[前][次][番号順一覧][スレッド一覧]

ruby-changes:21584

From: nahi <ko1@a...>
Date: Fri, 4 Nov 2011 14:12:42 +0900 (JST)
Subject: [ruby-changes:21584] nahi:r33633 (trunk): * ext/openssl/ossl_pkey_rsa.c (rsa_generate): [SECURITY] Set RSA

nahi	2011-11-04 14:12:31 +0900 (Fri, 04 Nov 2011)

  New Revision: 33633

  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=33633

  Log:
    * ext/openssl/ossl_pkey_rsa.c (rsa_generate): [SECURITY] Set RSA
      exponent value correctly.  Awful bug.  This bug caused exponent of
      generated key to be always '1'.  By default, and regardless of e
      given as a parameter.
        
      !!! Keys generated by this code (trunk after 2011-09-01) must be 
      re-generated !!! (ruby_1_9_3 is safe)
            
    * test/openssl/test_pkey_rsa.rb: Add tests for default exponent and
      specifying exponent by a parameter.

  Modified files:
    trunk/ChangeLog
    trunk/ext/openssl/ossl_pkey_rsa.c
    trunk/test/openssl/test_pkey_rsa.rb

Index: ChangeLog
===================================================================
--- ChangeLog	(revision 33632)
+++ ChangeLog	(revision 33633)
@@ -1,3 +1,16 @@
+Fri Nov  4 14:08:19 2011  Hiroshi Nakamura  <nahi@r...>
+
+	* ext/openssl/ossl_pkey_rsa.c (rsa_generate): [SECURITY] Set RSA
+	  exponent value correctly.  Awful bug.  This bug caused exponent of
+	  generated key to be always '1'.  By default, and regardless of e
+	  given as a parameter.
+	  
+	  !!! Keys generated by this code (trunk after 2011-09-01) must be
+	  re-generated !!! (ruby_1_9_3 is safe)
+
+	* test/openssl/test_pkey_rsa.rb: Add tests for default exponent and
+	  specifying exponent by a parameter.
+
 Fri Nov 04 01:31:25 2011  Martin Bosslet  <Martin.Bosslet@g...>
 
 	* test/openssl/test_engine.rb: add first tests for builtin "openssl"
Index: ext/openssl/ossl_pkey_rsa.c
===================================================================
--- ext/openssl/ossl_pkey_rsa.c	(revision 33632)
+++ ext/openssl/ossl_pkey_rsa.c	(revision 33633)
@@ -110,7 +110,7 @@
 	if (rsa) RSA_free(rsa);
 	return 0;
     }
-    for (i = 0; i < (int)sizeof(exp); ++i) {
+    for (i = 0; i < (int)sizeof(exp) * 8; ++i) {
 	if (exp & (1 << i)) {
 	    if (BN_set_bit(e, i) == 0) {
 		BN_free(e);
Index: test/openssl/test_pkey_rsa.rb
===================================================================
--- test/openssl/test_pkey_rsa.rb	(revision 33632)
+++ test/openssl/test_pkey_rsa.rb	(revision 33633)
@@ -48,6 +48,18 @@
     assert_equal([], OpenSSL.errors)
   end
 
+  def test_new_exponent_default
+    assert_equal(65537, OpenSSL::PKey::RSA.new(512).e)
+  end
+
+  def test_new_with_exponent
+    1.upto(30) do |idx|
+      e = (2 ** idx) + 1
+      key = OpenSSL::PKey::RSA.new(512, e)
+      assert_equal(e, key.e)
+    end
+  end
+
   def test_new_break
     assert_nil(OpenSSL::PKey::RSA.new(1024) { break })
     assert_raise(RuntimeError) do

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]