ruby.git/test/openssl/test_pkey_dsa.rb, branch v3_3_11

Update openssl gem to 3.2.2

2025-10-11T07:53:43+00:00

[ruby/openssl] Prefer String#unpack1

2023-09-06T10:24:53+00:00

(https://github.com/ruby/openssl/pull/586)

String#unpack1 avoids the intermediate array created by String#unpack
for single elements, while also making a call to Array#first/[0]
unnecessary.

https://github.com/ruby/openssl/commit/8eb0715a42

[ruby/openssl] Use SHA256 instead of SHA1 where needed in tests.

2022-12-13T09:07:41+00:00

Systems such as RHEL 9 are moving away from SHA1
disabling it completely in default configuration.

https://github.com/ruby/openssl/commit/32648da2f6

[ruby/openssl] pkey/dsa: let PKey::DSA.generate choose appropriate q size

2022-10-17T07:35:35+00:00

DSA parameters generation via EVP_PKEY_paramgen() will not automatically
adjust the size of q value but uses 224 bits by default unless specified
explicitly. This behavior is different from the now-deprecated
DSA_generate_parameters_ex(), which PKey::DSA.generate used to call.

Fixes https://github.com/ruby/openssl/issues/483

Fixes: https://github.com/ruby/openssl/commit/1800a8d5ebaf ("pkey/dsa: use high level EVP interface to generate parameters and keys", 2020-05-17)

https://github.com/ruby/openssl/commit/0105975a0b

[ruby/openssl] pkey: deprecate PKey#set_* methods

2021-12-20T14:42:02+00:00

OpenSSL 3.0 made EVP_PKEY immutable. This means we can only have a const
pointer of the low level struct and the following methods can no longer
be provided when linked against OpenSSL 3.0:

 - OpenSSL::PKey::RSA#set_key
 - OpenSSL::PKey::RSA#set_factors
 - OpenSSL::PKey::RSA#set_crt_params
 - OpenSSL::PKey::DSA#set_pqg
 - OpenSSL::PKey::DSA#set_key
 - OpenSSL::PKey::DH#set_pqg
 - OpenSSL::PKey::DH#set_key
 - OpenSSL::PKey::EC#group=
 - OpenSSL::PKey::EC#private_key=
 - OpenSSL::PKey::EC#public_key=

There is no direct replacement for this functionality at the moment.
I plan to introduce a wrapper around EVP_PKEY_fromdata(), which takes
all key components at once to construct an EVP_PKEY.

https://github.com/ruby/openssl/commit/6848d2d969

[ruby/openssl] test/openssl/utils: remove dup_public helper method

2021-10-23T04:38:36+00:00

It uses deprecated PKey::{RSA,DSA,DH}#set_* methods, which will not
work with OpenSSL 3.0. The same can easily be achieved using
PKey#public_to_der regardless of the key kind.

https://github.com/ruby/openssl/commit/7b66eaa2db

[ruby/openssl] pkey: implement PKey#sign_raw, #verify_raw, and #verify_recover

2021-07-18T08:44:58+00:00

Add a variant of PKey#sign and #verify that do not hash the data
automatically.

Sometimes the caller has the hashed data only, but not the plaintext
to be signed. In that case, users would have to use the low-level API
such as RSA#private_encrypt or #public_decrypt directly.

OpenSSL 1.0.0 and later supports EVP_PKEY_sign() and EVP_PKEY_verify()
which provide the same functionality as part of the EVP API. This patch
adds wrappers for them.

https://github.com/ruby/openssl/commit/16cca4e0c4

[ruby/openssl] pkey/dsa: use high level EVP interface to generate parameters and keys

2021-07-18T08:44:49+00:00

Implement PKey::DSA.new(size) and PKey::DSA.generate using
OpenSSL::PKey.generate_parameters and .generate_key instead of the low
level DSA functions.

https://github.com/ruby/openssl/commit/1800a8d5eb

[ruby/openssl] Look up digest by name instead of constant

2020-05-13T06:47:51+00:00

https://github.com/ruby/openssl/commit/b28fb2f05c

[ruby/openssl] Add Marshal support to PKey objects

2020-05-13T06:47:51+00:00

https://github.com/ruby/openssl/commit/c4374ff041