ruby.git/test/openssl/utils.rb, branch v4.0.2 The Ruby Programming Language [ruby/openssl] pkey: update keys used in tests 2025-10-27T06:54:45+00:00 Kazuki Yamaguchi k@rhe.jp 2025-07-25T11:12:37+00:00 a9ba78e4c29d3821d7e86e89993e30202892d851 Use generic keys whenever possible. https://github.com/ruby/openssl/commit/90d6af60b9 
Use generic keys whenever possible.

https://github.com/ruby/openssl/commit/90d6af60b9
[ruby/openssl] ssl: add post-quantum cryptography (PQC) tests 2025-07-27T12:15:02+00:00 Jun Aruga jaruga@redhat.com 2025-07-21T20:04:55+00:00 6e0181db3ac98e8415c0b130c90ae1bbc5089ee8 The key files were created by the following commands. ``` $ ${HOME}/.local/openssl-3.6.0-dev-fips-debug-8253b58d60/bin/openssl genpkey \ -algorithm mldsa65 \ -out mldsa65-1.pem $ ${HOME}/.local/openssl-3.6.0-dev-fips-debug-8253b58d60/bin/openssl genpkey \ -algorithm mldsa65 \ -out mldsa65-2.pem ``` PQC algorithms, ML-KEM (FIPS 203) and ML-DSA (FIPS 204) used in the PQC tests are supported on OpenSSL 3.5 or later. https://openssl-library.org/post/2025-04-08-openssl-35-final-release/ https://github.com/ruby/openssl/commit/f3bb316018 
The key files were created by the following commands.

```
$ ${HOME}/.local/openssl-3.6.0-dev-fips-debug-8253b58d60/bin/openssl genpkey \
  -algorithm mldsa65 \
  -out mldsa65-1.pem
$ ${HOME}/.local/openssl-3.6.0-dev-fips-debug-8253b58d60/bin/openssl genpkey \
  -algorithm mldsa65 \
  -out mldsa65-2.pem
```

PQC algorithms, ML-KEM (FIPS 203) and ML-DSA (FIPS 204) used in the PQC tests
are supported on OpenSSL 3.5 or later.
https://openssl-library.org/post/2025-04-08-openssl-35-final-release/

https://github.com/ruby/openssl/commit/f3bb316018
[ruby/openssl] pkey: EVP_DigestVerify doesn't return -1 in AWS-LC 2025-02-22T15:11:39+00:00 Samuel Chiang sachiang@amazon.com 2025-02-12T01:52:40+00:00 841d9f259dbe70fa35b4634b5c90d2c33e51c3f9 EVP_DigestVerify in OpenSSL returns 0 to indicate a signature verification failure and can return -1 to indicate other failures, such as invalid ASN1 contents. ruby/openssl also reflects that by returning false with 0 and raising an error with -1. EVP_DigestVerify in AWS-LC simply returns 0 for any failure. https://github.com/ruby/openssl/commit/be8ba76dc1 
EVP_DigestVerify in OpenSSL returns 0 to indicate a signature
verification failure and can return -1  to indicate other
failures, such as invalid ASN1 contents. ruby/openssl also
reflects that by returning false with 0 and raising an error
with -1.
EVP_DigestVerify in AWS-LC simply returns 0 for any failure.

https://github.com/ruby/openssl/commit/be8ba76dc1
[ruby/openssl] ssl: remove cert_store from start_server test helper 2025-02-19T17:08:16+00:00 Kazuki Yamaguchi k@rhe.jp 2025-02-18T18:15:07+00:00 c515da3d74779bd725f5bc60d6514d325515df0e OpenSSL::SSL::SSLContext#cert_store= uses SSL_CTX_set_cert_store(). The store is used for verifying peer certificates and for building certificate chains to be sent to the peer if there is no chain explicitly provided by SSLContext#extra_chain_cert=. Do not specify it in the common test helper start_server, as most callers do not require either function. Instead, update individual test cases that use client certificates to explicitly specify it in ctx_proc. A more direct test case is added to verify the latter function. https://github.com/ruby/openssl/commit/9daecee615 
OpenSSL::SSL::SSLContext#cert_store= uses SSL_CTX_set_cert_store(). The
store is used for verifying peer certificates and for building
certificate chains to be sent to the peer if there is no chain
explicitly provided by SSLContext#extra_chain_cert=.

