Refactor ed25519 key generation and checks in tests

joshcooper · joshcooper · commit 55c9ea106138 · 2024-10-29T14:27:30.000-07:00
diff --git a/test/openssl/test_x509cert.rb b/test/openssl/test_x509cert.rb
@@ -223,24 +223,7 @@ def test_sign_and_verify_dsa_md5
   end
 
   def test_sign_and_verify_ed25519
-    # See test_ed25519 in test_pkey.rb
-
-    # Ed25519 is not FIPS-approved.
-    omit_on_fips
-
-    begin
-      ed25519  = OpenSSL::PKey::generate_key("ED25519")
-    rescue OpenSSL::PKey::PKeyError => e
-      # OpenSSL < 1.1.1
-      #
-      pend "Ed25519 is not implemented" unless openssl?(1, 1, 1)
-
-      raise e
-    end
-
-    # See ASN1_item_sign_ctx in ChangeLog for 3.8.1: https://github.com/libressl/portable/blob/master/ChangeLog
-    pend 'ASN1 signing with Ed25519 not yet working' unless openssl? or libressl?(3, 8, 1)
-
+    ed25519 = generate_ed25519
     cert = issue_cert(@ca, ed25519, 1, [], nil, nil, digest: nil)
     assert_equal(true, cert.verify(ed25519))
   end
diff --git a/test/openssl/test_x509crl.rb b/test/openssl/test_x509crl.rb
@@ -205,24 +205,7 @@ def test_sign_and_verify
   end
 
   def test_sign_and_verify_ed25519
-    # See test_ed25519 in test_pkey.rb
-
-    # Ed25519 is not FIPS-approved.
-    omit_on_fips
-
-    begin
-      ed25519 = OpenSSL::PKey::generate_key("ED25519")
-    rescue OpenSSL::PKey::PKeyError => e
-      # OpenSSL < 1.1.1
-      #
-      pend "Ed25519 is not implemented" unless openssl?(1, 1, 1)
-
-      raise e
-    end
-
-    # See ASN1_item_sign_ctx in ChangeLog for 3.8.1: https://github.com/libressl/portable/blob/master/ChangeLog
-    pend 'ASN1 signing with Ed25519 not yet working' unless openssl? or libressl?(3, 8, 1)
-
+    ed25519 = generate_ed25519
     cert = issue_cert(@ca, ed25519, 1, [], nil, nil, digest: nil)
     crl = issue_crl([], 1, Time.now, Time.now+1600, [],
                     cert, ed25519, nil)
diff --git a/test/openssl/test_x509req.rb b/test/openssl/test_x509req.rb
@@ -137,24 +137,7 @@ def test_sign_and_verify_dsa_md5
   end
 
   def test_sign_and_verify_ed25519
-    # See test_ed25519 in test_pkey.rb
-
-    # Ed25519 is not FIPS-approved.
-    omit_on_fips
-
-    begin
-      ed25519  = OpenSSL::PKey::generate_key("ED25519")
-    rescue OpenSSL::PKey::PKeyError => e
-      # OpenSSL < 1.1.1
-      #
-      pend "Ed25519 is not implemented" unless openssl?(1, 1, 1)
-
-      raise e
-    end
-
-    # See ASN1_item_sign_ctx in ChangeLog for 3.8.1: https://github.com/libressl/portable/blob/master/ChangeLog
-    pend 'ASN1 signing with Ed25519 not yet working' unless openssl? or libressl?(3, 8, 1)
-
+    ed25519 = generate_ed25519
     req = issue_csr(0, @dn, ed25519, nil)
     assert_equal(true, req.verify(ed25519))
   end
diff --git a/test/openssl/utils.rb b/test/openssl/utils.rb
@@ -106,6 +106,26 @@ def get_subject_key_id(cert, hex: true)
     end
   end
 
+  def generate_ed25519
+    # Ed25519 is not FIPS-approved.
+    omit_on_fips
+
+    begin
+      ed25519  = OpenSSL::PKey::generate_key("ED25519")
+    rescue OpenSSL::PKey::PKeyError => e
+      # OpenSSL < 1.1.1
+      #
+      pend "Ed25519 is not implemented" unless openssl?(1, 1, 1)
+
+      raise e
+    end
+
+    # See ASN1_item_sign_ctx in ChangeLog for 3.8.1: https://github.com/libressl/portable/blob/master/ChangeLog
+    pend 'ASN1 signing with Ed25519 not yet working' unless openssl? or libressl?(3, 8, 1)
+
+    ed25519
+  end
+
   def openssl?(major = nil, minor = nil, fix = nil, patch = 0, status = 0)
     return false if OpenSSL::OPENSSL_VERSION.include?("LibreSSL")
     return true unless major
