ruby.git/test/openssl/test_digest.rb, branch v4.0.3 The Ruby Programming Language [ruby/openssl] digest: use EVP_MD_fetch() if available 2025-11-06T13:25:09+00:00 Kazuki Yamaguchi k@rhe.jp 2025-06-24T10:31:31+00:00 10d2311e136212549d36f90ec7cb86108e682088 With the introduction of OpenSSL 3 providers, newly implemented algorithms do not necessarily have a corresponding NID assigned. To use such an algorithm, it has to be "fetched" from providers using the new EVP_*_fetch() functions. For digest algorithms, we have to use EVP_MD_fetch() instead of the existing EVP_get_digestbyname(). However, it is not a drop-in replacement because: - EVP_MD_fetch() does not support all algorithm name aliases recognized by EVP_get_digestbyname(). - Both return an EVP_MD, but the one returned by EVP_MD_fetch() is sometimes reference counted and the user has to explicitly release it with EVP_MD_free(). So, keep using EVP_get_digestbyname() for all OpenSSL versions for now, and fall back to EVP_MD_fetch() if it fails. In the latter case, prepare a T_DATA object to manage the fetched EVP_MD's lifetime. https://github.com/ruby/openssl/commit/9fc2179403 
With the introduction of OpenSSL 3 providers, newly implemented
algorithms do not necessarily have a corresponding NID assigned. To use
such an algorithm, it has to be "fetched" from providers using the new
EVP_*_fetch() functions.

For digest algorithms, we have to use EVP_MD_fetch() instead of the
existing EVP_get_digestbyname(). However, it is not a drop-in
replacement because:

 - EVP_MD_fetch() does not support all algorithm name aliases recognized
   by EVP_get_digestbyname().

 - Both return an EVP_MD, but the one returned by EVP_MD_fetch() is
   sometimes reference counted and the user has to explicitly release
   it with EVP_MD_free().

So, keep using EVP_get_digestbyname() for all OpenSSL versions for now,
and fall back to EVP_MD_fetch() if it fails. In the latter case, prepare
a T_DATA object to manage the fetched EVP_MD's lifetime.

https://github.com/ruby/openssl/commit/9fc2179403
[ruby/openssl] digest: raise DigestError for unsupported algorithm name 2025-11-06T13:25:09+00:00 Kazuki Yamaguchi k@rhe.jp 2025-11-03T09:31:09+00:00 18ab5023b63af88eddb083e89e19224e9f25af4d We generally raise OpenSSL::OpenSSLError or its subclass for errors originating from the OpenSSL library, which may include extra details appended by ossl_raise(). https://github.com/ruby/openssl/commit/9427a05ce5 
We generally raise OpenSSL::OpenSSLError or its subclass for errors
originating from the OpenSSL library, which may include extra details
appended by ossl_raise().

https://github.com/ruby/openssl/commit/9427a05ce5
[ruby/openssl] digest: refactor tests for name aliases 2025-11-06T13:25:09+00:00 Kazuki Yamaguchi k@rhe.jp 2025-06-24T10:07:18+00:00 2612915c3489c76fcb3828eefd3b29fdf30a9a5e Use explicit strings instead of relying on OpenSSL::ASN1::ObjectId methods. It is reduced to just SHA-256 because testing other algorithms does not improve test coverage for ruby/openssl. https://github.com/ruby/openssl/commit/dcfd2e7b97 
Use explicit strings instead of relying on OpenSSL::ASN1::ObjectId
methods. It is reduced to just SHA-256 because testing other algorithms
does not improve test coverage for ruby/openssl.

https://github.com/ruby/openssl/commit/dcfd2e7b97
[ruby/openssl] digest: correct assert_equal usage in test_sha3 2025-02-27T17:04:32+00:00 Kazuki Yamaguchi k@rhe.jp 2025-02-26T14:25:35+00:00 c0f3dcf7958b07e7d2cf008770594bd9c656fb51 assert_equal accepts an expected value as the first argument. https://github.com/ruby/openssl/commit/8faa1d89de 
assert_equal accepts an expected value as the first argument.

