* test/openssl/utils.rb

test/openssl/test_pair.rb test/openssl/test_pkey_dh.rb: Use 1024 bit DH parameters to satisfy OpenSSL FIPS requirements. Patch by Vit Ondruch. [Bug #6938] [ruby-core:47326] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36843 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: emboss <emboss@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2012-08-28 20:03:32 +0000
committer: emboss <emboss@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2012-08-28 20:03:32 +0000
commit: 9871dd5783963ad3d341ddb58f6bfe7ca7ceb444 (patch)
tree: f08e526f6291178d38b8e7efa5120854f57ab032
parent: 9b9e6875e8a151a925fb92370c07f13c045c0a87 (diff)
4 files changed, 23 insertions, 14 deletions
diff --git a/ChangeLog b/ChangeLog
index e014fcdb58..2430d8652f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+Wed Aug 29 04:50:04 2012  Martin Bosslet  <Martin.Bosslet@googlemail.com>
+
+	* test/openssl/utils.rb
+	  test/openssl/test_pair.rb
+	  test/openssl/test_pkey_dh.rb: Use 1024 bit DH parameters to satisfy
+	  OpenSSL FIPS requirements. Patch by Vit Ondruch.
+	  [Bug #6938] [ruby-core:47326]
+
 Tue Aug 28 22:31:49 2012  CHIKANAGA Tomoyuki  <nagachika@ruby-lang.org>
 
 	* insns.def (checkmatch): suppress warnings. [ruby-core:47339]
diff --git a/test/openssl/test_pair.rb b/test/openssl/test_pair.rb
index 940fa0c0db..12af6aeff5 100644
--- a/test/openssl/test_pair.rb
+++ b/test/openssl/test_pair.rb
@@ -6,13 +6,12 @@ require 'socket'
 require_relative '../ruby/ut_eof'
 
 module SSLPair
-  DHParam = OpenSSL::PKey::DH.new(128)
   def server
     host = "127.0.0.1"
     port = 0
     ctx = OpenSSL::SSL::SSLContext.new()
     ctx.ciphers = "ADH"
-    ctx.tmp_dh_callback = proc { DHParam }
+    ctx.tmp_dh_callback = proc { OpenSSL::TestUtils::TEST_KEY_DH1024 }
     tcps = TCPServer.new(host, port)
     ssls = OpenSSL::SSL::SSLServer.new(tcps, ctx)
     return ssls
@@ -192,7 +191,7 @@ class OpenSSL::TestPair < Test::Unit::TestCase
     port = 0
     ctx = OpenSSL::SSL::SSLContext.new()
     ctx.ciphers = "ADH"
-    ctx.tmp_dh_callback = proc { DHParam }
+    ctx.tmp_dh_callback = proc { OpenSSL::TestUtils::TEST_KEY_DH1024 }
     serv = TCPServer.new(host, port)
 
     port = serv.connect_address.ip_port
diff --git a/test/openssl/test_pkey_dh.rb b/test/openssl/test_pkey_dh.rb
index 79a3e0a92c..d261c8f215 100644
--- a/test/openssl/test_pkey_dh.rb
+++ b/test/openssl/test_pkey_dh.rb
@@ -4,19 +4,19 @@ if defined?(OpenSSL)
 
 class OpenSSL::TestPKeyDH < Test::Unit::TestCase
   def test_new
-    dh = OpenSSL::PKey::DH.new(256)
+    dh = OpenSSL::PKey::DH.new(1024)
     assert_key(dh)
   end
 
   def test_new_break
-    assert_nil(OpenSSL::PKey::DH.new(256) { break })
+    assert_nil(OpenSSL::PKey::DH.new(1024) { break })
     assert_raises(RuntimeError) do
-      OpenSSL::PKey::DH.new(256) { raise }
+      OpenSSL::PKey::DH.new(1024) { raise }
     end
   end
 
   def test_to_der
-    dh = OpenSSL::PKey::DH.new(256)
+    dh = OpenSSL::TestUtils::TEST_KEY_DH1024
     der = dh.to_der
     dh2 = OpenSSL::PKey::DH.new(der)
     assert_equal_params(dh, dh2)
@@ -24,7 +24,7 @@ class OpenSSL::TestPKeyDH < Test::Unit::TestCase
   end
 
