diff options
Diffstat (limited to 'test/openssl/utils.rb')
-rw-r--r-- | test/openssl/utils.rb | 61 |
1 files changed, 28 insertions, 33 deletions
diff --git a/test/openssl/utils.rb b/test/openssl/utils.rb index e474fccaf8..f6c84eef67 100644 --- a/test/openssl/utils.rb +++ b/test/openssl/utils.rb @@ -1,44 +1,14 @@ # frozen_string_literal: true begin require "openssl" - - # Disable FIPS mode for tests for installations - # where FIPS mode would be enabled by default. - # Has no effect on all other installations. - OpenSSL.fips_mode=false rescue LoadError end -# Compile OpenSSL with crypto-mdebug and run this test suite with OSSL_MDEBUG=1 -# environment variable to enable memory leak check. -if ENV["OSSL_MDEBUG"] == "1" - if OpenSSL.respond_to?(:print_mem_leaks) - OpenSSL.mem_check_start - - END { - GC.start - case OpenSSL.print_mem_leaks - when nil - warn "mdebug: check what is printed" - when true - raise "mdebug: memory leaks detected" - end - } - else - warn "OSSL_MDEBUG=1 is specified but OpenSSL is not built with crypto-mdebug" - end -end - require "test/unit" +require "core_assertions" require "tempfile" require "socket" -begin - require_relative "../lib/core_assertions" -rescue LoadError - # for ruby/ruby repository -end - if defined?(OpenSSL) module OpenSSL::TestUtils @@ -136,11 +106,12 @@ module OpenSSL::TestUtils end end - def openssl?(major = nil, minor = nil, fix = nil, patch = 0) + def openssl?(major = nil, minor = nil, fix = nil, patch = 0, status = 0) return false if OpenSSL::OPENSSL_VERSION.include?("LibreSSL") return true unless major OpenSSL::OPENSSL_VERSION_NUMBER >= - major * 0x10000000 + minor * 0x100000 + fix * 0x1000 + patch * 0x10 + major * 0x10000000 + minor * 0x100000 + fix * 0x1000 + patch * 0x10 + + status * 0x1 end def libressl?(major = nil, minor = nil, fix = nil) @@ -168,6 +139,30 @@ class OpenSSL::TestCase < Test::Unit::TestCase # OpenSSL error stack must be empty assert_equal([], OpenSSL.errors) end + + # Omit the tests in FIPS. + # + # For example, the password based encryption used in the PEM format uses MD5 + # for deriving the encryption key from the password, and MD5 is not + # FIPS-approved. + # + # See https://github.com/openssl/openssl/discussions/21830#discussioncomment-6865636 + # for details. + def omit_on_fips + return unless OpenSSL.fips_mode + + omit <<~MESSAGE + Only for OpenSSL non-FIPS with the following possible reasons: + * A testing logic is non-FIPS specific. + * An encryption used in the test is not FIPS-approved. + MESSAGE + end + + def omit_on_non_fips + return if OpenSSL.fips_mode + + omit "Only for OpenSSL FIPS" + end end class OpenSSL::SSLTestCase < OpenSSL::TestCase |