ruby.git/test/openssl/test_pkey.rb, branch v3_3_11 The Ruby Programming Language [ruby/openssl] test_pkey.rb: Refactor the test_ed25519 on FIPS. 2023-09-21T18:04:55+00:00 Jun Aruga jaruga@redhat.com 2023-09-19T17:54:31+00:00 f370c4dc033ee2ac112343b37144fcdafd254fa3 * Split the test in the FIPS case as another test. * test/openssl/utils.rb: Add omit_on_fips and omit_on_non_fips methods. https://github.com/ruby/openssl/commit/4d64c38ed0 
* Split the test in the FIPS case as another test.
* test/openssl/utils.rb: Add omit_on_fips and omit_on_non_fips methods.

https://github.com/ruby/openssl/commit/4d64c38ed0
[ruby/openssl] Remove the pending logics by the pend_on_openssl_issue_21493. 2023-08-28T03:05:32+00:00 Jun Aruga jaruga@redhat.com 2023-08-22T18:31:16+00:00 69d9fda9f5b579c6992621f4cd165cd3ca7b4b3e Because we will add a workaround to avoid this issue. https://github.com/ruby/openssl/commit/d157ba1d3b 
Because we will add a workaround to avoid this issue.

https://github.com/ruby/openssl/commit/d157ba1d3b
[ruby/openssl] test/openssl/test_pkey.rb: Fix pending tests in FIPS case. 2023-08-16T05:48:42+00:00 Jun Aruga jaruga@redhat.com 2023-08-09T18:35:01+00:00 f5ca8d0e3149098e4b6c4a14d129268ec43c71d5 https://github.com/ruby/openssl/commit/f9980d88aa 
https://github.com/ruby/openssl/commit/f9980d88aa
[ruby/openssl] Use openssl? instead of OpenSSL::OPENSSL_VERSION_NUMBER. 2023-08-16T05:48:42+00:00 Jun Aruga jaruga@redhat.com 2023-08-14T15:13:22+00:00 8ca0d53fd09b2032d990b0ab92ec63f408861dbc Update the `openssl?` method by adding status argument. Note the format is below. * OpenSSL 3: 0xMNN00PP0 (major minor 00 patch 0) * OpenSSL 1: 0xMNNFFPPS (major minor fix patch status) See <https://www.openssl.org/docs/man1.1.1/man3/OPENSSL_VERSION_NUMBER.html> for details. https://github.com/ruby/openssl/commit/db8deaacd3 
Update the `openssl?` method by adding status argument.

Note the format is below.

* OpenSSL 3: 0xMNN00PP0 (major minor 00 patch 0)
* OpenSSL 1: 0xMNNFFPPS (major minor fix patch status)

See <https://www.openssl.org/docs/man1.1.1/man3/OPENSSL_VERSION_NUMBER.html>
for details.

https://github.com/ruby/openssl/commit/db8deaacd3
[ruby/openssl] Add support for raw private/public keys 2023-07-12T14:40:58+00:00 Ryo Kajiwara sylph01@gmail.com 2023-07-12T13:06:46+00:00 4b6d667c63481abd17ce5446bceb053c0881739f (https://github.com/ruby/openssl/pull/646) Add OpenSSL::PKey.new_raw_private_key, #raw_private_key and public equivalents. These methods are useful for importing and exporting keys that support "raw private/public key". Currently, OpenSSL implements X25519/X448 and Ed25519/Ed448 keys. [rhe: rewrote commit message] https://github.com/ruby/openssl/commit/3f29525618 Co-authored-by: Bart de Water <bartdewater@gmail.com> 
(https://github.com/ruby/openssl/pull/646)

Add OpenSSL::PKey.new_raw_private_key, #raw_private_key and public
equivalents. These methods are useful for importing and exporting keys
that support "raw private/public key". Currently, OpenSSL implements
X25519/X448 and Ed25519/Ed448 keys.

[rhe: rewrote commit message]

https://github.com/ruby/openssl/commit/3f29525618

Co-authored-by: Bart de Water <bartdewater@gmail.com>
[ruby/openssl] CI: Add the test/openssl/test_pkey.rb on the FIPS mode case. 2023-06-18T16:57:09+00:00 Jun Aruga jaruga@redhat.com 2023-04-17T17:05:48+00:00 366d8005b100d83a711234b2aa6176810bad2525 It's to test the `OpenSSL::PKey.read` in the `test/openssl/test_pkey.rb`. I added the pending status to the following tests failing on the FIPS mode case in the `test/openssl/test_pkey.rb`. * `test_ed25519` * `test_x25519` * `test_compare?` https://github.com/ruby/openssl/commit/8149cdf6e8 
It's to test the `OpenSSL::PKey.read` in the `test/openssl/test_pkey.rb`.

