diff options
author | nahi <nahi@ruby-lang.org> | 2011-11-04 05:12:31 +0000 |
---|---|---|
committer | nahi <nahi@ruby-lang.org> | 2011-11-04 05:12:31 +0000 |
commit | a668ff3b7fc28c59b1cc914492df8635ea41a7cb (patch) | |
tree | 15f01aee3dd36b1bb02e8572b1e4137ac4c3fd5e | |
parent | 636669c452f386b83d23ebee039a99f867a31356 (diff) | |
download | ruby-openssl-history-a668ff3b7fc28c59b1cc914492df8635ea41a7cb.tar.gz |
* ext/openssl/ossl_pkey_rsa.c (rsa_generate): [SECURITY] Set RSA
exponent value correctly. Awful bug. This bug caused exponent of
generated key to be always '1'. By default, and regardless of e
given as a parameter.
!!! Keys generated by this code (trunk after 2011-09-01) must be
re-generated !!! (ruby_1_9_3 is safe)
* test/openssl/test_pkey_rsa.rb: Add tests for default exponent and
specifying exponent by a parameter.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33633 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | ext/openssl/ossl_pkey_rsa.c | 2 | ||||
-rw-r--r-- | test/test_pkey_rsa.rb | 12 |
2 files changed, 13 insertions, 1 deletions
diff --git a/ext/openssl/ossl_pkey_rsa.c b/ext/openssl/ossl_pkey_rsa.c index 1e28b4f..3f6d52c 100644 --- a/ext/openssl/ossl_pkey_rsa.c +++ b/ext/openssl/ossl_pkey_rsa.c @@ -110,7 +110,7 @@ rsa_generate(int size, int exp) if (rsa) RSA_free(rsa); return 0; } - for (i = 0; i < (int)sizeof(exp); ++i) { + for (i = 0; i < (int)sizeof(exp) * 8; ++i) { if (exp & (1 << i)) { if (BN_set_bit(e, i) == 0) { BN_free(e); diff --git a/test/test_pkey_rsa.rb b/test/test_pkey_rsa.rb index a7e8e22..b7da0ca 100644 --- a/test/test_pkey_rsa.rb +++ b/test/test_pkey_rsa.rb @@ -48,6 +48,18 @@ class OpenSSL::TestPKeyRSA < Test::Unit::TestCase assert_equal([], OpenSSL.errors) end + def test_new_exponent_default + assert_equal(65537, OpenSSL::PKey::RSA.new(512).e) + end + + def test_new_with_exponent + 1.upto(30) do |idx| + e = (2 ** idx) + 1 + key = OpenSSL::PKey::RSA.new(512, e) + assert_equal(e, key.e) + end + end + def test_new_break assert_nil(OpenSSL::PKey::RSA.new(1024) { break }) assert_raise(RuntimeError) do |