1berry/ruby
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

* Remove 512-bit DH group. It's affected by LogJam Attack.

Browse Source 
https://weakdh.org/
  [fix GH-1196][Bug #11968][ruby-core:72766]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53531 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
hsbt 2016-01-14 06:09:19 +00:00
parent 7e825eeefc
commit 55cb1b5e70
4 changed files with 8 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -1,3 +1,9 @@
Thu Jan 14 15:08:43 2016 Tony Arcieri <bascule@gmail.com>
* Remove 512-bit DH group. It's affected by LogJam Attack.
https://weakdh.org/
[fix GH-1196][Bug #11968][ruby-core:72766]
Thu Jan 14 11:44:29 2016 Nobuyoshi Nakada <nobu@ruby-lang.org> Thu Jan 14 11:44:29 2016 Nobuyoshi Nakada <nobu@ruby-lang.org>
* variable.c (rb_f_global_variables): add $1..$9 only if $~ is * variable.c (rb_f_global_variables): add $1..$9 only if $~ is

8
ext/openssl/lib/openssl/pkey.rb
View File

@ -4,13 +4,6 @@ module OpenSSL
if defined?(OpenSSL::PKey::DH) if defined?(OpenSSL::PKey::DH)
class DH class DH
DEFAULT_512 = new <<-_end_of_pem_
-----BEGIN DH PARAMETERS-----
MEYCQQD0zXHljRg/mJ9PYLACLv58Cd8VxBxxY7oEuCeURMiTqEhMym16rhhKgZG2
zk2O9uUIBIxSj+NKMURHGaFKyIvLAgEC
-----END DH PARAMETERS-----
_end_of_pem_
DEFAULT_1024 = new <<-_end_of_pem_ DEFAULT_1024 = new <<-_end_of_pem_
-----BEGIN DH PARAMETERS----- -----BEGIN DH PARAMETERS-----
MIGHAoGBAJ0lOVy0VIr/JebWn0zDwY2h+rqITFOpdNr6ugsgvkDXuucdcChhYExJ MIGHAoGBAJ0lOVy0VIr/JebWn0zDwY2h+rqITFOpdNr6ugsgvkDXuucdcChhYExJ
@ -23,7 +16,6 @@ T4h7KZ/2zmjvV+eF8kBUHBJAojUlzxKj4QeO2x20FP9X5xmNUXeDAgEC
DEFAULT_TMP_DH_CALLBACK = lambda { |ctx, is_export, keylen| DEFAULT_TMP_DH_CALLBACK = lambda { |ctx, is_export, keylen|
warn "using default DH parameters." if $VERBOSE warn "using default DH parameters." if $VERBOSE
case keylen case keylen
when 512 then OpenSSL::PKey::DH::DEFAULT_512
when 1024 then OpenSSL::PKey::DH::DEFAULT_1024 when 1024 then OpenSSL::PKey::DH::DEFAULT_1024
else else
nil nil

14
test/openssl/test_pkey_dh.rb
View File

@ -7,16 +7,6 @@ class OpenSSL::TestPKeyDH < Test::Unit::TestCase
NEW_KEYLEN = 256 NEW_KEYLEN = 256
def test_DEFAULT_512
params = <<-eop
-----BEGIN DH PARAMETERS-----
MEYCQQD0zXHljRg/mJ9PYLACLv58Cd8VxBxxY7oEuCeURMiTqEhMym16rhhKgZG2
zk2O9uUIBIxSj+NKMURHGaFKyIvLAgEC
-----END DH PARAMETERS-----
eop
assert_equal params, OpenSSL::PKey::DH::DEFAULT_512.to_s
end
def test_DEFAULT_1024 def test_DEFAULT_1024
params = <<-eop params = <<-eop
-----BEGIN DH PARAMETERS----- -----BEGIN DH PARAMETERS-----
@ -65,14 +55,14 @@ T4h7KZ/2zmjvV+eF8kBUHBJAojUlzxKj4QeO2x20FP9X5xmNUXeDAgEC
end end
def test_generate_key def test_generate_key
dh = OpenSSL::TestUtils::TEST_KEY_DH512_PUB.public_key # creates a copy dh = OpenSSL::TestUtils::TEST_KEY_DH1024.public_key # creates a copy
assert_no_key(dh) assert_no_key(dh)
dh.generate_key! dh.generate_key!
assert_key(dh) assert_key(dh)
end end
def test_key_exchange def test_key_exchange
dh = OpenSSL::TestUtils::TEST_KEY_DH512_PUB dh = OpenSSL::TestUtils::TEST_KEY_DH1024
dh2 = dh.public_key dh2 = dh.public_key
dh.generate_key! dh.generate_key!
dh2.generate_key! dh2.generate_key!

7
test/openssl/utils.rb
View File

@ -97,13 +97,6 @@ CeBUl+MahZtn9fO1JKdF4qJmS39dXnpENg==
end end
TEST_KEY_DH512_PUB = OpenSSL::PKey::DH.new <<-_end_of_pem_
-----BEGIN DH PARAMETERS-----
MEYCQQDmWXGPqk76sKw/edIOdhAQD4XzjJ+AR/PTk2qzaGs+u4oND2yU5D2NN4wr
aPgwHyJBiK1/ebK3tYcrSKrOoRyrAgEC
-----END DH PARAMETERS-----
_end_of_pem_
TEST_KEY_DH1024 = OpenSSL::PKey::DH.new <<-_end_of_pem_ TEST_KEY_DH1024 = OpenSSL::PKey::DH.new <<-_end_of_pem_
-----BEGIN DH PARAMETERS----- -----BEGIN DH PARAMETERS-----
MIGHAoGBAKnKQ8MNK6nYZzLrrcuTsLxuiJGXoOO5gT+tljOTbHBuiktdMTITzIY0 MIGHAoGBAKnKQ8MNK6nYZzLrrcuTsLxuiJGXoOO5gT+tljOTbHBuiktdMTITzIY0