   def test_to_pem
-    dh = OpenSSL::PKey::DH.new(256)
+    dh = OpenSSL::TestUtils::TEST_KEY_DH1024
     pem = dh.to_pem
     dh2 = OpenSSL::PKey::DH.new(pem)
     assert_equal_params(dh, dh2)
@@ -32,7 +32,7 @@ class OpenSSL::TestPKeyDH < Test::Unit::TestCase
   end
 
   def test_public_key
-    dh = OpenSSL::PKey::DH.new(256)
+    dh = OpenSSL::TestUtils::TEST_KEY_DH1024
     public_key = dh.public_key
     assert_no_key(public_key) #implies public_key.public? is false!
     assert_equal(dh.to_der, public_key.to_der)
@@ -40,14 +40,14 @@ class OpenSSL::TestPKeyDH < Test::Unit::TestCase
   end
 
   def test_generate_key
-    dh = OpenSSL::TestUtils::TEST_KEY_DH512.public_key # creates a copy
+    dh = OpenSSL::TestUtils::TEST_KEY_DH512_PUB.public_key # creates a copy
     assert_no_key(dh)
     dh.generate_key!
     assert_key(dh)
   end
 
   def test_key_exchange
-    dh = OpenSSL::TestUtils::TEST_KEY_DH512
+    dh = OpenSSL::TestUtils::TEST_KEY_DH512_PUB
     dh2 = dh.public_key
     dh.generate_key!
     dh2.generate_key!
diff --git a/test/openssl/utils.rb b/test/openssl/utils.rb
index 13989ad272..aa42ef0d34 100644
--- a/test/openssl/utils.rb
+++ b/test/openssl/utils.rb
@@ -92,13 +92,16 @@ CeBUl+MahZtn9fO1JKdF4qJmS39dXnpENg==
 
 end
 
-  TEST_KEY_DH512 = OpenSSL::PKey::DH.new <<-_end_of_pem_
+  TEST_KEY_DH512_PUB = OpenSSL::PKey::DH.new <<-_end_of_pem_
 -----BEGIN DH PARAMETERS-----
 MEYCQQDmWXGPqk76sKw/edIOdhAQD4XzjJ+AR/PTk2qzaGs+u4oND2yU5D2NN4wr
 aPgwHyJBiK1/ebK3tYcrSKrOoRyrAgEC
 -----END DH PARAMETERS-----
   _end_of_pem_
 
+
+  TEST_KEY_DH1024 = OpenSSL::PKey::DH.new(1024)
+
   module_function
 
   def issue_cert(dn, key, serial, not_before, not_after, extensions,
@@ -238,7 +241,6 @@ aPgwHyJBiK1/ebK3tYcrSKrOoRyrAgEC
     rescue Errno::EBADF, IOError, Errno::EINVAL, Errno::ECONNABORTED, Errno::ENOTSOCK, Errno::ECONNRESET
     end
 
-    DHParam = OpenSSL::PKey::DH.new(128)
     def start_server(port0, verify_mode, start_immediately, args = {}, &block)
       ctx_proc = args[:ctx_proc]
       server_proc = args[:server_proc]
@@ -252,7 +254,7 @@ aPgwHyJBiK1/ebK3tYcrSKrOoRyrAgEC
       #ctx.extra_chain_cert = [ ca_cert ]
       ctx.cert = @svr_cert
       ctx.key = @svr_key
-      ctx.tmp_dh_callback = proc { DHParam }
+      ctx.tmp_dh_callback = proc { OpenSSL::TestUtils::TEST_KEY_DH1024 }
       ctx.verify_mode = verify_mode
       ctx_proc.call(ctx) if ctx_proc
author	emboss <emboss@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2012-08-28 20:03:32 +0000
committer	emboss <emboss@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2012-08-28 20:03:32 +0000
commit	9871dd5783963ad3d341ddb58f6bfe7ca7ceb444 (patch)
tree	f08e526f6291178d38b8e7efa5120854f57ab032
parent	9b9e6875e8a151a925fb92370c07f13c045c0a87 (diff)