github
/
ruby
зеркало из https://github.com/github/ruby.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

* test/openssl/utils.rb 

test/openssl/test_pair.rb
  test/openssl/test_pkey_dh.rb: Use 1024 bit DH parameters to satisfy
  OpenSSL FIPS requirements. Patch by Vit Ondruch.
  [Bug #6938] [ruby-core:47326]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36843 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
emboss 2012-08-28 20:03:32 +00:00
Родитель 9b9e6875e8
Коммит 9871dd5783
4 изменённых файлов: 23 добавлений и 14 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

8
ChangeLog
Просмотреть файл

@ -1,3 +1,11 @@
Wed Aug 29 04:50:04 2012 Martin Bosslet <Martin.Bosslet@googlemail.com>
* test/openssl/utils.rb
test/openssl/test_pair.rb
test/openssl/test_pkey_dh.rb: Use 1024 bit DH parameters to satisfy
OpenSSL FIPS requirements. Patch by Vit Ondruch.
[Bug #6938] [ruby-core:47326]
Tue Aug 28 22:31:49 2012 CHIKANAGA Tomoyuki <nagachika@ruby-lang.org> Tue Aug 28 22:31:49 2012 CHIKANAGA Tomoyuki <nagachika@ruby-lang.org>
* insns.def (checkmatch): suppress warnings. [ruby-core:47339] * insns.def (checkmatch): suppress warnings. [ruby-core:47339]

5
test/openssl/test_pair.rb
Просмотреть файл

@ -6,13 +6,12 @@ require 'socket'
require_relative '../ruby/ut_eof' require_relative '../ruby/ut_eof'
module SSLPair module SSLPair
DHParam = OpenSSL::PKey::DH.new(128)
def server def server
host = "127.0.0.1" host = "127.0.0.1"
port = 0 port = 0
ctx = OpenSSL::SSL::SSLContext.new() ctx = OpenSSL::SSL::SSLContext.new()
ctx.ciphers = "ADH" ctx.ciphers = "ADH"
ctx.tmp_dh_callback = proc { DHParam } ctx.tmp_dh_callback = proc { OpenSSL::TestUtils::TEST_KEY_DH1024 }
tcps = TCPServer.new(host, port) tcps = TCPServer.new(host, port)
ssls = OpenSSL::SSL::SSLServer.new(tcps, ctx) ssls = OpenSSL::SSL::SSLServer.new(tcps, ctx)
return ssls return ssls
@ -192,7 +191,7 @@ class OpenSSL::TestPair < Test::Unit::TestCase
port = 0 port = 0
ctx = OpenSSL::SSL::SSLContext.new() ctx = OpenSSL::SSL::SSLContext.new()
ctx.ciphers = "ADH" ctx.ciphers = "ADH"
ctx.tmp_dh_callback = proc { DHParam } ctx.tmp_dh_callback = proc { OpenSSL::TestUtils::TEST_KEY_DH1024 }
serv = TCPServer.new(host, port) serv = TCPServer.new(host, port)
port = serv.connect_address.ip_port port = serv.connect_address.ip_port

