зеркало из https://github.com/github/ruby.git
* Remove 512-bit DH group. It's affected by LogJam Attack.
https://weakdh.org/ [fix GH-1196][Bug #11968][ruby-core:72766] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53531 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
hsbt
Родитель
7e825eeefc
Коммит
55cb1b5e70
|
|
@ -1,3 +1,9 @@
|
|||
Thu Jan 14 15:08:43 2016 Tony Arcieri <bascule@gmail.com>
|
||||
|
||||
* Remove 512-bit DH group. It's affected by LogJam Attack.
|
||||
https://weakdh.org/
|
||||
[fix GH-1196][Bug #11968][ruby-core:72766]
|
||||
|
||||
Thu Jan 14 11:44:29 2016 Nobuyoshi Nakada <nobu@ruby-lang.org>
|
||||
|
||||
* variable.c (rb_f_global_variables): add $1..$9 only if $~ is
|
||||
|
|
|
|||
|
|
@ -4,13 +4,6 @@ module OpenSSL
|
|||
if defined?(OpenSSL::PKey::DH)
|
||||
|
||||
class DH
|
||||
DEFAULT_512 = new <<-_end_of_pem_
|
||||
-----BEGIN DH PARAMETERS-----
|
||||
MEYCQQD0zXHljRg/mJ9PYLACLv58Cd8VxBxxY7oEuCeURMiTqEhMym16rhhKgZG2
|
||||
zk2O9uUIBIxSj+NKMURHGaFKyIvLAgEC
|
||||
-----END DH PARAMETERS-----
|
||||
_end_of_pem_
|
||||
|
||||
DEFAULT_1024 = new <<-_end_of_pem_
|
||||
-----BEGIN DH PARAMETERS-----
|
||||
MIGHAoGBAJ0lOVy0VIr/JebWn0zDwY2h+rqITFOpdNr6ugsgvkDXuucdcChhYExJ
|
||||
|
|
@ -23,7 +16,6 @@ T4h7KZ/2zmjvV+eF8kBUHBJAojUlzxKj4QeO2x20FP9X5xmNUXeDAgEC
|
|||
DEFAULT_TMP_DH_CALLBACK = lambda { |ctx, is_export, keylen|
|
||||
warn "using default DH parameters." if $VERBOSE
|
||||
case keylen
|
||||
when 512 then OpenSSL::PKey::DH::DEFAULT_512
|
||||
when 1024 then OpenSSL::PKey::DH::DEFAULT_1024
|
||||
else
|
||||
nil
|
||||
|
|
|
|||
|
|
@ -7,16 +7,6 @@ class OpenSSL::TestPKeyDH < Test::Unit::TestCase
|
|||
|
||||
NEW_KEYLEN = 256
|
||||
|
||||
def test_DEFAULT_512
|
||||
params = <<-eop
|
||||
-----BEGIN DH PARAMETERS-----
|
||||
MEYCQQD0zXHljRg/mJ9PYLACLv58Cd8VxBxxY7oEuCeURMiTqEhMym16rhhKgZG2
|
||||
zk2O9uUIBIxSj+NKMURHGaFKyIvLAgEC
|
||||
-----END DH PARAMETERS-----
|
||||
eop
|
||||
assert_equal params, OpenSSL::PKey::DH::DEFAULT_512.to_s
|
||||
end
|
||||
|
||||
def test_DEFAULT_1024
|
||||
params = <<-eop
|
||||
-----BEGIN DH PARAMETERS-----
|
||||
|
|
@ -65,14 +55,14 @@ T4h7KZ/2zmjvV+eF8kBUHBJAojUlzxKj4QeO2x20FP9X5xmNUXeDAgEC
|
|||
end
|
||||
|
||||
def test_generate_key
|
||||
dh = OpenSSL::TestUtils::TEST_KEY_DH512_PUB.public_key # creates a copy
|
||||
dh = OpenSSL::TestUtils::TEST_KEY_DH1024.public_key # creates a copy
|
||||
assert_no_key(dh)
|
||||
dh.generate_key!
|
||||
assert_key(dh)
|
||||
end
|
||||
|
||||
def test_key_exchange
|
||||
dh = OpenSSL::TestUtils::TEST_KEY_DH512_PUB
|
||||
dh = OpenSSL::TestUtils::TEST_KEY_DH1024
|
||||
dh2 = dh.public_key
|
||||
dh.generate_key!
|
||||
dh2.generate_key!
|
||||
|
|
|
|||
|
|
@ -97,13 +97,6 @@ CeBUl+MahZtn9fO1JKdF4qJmS39dXnpENg==
|
|||
|
||||
end
|
||||
|
||||
TEST_KEY_DH512_PUB = OpenSSL::PKey::DH.new <<-_end_of_pem_
|
||||
-----BEGIN DH PARAMETERS-----
|
||||
MEYCQQDmWXGPqk76sKw/edIOdhAQD4XzjJ+AR/PTk2qzaGs+u4oND2yU5D2NN4wr
|
||||
aPgwHyJBiK1/ebK3tYcrSKrOoRyrAgEC
|
||||
-----END DH PARAMETERS-----
|
||||
_end_of_pem_
|
||||
|
||||
TEST_KEY_DH1024 = OpenSSL::PKey::DH.new <<-_end_of_pem_
|
||||
-----BEGIN DH PARAMETERS-----
|
||||
MIGHAoGBAKnKQ8MNK6nYZzLrrcuTsLxuiJGXoOO5gT+tljOTbHBuiktdMTITzIY0
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче