test_pkey.rb: Refactor the test_ed25519 in FIPS.

Split the test in the FIPS case as another test.

Author: junaruga

test/openssl/test_pkey.rb

@@ -82,6 +82,13 @@ def test_hmac_sign_verify
   end
 
   def test_ed25519
+    # Ed25519 is not approved in OpenSSL 3.1+ FIPS code.
+    # See OpenSSL providers/fips/fipsprov.c PROV_NAMES_ED25519 entries
+    # with FIPS_UNAPPROVED_PROPERTIES in OpenSSL 3.1+.
+    if OpenSSL.fips_mode && openssl?(3, 1, 0, 0)
+      omit "Ed25519 is not approved in OpenSSL 3.1+ FIPS code"
+    end
+
     # Test vector from RFC 8032 Section 7.1 TEST 2
     priv_pem = <<~EOF
     -----BEGIN PRIVATE KEY-----
@@ -96,15 +103,11 @@ def test_ed25519
     begin
       priv = OpenSSL::PKey.read(priv_pem)
       pub = OpenSSL::PKey.read(pub_pem)
-    rescue OpenSSL::PKey::PKeyError
+    rescue OpenSSL::PKey::PKeyError => e
       # OpenSSL < 1.1.1
-      if !openssl?(1, 1, 1)
-        pend "Ed25519 is not implemented"
-      elsif OpenSSL.fips_mode && openssl?(3, 1, 0, 0)
-        # See OpenSSL providers/fips/fipsprov.c PROV_NAMES_ED25519 entries
-        # with FIPS_UNAPPROVED_PROPERTIES in OpenSSL 3.1+.
-        pend "Ed25519 is not approved in OpenSSL 3.1+ FIPS code"
-      end
+      pend "Ed25519 is not implemented" unless openssl?(1, 1, 1)
+
+      raise e
     end
     assert_instance_of OpenSSL::PKey::PKey, priv
     assert_instance_of OpenSSL::PKey::PKey, pub
@@ -145,6 +148,21 @@ def test_ed25519
     assert_raise(OpenSSL::PKey::PKeyError) { priv.derive(pub) }
   end
 
+  def test_ed25519_not_supported_on_openssl_3_1_plus_fips
+    unless OpenSSL.fips_mode && openssl?(3, 1, 0, 0)
+      omit "Only for OpenSSL 3.1+ FIPS"
+    end
+
+    priv_pem = <<~EOF
+    -----BEGIN PRIVATE KEY-----
+    MC4CAQAwBQYDK2VwBCIEIEzNCJso/5banbbDRuwRTg9bijGfNaumJNqM9u1PuKb7
+    -----END PRIVATE KEY-----
+    EOF
+    assert_raise(OpenSSL::PKey::PKeyError) do
+      OpenSSL::PKey.read(priv_pem)
+    end
+  end
+
   def test_x25519
     # Test vector from RFC 7748 Section 6.1
     alice_pem = <<~EOF