn1 just returns
              false when you pass dgst longer than expected (no truncation
              performed).

  Modified files:
    branches/ruby_1_8/ChangeLog
    branches/ruby_1_8/ext/openssl/ossl_pkey_ec.c
    branches/ruby_1_8/test/openssl/test_ec.rb

Index: ruby_1_8/ext/openssl/ossl_pkey_ec.c
===================================================================
--- ruby_1_8/ext/openssl/ossl_pkey_ec.c	(revision 26836)
+++ ruby_1_8/ext/openssl/ossl_pkey_ec.c	(revision 26837)
@@ -681,7 +681,7 @@
 
 /*
  *  call-seq:
- *     key.dsa_verify(data, sig)   => true or false
+ *     key.dsa_verify_asn1(data, sig)   => true or false
  *
  *  See the OpenSSL documentation for ECDSA_verify()
  */
Index: ruby_1_8/ChangeLog
===================================================================
--- ruby_1_8/ChangeLog	(revision 26836)
+++ ruby_1_8/ChangeLog	(revision 26837)
@@ -1,3 +1,17 @@
+Sun Mar  7 06:40:10 2010  NAKAMURA, Hiroshi  <nahi@r...>
+
+	* test/openssl/test_ec.rb: added test_dsa_sign_asn1_FIPS186_3. dgst is
+	  truncated with ec_key.group.order.size after openssl 0.9.8m for
+	  FIPS 186-3 compliance.
+
+	  WARNING: ruby-openssl aims to wrap an OpenSSL so when you're using
+	  openssl 0.9.8l or earlier version, EC.dsa_sign_asn1 raises
+	  OpenSSL::PKey::ECError as before and EC.dsa_verify_asn1 just returns
+	  false when you pass dgst longer than expected (no truncation
+	  performed).
+
+	* ext/openssl/ossl_pkey_ec.c: rdoc typo fixed.
+
 Sun Mar  7 06:37:27 2010  NAKAMURA, Hiroshi  <nahi@r...>
 
 	* test/openssl: backport cosmetic changes from 1.9.
Index: ruby_1_8/test/openssl/test_ec.rb
===================================================================
--- ruby_1_8/test/openssl/test_ec.rb	(revision 26836)
+++ ruby_1_8/test/openssl/test_ec.rb	(revision 26837)
@@ -87,9 +87,24 @@
   def test_dsa_sign_verify
     for key in @keys
       sig = key.dsa_sign_asn1(@data1)
-      assert_equal(key.dsa_verify_asn1(@data1, sig), true)
+      assert(key.dsa_verify_asn1(@data1, sig))
+    end
+  end
 
-      assert_raise(OpenSSL::PKey::ECError) { key.dsa_sign_asn1(@data2) }
+  def test_dsa_sign_asn1_FIPS186_3
+    for key in @keys
+      size = key.group.order.num_bits / 8 + 1
+      dgst = (1..size).to_a.pack('C*')
+      begin
+        sig = key.dsa_sign_asn1(dgst)
+        # dgst is auto-truncated according to FIPS186-3 after openssl-0.9.8m
+        assert(key.dsa_verify_asn1(dgst + "garbage", sig))
+      rescue OpenSSL::PKey::ECError => e
+        # just an exception for longer dgst before openssl-0.9.8m
+        assert_equal('ECDSA_sign: data too large for key size', e.message)
+        # no need to do following tests
+        return
+      end
     end
   end
 

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]