Skip to content

Commit e0718e4

Browse files
rheniumrhenium
committed
Merge branch 'ky/ssl-test-assume-ec-support'
* ky/ssl-test-assume-ec-support: test/openssl/test_pkey_rsa: disable test_no_private_exp on OpenSSL 3.0 test/openssl/test_pkey: use EC keys for PKey.generate_parameters tests test/openssl/test_ssl: fix illegal SAN extension test/openssl/test_pkcs12: fix test failures with OpenSSL 3.0 test/openssl/test_ssl: relax regex to match OpenSSL's error message test/openssl/test_digest: do not test constants for legacy algorithms test/openssl/test_ssl: assume ECC support test/openssl/test_ssl: assume TLS 1.2 support test/openssl/utils: remove dup_public helper method
2 parents 2b3b29b + ca03c9c commit e0718e4

11 files changed

+250
-299
lines changed

test/openssl/test_digest.rb

+1-1
Original file line numberDiff line numberDiff line change
@@ -54,7 +54,7 @@ def test_reset
5454
end
5555

5656
def test_digest_constants
57-
%w{MD4 MD5 RIPEMD160 SHA1 SHA224 SHA256 SHA384 SHA512}.each do |name|
57+
%w{MD5 SHA1 SHA224 SHA256 SHA384 SHA512}.each do |name|
5858
assert_not_nil(OpenSSL::Digest.new(name))
5959
klass = OpenSSL::Digest.const_get(name.tr('-', '_'))
6060
assert_not_nil(klass.new)

test/openssl/test_pair.rb

-3
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,6 @@ def ssl_pair
2323
sctx = OpenSSL::SSL::SSLContext.new
2424
sctx.cert = @svr_cert
2525
sctx.key = @svr_key
26-
sctx.tmp_dh_callback = proc { OpenSSL::TestUtils::Fixtures.pkey("dh-1") }
2726
sctx.options |= OpenSSL::SSL::OP_NO_COMPRESSION
2827
ssls = OpenSSL::SSL::SSLServer.new(tcps, sctx)
2928
ns = ssls.accept
@@ -383,7 +382,6 @@ def test_connect_accept_nonblock_no_exception
383382
ctx2 = OpenSSL::SSL::SSLContext.new
384383
ctx2.cert = @svr_cert
385384
ctx2.key = @svr_key
386-
ctx2.tmp_dh_callback = proc { OpenSSL::TestUtils::Fixtures.pkey("dh-1") }
387385

388386
sock1, sock2 = tcp_pair
389387

@@ -431,7 +429,6 @@ def test_connect_accept_nonblock
431429
ctx = OpenSSL::SSL::SSLContext.new
432430
ctx.cert = @svr_cert
433431
ctx.key = @svr_key
434-
ctx.tmp_dh_callback = proc { OpenSSL::TestUtils::Fixtures.pkey("dh-1") }
435432

436433
sock1, sock2 = tcp_pair
437434

test/openssl/test_pkcs12.rb

+149-148
Large diffs are not rendered by default.

test/openssl/test_pkey.rb

+11-16
Original file line numberDiff line numberDiff line change
@@ -27,20 +27,16 @@ def test_generic_oid_inspect
2727
end
2828

2929
def test_s_generate_parameters
30-
# 512 is non-default; 1024 is used if 'dsa_paramgen_bits' is not specified
31-
# with OpenSSL 1.1.0.
32-
pkey = OpenSSL::PKey.generate_parameters("DSA", {
33-
"dsa_paramgen_bits" => 512,
34-
"dsa_paramgen_q_bits" => 256,
30+
pkey = OpenSSL::PKey.generate_parameters("EC", {
31+
"ec_paramgen_curve" => "secp384r1",
3532
})
36-
assert_instance_of OpenSSL::PKey::DSA, pkey
37-
assert_equal 512, pkey.p.num_bits
38-
assert_equal 256, pkey.q.num_bits
39-
assert_equal nil, pkey.priv_key
33+
assert_instance_of OpenSSL::PKey::EC, pkey
34+
assert_equal "secp384r1", pkey.group.curve_name
35+
assert_equal nil, pkey.private_key
4036

