ruby.git/test/openssl/test_pkey_dh.rb, branch v3_3_11 The Ruby Programming Language Fix test_pkey_dh.rb in FIPS. 2023-11-25T10:12:28+00:00 Jun Aruga jaruga@redhat.com 2023-11-07T13:36:17+00:00 543dd74049f18db2f8dd9ac05b25f8dbff2edc14 We use dh2048_ffdhe2048.pem file (DH 2048 bits) instead of dh1024.pem file in both non-FIPS and FIPS cases. Because the following command fails to generate the pem file with 1024 bits. And the OpenSSL FIPS 140-2 security policy document explains the DH public keys are allowed from 2048 bits.[1] ``` $ OPENSSL_CONF=/home/jaruga/.local/openssl-3.3.0-dev-fips-debug-1aa08644ec/ssl/openssl_fips.cnf \ /home/jaruga/.local/openssl-3.3.0-dev-fips-debug-1aa08644ec/bin/openssl \ dhparam -out dh1024.pem 1024 Generating DH parameters, 1024 bit long safe prime dhparam: Generating DH key parameters failed ``` The dh2048_ffdhe2048.pem file was created by the following command with the OpenSSL FIPS configuration file. The logic to generate the DH pem file is different between non-FIPS and FIPS cases. In FIPS, it seems that the command always returns the text defined as ffdhe2048 in the FFDHE groups in RFC 7919 unlike non-FIPS.[2] As the generated pem file is a normal and valid PKCS#3-style group parameter, we use the file for the non-FIPS case too. ``` $ OPENSSL_CONF=/home/jaruga/.local/openssl-3.3.0-dev-fips-debug-1aa08644ec/ssl/openssl_fips.cnf \ /home/jaruga/.local/openssl-3.3.0-dev-fips-debug-1aa08644ec/bin/openssl \ dhparam -out dh2048_ffdhe2048.pem 2048 ``` Note that the hard-coded PEM-encoded string in the `test_DHparams` is intentional to avoid modifying the content unintentionally. * [1] https://www.openssl.org/source/ - OpenSSL 3.0.8 FIPS 140-2 security policy document page 25, Table 10 – Public Keys - DH Public - DH (2048/3072/4096/6144/8192) public key agreement key * [2] RFC7919 - Appendix A.1: ffdhe2048 https://www.rfc-editor.org/rfc/rfc7919#appendix-A.1 
We use dh2048_ffdhe2048.pem file (DH 2048 bits) instead of dh1024.pem file in
both non-FIPS and FIPS cases. Because the following command fails to generate
the pem file with 1024 bits. And the OpenSSL FIPS 140-2 security policy
document explains the DH public keys are allowed from 2048 bits.[1]

```
$ OPENSSL_CONF=/home/jaruga/.local/openssl-3.3.0-dev-fips-debug-1aa08644ec/ssl/openssl_fips.cnf \
  /home/jaruga/.local/openssl-3.3.0-dev-fips-debug-1aa08644ec/bin/openssl \
  dhparam -out dh1024.pem 1024
Generating DH parameters, 1024 bit long safe prime
dhparam: Generating DH key parameters failed
```

The dh2048_ffdhe2048.pem file was created by the following command with the
OpenSSL FIPS configuration file. The logic to generate the DH pem file is
different between non-FIPS and FIPS cases. In FIPS, it seems that the command
always returns the text defined as ffdhe2048 in the FFDHE groups in RFC 7919
unlike non-FIPS.[2]

As the generated pem file is a normal and valid PKCS#3-style group parameter, we
use the file for the non-FIPS case too.

```
$ OPENSSL_CONF=/home/jaruga/.local/openssl-3.3.0-dev-fips-debug-1aa08644ec/ssl/openssl_fips.cnf \
  /home/jaruga/.local/openssl-3.3.0-dev-fips-debug-1aa08644ec/bin/openssl \
  dhparam -out dh2048_ffdhe2048.pem 2048
```

Note that the hard-coded PEM-encoded string in the `test_DHparams` is
intentional to avoid modifying the content unintentionally.