I added the pending status to the following tests failing on the FIPS mode
case in the `test/openssl/test_pkey.rb`.

* `test_ed25519`
* `test_x25519`
* `test_compare?`

https://github.com/ruby/openssl/commit/8149cdf6e8
[ruby/openssl] test/openssl/test_pkey.rb: allow failures in test_s_generate_parameters 2022-12-26T06:09:21+00:00 Kazuki Yamaguchi k@rhe.jp 2022-12-23T17:02:13+00:00 24c9adcaebf8ffaaf3f4eb68fe43f2ff23688543 Commit https://github.com/ruby/openssl/commit/f2e2a5e5ed8e ("test/openssl/test_pkey.rb: allow failures in test_s_generate_parameters", 2022-12-23) was completely bogus. The problem in OpenSSL 3.0.0-3.0.5 is that errors from the callback are sometimes silently suppressed. https://github.com/ruby/openssl/commit/ccc1594492 
Commit https://github.com/ruby/openssl/commit/f2e2a5e5ed8e ("test/openssl/test_pkey.rb: allow failures in
test_s_generate_parameters", 2022-12-23) was completely bogus. The
problem in OpenSSL 3.0.0-3.0.5 is that errors from the callback are
sometimes silently suppressed.

https://github.com/ruby/openssl/commit/ccc1594492
[ruby/openssl] test/openssl/test_pkey.rb: allow failures in test_s_generate_parameters 2022-12-23T00:39:15+00:00 Kazuki Yamaguchi k@rhe.jp 2022-12-22T21:04:20+00:00 75e7b85e3ec0b9724cce585d31c2c3c5aaa6a9a0 The root cause has been fixed by OpenSSL 3.0.6, but Ubuntu 22.04's OpenSSL package has not backported the patch yet. Reference: https://github.com/ruby/openssl/issues/492 https://github.com/ruby/openssl/commit/f2e2a5e5ed 
The root cause has been fixed by OpenSSL 3.0.6, but Ubuntu 22.04's
OpenSSL package has not backported the patch yet.

Reference: https://github.com/ruby/openssl/issues/492

https://github.com/ruby/openssl/commit/f2e2a5e5ed
[ruby/openssl] test/openssl/test_pkey: use EC keys for PKey.generate_parameters tests 2021-10-23T04:38:39+00:00 Kazuki Yamaguchi k@rhe.jp 2020-05-17T17:35:35+00:00 95044fa13b2df0377305c747c4d2b36cbdfbb750 OpenSSL 3.0 refuses to generate DSA parameters shorter than 2048 bits, but generating 2048 bits parameters takes very long time. Let's use EC in these test cases instead. https://github.com/ruby/openssl/commit/c732387ee5 
OpenSSL 3.0 refuses to generate DSA parameters shorter than 2048 bits,
but generating 2048 bits parameters takes very long time. Let's use EC
in these test cases instead.

https://github.com/ruby/openssl/commit/c732387ee5
[ruby/openssl] pkey: implement #to_text using EVP API 2021-07-18T08:44:50+00:00 Kazuki Yamaguchi k@rhe.jp 2020-05-17T09:25:38+00:00 5d1693aac56bcae37e1f81af1f25966269c4619a Use EVP_PKEY_print_private() instead of the low-level API *_print() functions, such as RSA_print(). EVP_PKEY_print_*() family was added in OpenSSL 1.0.0. Note that it falls back to EVP_PKEY_print_public() and EVP_PKEY_print_params() as necessary. This is required for EVP_PKEY_DH type for which _private() fails if the private component is not set in the pkey object. Since the new API works in the same way for all key types, we now implement #to_text in the base class OpenSSL::PKey::PKey rather than in each subclass. https://github.com/ruby/openssl/commit/e0b4c56956 
Use EVP_PKEY_print_private() instead of the low-level API *_print()
functions, such as RSA_print().

EVP_PKEY_print_*() family was added in OpenSSL 1.0.0.

Note that it falls back to EVP_PKEY_print_public() and
EVP_PKEY_print_params() as necessary. This is required for EVP_PKEY_DH
type for which _private() fails if the private component is not set in
the pkey object.

Since the new API works in the same way for all key types, we now
implement #to_text in the base class OpenSSL::PKey::PKey rather than in
each subclass.

https://github.com/ruby/openssl/commit/e0b4c56956