4137
# Invalid options are checked
4238
assert_raise(OpenSSL::PKey::PKeyError) {
43-
OpenSSL::PKey.generate_parameters("DSA", "invalid" => "option")
39+
OpenSSL::PKey.generate_parameters("EC", "invalid" => "option")
4440
}
4541

4642
# Parameter generation callback is called
@@ -59,14 +55,13 @@ def test_s_generate_key
5955
# DSA key pair cannot be generated without parameters
6056
OpenSSL::PKey.generate_key("DSA")
6157
}
62-
pkey_params = OpenSSL::PKey.generate_parameters("DSA", {
63-
"dsa_paramgen_bits" => 512,
64-
"dsa_paramgen_q_bits" => 256,
58+
pkey_params = OpenSSL::PKey.generate_parameters("EC", {
59+
"ec_paramgen_curve" => "secp384r1",
6560
})
6661
pkey = OpenSSL::PKey.generate_key(pkey_params)
67-
assert_instance_of OpenSSL::PKey::DSA, pkey
68-
assert_equal 512, pkey.p.num_bits
69-
assert_not_equal nil, pkey.priv_key
62+
assert_instance_of OpenSSL::PKey::EC, pkey
63+
assert_equal "secp384r1", pkey.group.curve_name
64+
assert_not_equal nil, pkey.private_key
7065
end
7166

7267
def test_hmac_sign_verify

test/openssl/test_pkey_dh.rb

+5-3
Original file line numberDiff line numberDiff line change
@@ -40,12 +40,14 @@ def test_derive_key
4040

4141
def test_DHparams
4242
dh1024 = Fixtures.pkey("dh1024")
43+
dh1024params = dh1024.public_key
44+
4345
asn1 = OpenSSL::ASN1::Sequence([
4446
OpenSSL::ASN1::Integer(dh1024.p),
4547
OpenSSL::ASN1::Integer(dh1024.g)
4648
])
4749
key = OpenSSL::PKey::DH.new(asn1.to_der)
48-
assert_same_dh dup_public(dh1024), key
50+
assert_same_dh dh1024params, key
4951

5052
pem = <<~EOF
5153
-----BEGIN DH PARAMETERS-----
@@ -55,9 +57,9 @@ def test_DHparams
5557
-----END DH PARAMETERS-----
5658
EOF
5759
key = OpenSSL::PKey::DH.new(pem)
58-
assert_same_dh dup_public(dh1024), key
60+
assert_same_dh dh1024params, key
5961
key = OpenSSL::PKey.read(pem)
60-
assert_same_dh dup_public(dh1024), key
62+
assert_same_dh dh1024params, key
6163

6264
assert_equal asn1.to_der, dh1024.to_der
6365
assert_equal pem, dh1024.export

test/openssl/test_pkey_dsa.rb

+11-4
Original file line numberDiff line numberDiff line change
@@ -138,6 +138,8 @@ def test_DSAPrivateKey_encrypted
138138

139139
def test_PUBKEY
140140
dsa512 = Fixtures.pkey("dsa512")
141+
dsa512pub = OpenSSL::PKey::DSA.new(dsa512.public_to_der)
142+
141143
asn1 = OpenSSL::ASN1::Sequence([
142144
OpenSSL::ASN1::Sequence([
143145
OpenSSL::ASN1::ObjectId("DSA"),
@@ -153,7 +155,7 @@ def test_PUBKEY
153155
])
154156
key = OpenSSL::PKey::DSA.new(asn1.to_der)
155157
assert_not_predicate key, :private?
156-
assert_same_dsa dup_public(dsa512), key
158+
assert_same_dsa dsa512pub, key
157159

