summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authornahi <nahi@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2011-11-04 05:12:31 +0000
committernahi <nahi@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2011-11-04 05:12:31 +0000
commitab682d95e077b43db7dfd293744aa546888d7e35 (patch)
tree588eefd840864850059897fa5c5227f3d0a86a1f
parent3463615a69288dd066df0579eea087737a6c6bf8 (diff)
* ext/openssl/ossl_pkey_rsa.c (rsa_generate): [SECURITY] Set RSA
exponent value correctly. Awful bug. This bug caused exponent of generated key to be always '1'. By default, and regardless of e given as a parameter. !!! Keys generated by this code (trunk after 2011-09-01) must be re-generated !!! (ruby_1_9_3 is safe) * test/openssl/test_pkey_rsa.rb: Add tests for default exponent and specifying exponent by a parameter. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33633 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat
-rw-r--r--ChangeLog13
-rw-r--r--ext/openssl/ossl_pkey_rsa.c2
-rw-r--r--test/openssl/test_pkey_rsa.rb12
3 files changed, 26 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index 875d0aaa9d..ae3bd1d1f2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,16 @@
+Fri Nov 4 14:08:19 2011 Hiroshi Nakamura <nahi@ruby-lang.org>
+
+ * ext/openssl/ossl_pkey_rsa.c (rsa_generate): [SECURITY] Set RSA
+ exponent value correctly. Awful bug. This bug caused exponent of
+ generated key to be always '1'. By default, and regardless of e
+ given as a parameter.
+
+ !!! Keys generated by this code (trunk after 2011-09-01) must be
+ re-generated !!! (ruby_1_9_3 is safe)
+
+ * test/openssl/test_pkey_rsa.rb: Add tests for default exponent and
+ specifying exponent by a parameter.
+
Fri Nov 04 01:31:25 2011 Martin Bosslet <Martin.Bosslet@googlemail.com>
* test/openssl/test_engine.rb: add first tests for builtin "openssl"
diff --git a/ext/openssl/ossl_pkey_rsa.c b/ext/openssl/ossl_pkey_rsa.c
index 1e28b4fb2b..3f6d52cf08 100644
--- a/ext/openssl/ossl_pkey_rsa.c
+++ b/ext/openssl/ossl_pkey_rsa.c
@@ -110,7 +110,7 @@ rsa_generate(int size, int exp)
if (rsa) RSA_free(rsa);
return 0;
}
- for (i = 0; i < (int)sizeof(exp); ++i) {
+ for (i = 0; i < (int)sizeof(exp) * 8; ++i) {
if (exp & (1 << i)) {
if (BN_set_bit(e, i) == 0) {
BN_free(e);
diff --git a/test/openssl/test_pkey_rsa.rb b/test/openssl/test_pkey_rsa.rb
index a7e8e229d1..b7da0ca427 100644
--- a/test/openssl/test_pkey_rsa.rb
+++ b/test/openssl/test_pkey_rsa.rb
@@ -48,6 +48,18 @@ class OpenSSL::TestPKeyRSA < Test::Unit::TestCase
assert_equal([], OpenSSL.errors)
end
+ def test_new_exponent_default
+ assert_equal(65537, OpenSSL::PKey::RSA.new(512).e)
+ end
+
+ def test_new_with_exponent
+ 1.upto(30) do |idx|
+ e = (2 ** idx) + 1
+ key = OpenSSL::PKey::RSA.new(512, e)
+ assert_equal(e, key.e)
+ end
+ end
+
def test_new_break
assert_nil(OpenSSL::PKey::RSA.new(1024) { break })
assert_raise(RuntimeError) do
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-23 21:11:23 +0000