diff options
author | Yusuke Endoh <mame@ruby-lang.org> | 2021-02-16 18:21:51 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2021-07-18 17:45:02 +0900 |
commit | 3d37e5d11cdf02ed433493126e195e194d4000dc (patch) | |
tree | 6aad8033503059b5e42e7f31547fdd7ed0c33b13 /test/openssl/test_bn.rb | |
parent | 5fc2912e60c2bc58ff486d3f23f654f742332d3f (diff) |
[ruby/openssl] Add OpenSSL::BN#set_flags and #get_flags
Also, OpenSSL::BN::CONSTTIME is added.
OpenSSL itself had a feature that was vulnerable against a side-channel
attack. The OpenSSL authors determined that it was not a security issue,
and they have already fixed the issue by using BN_set_flags.
https://github.com/openssl/openssl/pull/13888
If a Ruby OpenSSL user was faced with a similar issue, they couldn't
prevent the issue because Ruby OpenSSL lacks a wrapper to BN_set_flags.
For the case, this change introduces the wrapper.
https://github.com/ruby/openssl/commit/1e565eba89
Diffstat (limited to 'test/openssl/test_bn.rb')
-rw-r--r-- | test/openssl/test_bn.rb | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/test/openssl/test_bn.rb b/test/openssl/test_bn.rb index 77cc209658..c36d6b89d8 100644 --- a/test/openssl/test_bn.rb +++ b/test/openssl/test_bn.rb @@ -307,6 +307,29 @@ class OpenSSL::TestBN < OpenSSL::TestCase bug15760 = '[ruby-core:92231] [Bug #15760]' assert_raise(ArgumentError, bug15760) { OpenSSL::BN.new(nil, 2) } end + + def test_get_flags_and_set_flags + e = OpenSSL::BN.new(999) + + assert_equal(0, e.get_flags(OpenSSL::BN::CONSTTIME)) + + e.set_flags(OpenSSL::BN::CONSTTIME) + assert_equal(OpenSSL::BN::CONSTTIME, e.get_flags(OpenSSL::BN::CONSTTIME)) + + b = OpenSSL::BN.new(2) + m = OpenSSL::BN.new(99) + assert_equal("17", b.mod_exp(e, m).to_s) + + # mod_exp fails when m is even and any argument has CONSTTIME flag + m = OpenSSL::BN.new(98) + assert_raise(OpenSSL::BNError) do + b.mod_exp(e, m) + end + + # It looks like flags cannot be removed once enabled + e.set_flags(0) + assert_equal(4, e.get_flags(OpenSSL::BN::CONSTTIME)) + end end end |