ruby-changes:21584
From: nahi <ko1@a...>
Date: Fri, 4 Nov 2011 14:12:42 +0900 (JST)
Subject: [ruby-changes:21584] nahi:r33633 (trunk): * ext/openssl/ossl_pkey_rsa.c (rsa_generate): [SECURITY] Set RSA
nahi 2011-11-04 14:12:31 +0900 (Fri, 04 Nov 2011) New Revision: 33633 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=33633 Log: * ext/openssl/ossl_pkey_rsa.c (rsa_generate): [SECURITY] Set RSA exponent value correctly. Awful bug. This bug caused exponent of generated key to be always '1'. By default, and regardless of e given as a parameter. !!! Keys generated by this code (trunk after 2011-09-01) must be re-generated !!! (ruby_1_9_3 is safe) * test/openssl/test_pkey_rsa.rb: Add tests for default exponent and specifying exponent by a parameter. Modified files: trunk/ChangeLog trunk/ext/openssl/ossl_pkey_rsa.c trunk/test/openssl/test_pkey_rsa.rb Index: ChangeLog =================================================================== --- ChangeLog (revision 33632) +++ ChangeLog (revision 33633) @@ -1,3 +1,16 @@ +Fri Nov 4 14:08:19 2011 Hiroshi Nakamura <nahi@r...> + + * ext/openssl/ossl_pkey_rsa.c (rsa_generate): [SECURITY] Set RSA + exponent value correctly. Awful bug. This bug caused exponent of + generated key to be always '1'. By default, and regardless of e + given as a parameter. + + !!! Keys generated by this code (trunk after 2011-09-01) must be + re-generated !!! (ruby_1_9_3 is safe) + + * test/openssl/test_pkey_rsa.rb: Add tests for default exponent and + specifying exponent by a parameter. + Fri Nov 04 01:31:25 2011 Martin Bosslet <Martin.Bosslet@g...> * test/openssl/test_engine.rb: add first tests for builtin "openssl" Index: ext/openssl/ossl_pkey_rsa.c =================================================================== --- ext/openssl/ossl_pkey_rsa.c (revision 33632) +++ ext/openssl/ossl_pkey_rsa.c (revision 33633) @@ -110,7 +110,7 @@ if (rsa) RSA_free(rsa); return 0; } - for (i = 0; i < (int)sizeof(exp); ++i) { + for (i = 0; i < (int)sizeof(exp) * 8; ++i) { if (exp & (1 << i)) { if (BN_set_bit(e, i) == 0) { BN_free(e); Index: test/openssl/test_pkey_rsa.rb =================================================================== --- test/openssl/test_pkey_rsa.rb (revision 33632) +++ test/openssl/test_pkey_rsa.rb (revision 33633) @@ -48,6 +48,18 @@ assert_equal([], OpenSSL.errors) end + def test_new_exponent_default + assert_equal(65537, OpenSSL::PKey::RSA.new(512).e) + end + + def test_new_with_exponent + 1.upto(30) do |idx| + e = (2 ** idx) + 1 + key = OpenSSL::PKey::RSA.new(512, e) + assert_equal(e, key.e) + end + end + def test_new_break assert_nil(OpenSSL::PKey::RSA.new(1024) { break }) assert_raise(RuntimeError) do -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/