diff options
| -rw-r--r-- | test/openssl/test_pkey_dh.rb | 21 | ||||
| -rw-r--r-- | test/openssl/test_pkey_ec.rb | 9 |
2 files changed, 23 insertions, 7 deletions
diff --git a/test/openssl/test_pkey_dh.rb b/test/openssl/test_pkey_dh.rb index 686c9b97d0..6e1cad9dff 100644 --- a/test/openssl/test_pkey_dh.rb +++ b/test/openssl/test_pkey_dh.rb @@ -123,11 +123,22 @@ class OpenSSL::TestPKeyDH < OpenSSL::PKeyTestCase ])) assert_equal(true, dh1.params_ok?) - dh2 = OpenSSL::PKey::DH.new(OpenSSL::ASN1::Sequence([ - OpenSSL::ASN1::Integer(dh0.p + 1), - OpenSSL::ASN1::Integer(dh0.g) - ])) - assert_equal(false, dh2.params_ok?) + # AWS-LC automatically does parameter checks on the parsed params. + if aws_lc? + assert_raise(OpenSSL::PKey::DHError) { + OpenSSL::PKey::DH.new(OpenSSL::ASN1::Sequence([ + OpenSSL::ASN1::Integer(dh0.p + 1), + OpenSSL::ASN1::Integer(dh0.g) + ])) + } + else + dh2 = OpenSSL::PKey::DH.new(OpenSSL::ASN1::Sequence([ + OpenSSL::ASN1::Integer(dh0.p + 1), + OpenSSL::ASN1::Integer(dh0.g) + ])) + assert_equal(false, dh2.params_ok?) + end + end def test_params diff --git a/test/openssl/test_pkey_ec.rb b/test/openssl/test_pkey_ec.rb index 891c8601d7..999ee89a9e 100644 --- a/test/openssl/test_pkey_ec.rb +++ b/test/openssl/test_pkey_ec.rb @@ -89,14 +89,19 @@ class OpenSSL::TestEC < OpenSSL::PKeyTestCase # Behavior of EVP_PKEY_public_check changes between OpenSSL 1.1.1 and 3.0 # The public key does not match the private key - key4 = OpenSSL::PKey.read(<<~EOF) + ec_key_data = <<~EOF -----BEGIN EC PRIVATE KEY----- MHcCAQEEIP+TT0V8Fndsnacji9tyf6hmhHywcOWTee9XkiBeJoVloAoGCCqGSM49 AwEHoUQDQgAEBkhhJIU/2/YdPSlY2I1k25xjK4trr5OXSgXvBC21PtY0HQ7lor7A jzT0giJITqmcd81fwGw5+96zLcdxTF1hVQ== -----END EC PRIVATE KEY----- EOF - assert_raise(OpenSSL::PKey::ECError) { key4.check_key } + if aws_lc? # AWS-LC automatically does key checks on the parsed key. + assert_raise(OpenSSL::PKey::PKeyError) { OpenSSL::PKey.read(ec_key_data) } + else + key4 = OpenSSL::PKey.read(ec_key_data) + assert_raise(OpenSSL::PKey::ECError) { key4.check_key } + end # EC#private_key= is deprecated in 3.0 and won't work on OpenSSL 3.0 if !openssl?(3, 0, 0) |