Do not specify it in the common test helper start_server, as most
callers do not require either function. Instead, update individual test
cases that use client certificates to explicitly specify it in ctx_proc.
A more direct test case is added to verify the latter function.

https://github.com/ruby/openssl/commit/9daecee615
[ruby/openssl] Add build support for AWS-LC 2025-02-11T15:35:03+00:00 Samuel Chiang sachiang@amazon.com 2025-01-24T02:16:14+00:00 06faf28558c2f1925f37dd78ff61ba1bef6e894e CI Changes 1. I've split the original patch up to make it easier to digest, but that forces my hand to turn off testing in the AWS-LC CI for the time being. However, do let me know if you would prefer to review the test adjustments in the same PR and I can remove the temporary CI workaround. 2. AWS-LC has a few no-op functions and we use -Wdeprecated-declarations to alert the consuming application of these. I've leveraged the skip-warnings CI option so that the build doesn't fail. Build Adjustments 1. AWS-LC FIPS mode is decided at compile time. This is different from OpenSSL's togglable FIPS switch, so I've adjusted the build to account for this. 2. AWS-LC does not support for the two KEY_SIG or KEY_EX flags that were only ever supported by old MSIE. 3. AWS-LC has no current support for post handshake authentication in TLS 1.3. 4. EC_GROUP structures for named curves in AWS-LC are constant, static, and immutable by default. This means that the EC_GROUP_set_* functions are essentially no-ops due to the immutability of the structure. We've introduced a new API for consumers that depend on the OpenSSL's default mutability of the EC_GROUP structure called EC_GROUP_new_by_curve_name_mutable. Since Ruby has a bit of functionality that's dependent on the mutability of these structures, I've made the corresponding adjustments to allow things to work as expected. https://github.com/ruby/openssl/commit/e53ec5a101 
CI Changes
1. I've split the original patch up to make it easier to digest, but
that forces my hand to turn off testing in the AWS-LC CI for the time
being. However, do let me know if you would prefer to review the test
adjustments in the same PR and I can remove the temporary CI workaround.
2. AWS-LC has a few no-op functions and we use -Wdeprecated-declarations
to alert the consuming application of these. I've leveraged the
skip-warnings CI option so that the build doesn't fail.

Build Adjustments
1. AWS-LC FIPS mode is decided at compile time. This is different from
OpenSSL's togglable FIPS switch, so I've adjusted the build to account
for this.
2. AWS-LC does not support for the two KEY_SIG or KEY_EX flags that were
only ever supported by old MSIE.
3. AWS-LC has no current support for post handshake authentication in
TLS 1.3.
4. EC_GROUP structures for named curves in AWS-LC are constant, static,
and immutable by default. This means that the EC_GROUP_set_* functions
are essentially no-ops due to the immutability of the structure. We've
introduced a new API for consumers that depend on the OpenSSL's default
mutability of the EC_GROUP structure called
EC_GROUP_new_by_curve_name_mutable. Since Ruby has a bit of
functionality that's dependent on the mutability of these structures,
I've made the corresponding adjustments to allow things to work as
expected.

https://github.com/ruby/openssl/commit/e53ec5a101
[ruby/openssl] ssl: remove start_immediately kwarg from test helper start_server 2025-02-09T10:26:05+00:00 Kazuki Yamaguchi k@rhe.jp 2024-12-20T17:45:33+00:00 237c71fc29dc2b877dcd27225e75825ddec851e8 The keyword argument is no longer used by any test cases. https://github.com/ruby/openssl/commit/2f31605d47 
The keyword argument is no longer used by any test cases.

https://github.com/ruby/openssl/commit/2f31605d47
[ruby/openssl] Require OpenSSL 1.1.1 or later 2025-01-21T18:14:14+00:00 Kazuki Yamaguchi k@rhe.jp 2025-01-20T17:08:54+00:00 43c48e3030c513c17bfcf4c37bbe533097fa1a22 Drop support for OpenSSL 1.1.0. OpenSSL 1.1.0 was a non-LTS release and it has reached upstream EOL in 2019-12 along with OpenSSL 1.0.2. Distributions that shipped with OpenSSL 1.1.0 include: - Debian 9 (EOL 2022-06) - Ubuntu 18.04 LTS (EOL 2023-04) https://github.com/ruby/openssl/commit/ba83abe920 
Drop support for OpenSSL 1.1.0. OpenSSL 1.1.0 was a non-LTS release and
it has reached upstream EOL in 2019-12 along with OpenSSL 1.0.2.
Distributions that shipped with OpenSSL 1.1.0 include:

 - Debian 9 (EOL 2022-06)
 - Ubuntu 18.04 LTS (EOL 2023-04)

https://github.com/ruby/openssl/commit/ba83abe920
[ruby/openssl] x509cert: simplify test cases for Certificate.load_file 2025-01-06T17:07:56+00:00 Kazuki Yamaguchi k@rhe.jp 2024-07-04T08:05:05+00:00 f0095413a520140d2ba54728d3e558d75dfda09d Remove files from test/openssl/fixtures/pkey/ which are not pkeys. The test cases for OpenSSL::X509::Certificate.load_file can simply use issue_cert and Tempfile. https://github.com/ruby/openssl/commit/11216b8bec 
Remove files from test/openssl/fixtures/pkey/ which are not pkeys.
The test cases for OpenSSL::X509::Certificate.load_file can simply use
issue_cert and Tempfile.

