diff options
| author | Jun Aruga <jaruga@redhat.com> | 2026-01-13 13:59:58 +0000 |
|---|---|---|
| committer | git <svn-admin@ruby-lang.org> | 2026-01-13 15:22:09 +0000 |
| commit | 6a0a3d605b9e42e3ea9eaab5a4d5deade60f8500 (patch) | |
| tree | 72a4fe91d973deaa73454dc2d73e093d0cb55f37 | |
| parent | b722d37f21ff0b148bdadb1b6aed6532f9beb9bf (diff) | |
[ruby/openssl] Fix test_digest.rb in FIPS.
https://github.com/ruby/openssl/commit/27a9a92309
| -rw-r--r-- | test/openssl/test_digest.rb | 28 |
1 files changed, 18 insertions, 10 deletions
diff --git a/test/openssl/test_digest.rb b/test/openssl/test_digest.rb index 2ef84cfa4c..91ed247414 100644 --- a/test/openssl/test_digest.rb +++ b/test/openssl/test_digest.rb @@ -6,8 +6,8 @@ if defined?(OpenSSL) class OpenSSL::TestDigest < OpenSSL::TestCase def setup super - @d1 = OpenSSL::Digest.new("MD5") - @d2 = OpenSSL::Digest::MD5.new + @d1 = OpenSSL::Digest.new("SHA256") + @d2 = OpenSSL::Digest::SHA256.new end def test_initialize @@ -17,18 +17,20 @@ class OpenSSL::TestDigest < OpenSSL::TestCase end def test_digest - null_hex = "d41d8cd98f00b204e9800998ecf8427e" + # SHA256 null value calculated by `echo -n "" | sha256sum` + null_hex = "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" null_bin = [null_hex].pack("H*") data = "DATA" - hex = "e44f9e348e41cb272efa87387728571b" + # SHA256 DATA value calculated by `echo -n "DATA" | sha256sum` + hex = "c97c29c7a71b392b437ee03fd17f09bb10b75e879466fc0eb757b2c4a78ac938" bin = [hex].pack("H*") assert_equal(null_bin, @d1.digest) assert_equal(null_hex, @d1.hexdigest) @d1 << data assert_equal(bin, @d1.digest) assert_equal(hex, @d1.hexdigest) - assert_equal(bin, OpenSSL::Digest.digest('MD5', data)) - assert_equal(hex, OpenSSL::Digest.hexdigest('MD5', data)) + assert_equal(bin, OpenSSL::Digest.digest('SHA256', data)) + assert_equal(hex, OpenSSL::Digest.hexdigest('SHA256', data)) end def test_eql @@ -38,9 +40,9 @@ class OpenSSL::TestDigest < OpenSSL::TestCase end def test_info - assert_equal("MD5", @d1.name, "name") - assert_equal("MD5", @d2.name, "name") - assert_equal(16, @d1.size, "size") + assert_equal("SHA256", @d1.name, "name") + assert_equal("SHA256", @d2.name, "name") + assert_equal(32, @d1.size, "size") end def test_dup @@ -60,7 +62,10 @@ class OpenSSL::TestDigest < OpenSSL::TestCase end def test_digest_constants - %w{MD5 SHA1 SHA224 SHA256 SHA384 SHA512}.each do |name| + non_fips_names = %w{MD5} + names = %w{SHA1 SHA224 SHA256 SHA384 SHA512} + names = non_fips_names + names unless OpenSSL.fips_mode + names.each do |name| assert_not_nil(OpenSSL::Digest.new(name)) klass = OpenSSL::Digest.const_get(name.tr('-', '_')) assert_not_nil(klass.new) @@ -125,6 +130,9 @@ class OpenSSL::TestDigest < OpenSSL::TestCase end def test_fetched_evp_md + # KECCAK-256 is not FIPS-approved. + omit_on_fips + # Pre-NIST Keccak is an example of a digest algorithm that doesn't have an # NID and requires dynamic allocation of EVP_MD hex = "c5d2460186f7233c927e7db2dcc703c0e500b653ca82273b7bfad8045d85a470" |