diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2022-01-04 22:11:00 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2022-10-17 16:35:35 +0900 |
commit | 10f93a8bd787658996f08b13a0e564eaf3f41489 (patch) | |
tree | 0dfd1c5d83e8b4a101f09e85ad0e2e9cd64a21b1 /test | |
parent | 65bba0ef6fa104324d34079f107f9c72ed8d0e2f (diff) | |
download | ruby-10f93a8bd787658996f08b13a0e564eaf3f41489.tar.gz |
[ruby/openssl] pkey/dsa: let PKey::DSA.generate choose appropriate q size
DSA parameters generation via EVP_PKEY_paramgen() will not automatically
adjust the size of q value but uses 224 bits by default unless specified
explicitly. This behavior is different from the now-deprecated
DSA_generate_parameters_ex(), which PKey::DSA.generate used to call.
Fixes https://github.com/ruby/openssl/issues/483
Fixes: https://github.com/ruby/openssl/commit/1800a8d5ebaf ("pkey/dsa: use high level EVP interface to generate parameters and keys", 2020-05-17)
https://github.com/ruby/openssl/commit/0105975a0b
Diffstat (limited to 'test')
-rw-r--r-- | test/openssl/test_pkey_dsa.rb | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/test/openssl/test_pkey_dsa.rb b/test/openssl/test_pkey_dsa.rb index 726b7dbf7e..de6aa63e23 100644 --- a/test/openssl/test_pkey_dsa.rb +++ b/test/openssl/test_pkey_dsa.rb @@ -28,6 +28,25 @@ class OpenSSL::TestPKeyDSA < OpenSSL::PKeyTestCase end end + def test_generate + # DSA.generate used to call DSA_generate_parameters_ex(), which adjusts the + # size of q according to the size of p + key1024 = OpenSSL::PKey::DSA.generate(1024) + assert_predicate key1024, :private? + assert_equal 1024, key1024.p.num_bits + assert_equal 160, key1024.q.num_bits + + key2048 = OpenSSL::PKey::DSA.generate(2048) + assert_equal 2048, key2048.p.num_bits + assert_equal 256, key2048.q.num_bits + + if ENV["OSSL_TEST_ALL"] == "1" # slow + key3072 = OpenSSL::PKey::DSA.generate(3072) + assert_equal 3072, key3072.p.num_bits + assert_equal 256, key3072.q.num_bits + end + end + def test_sign_verify dsa512 = Fixtures.pkey("dsa512") data = "Sign me!" |