https://github.com/ruby/openssl/commit/11216b8bec
Fix test_pkey_dh.rb in FIPS. 2023-11-25T10:12:28+00:00 Jun Aruga jaruga@redhat.com 2023-11-07T13:36:17+00:00 543dd74049f18db2f8dd9ac05b25f8dbff2edc14 We use dh2048_ffdhe2048.pem file (DH 2048 bits) instead of dh1024.pem file in both non-FIPS and FIPS cases. Because the following command fails to generate the pem file with 1024 bits. And the OpenSSL FIPS 140-2 security policy document explains the DH public keys are allowed from 2048 bits.[1] ``` $ OPENSSL_CONF=/home/jaruga/.local/openssl-3.3.0-dev-fips-debug-1aa08644ec/ssl/openssl_fips.cnf \ /home/jaruga/.local/openssl-3.3.0-dev-fips-debug-1aa08644ec/bin/openssl \ dhparam -out dh1024.pem 1024 Generating DH parameters, 1024 bit long safe prime dhparam: Generating DH key parameters failed ``` The dh2048_ffdhe2048.pem file was created by the following command with the OpenSSL FIPS configuration file. The logic to generate the DH pem file is different between non-FIPS and FIPS cases. In FIPS, it seems that the command always returns the text defined as ffdhe2048 in the FFDHE groups in RFC 7919 unlike non-FIPS.[2] As the generated pem file is a normal and valid PKCS#3-style group parameter, we use the file for the non-FIPS case too. ``` $ OPENSSL_CONF=/home/jaruga/.local/openssl-3.3.0-dev-fips-debug-1aa08644ec/ssl/openssl_fips.cnf \ /home/jaruga/.local/openssl-3.3.0-dev-fips-debug-1aa08644ec/bin/openssl \ dhparam -out dh2048_ffdhe2048.pem 2048 ``` Note that the hard-coded PEM-encoded string in the `test_DHparams` is intentional to avoid modifying the content unintentionally. * [1] https://www.openssl.org/source/ - OpenSSL 3.0.8 FIPS 140-2 security policy document page 25, Table 10 – Public Keys - DH Public - DH (2048/3072/4096/6144/8192) public key agreement key * [2] RFC7919 - Appendix A.1: ffdhe2048 https://www.rfc-editor.org/rfc/rfc7919#appendix-A.1 
We use dh2048_ffdhe2048.pem file (DH 2048 bits) instead of dh1024.pem file in
both non-FIPS and FIPS cases. Because the following command fails to generate
the pem file with 1024 bits. And the OpenSSL FIPS 140-2 security policy
document explains the DH public keys are allowed from 2048 bits.[1]

```
$ OPENSSL_CONF=/home/jaruga/.local/openssl-3.3.0-dev-fips-debug-1aa08644ec/ssl/openssl_fips.cnf \
  /home/jaruga/.local/openssl-3.3.0-dev-fips-debug-1aa08644ec/bin/openssl \
  dhparam -out dh1024.pem 1024
Generating DH parameters, 1024 bit long safe prime
dhparam: Generating DH key parameters failed
```

The dh2048_ffdhe2048.pem file was created by the following command with the
OpenSSL FIPS configuration file. The logic to generate the DH pem file is
different between non-FIPS and FIPS cases. In FIPS, it seems that the command
always returns the text defined as ffdhe2048 in the FFDHE groups in RFC 7919
unlike non-FIPS.[2]

As the generated pem file is a normal and valid PKCS#3-style group parameter, we
use the file for the non-FIPS case too.

```
$ OPENSSL_CONF=/home/jaruga/.local/openssl-3.3.0-dev-fips-debug-1aa08644ec/ssl/openssl_fips.cnf \
  /home/jaruga/.local/openssl-3.3.0-dev-fips-debug-1aa08644ec/bin/openssl \
  dhparam -out dh2048_ffdhe2048.pem 2048
```

Note that the hard-coded PEM-encoded string in the `test_DHparams` is
intentional to avoid modifying the content unintentionally.

* [1] https://www.openssl.org/source/ - OpenSSL 3.0.8 FIPS 140-2 security
  policy document page 25, Table 10 – Public Keys - DH Public
  - DH (2048/3072/4096/6144/8192) public key agreement key
* [2] RFC7919 - Appendix A.1: ffdhe2048
  https://www.rfc-editor.org/rfc/rfc7919#appendix-A.1
[ruby/openssl] test_pkey.rb: Refactor the test_ed25519 on FIPS. 2023-09-21T18:04:55+00:00 Jun Aruga jaruga@redhat.com 2023-09-19T17:54:31+00:00 f370c4dc033ee2ac112343b37144fcdafd254fa3 * Split the test in the FIPS case as another test. * test/openssl/utils.rb: Add omit_on_fips and omit_on_non_fips methods. https://github.com/ruby/openssl/commit/4d64c38ed0 
* Split the test in the FIPS case as another test.
* test/openssl/utils.rb: Add omit_on_fips and omit_on_non_fips methods.

https://github.com/ruby/openssl/commit/4d64c38ed0