6 files changed, 53 insertions, 2 deletions

diff --git a/test/openssl/test_pkey_dh.rb b/test/openssl/test_pkey_dh.rb
index a0eca53c48..bca40ee202 100644
--- a/test/openssl/test_pkey_dh.rb
+++ b/test/openssl/test_pkey_dh.rb
@@ -68,6 +68,13 @@ YoaOffgTf5qxiwkjnlVZQc3whgnEt9FpVMvQ9eknyeGB5KHfayAc3+hUAvI3/Cr3
     assert_equal(dh.to_pem, public_key.to_pem)
   end
 
+  def test_public_pkey
+    dh = OpenSSL::TestUtils::TEST_KEY_DH1024
+    dh_test = dh.public_pkey
+    assert(!dh_test.private?)
+    assert(dh_test.public?)
+  end
+
   def test_generate_key
     dh = OpenSSL::TestUtils::TEST_KEY_DH1024.public_key # creates a copy
     assert_no_key(dh)
diff --git a/test/openssl/test_pkey_dsa.rb b/test/openssl/test_pkey_dsa.rb
index eb3e4f1c65..3537738aa9 100644
--- a/test/openssl/test_pkey_dsa.rb
+++ b/test/openssl/test_pkey_dsa.rb
@@ -228,6 +228,11 @@ YNMbNw==
     assert(pem)
   end
 
+  def test_public_pkey
+    key = OpenSSL::TestUtils::TEST_KEY_DSA256
+    assert_equal(key.public_key.to_der, key.public_pkey.to_der)
+  end
+
   private
 
   def check_sign_verify(digest)
diff --git a/test/openssl/test_pkey_ec.rb b/test/openssl/test_pkey_ec.rb
index fe128fd455..e5c4056114 100644
--- a/test/openssl/test_pkey_ec.rb
+++ b/test/openssl/test_pkey_ec.rb
@@ -189,6 +189,16 @@ class OpenSSL::TestEC < Test::Unit::TestCase
     assert(pem)
   end
 
+  def test_public_pkey
+    ec = OpenSSL::TestUtils::TEST_KEY_EC_P256V1
+    ec_pub = OpenSSL::PKey::EC.new(ec.group)
+    ec_pub.public_key = ec.public_key
+    test_obj = ec.public_pkey
+    assert(!test_obj.private?)
+    assert(test_obj.public?)
+    assert_equal(ec_pub.to_der, test_obj.to_der)
+  end
+
   def test_ec_point_mul
     ec = OpenSSL::TestUtils::TEST_KEY_EC_P256V1
     p1 = ec.public_key
diff --git a/test/openssl/test_pkey_rsa.rb b/test/openssl/test_pkey_rsa.rb
index 165b1ec98e..b031fdd387 100644
--- a/test/openssl/test_pkey_rsa.rb
+++ b/test/openssl/test_pkey_rsa.rb
@@ -284,6 +284,13 @@ AwEAAQ==
     assert(pem)
   end
 
+  def test_public_pkey
+    key = OpenSSL::TestUtils::TEST_KEY_RSA1024
+    key_test = key.public_pkey
+    assert(!key_test.private?)
+    assert(key_test.public?)
+  end
+
   private
 
   def check_PUBKEY(asn1, key)
diff --git a/test/openssl/test_x509cert.rb b/test/openssl/test_x509cert.rb
index 72cb9e6095..642a65253b 100644
--- a/test/openssl/test_x509cert.rb
+++ b/test/openssl/test_x509cert.rb
@@ -9,6 +9,7 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase
     @rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048
     @dsa256  = OpenSSL::TestUtils::TEST_KEY_DSA256
     @dsa512  = OpenSSL::TestUtils::TEST_KEY_DSA512
+    @p256    = OpenSSL::TestUtils::TEST_KEY_EC_P256V1
     @ca = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=CA")
     @ee1 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE1")
     @ee2 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE2")
@@ -42,7 +43,9 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase
     dsa_digest = OpenSSL::TestUtils::DSA_SIGNATURE_DIGEST.new
 
