diff options
| author | Kazuki Yamaguchi <k@rhe.jp> | 2023-08-30 00:02:37 +0900 |
|---|---|---|
| committer | Kazuki Yamaguchi <k@rhe.jp> | 2023-08-30 00:02:37 +0900 |
| commit | c53cbabe004c08fc31aacd42bc2de45838159947 (patch) | |
| tree | aabac8cf5d7adcb87f5e4411fdd57d90873a4003 | |
| parent | 7c34a439bae71f110dd40be35454b68bd2b82e37 (diff) | |
| download | ruby-openssl-ky/test-pkey-ec-builtin-curves.tar.gz | |
test/openssl/test_pkey_ec.rb: refactor tests for EC.builtin_curvesky/test-pkey-ec-builtin-curves
Check that OpenSSL::PKey::EC.builtin_curves returns an array in the
expected format.
Similarly to OpenSSL::Cipher.ciphers, OpenSSL::PKey::EC.builtin_curves
returns a list of known named curves rather than actually usable ones.
https://github.com/ruby/openssl/issues/671 found that the list may
include unapproved (and thus unusable) curves when the FIPS module is
loaded.
| -rw-r--r-- | test/openssl/test_pkey_ec.rb | 25 |
1 files changed, 11 insertions, 14 deletions
diff --git a/test/openssl/test_pkey_ec.rb b/test/openssl/test_pkey_ec.rb index e5fef940..ab777a8b 100644 --- a/test/openssl/test_pkey_ec.rb +++ b/test/openssl/test_pkey_ec.rb @@ -5,20 +5,6 @@ if defined?(OpenSSL) class OpenSSL::TestEC < OpenSSL::PKeyTestCase def test_ec_key - builtin_curves = OpenSSL::PKey::EC.builtin_curves - assert_not_empty builtin_curves - - builtin_curves.each do |curve_name, comment| - # Oakley curves and X25519 are not suitable for signing and causes - # FIPS-selftest failure on some environment, so skip for now. - next if ["Oakley", "X25519"].any? { |n| curve_name.start_with?(n) } - - key = OpenSSL::PKey::EC.generate(curve_name) - assert_predicate key, :private? - assert_predicate key, :public? - assert_nothing_raised { key.check_key } - end - key1 = OpenSSL::PKey::EC.generate("prime256v1") # PKey is immutable in OpenSSL >= 3.0; constructing an empty EC object is @@ -49,6 +35,17 @@ class OpenSSL::TestEC < OpenSSL::PKeyTestCase end end + def test_builtin_curves + builtin_curves = OpenSSL::PKey::EC.builtin_curves + assert_not_empty builtin_curves + assert_equal 2, builtin_curves[0].size + assert_kind_of String, builtin_curves[0][0] + assert_kind_of String, builtin_curves[0][1] + + builtin_curve_names = builtin_curves.map { |name, comment| name } + assert_include builtin_curve_names, "prime256v1" + end + def test_generate assert_raise(OpenSSL::PKey::ECError) { OpenSSL::PKey::EC.generate("non-existent") } g = OpenSSL::PKey::EC::Group.new("prime256v1") |