You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
67 lines
2.4 KiB
67 lines
2.4 KiB
From 10d2216b2f35a31777a099d9f765b0b6ea34a63e Mon Sep 17 00:00:00 2001 |
|
From: Kazuki Yamaguchi <k@rhe.jp> |
|
Date: Mon, 18 May 2020 02:35:35 +0900 |
|
Subject: [PATCH] test/openssl/test_pkey: use EC keys for |
|
PKey.generate_parameters tests |
|
|
|
OpenSSL 3.0 refuses to generate DSA parameters shorter than 2048 bits, |
|
but generating 2048 bits parameters takes very long time. Let's use EC |
|
in these test cases instead. |
|
--- |
|
test/openssl/test_pkey.rb | 27 +++++++++++---------------- |
|
1 file changed, 11 insertions(+), 16 deletions(-) |
|
|
|
diff --git a/test/openssl/test_pkey.rb b/test/openssl/test_pkey.rb |
|
index 3630458b3c..88a6e04581 100644 |
|
--- a/test/openssl/test_pkey.rb |
|
+++ b/test/openssl/test_pkey.rb |
|
@@ -27,20 +27,16 @@ def test_generic_oid_inspect |
|
end |
|
|
|
def test_s_generate_parameters |
|
- # 512 is non-default; 1024 is used if 'dsa_paramgen_bits' is not specified |
|
- # with OpenSSL 1.1.0. |
|
- pkey = OpenSSL::PKey.generate_parameters("DSA", { |
|
- "dsa_paramgen_bits" => 512, |
|
- "dsa_paramgen_q_bits" => 256, |
|
+ pkey = OpenSSL::PKey.generate_parameters("EC", { |
|
+ "ec_paramgen_curve" => "secp384r1", |
|
}) |
|
- assert_instance_of OpenSSL::PKey::DSA, pkey |
|
- assert_equal 512, pkey.p.num_bits |
|
- assert_equal 256, pkey.q.num_bits |
|
- assert_equal nil, pkey.priv_key |
|
+ assert_instance_of OpenSSL::PKey::EC, pkey |
|
+ assert_equal "secp384r1", pkey.group.curve_name |
|
+ assert_equal nil, pkey.private_key |
|
|
|
# Invalid options are checked |
|
assert_raise(OpenSSL::PKey::PKeyError) { |
|
- OpenSSL::PKey.generate_parameters("DSA", "invalid" => "option") |
|
+ OpenSSL::PKey.generate_parameters("EC", "invalid" => "option") |
|
} |
|
|
|
# Parameter generation callback is called |
|
@@ -59,14 +55,13 @@ def test_s_generate_key |
|
# DSA key pair cannot be generated without parameters |
|
OpenSSL::PKey.generate_key("DSA") |
|
} |
|
- pkey_params = OpenSSL::PKey.generate_parameters("DSA", { |
|
- "dsa_paramgen_bits" => 512, |
|
- "dsa_paramgen_q_bits" => 256, |
|
+ pkey_params = OpenSSL::PKey.generate_parameters("EC", { |
|
+ "ec_paramgen_curve" => "secp384r1", |
|
}) |
|
pkey = OpenSSL::PKey.generate_key(pkey_params) |
|
- assert_instance_of OpenSSL::PKey::DSA, pkey |
|
- assert_equal 512, pkey.p.num_bits |
|
- assert_not_equal nil, pkey.priv_key |
|
+ assert_instance_of OpenSSL::PKey::EC, pkey |
|
+ assert_equal "secp384r1", pkey.group.curve_name |
|
+ assert_not_equal nil, pkey.private_key |
|
end |
|
|
|
def test_hmac_sign_verify |
|
-- |
|
2.32.0 |
|
|
|
|