aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog14
-rw-r--r--ext/openssl/ossl_pkey_ec.c2
-rw-r--r--test/openssl/test_ec.rb19
3 files changed, 32 insertions, 3 deletions
diff --git a/ChangeLog b/ChangeLog
index a178f3bd89..7fe28bd6d8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,17 @@
+Thu May 6 19:13:43 2010 NAKAMURA, Hiroshi <nahi@ruby-lang.org>
+
+ * test/openssl/test_ec.rb: added test_dsa_sign_asn1_FIPS186_3. dgst is
+ truncated with ec_key.group.order.size after openssl 0.9.8m for
+ FIPS 186-3 compliance.
+
+ WARNING: ruby-openssl aims to wrap an OpenSSL so when you're using
+ openssl 0.9.8l or earlier version, EC.dsa_sign_asn1 raises
+ OpenSSL::PKey::ECError as before and EC.dsa_verify_asn1 just returns
+ false when you pass dgst longer than expected (no truncation
+ performed).
+
+ * ext/openssl/ossl_pkey_ec.c: rdoc typo fixed.
+
Thu May 6 18:12:43 2010 Koichi Sasada <ko1@atdot.net>
* cont.c (fiber_setcontext): Fix last commit.
diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c
index 52e910cba8..df23fba3af 100644
--- a/ext/openssl/ossl_pkey_ec.c
+++ b/ext/openssl/ossl_pkey_ec.c
@@ -681,7 +681,7 @@ static VALUE ossl_ec_key_dsa_sign_asn1(VALUE self, VALUE data)
/*
* call-seq:
- * key.dsa_verify(data, sig) => true or false
+ * key.dsa_verify_asn1(data, sig) => true or false
*
* See the OpenSSL documentation for ECDSA_verify()
*/
diff --git a/test/openssl/test_ec.rb b/test/openssl/test_ec.rb
index 282bb67624..39f5577dc2 100644
--- a/test/openssl/test_ec.rb
+++ b/test/openssl/test_ec.rb
@@ -87,9 +87,24 @@ class OpenSSL::TestEC < Test::Unit::TestCase
def test_dsa_sign_verify
for key in @keys
sig = key.dsa_sign_asn1(@data1)
- assert_equal(key.dsa_verify_asn1(@data1, sig), true)
+ assert(key.dsa_verify_asn1(@data1, sig))
+ end
+ end
- assert_raise(OpenSSL::PKey::ECError) { key.dsa_sign_asn1(@data2) }
+ def test_dsa_sign_asn1_FIPS186_3
+ for key in @keys
+ size = key.group.order.num_bits / 8 + 1
+ dgst = (1..size).to_a.pack('C*')
+ begin
+ sig = key.dsa_sign_asn1(dgst)
+ # dgst is auto-truncated according to FIPS186-3 after openssl-0.9.8m
+ assert(key.dsa_verify_asn1(dgst + "garbage", sig))
+ rescue OpenSSL::PKey::ECError => e
+ # just an exception for longer dgst before openssl-0.9.8m
+ assert_equal('ECDSA_sign: data too large for key size', e.message)
+ # no need to do following tests
+ return
+ end
end
end
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-27 20:21:17 +0000