https://github.com/ruby/openssl/commit/8faa1d89de
[ruby/openssl] digest: always run SHA-3 and truncated SHA-2 tests 2025-02-27T17:04:32+00:00 Kazuki Yamaguchi k@rhe.jp 2025-02-26T14:00:56+00:00 f5a74bd645a6b074695fb046b44d50967c468a83 The "pend" are no longer necessary, as they work with all OpenSSL variants we currently support. They were added in OpenSSL 1.1.1 and LibreSSL 3.8.0. They are also supported by the current AWS-LC release. This makes the SHA-3 tests run with AWS-LC correctly. AWS-LC does not report SHA-3 in OpenSSL::Digest.digests. https://github.com/ruby/openssl/commit/e1a6e9c081 
The "pend" are no longer necessary, as they work with all OpenSSL
variants we currently support. They were added in OpenSSL 1.1.1 and
LibreSSL 3.8.0. They are also supported by the current AWS-LC release.

This makes the SHA-3 tests run with AWS-LC correctly. AWS-LC does not
report SHA-3 in OpenSSL::Digest.digests.

https://github.com/ruby/openssl/commit/e1a6e9c081
[ruby/openssl] Add OpenSSL::Digest.digests to get a list of available digests 2024-04-30T15:05:50+00:00 Bart de Water 496367+bdewater@users.noreply.github.com 2024-03-12T02:27:04+00:00 cc6657e563298e6c5ce50af3d107a60791b723af https://github.com/ruby/openssl/commit/08dd3c73b7 
https://github.com/ruby/openssl/commit/08dd3c73b7
[ruby/openssl] Prefer String#unpack1 2023-09-06T10:24:53+00:00 Mau Magnaguagno maumagnaguagno@gmail.com 2023-08-31T06:38:45+00:00 60a6de81a823cdb932d21fa5869c93853d3f2795 (https://github.com/ruby/openssl/pull/586) String#unpack1 avoids the intermediate array created by String#unpack for single elements, while also making a call to Array#first/[0] unnecessary. https://github.com/ruby/openssl/commit/8eb0715a42 
(https://github.com/ruby/openssl/pull/586)

String#unpack1 avoids the intermediate array created by String#unpack
for single elements, while also making a call to Array#first/[0]
unnecessary.

https://github.com/ruby/openssl/commit/8eb0715a42
[ruby/openssl] test/openssl/test_digest: do not test constants for legacy algorithms 2021-10-23T04:38:37+00:00 Kazuki Yamaguchi k@rhe.jp 2020-05-17T17:17:28+00:00 54047b6d0646b38cceaa2546c9ae57b5d9c4c988 Remove availability test for MD4 and RIPEMD160 as they are considered legacy and may be missing depending on the compile-time options of OpenSSL. OpenSSL 3.0 by default disables them. https://github.com/ruby/openssl/commit/a3e59f4c2e 
Remove availability test for MD4 and RIPEMD160 as they are considered
legacy and may be missing depending on the compile-time options of
OpenSSL. OpenSSL 3.0 by default disables them.

