ruby/test/openssl/test_provider.rb

# frozen_string_literal: true
require_relative 'utils'
if defined?(OpenSSL) && defined?(OpenSSL::Provider)

class OpenSSL::TestProvider < OpenSSL::TestCase
  def test_openssl_provider_name_inspect
    with_openssl <<-'end;'
      provider = OpenSSL::Provider.load("default")
      assert_equal("default", provider.name)
      assert_not_nil(provider.inspect)
    end;
  end

  def test_openssl_provider_names
    # We expect the following providers are loaded in the cases:
    # * Non-FIPS: default
    # * FIPS: fips, base
    # Use the null provider to test the added provider.
    # See provider(7) - OPENSSL PROVIDERS to see the list of providers, and
    # OSSL_PROVIDER-null(7) to check the details of the null provider.
    with_openssl <<-'end;'
      num = OpenSSL::Provider.provider_names.size

      added_provider = OpenSSL::Provider.load("null")
      assert_equal(num + 1, OpenSSL::Provider.provider_names.size)
      assert_includes(OpenSSL::Provider.provider_names, "null")

      assert_equal(true, added_provider.unload)
      assert_equal(num, OpenSSL::Provider.provider_names.size)
      assert_not_includes(OpenSSL::Provider.provider_names, "null")
    end;
  end

  def test_unloaded_openssl_provider
    with_openssl <<-'end;'
      default_provider = OpenSSL::Provider.load("default")
      assert_equal(true, default_provider.unload)
      assert_raise(OpenSSL::Provider::ProviderError) { default_provider.name }
      assert_raise(OpenSSL::Provider::ProviderError) { default_provider.unload }
    end;
  end

  def test_openssl_legacy_provider
    # The legacy provider is not supported on FIPS.
    omit_on_fips

    with_openssl(<<-'end;')
      begin
        OpenSSL::Provider.load("legacy")
      rescue OpenSSL::Provider::ProviderError
        omit "Only for OpenSSL with legacy provider"
      end

      algo = "RC4"
      data = "a" * 1000
      key = OpenSSL::Random.random_bytes(16)

      # default provider does not support RC4
      cipher = OpenSSL::Cipher.new(algo)
      cipher.encrypt
      cipher.key = key
      encrypted = cipher.update(data) + cipher.final

      other_cipher = OpenSSL::Cipher.new(algo)
      other_cipher.decrypt
      other_cipher.key = key
      decrypted = other_cipher.update(encrypted) + other_cipher.final

      assert_equal(data, decrypted)
    end;
  end

  private

  # this is required because OpenSSL::Provider methods change global state
  def with_openssl(code, **opts)
    assert_separately(["-ropenssl"], <<~"end;", **opts)
      #{code}
    end;
  end
end

end
[ruby/openssl] add OpenSSL Provider support https://github.com/ruby/openssl/commit/189c167e40 [rhe: tool/update-deps --fix to update ext/openssl/depend] 2023-06-02 15:12:21 +03:00			`# frozen_string_literal: true`
			`require_relative 'utils'`
[ruby/openssl] Fix test_provider.rb in FIPS. https://github.com/ruby/openssl/commit/7bdbc52100 2024-09-05 21:06:37 +03:00			`if defined?(OpenSSL) && defined?(OpenSSL::Provider)`
[ruby/openssl] add OpenSSL Provider support https://github.com/ruby/openssl/commit/189c167e40 [rhe: tool/update-deps --fix to update ext/openssl/depend] 2023-06-02 15:12:21 +03:00
			`class OpenSSL::TestProvider < OpenSSL::TestCase`
			`def test_openssl_provider_name_inspect`
			`with_openssl <<-'end;'`
			`provider = OpenSSL::Provider.load("default")`
			`assert_equal("default", provider.name)`
			`assert_not_nil(provider.inspect)`
			`end;`
			`end`

Fix accidentally changed to rename test method at d95d3484a90a985b971ef4c55762847d92b6c81a 2024-02-19 05:05:13 +03:00			`def test_openssl_provider_names`
[ruby/openssl] Fix test_provider.rb in FIPS. https://github.com/ruby/openssl/commit/7bdbc52100 2024-09-05 21:06:37 +03:00			`# We expect the following providers are loaded in the cases:`
			`# * Non-FIPS: default`
			`# * FIPS: fips, base`
			`# Use the null provider to test the added provider.`
			`# See provider(7) - OPENSSL PROVIDERS to see the list of providers, and`
			`# OSSL_PROVIDER-null(7) to check the details of the null provider.`
[ruby/openssl] add OpenSSL Provider support https://github.com/ruby/openssl/commit/189c167e40 [rhe: tool/update-deps --fix to update ext/openssl/depend] 2023-06-02 15:12:21 +03:00			`with_openssl <<-'end;'`
[ruby/openssl] Fix test_provider.rb in FIPS. https://github.com/ruby/openssl/commit/7bdbc52100 2024-09-05 21:06:37 +03:00			`num = OpenSSL::Provider.provider_names.size`
[ruby/openssl] add OpenSSL Provider support https://github.com/ruby/openssl/commit/189c167e40 [rhe: tool/update-deps --fix to update ext/openssl/depend] 2023-06-02 15:12:21 +03:00
[ruby/openssl] Fix test_provider.rb in FIPS. https://github.com/ruby/openssl/commit/7bdbc52100 2024-09-05 21:06:37 +03:00			`added_provider = OpenSSL::Provider.load("null")`
			`assert_equal(num + 1, OpenSSL::Provider.provider_names.size)`
			`assert_includes(OpenSSL::Provider.provider_names, "null")`