158160
pem = <<~EOF
159161
-----BEGIN PUBLIC KEY-----
@@ -166,10 +168,15 @@ def test_PUBKEY
166168
-----END PUBLIC KEY-----
167169
EOF
168170
key = OpenSSL::PKey::DSA.new(pem)
169-
assert_same_dsa dup_public(dsa512), key
171+
assert_same_dsa dsa512pub, key
172+
173+
assert_equal asn1.to_der, key.to_der
174+
assert_equal pem, key.export
170175

171-
assert_equal asn1.to_der, dup_public(dsa512).to_der
172-
assert_equal pem, dup_public(dsa512).export
176+
assert_equal asn1.to_der, dsa512.public_to_der
177+
assert_equal asn1.to_der, key.public_to_der
178+
assert_equal pem, dsa512.public_to_pem
179+
assert_equal pem, key.public_to_pem
173180
end
174181

175182
def test_read_DSAPublicKey_pem

test/openssl/test_pkey_ec.rb

+12-5
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
# frozen_string_literal: true
22
require_relative 'utils'
33

4-
if defined?(OpenSSL) && defined?(OpenSSL::PKey::EC)
4+
if defined?(OpenSSL)
55

66
class OpenSSL::TestEC < OpenSSL::PKeyTestCase
77
def test_ec_key
@@ -210,6 +210,8 @@ def test_ECPrivateKey_encrypted
210210

211211
def test_PUBKEY
212212
p256 = Fixtures.pkey("p256")
213+
p256pub = OpenSSL::PKey::EC.new(p256.public_to_der)
214+
213215
asn1 = OpenSSL::ASN1::Sequence([
214216
OpenSSL::ASN1::Sequence([
215217
OpenSSL::ASN1::ObjectId("id-ecPublicKey"),
@@ -221,7 +223,7 @@ def test_PUBKEY
221223
])
222224
key = OpenSSL::PKey::EC.new(asn1.to_der)
223225
assert_not_predicate key, :private?
224-
assert_same_ec dup_public(p256), key
226+
assert_same_ec p256pub, key
225227

226228
pem = <<~EOF
227229
-----BEGIN PUBLIC KEY-----
@@ -230,10 +232,15 @@ def test_PUBKEY
230232
-----END PUBLIC KEY-----
231233
EOF
232234
key = OpenSSL::PKey::EC.new(pem)
233-
assert_same_ec dup_public(p256), key
235+
assert_same_ec p256pub, key
236+
237+
assert_equal asn1.to_der, key.to_der
238+
assert_equal pem, key.export
234239

235-
assert_equal asn1.to_der, dup_public(p256).to_der
236-
assert_equal pem, dup_public(p256).export
240+
assert_equal asn1.to_der, p256.public_to_der
241+
assert_equal asn1.to_der, key.public_to_der
242+
assert_equal pem, p256.public_to_pem
243+
assert_equal pem, key.public_to_pem
237244
end
238245

239246
def test_ec_group

test/openssl/test_pkey_rsa.rb

+18-15
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ def test_no_private_exp
1111
key.set_factors(rsa.p, rsa.q)
1212
assert_raise(OpenSSL::PKey::RSAError){ key.private_encrypt("foo") }
1313
assert_raise(OpenSSL::PKey::RSAError){ key.private_decrypt("foo") }
14-
end
14+
end if !openssl?(3, 0, 0) # Impossible state in OpenSSL 3.0
1515

1616
def test_private
1717
# Generated by key size and public exponent
@@ -201,7 +201,7 @@ def test_sign_verify_pss
201201

202202
def test_encrypt_decrypt
203203
rsapriv = Fixtures.pkey("rsa-1")
204-
rsapub = dup_public(rsapriv)
204+
rsapub = OpenSSL::PKey.read(rsapriv.public_to_der)
205205

206206
# Defaults to PKCS #1 v1.5
207207
raw = "data"
@@ -216,7 +216,7 @@ def test_encrypt_decrypt
216216

