From bcd0bcc3904db4755ac6cf2b14020872ca328cc7 Mon Sep 17 00:00:00 2001
From: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Thu, 6 May 2010 10:13:46 +0000
Subject: * test/openssl/test_ec.rb: added test_dsa_sign_asn1_FIPS186_3. dgst
 is   truncated with ec_key.group.order.size after openssl 0.9.8m for   FIPS
 186-3 compliance.

  WARNING: ruby-openssl aims to wrap an OpenSSL so when you're using
  openssl 0.9.8l or earlier version, EC.dsa_sign_asn1 raises
  OpenSSL::PKey::ECError as before and EC.dsa_verify_asn1 just returns
  false when you pass dgst longer than expected (no truncation
  performed).

* ext/openssl/ossl_pkey_ec.c: rdoc typo fixed.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@27645 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 test/openssl/test_ec.rb | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

(limited to 'test/openssl')

diff --git a/test/openssl/test_ec.rb b/test/openssl/test_ec.rb
index 282bb67624..39f5577dc2 100644
--- a/test/openssl/test_ec.rb
+++ b/test/openssl/test_ec.rb
@@ -87,9 +87,24 @@ class OpenSSL::TestEC < Test::Unit::TestCase
   def test_dsa_sign_verify
     for key in @keys
       sig = key.dsa_sign_asn1(@data1)
-      assert_equal(key.dsa_verify_asn1(@data1, sig), true)
+      assert(key.dsa_verify_asn1(@data1, sig))
+    end
+  end
 
-      assert_raise(OpenSSL::PKey::ECError) { key.dsa_sign_asn1(@data2) }
+  def test_dsa_sign_asn1_FIPS186_3
+    for key in @keys
+      size = key.group.order.num_bits / 8 + 1
+      dgst = (1..size).to_a.pack('C*')
+      begin
+        sig = key.dsa_sign_asn1(dgst)
+        # dgst is auto-truncated according to FIPS186-3 after openssl-0.9.8m
+        assert(key.dsa_verify_asn1(dgst + "garbage", sig))
+      rescue OpenSSL::PKey::ECError => e
+        # just an exception for longer dgst before openssl-0.9.8m
+        assert_equal('ECDSA_sign: data too large for key size', e.message)
+        # no need to do following tests
+        return
+      end
     end
   end
 
-- 
cgit v1.2.3