16
test/openssl/test_pkey_dh.rb
Просмотреть файл

@ -4,19 +4,19 @@ if defined?(OpenSSL)
class OpenSSL::TestPKeyDH < Test::Unit::TestCase class OpenSSL::TestPKeyDH < Test::Unit::TestCase
def test_new def test_new
dh = OpenSSL::PKey::DH.new(256) dh = OpenSSL::PKey::DH.new(1024)
assert_key(dh) assert_key(dh)
end end
def test_new_break def test_new_break
assert_nil(OpenSSL::PKey::DH.new(256) { break }) assert_nil(OpenSSL::PKey::DH.new(1024) { break })
assert_raises(RuntimeError) do assert_raises(RuntimeError) do
OpenSSL::PKey::DH.new(256) { raise } OpenSSL::PKey::DH.new(1024) { raise }
end end
end end
def test_to_der def test_to_der
dh = OpenSSL::PKey::DH.new(256) dh = OpenSSL::TestUtils::TEST_KEY_DH1024
der = dh.to_der der = dh.to_der
dh2 = OpenSSL::PKey::DH.new(der) dh2 = OpenSSL::PKey::DH.new(der)
assert_equal_params(dh, dh2) assert_equal_params(dh, dh2)
@ -24,7 +24,7 @@ class OpenSSL::TestPKeyDH < Test::Unit::TestCase
end end
def test_to_pem def test_to_pem
dh = OpenSSL::PKey::DH.new(256) dh = OpenSSL::TestUtils::TEST_KEY_DH1024
pem = dh.to_pem pem = dh.to_pem
dh2 = OpenSSL::PKey::DH.new(pem) dh2 = OpenSSL::PKey::DH.new(pem)
assert_equal_params(dh, dh2) assert_equal_params(dh, dh2)
@ -32,7 +32,7 @@ class OpenSSL::TestPKeyDH < Test::Unit::TestCase
end end
def test_public_key def test_public_key
dh = OpenSSL::PKey::DH.new(256) dh = OpenSSL::TestUtils::TEST_KEY_DH1024
public_key = dh.public_key public_key = dh.public_key
assert_no_key(public_key) #implies public_key.public? is false! assert_no_key(public_key) #implies public_key.public? is false!
assert_equal(dh.to_der, public_key.to_der) assert_equal(dh.to_der, public_key.to_der)
@ -40,14 +40,14 @@ class OpenSSL::TestPKeyDH < Test::Unit::TestCase
end end
def test_generate_key def test_generate_key
dh = OpenSSL::TestUtils::TEST_KEY_DH512.public_key # creates a copy dh = OpenSSL::TestUtils::TEST_KEY_DH512_PUB.public_key # creates a copy
assert_no_key(dh) assert_no_key(dh)
dh.generate_key! dh.generate_key!
assert_key(dh) assert_key(dh)
end end
def test_key_exchange def test_key_exchange
dh = OpenSSL::TestUtils::TEST_KEY_DH512 dh = OpenSSL::TestUtils::TEST_KEY_DH512_PUB
dh2 = dh.public_key dh2 = dh.public_key
dh.generate_key! dh.generate_key!
dh2.generate_key! dh2.generate_key!

8
test/openssl/utils.rb
Просмотреть файл

@ -92,13 +92,16 @@ CeBUl+MahZtn9fO1JKdF4qJmS39dXnpENg==
end end
TEST_KEY_DH512 = OpenSSL::PKey::DH.new <<-_end_of_pem_ TEST_KEY_DH512_PUB = OpenSSL::PKey::DH.new <<-_end_of_pem_
-----BEGIN DH PARAMETERS----- -----BEGIN DH PARAMETERS-----
MEYCQQDmWXGPqk76sKw/edIOdhAQD4XzjJ+AR/PTk2qzaGs+u4oND2yU5D2NN4wr MEYCQQDmWXGPqk76sKw/edIOdhAQD4XzjJ+AR/PTk2qzaGs+u4oND2yU5D2NN4wr
aPgwHyJBiK1/ebK3tYcrSKrOoRyrAgEC aPgwHyJBiK1/ebK3tYcrSKrOoRyrAgEC
-----END DH PARAMETERS----- -----END DH PARAMETERS-----
_end_of_pem_ _end_of_pem_
TEST_KEY_DH1024 = OpenSSL::PKey::DH.new(1024)
module_function module_function
def issue_cert(dn, key, serial, not_before, not_after, extensions, def issue_cert(dn, key, serial, not_before, not_after, extensions,
@ -238,7 +241,6 @@ aPgwHyJBiK1/ebK3tYcrSKrOoRyrAgEC
rescue Errno::EBADF, IOError, Errno::EINVAL, Errno::ECONNABORTED, Errno::ENOTSOCK, Errno::ECONNRESET rescue Errno::EBADF, IOError, Errno::EINVAL, Errno::ECONNABORTED, Errno::ENOTSOCK, Errno::ECONNRESET
end end
DHParam = OpenSSL::PKey::DH.new(128)
def start_server(port0, verify_mode, start_immediately, args = {}, &block) def start_server(port0, verify_mode, start_immediately, args = {}, &block)
ctx_proc = args[:ctx_proc] ctx_proc = args[:ctx_proc]
server_proc = args[:server_proc] server_proc = args[:server_proc]
@ -252,7 +254,7 @@ aPgwHyJBiK1/ebK3tYcrSKrOoRyrAgEC
#ctx.extra_chain_cert = [ ca_cert ] #ctx.extra_chain_cert = [ ca_cert ]
ctx.cert = @svr_cert ctx.cert = @svr_cert
ctx.key = @svr_key ctx.key = @svr_key
ctx.tmp_dh_callback = proc { DHParam } ctx.tmp_dh_callback = proc { OpenSSL::TestUtils::TEST_KEY_DH1024 }
ctx.verify_mode = verify_mode ctx.verify_mode = verify_mode
ctx_proc.call(ctx) if ctx_proc ctx_proc.call(ctx) if ctx_proc