* [1] https://www.openssl.org/source/ - OpenSSL 3.0.8 FIPS 140-2 security
  policy document page 25, Table 10 – Public Keys - DH Public
  - DH (2048/3072/4096/6144/8192) public key agreement key
* [2] RFC7919 - Appendix A.1: ffdhe2048
  https://www.rfc-editor.org/rfc/rfc7919#appendix-A.1
[ruby/openssl] pkey: deprecate PKey#set_* methods 2021-12-20T14:42:02+00:00 Kazuki Yamaguchi k@rhe.jp 2021-09-21T09:29:59+00:00 8ebf5978852e22358cbcdf74c0eb506f22e2c73f OpenSSL 3.0 made EVP_PKEY immutable. This means we can only have a const pointer of the low level struct and the following methods can no longer be provided when linked against OpenSSL 3.0: - OpenSSL::PKey::RSA#set_key - OpenSSL::PKey::RSA#set_factors - OpenSSL::PKey::RSA#set_crt_params - OpenSSL::PKey::DSA#set_pqg - OpenSSL::PKey::DSA#set_key - OpenSSL::PKey::DH#set_pqg - OpenSSL::PKey::DH#set_key - OpenSSL::PKey::EC#group= - OpenSSL::PKey::EC#private_key= - OpenSSL::PKey::EC#public_key= There is no direct replacement for this functionality at the moment. I plan to introduce a wrapper around EVP_PKEY_fromdata(), which takes all key components at once to construct an EVP_PKEY. https://github.com/ruby/openssl/commit/6848d2d969 
OpenSSL 3.0 made EVP_PKEY immutable. This means we can only have a const
pointer of the low level struct and the following methods can no longer
be provided when linked against OpenSSL 3.0:

 - OpenSSL::PKey::RSA#set_key
 - OpenSSL::PKey::RSA#set_factors
 - OpenSSL::PKey::RSA#set_crt_params
 - OpenSSL::PKey::DSA#set_pqg
 - OpenSSL::PKey::DSA#set_key
 - OpenSSL::PKey::DH#set_pqg
 - OpenSSL::PKey::DH#set_key
 - OpenSSL::PKey::EC#group=
 - OpenSSL::PKey::EC#private_key=
 - OpenSSL::PKey::EC#public_key=

There is no direct replacement for this functionality at the moment.
I plan to introduce a wrapper around EVP_PKEY_fromdata(), which takes
all key components at once to construct an EVP_PKEY.

https://github.com/ruby/openssl/commit/6848d2d969
[ruby/openssl] pkey/dh: deprecate OpenSSL::PKey::DH#generate_key! 2021-12-20T14:42:02+00:00 Kazuki Yamaguchi k@rhe.jp 2021-10-22T07:24:07+00:00 0d698be04f6c76250706e8d56f542c3c7fca0fa7 OpenSSL::PKey::DH#generate_key! will not work on OpenSSL 3.0 because keys are made immutable. Users should use OpenSSL::PKey.generate_key instead. https://github.com/ruby/openssl/commit/8ee6a582c7 
OpenSSL::PKey::DH#generate_key! will not work on OpenSSL 3.0 because
keys are made immutable. Users should use OpenSSL::PKey.generate_key
instead.

https://github.com/ruby/openssl/commit/8ee6a582c7
[ruby/openssl] test/openssl/utils: remove dup_public helper method 2021-10-23T04:38:36+00:00 Kazuki Yamaguchi k@rhe.jp 2021-05-31T02:44:05+00:00 37632a0ac635082e4ca9ca5b1c8da6b6770ff0ed It uses deprecated PKey::{RSA,DSA,DH}#set_* methods, which will not work with OpenSSL 3.0. The same can easily be achieved using PKey#public_to_der regardless of the key kind. https://github.com/ruby/openssl/commit/7b66eaa2db 
It uses deprecated PKey::{RSA,DSA,DH}#set_* methods, which will not
work with OpenSSL 3.0. The same can easily be achieved using
PKey#public_to_der regardless of the key kind.

https://github.com/ruby/openssl/commit/7b66eaa2db
[ruby/openssl] pkey/dh, pkey/ec: use EVP_PKEY_check() family 2021-07-18T08:44:52+00:00 Kazuki Yamaguchi k@rhe.jp 2020-07-10T05:34:51+00:00 6d71918d94a6b34249015499e5e822d3b20fd10f Use EVP_PKEY_param_check() instead of DH_check() if available. Also, use EVP_PKEY_public_check() instead of EC_KEY_check_key(). EVP_PKEY_*check() is part of the EVP API and is meant to replace those low-level functions. They were added by OpenSSL 1.1.1. It is currently not provided by LibreSSL. https://github.com/ruby/openssl/commit/797e9f8e08 
Use EVP_PKEY_param_check() instead of DH_check() if available. Also,
use EVP_PKEY_public_check() instead of EC_KEY_check_key().