     [
-      [@rsa1024, sha1], [@rsa2048, sha1], [@dsa256, dsa_digest], [@dsa512, dsa_digest]
+      [@rsa1024, sha1], [@rsa2048, sha1],
+      [@dsa256, dsa_digest], [@dsa512, dsa_digest],
+      [@p256, sha1],
     ].each{|pk, digest|
       cert = issue_cert(@ca, pk, 1, Time.now, Time.now+3600, exts,
                         nil, nil, digest)
@@ -133,6 +136,7 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase
     assert_equal(true,  cert.verify(@rsa2048))
     assert_equal(false, certificate_error_returns_false { cert.verify(@dsa256) })
     assert_equal(false, certificate_error_returns_false { cert.verify(@dsa512) })
+    assert_equal(false, certificate_error_returns_false { cert.verify(@p256) })
     cert.serial = 2
     assert_equal(false, cert.verify(@rsa2048))
   end
@@ -145,6 +149,7 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase
 
     assert_equal(false, certificate_error_returns_false { cert.verify(@dsa256) })
     assert_equal(false, certificate_error_returns_false { cert.verify(@dsa512) })
+    assert_equal(false, certificate_error_returns_false { cert.verify(@p256) })
     cert.subject = @ee1
     assert_equal(false, cert.verify(@rsa2048))
   rescue OpenSSL::X509::CertificateError # RHEL7 disables MD5
@@ -157,6 +162,7 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase
     assert_equal(false, certificate_error_returns_false { cert.verify(@rsa2048) })
     assert_equal(false, cert.verify(@dsa256))
     assert_equal(true,  cert.verify(@dsa512))
+    assert_equal(false, certificate_error_returns_false { cert.verify(@p256) })
     cert.not_after = Time.now
     assert_equal(false, cert.verify(@dsa512))
   end
@@ -168,6 +174,7 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase
     assert_equal(true, cert.verify(@rsa2048))
     assert_equal(false, certificate_error_returns_false { cert.verify(@dsa256) })
     assert_equal(false, certificate_error_returns_false { cert.verify(@dsa512) })
+    assert_equal(false, certificate_error_returns_false { cert.verify(@p256) })
     cert.subject = @ee1
     assert_equal(false, cert.verify(@rsa2048))
   rescue OpenSSL::X509::CertificateError
@@ -180,6 +187,18 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase
     }
   end
 
+  def test_sign_and_verify_ecdsa_sha1
+    cert = issue_cert(@ca, @p256, 1, Time.now, Time.now+3600, [],
+                      nil, nil, OpenSSL::Digest::SHA1.new)
+    assert_equal(false, certificate_error_returns_false { cert.verify(@rsa1024) })
+    assert_equal(false, certificate_error_returns_false { cert.verify(@rsa2048) })
+    assert_equal(false, certificate_error_returns_false { cert.verify(@dsa256) })
+    assert_equal(false, certificate_error_returns_false { cert.verify(@dsa512) })
+    assert_equal(true, cert.verify(@p256))
+    cert.serial = 123
+    assert_equal(false, cert.verify(@p256))
+  end
+
   def test_dsig_algorithm_mismatch
     assert_raise(OpenSSL::X509::CertificateError) do
       issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [],
@@ -213,6 +232,9 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase
     cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [],
                       nil, nil, OpenSSL::Digest::SHA1.new)
     assert_equal(true, cert.check_private_key(@rsa2048))
+    cert = issue_cert(@ca, @p256, 1, Time.now, Time.now+3600, [],
+                      nil, nil, OpenSSL::Digest::SHA1.new)
+    assert_equal(true, cert.check_private_key(@p256))
   end
 
   private
diff --git a/test/openssl/utils.rb b/test/openssl/utils.rb
index 6909854cad..c2a0864297 100644
--- a/test/openssl/utils.rb
+++ b/test/openssl/utils.rb
@@ -122,7 +122,7 @@ AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOPeVkJ8ePao0eLAgEC
     cert.serial = serial
     cert.subject = dn
     cert.issuer = issuer.subject
-    cert.public_key = key.public_key
+    cert.public_key = key.public_pkey
     cert.not_before = not_before
     cert.not_after = not_after
     ef = OpenSSL::X509::ExtensionFactory.new