ruby-changes:69358
From: Kazuki <ko1@a...>
Date: Sat, 23 Oct 2021 13:40:21 +0900 (JST)
Subject: [ruby-changes:69358] 95044fa13b (master): [ruby/openssl] test/openssl/test_pkey: use EC keys for PKey.generate_parameters tests
https://git.ruby-lang.org/ruby.git/commit/?id=95044fa13b From 95044fa13b2df0377305c747c4d2b36cbdfbb750 Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi <k@r...> Date: Mon, 18 May 2020 02:35:35 +0900 Subject: [ruby/openssl] test/openssl/test_pkey: use EC keys for PKey.generate_parameters tests OpenSSL 3.0 refuses to generate DSA parameters shorter than 2048 bits, but generating 2048 bits parameters takes very long time. Let's use EC in these test cases instead. https://github.com/ruby/openssl/commit/c732387ee5 --- test/openssl/test_pkey.rb | 27 +++++++++++---------------- 1 file changed, 11 insertions(+), 16 deletions(-) diff --git a/test/openssl/test_pkey.rb b/test/openssl/test_pkey.rb index 4a539d8c46..544340e378 100644 --- a/test/openssl/test_pkey.rb +++ b/test/openssl/test_pkey.rb @@ -27,20 +27,16 @@ class OpenSSL::TestPKey < OpenSSL::PKeyTestCase https://github.com/ruby/ruby/blob/trunk/test/openssl/test_pkey.rb#L27 end def test_s_generate_parameters - # 512 is non-default; 1024 is used if 'dsa_paramgen_bits' is not specified - # with OpenSSL 1.1.0. - pkey = OpenSSL::PKey.generate_parameters("DSA", { - "dsa_paramgen_bits" => 512, - "dsa_paramgen_q_bits" => 256, + pkey = OpenSSL::PKey.generate_parameters("EC", { + "ec_paramgen_curve" => "secp384r1", }) - assert_instance_of OpenSSL::PKey::DSA, pkey - assert_equal 512, pkey.p.num_bits - assert_equal 256, pkey.q.num_bits - assert_equal nil, pkey.priv_key + assert_instance_of OpenSSL::PKey::EC, pkey + assert_equal "secp384r1", pkey.group.curve_name + assert_equal nil, pkey.private_key # Invalid options are checked assert_raise(OpenSSL::PKey::PKeyError) { - OpenSSL::PKey.generate_parameters("DSA", "invalid" => "option") + OpenSSL::PKey.generate_parameters("EC", "invalid" => "option") } # Parameter generation callback is called @@ -59,14 +55,13 @@ class OpenSSL::TestPKey < OpenSSL::PKeyTestCase https://github.com/ruby/ruby/blob/trunk/test/openssl/test_pkey.rb#L55 # DSA key pair cannot be generated without parameters OpenSSL::PKey.generate_key("DSA") } - pkey_params = OpenSSL::PKey.generate_parameters("DSA", { - "dsa_paramgen_bits" => 512, - "dsa_paramgen_q_bits" => 256, + pkey_params = OpenSSL::PKey.generate_parameters("EC", { + "ec_paramgen_curve" => "secp384r1", }) pkey = OpenSSL::PKey.generate_key(pkey_params) - assert_instance_of OpenSSL::PKey::DSA, pkey - assert_equal 512, pkey.p.num_bits - assert_not_equal nil, pkey.priv_key + assert_instance_of OpenSSL::PKey::EC, pkey + assert_equal "secp384r1", pkey.group.curve_name + assert_not_equal nil, pkey.private_key end def test_hmac_sign_verify -- cgit v1.2.1 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/