rpms / ruby

Clone
Source Code
GIT

Files

  1.   cd5466d249287a6db4276651cf86a6e4d19906d2
  2.   SOURCES
  3.   ruby-3.1.0-test-openssl-test_pkey-use-EC-keys-for-PKey.generate.patch
Blob Blame History Raw 
From 10d2216b2f35a31777a099d9f765b0b6ea34a63e Mon Sep 17 00:00:00 2001
From: Kazuki Yamaguchi <k@rhe.jp>
Date: Mon, 18 May 2020 02:35:35 +0900
Subject: [PATCH] test/openssl/test_pkey: use EC keys for
 PKey.generate_parameters tests

OpenSSL 3.0 refuses to generate DSA parameters shorter than 2048 bits,
but generating 2048 bits parameters takes very long time. Let's use EC
in these test cases instead.
---
 test/openssl/test_pkey.rb | 27 +++++++++++----------------
 1 file changed, 11 insertions(+), 16 deletions(-)

diff --git a/test/openssl/test_pkey.rb b/test/openssl/test_pkey.rb
index 3630458b3c..88a6e04581 100644
--- a/test/openssl/test_pkey.rb
+++ b/test/openssl/test_pkey.rb
@@ -27,20 +27,16 @@ def test_generic_oid_inspect
   end
 
   def test_s_generate_parameters
-    # 512 is non-default; 1024 is used if 'dsa_paramgen_bits' is not specified
-    # with OpenSSL 1.1.0.
-    pkey = OpenSSL::PKey.generate_parameters("DSA", {
-      "dsa_paramgen_bits" => 512,
-      "dsa_paramgen_q_bits" => 256,
+    pkey = OpenSSL::PKey.generate_parameters("EC", {
+      "ec_paramgen_curve" => "secp384r1",
     })
-    assert_instance_of OpenSSL::PKey::DSA, pkey
-    assert_equal 512, pkey.p.num_bits
-    assert_equal 256, pkey.q.num_bits
-    assert_equal nil, pkey.priv_key
+    assert_instance_of OpenSSL::PKey::EC, pkey
+    assert_equal "secp384r1", pkey.group.curve_name
+    assert_equal nil, pkey.private_key
 
     # Invalid options are checked
     assert_raise(OpenSSL::PKey::PKeyError) {
-      OpenSSL::PKey.generate_parameters("DSA", "invalid" => "option")
+      OpenSSL::PKey.generate_parameters("EC", "invalid" => "option")
     }
 
     # Parameter generation callback is called
@@ -59,14 +55,13 @@ def test_s_generate_key
       # DSA key pair cannot be generated without parameters
       OpenSSL::PKey.generate_key("DSA")
     }
-    pkey_params = OpenSSL::PKey.generate_parameters("DSA", {
-      "dsa_paramgen_bits" => 512,
-      "dsa_paramgen_q_bits" => 256,
+    pkey_params = OpenSSL::PKey.generate_parameters("EC", {
+      "ec_paramgen_curve" => "secp384r1",
     })
     pkey = OpenSSL::PKey.generate_key(pkey_params)
-    assert_instance_of OpenSSL::PKey::DSA, pkey
-    assert_equal 512, pkey.p.num_bits
-    assert_not_equal nil, pkey.priv_key
+    assert_instance_of OpenSSL::PKey::EC, pkey
+    assert_equal "secp384r1", pkey.group.curve_name
+    assert_not_equal nil, pkey.private_key
   end
 
   def test_hmac_sign_verify
-- 
2.32.0

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation