diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2016-08-06 13:18:41 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2016-08-07 17:15:18 +0900 |
commit | 88e510ed590026df208f182ca78f558a26c08a85 (patch) | |
tree | 43ba9071a3c9c7dc885f31591a9061de7c0b0dae /test/test_pkey_dsa.rb | |
parent | aba0560a65f97bd64299035ed825d286a13fb6b0 (diff) | |
download | ruby-openssl-88e510ed590026df208f182ca78f558a26c08a85.tar.gz |
pkey: don't pass a seed to DSA_generate_parameters_ex()
We currently always pass 20 random bytes generated by RAND_bytes(). It
is fine when generating parameters <= 1024 bits, because OpenSSL
requires a seed with the same length as the prime q, which is 160 bits.
FIPS 186-3 allowed the parameters to be >= 2048 bits. For them, OpenSSL
generates a 256 bits long q. We can pass 32 bytes long random bytes
instead, but the function is able to generate on its own. So just give
NULL.
Diffstat (limited to 'test/test_pkey_dsa.rb')
-rw-r--r-- | test/test_pkey_dsa.rb | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/test/test_pkey_dsa.rb b/test/test_pkey_dsa.rb index 522cdeed..ed79e0de 100644 --- a/test/test_pkey_dsa.rb +++ b/test/test_pkey_dsa.rb @@ -20,6 +20,11 @@ class OpenSSL::TestPKeyDSA < OpenSSL::TestCase key = OpenSSL::PKey::DSA.new 256 pem = key.public_key.to_pem OpenSSL::PKey::DSA.new pem + if $0 == __FILE__ + assert_nothing_raised { + key = OpenSSL::PKey::DSA.new 2048 + } + end end def test_new_break |