https://github.com/ruby/openssl/commit/a3e59f4c2e
[ruby/openssl] Look up digest by name instead of constant 2020-05-13T06:47:51+00:00 Bart de Water bartdewater@gmail.com 2020-04-19T15:14:36+00:00 0b2c70eaa1e8e41fcb6332b22b084dabb81e637c https://github.com/ruby/openssl/commit/b28fb2f05c 
https://github.com/ruby/openssl/commit/b28fb2f05c
openssl: sync with upstream repository 2020-03-10T08:41:01+00:00 Kazuki Yamaguchi k@rhe.jp 2020-03-09T09:26:19+00:00 e4a26cd4f8e74e5d29de10a3a0ce5829829301b0 Import current master (2c43241dc0ed) of ruby/openssl.git. Below are the commits that were made since the last batch at commit b99775b163ce (ruby/openssl.git commit f49e7110ca1e). Note that some of them have been applied already. ---------------------------------------------------------------- Benoit Daloze (1): Remove redundant and ignored workflow file DBL-Lee (1): add support for SHA512_256/SHA512_224 Hiroshi SHIBATA (2): Guard for OpenSSL::PKey::EC::Group::Error with unsupported platforms Fixed inconsistency directory structure with ruby/ruby repo Jeremy Evans (2): Fix keyword argument separation issues in OpenSSL::SSL::SSLSocket#sys{read,write}_nonblock Remove taint support Kazuki Yamaguchi (26): config: support .include directive random: make OpenSSL::Random.pseudo_bytes alias of .random_bytes extconf.rb: get rid of -Werror=deprecated-declarations test/openssl/test_ssl: skip test_fallback_scsv if necessary ts: simplify OpenSSL::Timestamp::Request#algorithm History.md: add missing references to GitHub issues config: deprecate OpenSSL::Config#add_value and #[]= test/openssl/test_ssl: remove sleep from test_finished_messages test/openssl/test_ssl: fix random failure in SSLSocket.open test test/openssl/test_ssl: avoid explicitly-sized private keys test/openssl/test_ssl: remove commented-out test case test/openssl/test_ssl: allow kRSA tests to fail ssl: avoid declarations after statements engine: revert OpenSSL::Engine.load changes for cloudhsm engine: remove really outdated static engines engine: do not check for ENGINE_load_builtin_engines() engine: fix guards for 'dynamic' and 'cryptodev' engines lib/openssl.rb: require openssl/version.rb x509: add error code and verify flags constants ssl: set verify error code in the case of verify_hostname failure .github/workflows: merge CI jobs into a single workflow .github/workflows: test against different OpenSSL versions .travis.yml: fully migrate to GitHub Actions ssl: suppress test failure with SSLContext#add_certificate_chain_file ssl: remove test case test_puts_meta from test_pair Revert "Use version.rb in gemspec" MSP-Greg (2): .travis.yml - remove 2.3/1.0.2, 2.5/1.1.1, head/1.0.2 Use version.rb in gemspec Samuel Williams (1): Restore compatibility with older versions of Ruby. Yusuke Endoh (1): Make OpenSSL::OSSL#test_memcmp_timing robust 
Import current master (2c43241dc0ed) of ruby/openssl.git.

Below are the commits that were made since the last batch at commit
b99775b163ce (ruby/openssl.git commit f49e7110ca1e). Note that some of
them have been applied already.

----------------------------------------------------------------
Benoit Daloze (1):
      Remove redundant and ignored workflow file

DBL-Lee (1):
      add support for SHA512_256/SHA512_224

Hiroshi SHIBATA (2):
      Guard for OpenSSL::PKey::EC::Group::Error with unsupported platforms
      Fixed inconsistency directory structure with ruby/ruby repo

Jeremy Evans (2):
      Fix keyword argument separation issues in OpenSSL::SSL::SSLSocket#sys{read,write}_nonblock
      Remove taint support

Kazuki Yamaguchi (26):
      config: support .include directive
      random: make OpenSSL::Random.pseudo_bytes alias of .random_bytes
      extconf.rb: get rid of -Werror=deprecated-declarations
      test/openssl/test_ssl: skip test_fallback_scsv if necessary
      ts: simplify OpenSSL::Timestamp::Request#algorithm
      History.md: add missing references to GitHub issues
      config: deprecate OpenSSL::Config#add_value and #[]=
      test/openssl/test_ssl: remove sleep from test_finished_messages
      test/openssl/test_ssl: fix random failure in SSLSocket.open test
      test/openssl/test_ssl: avoid explicitly-sized private keys
      test/openssl/test_ssl: remove commented-out test case
      test/openssl/test_ssl: allow kRSA tests to fail
      ssl: avoid declarations after statements
      engine: revert OpenSSL::Engine.load changes for cloudhsm
      engine: remove really outdated static engines
      engine: do not check for ENGINE_load_builtin_engines()
      engine: fix guards for 'dynamic' and 'cryptodev' engines
      lib/openssl.rb: require openssl/version.rb
      x509: add error code and verify flags constants
      ssl: set verify error code in the case of verify_hostname failure
      .github/workflows: merge CI jobs into a single workflow
      .github/workflows: test against different OpenSSL versions
      .travis.yml: fully migrate to GitHub Actions
      ssl: suppress test failure with SSLContext#add_certificate_chain_file
      ssl: remove test case test_puts_meta from test_pair
      Revert "Use version.rb in gemspec"

MSP-Greg (2):
      .travis.yml - remove 2.3/1.0.2, 2.5/1.1.1, head/1.0.2
      Use version.rb in gemspec

Samuel Williams (1):
      Restore compatibility with older versions of Ruby.

Yusuke Endoh (1):
      Make OpenSSL::OSSL#test_memcmp_timing robust