Skip to content

Commit

Permalink
Merge pull request #539 from rhenium/ky/pkey-dsa-generate-fix-q
Browse files Browse the repository at this point in the history 
pkey/dsa: let PKey::DSA.generate choose appropriate q size
  • Loading branch information
@rhenium
rhenium authored Sep 2, 2022
2 parents 317bd5c + 0105975 commit 9247cf8
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 0 deletions.
8 changes: 8 additions & 0 deletions lib/openssl/pkey.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -167,8 +167,16 @@ class << self
# +size+::
# The desired key size in bits.
def generate(size, &blk)
# FIPS 186-4 specifies four (L,N) pairs: (1024,160), (2048,224),
# (2048,256), and (3072,256).
#
# q size is derived here with compatibility with
# DSA_generator_parameters_ex() which previous versions of ruby/openssl
# used to call.
qsize = size >= 2048 ? 256 : 160
dsaparams = OpenSSL::PKey.generate_parameters("DSA", {
"dsa_paramgen_bits" => size,
"dsa_paramgen_q_bits" => qsize,
}, &blk)
OpenSSL::PKey.generate_key(dsaparams)
end
Expand Down
19 changes: 19 additions & 0 deletions test/openssl/test_pkey_dsa.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,25 @@ def test_new_break
end
end

def test_generate
# DSA.generate used to call DSA_generate_parameters_ex(), which adjusts the
# size of q according to the size of p
key1024 = OpenSSL::PKey::DSA.generate(1024)
assert_predicate key1024, :private?
assert_equal 1024, key1024.p.num_bits
assert_equal 160, key1024.q.num_bits

key2048 = OpenSSL::PKey::DSA.generate(2048)
assert_equal 2048, key2048.p.num_bits
assert_equal 256, key2048.q.num_bits

if ENV["OSSL_TEST_ALL"] == "1" # slow
key3072 = OpenSSL::PKey::DSA.generate(3072)
assert_equal 3072, key3072.p.num_bits
assert_equal 256, key3072.q.num_bits
end
end

def test_sign_verify
dsa512 = Fixtures.pkey("dsa512")
data = "Sign me!"
Expand Down

0 comments on commit 9247cf8

Please sign in to comment.