mirror of
https://github.com/ruby/ruby.git
synced 2025-09-15 08:33:58 +02:00
8896ac0289
Note that I created the `dsa2048.pem` and signature text
(`signature_encoded.txt`), that is used as a text to create the `signature0` in
the `test_sign_verify` by the following steps with the `openssl` CLI on FIPS
module.
```
$ OPENSSL_DIR="${HOME}/.local/openssl-3.3.0-dev-fips-debug-1f03d33ef5"
$ export OPENSSL_CONF="${OPENSSL_DIR}/ssl/openssl_fips.cnf"
$ "${OPENSSL_DIR}/bin/openssl" dsaparam -out dsaparam2048.pem 2048
$ "${OPENSSL_DIR}/bin/openssl" gendsa -out dsa2048.pem dsaparam2048.pem
$ echo -n "Sign me!" > data.txt
$ "${OPENSSL_DIR}/bin/openssl" dgst -sha256 -sign dsa2048.pem data.txt > signature.txt
$ cat signature.txt | base64 > signature_encoded.txt
```
Skip the `test_DSAPrivateKey_encrypted` on FIPS because AES-128-CBC, the
password based encryption used in the PEM format uses MD5 for deriving the
encryption key from the password, and MD5 is not FIPS-approved.
See also the comment on the `test/openssl/utils.rb#omit_on_fips`.
|
||
|---|---|---|
| .. | ||
| certificate.der | ||
| dh-1.pem | ||
| dh2048_ffdhe2048.pem | ||
| dsa256.pem | ||
| dsa512.pem | ||
| dsa1024.pem | ||
| dsa2048.pem | ||
| empty.der | ||
| empty.pem | ||
| fullchain.pem | ||
| garbage.txt | ||
| p256.pem | ||
| p256_too_large.pem | ||
| p384_invalid.pem | ||
| rsa-1.pem | ||
| rsa-2.pem | ||
| rsa-3.pem | ||
| rsa1024.pem | ||
| rsa2048.pem | ||