diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2022-09-08 20:50:19 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2022-09-08 20:50:19 +0900 |
commit | 7f5b5adcc57ff1402e17c992009588441f85bf3f (patch) | |
tree | f04042f727e924b73b6aa8b82a08e869ef22d16c /test/openssl | |
parent | ed8375999b4bbb4dbbc6151f160634c45a973495 (diff) | |
parent | e5bbd015dcb4fd2c3c31f9024ee1e476087c148d (diff) | |
download | ruby-openssl-7f5b5adcc57ff1402e17c992009588441f85bf3f.tar.gz |
Merge branch 'maint-3.0'
* maint-3.0:
Ruby/OpenSSL 3.0.1
Ruby/OpenSSL 2.2.2
Ruby/OpenSSL 2.1.4
Make GitHub Actions happy on 2.1/2.2 branches
test/openssl/test_cipher: skip AES-CCM tests on OpenSSL <= 1.1.1b
pkey/ec: check existence of public key component before exporting
pkey: restore support for decoding "openssl ecparam -genkey" output
pkey: clear error queue before each OSSL_DECODER_from_bio() call
pkey/dsa: let PKey::DSA.generate choose appropriate q size
hmac: use EVP_PKEY_new_raw_private_key() if available
x509*: fix error queue leak in #extensions= and #attributes= methods
Check if the option is an Hash in `pkey_ctx_apply_options0()`
Diffstat (limited to 'test/openssl')
-rw-r--r-- | test/openssl/test_hmac.rb | 8 | ||||
-rw-r--r-- | test/openssl/test_pkey_dsa.rb | 19 | ||||
-rw-r--r-- | test/openssl/test_pkey_ec.rb | 25 | ||||
-rw-r--r-- | test/openssl/test_pkey_rsa.rb | 5 |
4 files changed, 57 insertions, 0 deletions
diff --git a/test/openssl/test_hmac.rb b/test/openssl/test_hmac.rb index 2f53a813..3cb70744 100644 --- a/test/openssl/test_hmac.rb +++ b/test/openssl/test_hmac.rb @@ -62,6 +62,14 @@ class OpenSSL::TestHMAC < OpenSSL::TestCase b64digest = OpenSSL::HMAC.base64digest("MD5", key, "Hi There") assert_equal "kpRyejY4uxwT9I74FYv8nQ==", b64digest end + + def test_zero_length_key + # Empty string as the key + hexdigest = OpenSSL::HMAC.hexdigest("SHA256", "\0"*32, "test") + assert_equal "43b0cef99265f9e34c10ea9d3501926d27b39f57c6d674561d8ba236e7a819fb", hexdigest + hexdigest = OpenSSL::HMAC.hexdigest("SHA256", "", "test") + assert_equal "43b0cef99265f9e34c10ea9d3501926d27b39f57c6d674561d8ba236e7a819fb", hexdigest + end end end diff --git a/test/openssl/test_pkey_dsa.rb b/test/openssl/test_pkey_dsa.rb index 726b7dbf..de6aa63e 100644 --- a/test/openssl/test_pkey_dsa.rb +++ b/test/openssl/test_pkey_dsa.rb @@ -28,6 +28,25 @@ class OpenSSL::TestPKeyDSA < OpenSSL::PKeyTestCase end end + def test_generate + # DSA.generate used to call DSA_generate_parameters_ex(), which adjusts the + # size of q according to the size of p + key1024 = OpenSSL::PKey::DSA.generate(1024) + assert_predicate key1024, :private? + assert_equal 1024, key1024.p.num_bits + assert_equal 160, key1024.q.num_bits + + key2048 = OpenSSL::PKey::DSA.generate(2048) + assert_equal 2048, key2048.p.num_bits + assert_equal 256, key2048.q.num_bits + + if ENV["OSSL_TEST_ALL"] == "1" # slow + key3072 = OpenSSL::PKey::DSA.generate(3072) + assert_equal 3072, key3072.p.num_bits + assert_equal 256, key3072.q.num_bits + end + end + def test_sign_verify dsa512 = Fixtures.pkey("dsa512") data = "Sign me!" diff --git a/test/openssl/test_pkey_ec.rb b/test/openssl/test_pkey_ec.rb index ffe5a94e..9a4818de 100644 --- a/test/openssl/test_pkey_ec.rb +++ b/test/openssl/test_pkey_ec.rb @@ -61,8 +61,10 @@ class OpenSSL::TestEC < OpenSSL::PKeyTestCase def test_generate_key ec = OpenSSL::PKey::EC.new("prime256v1") assert_equal false, ec.private? + assert_raise(OpenSSL::PKey::ECError) { ec.to_der } ec.generate_key! assert_equal true, ec.private? + assert_nothing_raised { ec.to_der } end if !openssl?(3, 0, 0) def test_marshal @@ -199,6 +201,29 @@ class OpenSSL::TestEC < OpenSSL::PKeyTestCase assert_equal pem, p256.export end + def test_ECPrivateKey_with_parameters + p256 = Fixtures.pkey("p256") + + # The format used by "openssl ecparam -name prime256v1 -genkey -outform PEM" + # + # "EC PARAMETERS" block should be ignored if it is followed by an + # "EC PRIVATE KEY" block + in_pem = <<~EOF + -----BEGIN EC PARAMETERS----- + BggqhkjOPQMBBw== + -----END EC PARAMETERS----- + -----BEGIN EC PRIVATE KEY----- + MHcCAQEEIID49FDqcf1O1eO8saTgG70UbXQw9Fqwseliit2aWhH1oAoGCCqGSM49 + AwEHoUQDQgAEFglk2c+oVUIKQ64eZG9bhLNPWB7lSZ/ArK41eGy5wAzU/0G51Xtt + CeBUl+MahZtn9fO1JKdF4qJmS39dXnpENg== + -----END EC PRIVATE KEY----- + EOF + + key = OpenSSL::PKey::EC.new(in_pem) + assert_same_ec p256, key + assert_equal p256.to_der, key.to_der + end + def test_ECPrivateKey_encrypted p256 = Fixtures.pkey("p256") # key = abcdef diff --git a/test/openssl/test_pkey_rsa.rb b/test/openssl/test_pkey_rsa.rb index 4bb39ed4..fa84b76f 100644 --- a/test/openssl/test_pkey_rsa.rb +++ b/test/openssl/test_pkey_rsa.rb @@ -108,6 +108,11 @@ class OpenSSL::TestPKeyRSA < OpenSSL::PKeyTestCase salt_length: 20, mgf1_hash: "SHA1") # Defaults to PKCS #1 v1.5 padding => verification failure assert_equal false, key.verify("SHA256", sig_pss, data) + + # option type check + assert_raise_with_message(TypeError, /expected Hash/) { + key.sign("SHA256", data, ["x"]) + } end def test_sign_verify_raw |