EVP_PKEY_*check() is part of the EVP API and is meant to replace those
low-level functions. They were added by OpenSSL 1.1.1. It is currently
not provided by LibreSSL.

https://github.com/ruby/openssl/commit/797e9f8e08
[ruby/openssl] pkey/dh: use high level EVP interface to generate parameters and keys 2021-07-18T08:44:47+00:00 Kazuki Yamaguchi k@rhe.jp 2020-05-17T11:48:23+00:00 098985a5e66e4dd6b01d246909b66d3d7e4024c0 Implement PKey::DH.new(size, gen), PKey::DH.generate(size, gen), and PKey::DH#generate_key! using PKey.generate_parameters and .generate_key instead of the low level DH functions. Note that the EVP interface can enforce additional restrictions - for example, DH key shorter than 2048 bits is no longer accepted by default in OpenSSL 3.0. The test code is updated accordingly. https://github.com/ruby/openssl/commit/c2e9b16f0b 
Implement PKey::DH.new(size, gen), PKey::DH.generate(size, gen), and
PKey::DH#generate_key! using PKey.generate_parameters and .generate_key
instead of the low level DH functions.

Note that the EVP interface can enforce additional restrictions - for
example, DH key shorter than 2048 bits is no longer accepted by default
in OpenSSL 3.0. The test code is updated accordingly.

https://github.com/ruby/openssl/commit/c2e9b16f0b
[ruby/openssl] pkey: add PKey::PKey#derive 2021-03-16T10:16:11+00:00 Kazuki Yamaguchi k@rhe.jp 2017-03-18T12:58:46+00:00 fbadb01d6e0881ef6c6e5e105b8ac20fe663c817 Add OpenSSL::PKey::PKey#derive as the wrapper for EVP_PKEY_CTX_derive(). This is useful for pkey types that we don't have dedicated classes, such as X25519. https://github.com/ruby/openssl/commit/28f0059bea 
Add OpenSSL::PKey::PKey#derive as the wrapper for EVP_PKEY_CTX_derive().
This is useful for pkey types that we don't have dedicated classes, such
as X25519.

https://github.com/ruby/openssl/commit/28f0059bea
[ruby/openssl] pkey: have PKey.read parse PEM-encoded DHParameter 2021-03-16T10:16:10+00:00 Kazuki Yamaguchi k@rhe.jp 2017-03-18T08:26:33+00:00 efad0166c660d565d5e80e862cd9ff9457f8ed03 Try PEM_read_bio_Parameters(). Only PEM format is supported at the moment since corresponding d2i_* functions are not provided by OpenSSL. https://github.com/ruby/openssl/commit/867e5c021b 
Try PEM_read_bio_Parameters(). Only PEM format is supported at the
moment since corresponding d2i_* functions are not provided by OpenSSL.

https://github.com/ruby/openssl/commit/867e5c021b
[ruby/openssl] Add Marshal support to PKey objects 2020-05-13T06:47:51+00:00 Bart de Water bartdewater@gmail.com 2020-04-19T21:00:01+00:00 3f8665fe0ed5331aa723ddecbf6ad3728931c08d https://github.com/ruby/openssl/commit/c4374ff041 
https://github.com/ruby/openssl/commit/c4374ff041
Import openssl-2.2.0 (#2693) 2020-02-16T06:21:29+00:00 Hiroshi SHIBATA hsbt@ruby-lang.org 2020-02-16T06:21:29+00:00 b99775b163ce44079c1f8727ce9b4ed8bb03489d Import the master branch of ruby/openssl for preparing to release openssl-2.2.0 
Import the master branch of ruby/openssl for preparing to release openssl-2.2.0