			`assert_equal(true, added_provider.unload)`
			`assert_equal(num, OpenSSL::Provider.provider_names.size)`
			`assert_not_includes(OpenSSL::Provider.provider_names, "null")`
[ruby/openssl] add OpenSSL Provider support https://github.com/ruby/openssl/commit/189c167e40 [rhe: tool/update-deps --fix to update ext/openssl/depend] 2023-06-02 15:12:21 +03:00			`end;`
			`end`

			`def test_unloaded_openssl_provider`
			`with_openssl <<-'end;'`
			`default_provider = OpenSSL::Provider.load("default")`
			`assert_equal(true, default_provider.unload)`
			`assert_raise(OpenSSL::Provider::ProviderError) { default_provider.name }`
			`assert_raise(OpenSSL::Provider::ProviderError) { default_provider.unload }`
			`end;`
			`end`

			`def test_openssl_legacy_provider`
[ruby/openssl] Fix test_provider.rb in FIPS. https://github.com/ruby/openssl/commit/7bdbc52100 2024-09-05 21:06:37 +03:00			`# The legacy provider is not supported on FIPS.`
			`omit_on_fips`

[ruby/openssl] add OpenSSL Provider support https://github.com/ruby/openssl/commit/189c167e40 [rhe: tool/update-deps --fix to update ext/openssl/depend] 2023-06-02 15:12:21 +03:00			`with_openssl(<<-'end;')`
[ruby/openssl] test_provider.rb: Make a legacy provider test optional. In some cases such as OpenSSL package in FreeBSD[1], the legacy provider is not installed intentionally. So, we omit a test depending the legacy provider if the legacy provider is not loadable. For the test_openssl_provider_names test, we use base provider[2] instead of legacy provider, because we would expect the base provider is always loadable in OpenSSL 3 for now. * [1] https://www.freshports.org/security/openssl/ * [2] https://wiki.openssl.org/index.php/OpenSSL_3.0#Providers https://github.com/ruby/openssl/commit/7223da7730 2024-02-08 20:53:32 +03:00			`begin`
			`OpenSSL::Provider.load("legacy")`
			`rescue OpenSSL::Provider::ProviderError`
			`omit "Only for OpenSSL with legacy provider"`
			`end`

[ruby/openssl] add OpenSSL Provider support https://github.com/ruby/openssl/commit/189c167e40 [rhe: tool/update-deps --fix to update ext/openssl/depend] 2023-06-02 15:12:21 +03:00			`algo = "RC4"`
			`data = "a" * 1000`
			`key = OpenSSL::Random.random_bytes(16)`

			`# default provider does not support RC4`
			`cipher = OpenSSL::Cipher.new(algo)`
			`cipher.encrypt`
			`cipher.key = key`
			`encrypted = cipher.update(data) + cipher.final`

			`other_cipher = OpenSSL::Cipher.new(algo)`
			`other_cipher.decrypt`
			`other_cipher.key = key`
			`decrypted = other_cipher.update(encrypted) + other_cipher.final`

			`assert_equal(data, decrypted)`
			`end;`
			`end`

			`private`

			`# this is required because OpenSSL::Provider methods change global state`
			`def with_openssl(code, **opts)`
[ruby/openssl] Remove OSSL_DEBUG compile-time option Remove the OSSL_DEBUG flag and OpenSSL.mem_check_start which is only compiled when the flag is given. They are meant purely for development of Ruby/OpenSSL. OpenSSL.mem_check_start helped us find memory leak bugs in past, but it is no longer working with the recent OpenSSL versions. Let's just remove it now. https://github.com/ruby/openssl/commit/8c7a6a17e2 2023-08-31 15:34:50 +03:00			`assert_separately(["-ropenssl"], <<~"end;", **opts)`
[ruby/openssl] add OpenSSL Provider support https://github.com/ruby/openssl/commit/189c167e40 [rhe: tool/update-deps --fix to update ext/openssl/depend] 2023-06-02 15:12:21 +03:00			`#{code}`
			`end;`
			`end`
			`end`

			`end`