[ruby/openssl] Check for compatible openssl versions earlier

test_pkey wasn't checking for libressl as is done elsewhere. Note the libressl version check is different when testing pkey, because PKey#sign relies on EVP_PKey_sign, whereas signing an X509 cert/request/crl relies on ASN1_item_sign. https://github.com/ruby/openssl/commit/f1db5c88a2
2024-11-04 08:41:19 -08:00 · 2024-11-04 08:41:19 -08:00 · ce4906efb3
commit ce4906efb3
parent 0989400a92
2 changed files with 6 additions and 24 deletions
--- a/test/openssl/test_pkey.rb
+++ b/test/openssl/test_pkey.rb
@ -90,6 +90,8 @@ class OpenSSL::TestPKey < OpenSSL::PKeyTestCase
  def test_ed25519
    # Ed25519 is not FIPS-approved.
    omit_on_fips
+    # See EVP_PKEY_sign in Changelog for 3.7.0: https://github.com/libressl/portable/blob/master/ChangeLog
+    omit "Ed25519 not supported" unless openssl?(1, 1, 1) || libressl?(3, 7, 0)

    # Test vector from RFC 8032 Section 7.1 TEST 2
    priv_pem = <<~EOF
@ -102,15 +104,8 @@ class OpenSSL::TestPKey < OpenSSL::PKeyTestCase
    MCowBQYDK2VwAyEAPUAXw+hDiVqStwqnTRt+vJyYLM8uxJaMwM1V8Sr0Zgw=
    -----END PUBLIC KEY-----
    EOF
-    begin
-      priv = OpenSSL::PKey.read(priv_pem)
-      pub = OpenSSL::PKey.read(pub_pem)
-    rescue OpenSSL::PKey::PKeyError => e
-      # OpenSSL < 1.1.1
-      pend "Ed25519 is not implemented" unless openssl?(1, 1, 1)
-
-      raise e
-    end
+    priv = OpenSSL::PKey.read(priv_pem)
+    pub = OpenSSL::PKey.read(pub_pem)
    assert_instance_of OpenSSL::PKey::PKey, priv
    assert_instance_of OpenSSL::PKey::PKey, pub
    assert_equal priv_pem, priv.private_to_pem
--- a/test/openssl/test_x509cert.rb
+++ b/test/openssl/test_x509cert.rb
@ -292,24 +292,11 @@ class OpenSSL::TestX509Certificate < OpenSSL::TestCase
  end

  def test_sign_and_verify_ed25519
-    # See test_ed25519 in test_pkey.rb
-
    # Ed25519 is not FIPS-approved.
    omit_on_fips
-
-    begin
-      ed25519  = OpenSSL::PKey::generate_key("ED25519")
-    rescue OpenSSL::PKey::PKeyError => e
-      # OpenSSL < 1.1.1
-      #
-      pend "Ed25519 is not implemented" unless openssl?(1, 1, 1)
-
-      raise e
-    end
-
    # See ASN1_item_sign_ctx in ChangeLog for 3.8.1: https://github.com/libressl/portable/blob/master/ChangeLog
-    pend 'ASN1 signing with Ed25519 not yet working' unless openssl? or libressl?(3, 8, 1)
-
+    omit "Ed25519 not supported" unless openssl?(1, 1, 1) || libressl?(3, 8, 1)
+    ed25519 = OpenSSL::PKey::generate_key("ED25519")
    cert = issue_cert(@ca, ed25519, 1, [], nil, nil, digest: nil)
    assert_equal(true, cert.verify(ed25519))
  end