* Remove 512-bit DH group. It's affected by LogJam Attack.
https://weakdh.org/ [fix GH-1196][Bug #11968][ruby-core:72766] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53531 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
parent
7e825eeefc
commit
55cb1b5e70
@ -1,3 +1,9 @@
|
|||||||
|
Thu Jan 14 15:08:43 2016 Tony Arcieri <bascule@gmail.com>
|
||||||
|
|
||||||
|
* Remove 512-bit DH group. It's affected by LogJam Attack.
|
||||||
|
https://weakdh.org/
|
||||||
|
[fix GH-1196][Bug #11968][ruby-core:72766]
|
||||||
|
|
||||||
Thu Jan 14 11:44:29 2016 Nobuyoshi Nakada <nobu@ruby-lang.org>
|
Thu Jan 14 11:44:29 2016 Nobuyoshi Nakada <nobu@ruby-lang.org>
|
||||||
|
|
||||||
* variable.c (rb_f_global_variables): add $1..$9 only if $~ is
|
* variable.c (rb_f_global_variables): add $1..$9 only if $~ is
|
||||||
|
@ -4,13 +4,6 @@ module OpenSSL
|
|||||||
if defined?(OpenSSL::PKey::DH)
|
if defined?(OpenSSL::PKey::DH)
|
||||||
|
|
||||||
class DH
|
class DH
|
||||||
DEFAULT_512 = new <<-_end_of_pem_
|
|
||||||
-----BEGIN DH PARAMETERS-----
|
|
||||||
MEYCQQD0zXHljRg/mJ9PYLACLv58Cd8VxBxxY7oEuCeURMiTqEhMym16rhhKgZG2
|
|
||||||
zk2O9uUIBIxSj+NKMURHGaFKyIvLAgEC
|
|
||||||
-----END DH PARAMETERS-----
|
|
||||||
_end_of_pem_
|
|
||||||
|
|
||||||
DEFAULT_1024 = new <<-_end_of_pem_
|
DEFAULT_1024 = new <<-_end_of_pem_
|
||||||
-----BEGIN DH PARAMETERS-----
|
-----BEGIN DH PARAMETERS-----
|
||||||
MIGHAoGBAJ0lOVy0VIr/JebWn0zDwY2h+rqITFOpdNr6ugsgvkDXuucdcChhYExJ
|
MIGHAoGBAJ0lOVy0VIr/JebWn0zDwY2h+rqITFOpdNr6ugsgvkDXuucdcChhYExJ
|
||||||
@ -23,7 +16,6 @@ T4h7KZ/2zmjvV+eF8kBUHBJAojUlzxKj4QeO2x20FP9X5xmNUXeDAgEC
|
|||||||
DEFAULT_TMP_DH_CALLBACK = lambda { |ctx, is_export, keylen|
|
DEFAULT_TMP_DH_CALLBACK = lambda { |ctx, is_export, keylen|
|
||||||
warn "using default DH parameters." if $VERBOSE
|
warn "using default DH parameters." if $VERBOSE
|
||||||
case keylen
|
case keylen
|
||||||
when 512 then OpenSSL::PKey::DH::DEFAULT_512
|
|
||||||
when 1024 then OpenSSL::PKey::DH::DEFAULT_1024
|
when 1024 then OpenSSL::PKey::DH::DEFAULT_1024
|
||||||
else
|
else
|
||||||
nil
|
nil
|
||||||
|
@ -7,16 +7,6 @@ class OpenSSL::TestPKeyDH < Test::Unit::TestCase
|
|||||||
|
|
||||||
NEW_KEYLEN = 256
|
NEW_KEYLEN = 256
|
||||||
|
|
||||||
def test_DEFAULT_512
|
|
||||||
params = <<-eop
|
|
||||||
-----BEGIN DH PARAMETERS-----
|
|
||||||
MEYCQQD0zXHljRg/mJ9PYLACLv58Cd8VxBxxY7oEuCeURMiTqEhMym16rhhKgZG2
|
|
||||||
zk2O9uUIBIxSj+NKMURHGaFKyIvLAgEC
|
|
||||||
-----END DH PARAMETERS-----
|
|
||||||
eop
|
|
||||||
assert_equal params, OpenSSL::PKey::DH::DEFAULT_512.to_s
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_DEFAULT_1024
|
def test_DEFAULT_1024
|
||||||
params = <<-eop
|
params = <<-eop
|
||||||
-----BEGIN DH PARAMETERS-----
|
-----BEGIN DH PARAMETERS-----
|
||||||
@ -65,14 +55,14 @@ T4h7KZ/2zmjvV+eF8kBUHBJAojUlzxKj4QeO2x20FP9X5xmNUXeDAgEC
|
|||||||
end
|
end
|
||||||
|
|
||||||
def test_generate_key
|
def test_generate_key
|
||||||
dh = OpenSSL::TestUtils::TEST_KEY_DH512_PUB.public_key # creates a copy
|
dh = OpenSSL::TestUtils::TEST_KEY_DH1024.public_key # creates a copy
|
||||||
assert_no_key(dh)
|
assert_no_key(dh)
|
||||||
dh.generate_key!
|
dh.generate_key!
|
||||||
assert_key(dh)
|
assert_key(dh)
|
||||||
end
|
end
|
||||||
|
|
||||||
def test_key_exchange
|
def test_key_exchange
|
||||||
dh = OpenSSL::TestUtils::TEST_KEY_DH512_PUB
|
dh = OpenSSL::TestUtils::TEST_KEY_DH1024
|
||||||
dh2 = dh.public_key
|
dh2 = dh.public_key
|
||||||
dh.generate_key!
|
dh.generate_key!
|
||||||
dh2.generate_key!
|
dh2.generate_key!
|
||||||
|
@ -97,13 +97,6 @@ CeBUl+MahZtn9fO1JKdF4qJmS39dXnpENg==
|
|||||||
|
|
||||||
end
|
end
|
||||||
|
|
||||||
TEST_KEY_DH512_PUB = OpenSSL::PKey::DH.new <<-_end_of_pem_
|
|
||||||
-----BEGIN DH PARAMETERS-----
|
|
||||||
MEYCQQDmWXGPqk76sKw/edIOdhAQD4XzjJ+AR/PTk2qzaGs+u4oND2yU5D2NN4wr
|
|
||||||
aPgwHyJBiK1/ebK3tYcrSKrOoRyrAgEC
|
|
||||||
-----END DH PARAMETERS-----
|
|
||||||
_end_of_pem_
|
|
||||||
|
|
||||||
TEST_KEY_DH1024 = OpenSSL::PKey::DH.new <<-_end_of_pem_
|
TEST_KEY_DH1024 = OpenSSL::PKey::DH.new <<-_end_of_pem_
|
||||||
-----BEGIN DH PARAMETERS-----
|
-----BEGIN DH PARAMETERS-----
|
||||||
MIGHAoGBAKnKQ8MNK6nYZzLrrcuTsLxuiJGXoOO5gT+tljOTbHBuiktdMTITzIY0
|
MIGHAoGBAKnKQ8MNK6nYZzLrrcuTsLxuiJGXoOO5gT+tljOTbHBuiktdMTITzIY0
|
||||||
|
Loading…
x
Reference in New Issue
Block a user