From 5a8e1c520ac71c76f6424f9ef5aef64a79527f78 Mon Sep 17 00:00:00 2001
From: Kazuki Yamaguchi <k@rhe.jp>
Date: Mon, 27 Sep 2021 15:34:28 +0900
Subject: [ruby/openssl] test/openssl/test_ssl: assume ECC support

Disabling ECC support of OpenSSL is impractical nowadays.

We still try to have the C extension compile on no-ec builds (as well
as no-dh or no-engine, etc.) as long as we can, but keeping test cases
for such an extreme scenario is not worth the effort.

https://github.com/ruby/openssl/commit/2cd01d4676
---
 test/openssl/test_pair.rb    |  3 ---
 test/openssl/test_pkey_ec.rb |  2 +-
 test/openssl/test_ssl.rb     | 32 +++++++++++++-------------------
 test/openssl/utils.rb        |  1 -
 4 files changed, 14 insertions(+), 24 deletions(-)

(limited to 'test/openssl')

diff --git a/test/openssl/test_pair.rb b/test/openssl/test_pair.rb
index 8316ec2a9c..4249b4afb7 100644
--- a/test/openssl/test_pair.rb
+++ b/test/openssl/test_pair.rb
@@ -23,7 +23,6 @@ module OpenSSL::SSLPairM
       sctx = OpenSSL::SSL::SSLContext.new
       sctx.cert = @svr_cert
       sctx.key = @svr_key
-      sctx.tmp_dh_callback = proc { OpenSSL::TestUtils::Fixtures.pkey("dh-1") }
       sctx.options |= OpenSSL::SSL::OP_NO_COMPRESSION
       ssls = OpenSSL::SSL::SSLServer.new(tcps, sctx)
       ns = ssls.accept
@@ -383,7 +382,6 @@ module OpenSSL::TestPairM
     ctx2 = OpenSSL::SSL::SSLContext.new
     ctx2.cert = @svr_cert
     ctx2.key = @svr_key
-    ctx2.tmp_dh_callback = proc { OpenSSL::TestUtils::Fixtures.pkey("dh-1") }
 
     sock1, sock2 = tcp_pair
 
@@ -431,7 +429,6 @@ module OpenSSL::TestPairM
     ctx = OpenSSL::SSL::SSLContext.new
     ctx.cert = @svr_cert
     ctx.key = @svr_key
-    ctx.tmp_dh_callback = proc { OpenSSL::TestUtils::Fixtures.pkey("dh-1") }
 
     sock1, sock2 = tcp_pair
 
diff --git a/test/openssl/test_pkey_ec.rb b/test/openssl/test_pkey_ec.rb
index 7f44a363ba..3f5958af50 100644
--- a/test/openssl/test_pkey_ec.rb
+++ b/test/openssl/test_pkey_ec.rb
@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 require_relative 'utils'
 
-if defined?(OpenSSL) && defined?(OpenSSL::PKey::EC)
+if defined?(OpenSSL)
 
 class OpenSSL::TestEC < OpenSSL::PKeyTestCase
   def test_ec_key
diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb
index e81745321b..1a8ae3bd68 100644
--- a/test/openssl/test_ssl.rb
+++ b/test/openssl/test_ssl.rb
@@ -124,8 +124,6 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
   end
 
   def test_add_certificate_multiple_certs
-    pend "EC is not supported" unless defined?(OpenSSL::PKey::EC)
-
     ca2_key = Fixtures.pkey("rsa-3")
     ca2_exts = [
       ["basicConstraints", "CA:TRUE", true],
@@ -556,6 +554,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
     ctx_proc = -> ctx {
       ctx.ssl_version = :TLSv1_2
       ctx.ciphers = "aNULL"
+      ctx.tmp_dh = Fixtures.pkey("dh-1")
       ctx.security_level = 0
     }
 
@@ -830,7 +829,6 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
 
   def test_tlsext_hostname
     fooctx = OpenSSL::SSL::SSLContext.new
-    fooctx.tmp_dh_callback = proc { Fixtures.pkey("dh-1") }
     fooctx.cert = @cli_cert
     fooctx.key = @cli_key
 
@@ -882,7 +880,6 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
     ctx2 = OpenSSL::SSL::SSLContext.new
     ctx2.cert = @svr_cert
     ctx2.key = @svr_key
-    ctx2.tmp_dh_callback = proc { Fixtures.pkey("dh-1") }
     ctx2.servername_cb = lambda { |args| Object.new }
 
     sock1, sock2 = socketpair
@@ -1329,7 +1326,6 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
     ctx1 = OpenSSL::SSL::SSLContext.new
     ctx1.cert = @svr_cert
     ctx1.key = @svr_key
-    ctx1.tmp_dh_callback = proc { Fixtures.pkey("dh-1") }
     ctx1.alpn_select_cb = -> (protocols) { nil }
     ssl1 = OpenSSL::SSL::SSLSocket.new(sock1, ctx1)
 
@@ -1484,6 +1480,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
     ctx_proc2 = proc { |ctx|
       ctx.ssl_version = :TLSv1_2
       ctx.ciphers = "EDH"
+      ctx.tmp_dh = Fixtures.pkey("dh-1")
     }
     start_server(ctx_proc: ctx_proc2) do |port|
       ctx = OpenSSL::SSL::SSLContext.new
@@ -1494,20 +1491,18 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
       }
     end
 
-    if defined?(OpenSSL::PKey::EC)
-      # ECDHE
-      ctx_proc3 = proc { |ctx|
-        ctx.ciphers = "DEFAULT:!kRSA:!kEDH"
-        ctx.ecdh_curves = "P-256"
+    # ECDHE
+    ctx_proc3 = proc { |ctx|
+      ctx.ciphers = "DEFAULT:!kRSA:!kEDH"
+      ctx.ecdh_curves = "P-256"
+    }
+    start_server(ctx_proc: ctx_proc3) do |port|
+      ctx = OpenSSL::SSL::SSLContext.new
+      ctx.ciphers = "DEFAULT:!kRSA:!kEDH"
+      server_connect(port, ctx) { |ssl|
+        assert_instance_of OpenSSL::PKey::EC, ssl.tmp_key
+        ssl.puts "abc"; assert_equal "abc\n", ssl.gets
       }
-      start_server(ctx_proc: ctx_proc3) do |port|
-        ctx = OpenSSL::SSL::SSLContext.new
-        ctx.ciphers = "DEFAULT:!kRSA:!kEDH"
-        server_connect(port, ctx) { |ssl|
-          assert_instance_of OpenSSL::PKey::EC, ssl.tmp_key
-          ssl.puts "abc"; assert_equal "abc\n", ssl.gets
-        }
-      end
     end
   end
 
@@ -1656,7 +1651,6 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
   end
 
   def test_ecdh_curves_tls13
-    pend "EC is disabled" unless defined?(OpenSSL::PKey::EC)
     pend "TLS 1.3 not supported" unless tls13_supported?
 
     ctx_proc = -> ctx {
diff --git a/test/openssl/utils.rb b/test/openssl/utils.rb
index efa831afac..4ebcb9837b 100644
--- a/test/openssl/utils.rb
+++ b/test/openssl/utils.rb
@@ -215,7 +215,6 @@ class OpenSSL::SSLTestCase < OpenSSL::TestCase
       ctx.cert_store = store
       ctx.cert = @svr_cert
       ctx.key = @svr_key
-      ctx.tmp_dh_callback = proc { Fixtures.pkey("dh-1") }
       ctx.verify_mode = verify_mode
       ctx_proc.call(ctx) if ctx_proc
 
-- 
cgit v1.2.3