Support signing requests and CRLs using ED25519

[joshcooper]

Allow requests and CRLs to be signed using Ed25519 private keys by passing a nil digest. This is similar to commit b0fc100091207d7eab20a349433ccbd8260c6ddd when signing certs.

Note Ed25519 keys do not implement the same public_key method, so the test must special case RSA and DSA.

[rhenium]

This is similar to commit f463f5620583a927653772ae7cee95736a963a55 when signing certs.

This commit doesn't belong to ruby/openssl. I think you meant b0fc100091207d7eab20a349433ccbd8260c6ddd.

[joshcooper]

Th pkey oid for Ed25519 has different cases depending on the ssl library, so I switched to casecmp? instead

openssl:

OpenSSL::PKey::generate_key("ED25519").public_key
(irb):2:in `<main>': undefined method `public_key' for #<OpenSSL::PKey::PKey:0x00007f553184da90 oid=ED25519>

libressl:

NoMethodError: undefined method `public_key' for #<OpenSSL::PKey::PKey:0x000055ec67641d48 oid=Ed25519>

[joshcooper]

It seems libressl behaves differently when calling csr.public_key = key and then retrieving the public key:

https://github.com/ruby/openssl/actions/runs/11711737721/job/32645324677?pr=804#step:10:694

And openssl 1.0.2u:

https://github.com/ruby/openssl/actions/runs/11711737721/job/32645317144?pr=804#step:10:828

[rhenium]

It seems libressl behaves differently when calling csr.public_key = key and then retrieving the public key:

https://github.com/ruby/openssl/actions/runs/11711737721/job/32645324677?pr=804#step:10:694

And openssl 1.0.2u:

https://github.com/ruby/openssl/actions/runs/11711737721/job/32645317144?pr=804#step:10:828

This commit that went to OpenSSL 1.1.0 seems relevant: https://github.com/openssl/openssl/commit/fa0a9d715e7e35d4f597683c16b643343245fa26. I guess my new assertion in test_public_key was too much into the implementation detail. Does something like this work?

assert_equal(@rsa1024.public_to_der, req.public_key.public_to_der)

[joshcooper]

Thanks for your help @rhenium, all tests are passing now.