From e0d34e2aa1399c246207bcad0b3bf1b95fa9c9af Mon Sep 17 00:00:00 2001
From: Jakub Witczak <kuba@erlang.org>
Date: Mon, 22 Jun 2026 12:34:02 +0200
Subject: [PATCH] public_key: Skip DSA tests when crypto lacks DSA support

LibreSSL (shipped by OpenBSD) disables DSA, causing
public_key_SUITE:dsa_sign_verify, public_key_SUITE:pkix_path_validation,
and pkits_SUITE:valid_dsa_signature to crash with
{notsup, "Unsupported algorithm"} on OpenBSD 7.8.

Add init_per_testcase guards that check
crypto:supports(public_keys) for dss, matching the pattern
already used for eddsa, mldsa, and slh_dsa tests.

For pkix_path_validation, fall back to RSA keys when DSA is
unavailable since the test validates path validation logic,
not the specific key algorithm.
---
 lib/public_key/test/pkits_SUITE.erl      |  9 +++++++++
 lib/public_key/test/public_key_SUITE.erl | 13 ++++++++++++-
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/lib/public_key/test/pkits_SUITE.erl b/lib/public_key/test/pkits_SUITE.erl
index be3dfc0c270c..3e12545268da 100644
--- a/lib/public_key/test/pkits_SUITE.erl
+++ b/lib/public_key/test/pkits_SUITE.erl
@@ -452,6 +452,15 @@ init_per_group(_GroupName, Config) ->
 end_per_group(_GroupName, Config) ->
     Config.
 %%--------------------------------------------------------------------
+init_per_testcase(valid_dsa_signature, Config) ->
+    case lists:member(dss, crypto:supports(public_keys)) of
+        true ->
+            Datadir = proplists:get_value(data_dir, Config),
+            put(datadir, Datadir),
+            Config;
+        false ->
+            {skip, dss_not_supported_by_crypto}
+    end;
 init_per_testcase(_Func, Config) ->
     Datadir = proplists:get_value(data_dir, Config),
     put(datadir, Datadir),
diff --git a/lib/public_key/test/public_key_SUITE.erl b/lib/public_key/test/public_key_SUITE.erl
index f680ebc0081d..4c2a37a6f65d 100644
--- a/lib/public_key/test/public_key_SUITE.erl
+++ b/lib/public_key/test/public_key_SUITE.erl
@@ -330,6 +330,13 @@ init_per_testcase(rsa_pss_sign_verify, Config) ->
             {skip, not_supported_by_crypto}
     end;
 
+init_per_testcase(dsa_sign_verify, Config) ->
+    case lists:member(dss, crypto:supports(public_keys)) of
+        true ->
+            Config;
+        false ->
+            {skip, dss_not_supported_by_crypto}
+    end;
 init_per_testcase(TestCase, Config) when TestCase == eddsa_sign_verify_24_compat;
                                          TestCase == pkix_crl_verify_eddsa ->
     case lists:member(eddsa, crypto:supports(public_keys)) of
@@ -1280,8 +1287,12 @@ pkix_decode_cert_empty_rdns(Config) when is_list(Config) ->
 pkix_path_validation() ->
     [{doc, "Test PKIX path validation"}].
 pkix_path_validation(Config) when is_list(Config) ->
+    KeyType = case lists:member(dss, crypto:supports(public_keys)) of
+                  true -> dsa;
+                  false -> rsa
+              end,
     CaK = {Trusted,_} =
-	erl_make_certs:make_cert([{key, dsa},
+        erl_make_certs:make_cert([{key, KeyType},
 			     {subject, [
 					{name, "Public Key"},
 					{?'id-at-name', {printableString, "public_key"}},