1berry/ruby
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[ruby/openssl] Check for compatible openssl versions earlier

Browse Source 
test_pkey wasn't checking for libressl as is done elsewhere.

Note the libressl version check is different when testing pkey, because
PKey#sign relies on EVP_PKey_sign, whereas signing an X509 cert/request/crl
relies on ASN1_item_sign.

https://github.com/ruby/openssl/commit/f1db5c88a2
This commit is contained in:
Josh Cooper 2024-11-04 08:41:19 -08:00 committed by git
parent 0989400a92
commit ce4906efb3
2 changed files with 6 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
test/openssl/test_pkey.rb
View File

@ -90,6 +90,8 @@ class OpenSSL::TestPKey < OpenSSL::PKeyTestCase
def test_ed25519 def test_ed25519
# Ed25519 is not FIPS-approved. # Ed25519 is not FIPS-approved.
omit_on_fips omit_on_fips
# See EVP_PKEY_sign in Changelog for 3.7.0: https://github.com/libressl/portable/blob/master/ChangeLog
omit "Ed25519 not supported" unless openssl?(1, 1, 1) || libressl?(3, 7, 0)
# Test vector from RFC 8032 Section 7.1 TEST 2 # Test vector from RFC 8032 Section 7.1 TEST 2
priv_pem = <<~EOF priv_pem = <<~EOF
@ -102,15 +104,8 @@ class OpenSSL::TestPKey < OpenSSL::PKeyTestCase
MCowBQYDK2VwAyEAPUAXw+hDiVqStwqnTRt+vJyYLM8uxJaMwM1V8Sr0Zgw= MCowBQYDK2VwAyEAPUAXw+hDiVqStwqnTRt+vJyYLM8uxJaMwM1V8Sr0Zgw=
-----END PUBLIC KEY----- -----END PUBLIC KEY-----
EOF EOF
begin
priv = OpenSSL::PKey.read(priv_pem) priv = OpenSSL::PKey.read(priv_pem)
pub = OpenSSL::PKey.read(pub_pem) pub = OpenSSL::PKey.read(pub_pem)
rescue OpenSSL::PKey::PKeyError => e
# OpenSSL < 1.1.1
pend "Ed25519 is not implemented" unless openssl?(1, 1, 1)
raise e
end
assert_instance_of OpenSSL::PKey::PKey, priv assert_instance_of OpenSSL::PKey::PKey, priv
assert_instance_of OpenSSL::PKey::PKey, pub assert_instance_of OpenSSL::PKey::PKey, pub
assert_equal priv_pem, priv.private_to_pem assert_equal priv_pem, priv.private_to_pem

17
test/openssl/test_x509cert.rb
View File

@ -292,24 +292,11 @@ class OpenSSL::TestX509Certificate < OpenSSL::TestCase
end end
def test_sign_and_verify_ed25519 def test_sign_and_verify_ed25519
# See test_ed25519 in test_pkey.rb
# Ed25519 is not FIPS-approved. # Ed25519 is not FIPS-approved.
omit_on_fips omit_on_fips
begin
ed25519 = OpenSSL::PKey::generate_key("ED25519")
rescue OpenSSL::PKey::PKeyError => e
# OpenSSL < 1.1.1
#
pend "Ed25519 is not implemented" unless openssl?(1, 1, 1)
raise e
end
# See ASN1_item_sign_ctx in ChangeLog for 3.8.1: https://github.com/libressl/portable/blob/master/ChangeLog # See ASN1_item_sign_ctx in ChangeLog for 3.8.1: https://github.com/libressl/portable/blob/master/ChangeLog
pend 'ASN1 signing with Ed25519 not yet working' unless openssl? or libressl?(3, 8, 1) omit "Ed25519 not supported" unless openssl?(1, 1, 1) || libressl?(3, 8, 1)
ed25519 = OpenSSL::PKey::generate_key("ED25519")
cert = issue_cert(@ca, ed25519, 1, [], nil, nil, digest: nil) cert = issue_cert(@ca, ed25519, 1, [], nil, nil, digest: nil)
assert_equal(true, cert.verify(ed25519)) assert_equal(true, cert.verify(ed25519))
end end