diff options
author | nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2010-05-06 10:13:46 +0000 |
---|---|---|
committer | nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2010-05-06 10:13:46 +0000 |
commit | bcd0bcc3904db4755ac6cf2b14020872ca328cc7 (patch) | |
tree | 3307f5fb8bb3ab0a34f9b623fb310eb7bd090180 | |
parent | f7050e0e27322ae10b00a8fb65e20118d68e8f4f (diff) | |
download | ruby-bcd0bcc3904db4755ac6cf2b14020872ca328cc7.tar.gz |
* test/openssl/test_ec.rb: added test_dsa_sign_asn1_FIPS186_3. dgst is
truncated with ec_key.group.order.size after openssl 0.9.8m for
FIPS 186-3 compliance.
WARNING: ruby-openssl aims to wrap an OpenSSL so when you're using
openssl 0.9.8l or earlier version, EC.dsa_sign_asn1 raises
OpenSSL::PKey::ECError as before and EC.dsa_verify_asn1 just returns
false when you pass dgst longer than expected (no truncation
performed).
* ext/openssl/ossl_pkey_ec.c: rdoc typo fixed.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@27645 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | ChangeLog | 14 | ||||
-rw-r--r-- | ext/openssl/ossl_pkey_ec.c | 2 | ||||
-rw-r--r-- | test/openssl/test_ec.rb | 19 |
3 files changed, 32 insertions, 3 deletions
@@ -1,3 +1,17 @@ +Thu May 6 19:13:43 2010 NAKAMURA, Hiroshi <nahi@ruby-lang.org> + + * test/openssl/test_ec.rb: added test_dsa_sign_asn1_FIPS186_3. dgst is + truncated with ec_key.group.order.size after openssl 0.9.8m for + FIPS 186-3 compliance. + + WARNING: ruby-openssl aims to wrap an OpenSSL so when you're using + openssl 0.9.8l or earlier version, EC.dsa_sign_asn1 raises + OpenSSL::PKey::ECError as before and EC.dsa_verify_asn1 just returns + false when you pass dgst longer than expected (no truncation + performed). + + * ext/openssl/ossl_pkey_ec.c: rdoc typo fixed. + Thu May 6 18:12:43 2010 Koichi Sasada <ko1@atdot.net> * cont.c (fiber_setcontext): Fix last commit. diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c index 52e910cba8..df23fba3af 100644 --- a/ext/openssl/ossl_pkey_ec.c +++ b/ext/openssl/ossl_pkey_ec.c @@ -681,7 +681,7 @@ static VALUE ossl_ec_key_dsa_sign_asn1(VALUE self, VALUE data) /* * call-seq: - * key.dsa_verify(data, sig) => true or false + * key.dsa_verify_asn1(data, sig) => true or false * * See the OpenSSL documentation for ECDSA_verify() */ diff --git a/test/openssl/test_ec.rb b/test/openssl/test_ec.rb index 282bb67624..39f5577dc2 100644 --- a/test/openssl/test_ec.rb +++ b/test/openssl/test_ec.rb @@ -87,9 +87,24 @@ class OpenSSL::TestEC < Test::Unit::TestCase def test_dsa_sign_verify for key in @keys sig = key.dsa_sign_asn1(@data1) - assert_equal(key.dsa_verify_asn1(@data1, sig), true) + assert(key.dsa_verify_asn1(@data1, sig)) + end + end - assert_raise(OpenSSL::PKey::ECError) { key.dsa_sign_asn1(@data2) } + def test_dsa_sign_asn1_FIPS186_3 + for key in @keys + size = key.group.order.num_bits / 8 + 1 + dgst = (1..size).to_a.pack('C*') + begin + sig = key.dsa_sign_asn1(dgst) + # dgst is auto-truncated according to FIPS186-3 after openssl-0.9.8m + assert(key.dsa_verify_asn1(dgst + "garbage", sig)) + rescue OpenSSL::PKey::ECError => e + # just an exception for longer dgst before openssl-0.9.8m + assert_equal('ECDSA_sign: data too large for key size', e.message) + # no need to do following tests + return + end end end |