217217
def test_encrypt_decrypt_legacy
218218
rsapriv = Fixtures.pkey("rsa-1")
219-
rsapub = dup_public(rsapriv)
219+
rsapub = OpenSSL::PKey.read(rsapriv.public_to_der)
220220

221221
# Defaults to PKCS #1 v1.5
222222
raw = "data"
@@ -346,13 +346,15 @@ def test_RSAPrivateKey_encrypted
346346

347347
def test_RSAPublicKey
348348
rsa1024 = Fixtures.pkey("rsa1024")
349+
rsa1024pub = OpenSSL::PKey::RSA.new(rsa1024.public_to_der)
350+
349351
asn1 = OpenSSL::ASN1::Sequence([
350352
OpenSSL::ASN1::Integer(rsa1024.n),
351353
OpenSSL::ASN1::Integer(rsa1024.e)
352354
])
353355
key = OpenSSL::PKey::RSA.new(asn1.to_der)
354356
assert_not_predicate key, :private?
355-
assert_same_rsa dup_public(rsa1024), key
357+
assert_same_rsa rsa1024pub, key
356358

357359
pem = <<~EOF
358360
-----BEGIN RSA PUBLIC KEY-----
@@ -362,11 +364,13 @@ def test_RSAPublicKey
362364
-----END RSA PUBLIC KEY-----
363365
EOF
364366
key = OpenSSL::PKey::RSA.new(pem)
365-
assert_same_rsa dup_public(rsa1024), key
367+
assert_same_rsa rsa1024pub, key
366368
end
367369

368370
def test_PUBKEY
369371
rsa1024 = Fixtures.pkey("rsa1024")
372+
rsa1024pub = OpenSSL::PKey::RSA.new(rsa1024.public_to_der)
373+
370374
asn1 = OpenSSL::ASN1::Sequence([
371375
OpenSSL::ASN1::Sequence([
372376
OpenSSL::ASN1::ObjectId("rsaEncryption"),
@@ -381,7 +385,7 @@ def test_PUBKEY
381385
])
382386
key = OpenSSL::PKey::RSA.new(asn1.to_der)
383387
assert_not_predicate key, :private?
384-
assert_same_rsa dup_public(rsa1024), key
388+
assert_same_rsa rsa1024pub, key
385389

386390
pem = <<~EOF
387391
-----BEGIN PUBLIC KEY-----
@@ -392,10 +396,15 @@ def test_PUBKEY
392396
-----END PUBLIC KEY-----
393397
EOF
394398
key = OpenSSL::PKey::RSA.new(pem)
395-
assert_same_rsa dup_public(rsa1024), key
399+
assert_same_rsa rsa1024pub, key
400+
401+
assert_equal asn1.to_der, key.to_der
402+
assert_equal pem, key.export
396403

397-
assert_equal asn1.to_der, dup_public(rsa1024).to_der
398-
assert_equal pem, dup_public(rsa1024).export
404+
assert_equal asn1.to_der, rsa1024.public_to_der
405+
assert_equal asn1.to_der, key.public_to_der
406+
assert_equal pem, rsa1024.public_to_pem
407+
assert_equal pem, key.public_to_pem
399408
end
400409

401410
def test_pem_passwd
@@ -482,12 +491,6 @@ def test_private_encoding_encrypted
482491
assert_same_rsa rsa1024, OpenSSL::PKey.read(pem, "abcdef")
483492
end
484493

485-
def test_public_encoding
486-
rsa1024 = Fixtures.pkey("rsa1024")
487-
assert_equal dup_public(rsa1024).to_der, rsa1024.public_to_der
488-
assert_equal dup_public(rsa1024).to_pem, rsa1024.public_to_pem
489-
end
490-
491494
def test_dup
492495
key = Fixtures.pkey("rsa1024")
493496
key2 = key.dup

0 commit comments

Comments
 (0)