ruby-changes:24792
From: emboss <ko1@a...>
Date: Wed, 29 Aug 2012 05:03:43 +0900 (JST)
Subject: [ruby-changes:24792] emboss:r36843 (trunk): * test/openssl/utils.rb
emboss 2012-08-29 05:03:32 +0900 (Wed, 29 Aug 2012) New Revision: 36843 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=36843 Log: * test/openssl/utils.rb test/openssl/test_pair.rb test/openssl/test_pkey_dh.rb: Use 1024 bit DH parameters to satisfy OpenSSL FIPS requirements. Patch by Vit Ondruch. [Bug #6938] [ruby-core:47326] Modified files: trunk/ChangeLog trunk/test/openssl/test_pair.rb trunk/test/openssl/test_pkey_dh.rb trunk/test/openssl/utils.rb Index: ChangeLog =================================================================== --- ChangeLog (revision 36842) +++ ChangeLog (revision 36843) @@ -1,3 +1,11 @@ +Wed Aug 29 04:50:04 2012 Martin Bosslet <Martin.Bosslet@g...> + + * test/openssl/utils.rb + test/openssl/test_pair.rb + test/openssl/test_pkey_dh.rb: Use 1024 bit DH parameters to satisfy + OpenSSL FIPS requirements. Patch by Vit Ondruch. + [Bug #6938] [ruby-core:47326] + Tue Aug 28 22:31:49 2012 CHIKANAGA Tomoyuki <nagachika@r...> * insns.def (checkmatch): suppress warnings. [ruby-core:47339] Index: test/openssl/test_pkey_dh.rb =================================================================== --- test/openssl/test_pkey_dh.rb (revision 36842) +++ test/openssl/test_pkey_dh.rb (revision 36843) @@ -4,19 +4,19 @@ class OpenSSL::TestPKeyDH < Test::Unit::TestCase def test_new - dh = OpenSSL::PKey::DH.new(256) + dh = OpenSSL::PKey::DH.new(1024) assert_key(dh) end def test_new_break - assert_nil(OpenSSL::PKey::DH.new(256) { break }) + assert_nil(OpenSSL::PKey::DH.new(1024) { break }) assert_raises(RuntimeError) do - OpenSSL::PKey::DH.new(256) { raise } + OpenSSL::PKey::DH.new(1024) { raise } end end def test_to_der - dh = OpenSSL::PKey::DH.new(256) + dh = OpenSSL::TestUtils::TEST_KEY_DH1024 der = dh.to_der dh2 = OpenSSL::PKey::DH.new(der) assert_equal_params(dh, dh2) @@ -24,7 +24,7 @@ end def test_to_pem - dh = OpenSSL::PKey::DH.new(256) + dh = OpenSSL::TestUtils::TEST_KEY_DH1024 pem = dh.to_pem dh2 = OpenSSL::PKey::DH.new(pem) assert_equal_params(dh, dh2) @@ -32,7 +32,7 @@ end def test_public_key - dh = OpenSSL::PKey::DH.new(256) + dh = OpenSSL::TestUtils::TEST_KEY_DH1024 public_key = dh.public_key assert_no_key(public_key) #implies public_key.public? is false! assert_equal(dh.to_der, public_key.to_der) @@ -40,14 +40,14 @@ end def test_generate_key - dh = OpenSSL::TestUtils::TEST_KEY_DH512.public_key # creates a copy + dh = OpenSSL::TestUtils::TEST_KEY_DH512_PUB.public_key # creates a copy assert_no_key(dh) dh.generate_key! assert_key(dh) end def test_key_exchange - dh = OpenSSL::TestUtils::TEST_KEY_DH512 + dh = OpenSSL::TestUtils::TEST_KEY_DH512_PUB dh2 = dh.public_key dh.generate_key! dh2.generate_key! Index: test/openssl/test_pair.rb =================================================================== --- test/openssl/test_pair.rb (revision 36842) +++ test/openssl/test_pair.rb (revision 36843) @@ -6,13 +6,12 @@ require_relative '../ruby/ut_eof' module SSLPair - DHParam = OpenSSL::PKey::DH.new(128) def server host = "127.0.0.1" port = 0 ctx = OpenSSL::SSL::SSLContext.new() ctx.ciphers = "ADH" - ctx.tmp_dh_callback = proc { DHParam } + ctx.tmp_dh_callback = proc { OpenSSL::TestUtils::TEST_KEY_DH1024 } tcps = TCPServer.new(host, port) ssls = OpenSSL::SSL::SSLServer.new(tcps, ctx) return ssls @@ -192,7 +191,7 @@ port = 0 ctx = OpenSSL::SSL::SSLContext.new() ctx.ciphers = "ADH" - ctx.tmp_dh_callback = proc { DHParam } + ctx.tmp_dh_callback = proc { OpenSSL::TestUtils::TEST_KEY_DH1024 } serv = TCPServer.new(host, port) port = serv.connect_address.ip_port Index: test/openssl/utils.rb =================================================================== --- test/openssl/utils.rb (revision 36842) +++ test/openssl/utils.rb (revision 36843) @@ -92,13 +92,16 @@ end - TEST_KEY_DH512 = OpenSSL::PKey::DH.new <<-_end_of_pem_ + TEST_KEY_DH512_PUB = OpenSSL::PKey::DH.new <<-_end_of_pem_ -----BEGIN DH PARAMETERS----- MEYCQQDmWXGPqk76sKw/edIOdhAQD4XzjJ+AR/PTk2qzaGs+u4oND2yU5D2NN4wr aPgwHyJBiK1/ebK3tYcrSKrOoRyrAgEC -----END DH PARAMETERS----- _end_of_pem_ + + TEST_KEY_DH1024 = OpenSSL::PKey::DH.new(1024) + module_function def issue_cert(dn, key, serial, not_before, not_after, extensions, @@ -238,7 +241,6 @@ rescue Errno::EBADF, IOError, Errno::EINVAL, Errno::ECONNABORTED, Errno::ENOTSOCK, Errno::ECONNRESET end - DHParam = OpenSSL::PKey::DH.new(128) def start_server(port0, verify_mode, start_immediately, args = {}, &block) ctx_proc = args[:ctx_proc] server_proc = args[:server_proc] @@ -252,7 +254,7 @@ #ctx.extra_chain_cert = [ ca_cert ] ctx.cert = @svr_cert ctx.key = @svr_key - ctx.tmp_dh_callback = proc { DHParam } + ctx.tmp_dh_callback = proc { OpenSSL::TestUtils::TEST_KEY_DH1024 } ctx.verify_mode = verify_mode ctx_proc.call(ctx) if ctx_proc -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/