Fix DSA key generation to use a 160 Q bit value in Ruby 3.1 / OpenSSL 3.0.

vcsjones · vcsjones · commit 6e1bb8edfbef · 2021-12-29T17:14:53.000-05:00
diff --git a/lib/ssh_data/private_key/dsa.rb b/lib/ssh_data/private_key/dsa.rb
@@ -7,7 +7,19 @@ class DSA < Base
       #
       # Returns a PublicKey::Base subclass instance.
       def self.generate
-        from_openssl(OpenSSL::PKey::DSA.generate(1024))
+        openssl_key =
+          if defined?(OpenSSL::PKey.generate_parameters)
+            dsa_parameters = OpenSSL::PKey.generate_parameters("DSA", {
+              dsa_paramgen_bits: 1024,
+              dsa_paramgen_q_bits: 160
+            })
+
+            OpenSSL::PKey.generate_key(dsa_parameters)
+          else
+            OpenSSL::PKey::DSA.generate(1024)
+          end
+
+        from_openssl(openssl_key)
       end
 
       # Import an openssl private key.
diff --git a/spec/private_key/dsa_spec.rb b/spec/private_key/dsa_spec.rb
@@ -1,7 +1,7 @@
 require_relative "../spec_helper"
 
 describe SSHData::PrivateKey::DSA do
-  let(:private_key) { OpenSSL::PKey::DSA.generate(1024) }
+  let(:private_key) { SSHData::PrivateKey::DSA.generate.openssl }
   let(:public_key)  { private_key.public_key }
   let(:params)      { private_key.params }
   let(:message)     { "hello, world!" }
diff --git a/spec/public_key/dsa_spec.rb b/spec/public_key/dsa_spec.rb
@@ -1,7 +1,7 @@
 require_relative "../spec_helper"
 
 describe SSHData::PublicKey::DSA do
-  let(:private_key) { OpenSSL::PKey::DSA.generate(1024) }
+  let(:private_key) { SSHData::PrivateKey::DSA.generate.openssl }
   let(:public_key)  { private_key.public_key }
   let(:params)      { public_key.params }
 
