From 8c26fc26a1177419c2f2575b34d4dd4b7b04cf25 Mon Sep 17 00:00:00 2001 From: Jun Aruga Date: Wed, 21 Feb 2024 10:37:53 +0100 Subject: [PATCH 1/3] Revert "omit tests related legacy provider" This reverts commit 9b7543d58869ae359eb745d7feafbb522ad1fd1e. The case not providing the legacy provider can happen not only in FreeBSD but also in other platforms. The fix is addressed in the next commit. --- test/openssl/test_provider.rb | 4 ---- 1 file changed, 4 deletions(-) diff --git a/test/openssl/test_provider.rb b/test/openssl/test_provider.rb index 52865d538..d0e667858 100644 --- a/test/openssl/test_provider.rb +++ b/test/openssl/test_provider.rb @@ -12,8 +12,6 @@ def test_openssl_provider_name_inspect end def test_openssl_provider_names - omit if /freebsd/ =~ RUBY_PLATFORM - with_openssl <<-'end;' legacy_provider = OpenSSL::Provider.load("legacy") assert_equal(2, OpenSSL::Provider.provider_names.size) @@ -35,8 +33,6 @@ def test_unloaded_openssl_provider end def test_openssl_legacy_provider - omit if /freebsd/ =~ RUBY_PLATFORM - with_openssl(<<-'end;') OpenSSL::Provider.load("legacy") algo = "RC4" From 405f1eee3dcfb69d3acc5cb0680afe43151a1cd7 Mon Sep 17 00:00:00 2001 From: Jun Aruga Date: Thu, 8 Feb 2024 19:11:37 +0100 Subject: [PATCH 2/3] CI: Add OpenSSL no-legacy case. Add the case of the OpenSSL that doesn't install the legacy provider. --- .github/workflows/test.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index ee4b47bd5..4fd2b0e2f 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -100,6 +100,7 @@ jobs: - { os: ubuntu-latest, ruby: "3.0", openssl: openssl-3.2.1, fips-enabled: true, append-configure: 'enable-fips', name-extra: 'fips' } - { os: ubuntu-latest, ruby: "3.0", openssl: openssl-head, git: 'git://git.openssl.org/openssl.git', branch: 'master' } - { os: ubuntu-latest, ruby: "3.0", openssl: openssl-head, git: 'git://git.openssl.org/openssl.git', branch: 'master', fips-enabled: true, append-configure: 'enable-fips', name-extra: 'fips' } + - { os: ubuntu-latest, ruby: "3.0", openssl: openssl-head, git: 'git://git.openssl.org/openssl.git', branch: 'master', append-configure: 'no-legacy', name-extra: 'no-legacy' } steps: - name: repo checkout uses: actions/checkout@v4 From 7223da7730bb04b41f76786900100685fb3fb918 Mon Sep 17 00:00:00 2001 From: Jun Aruga Date: Thu, 8 Feb 2024 18:53:32 +0100 Subject: [PATCH 3/3] test_provider.rb: Make a legacy provider test optional. In some cases such as OpenSSL package in FreeBSD[1], the legacy provider is not installed intentionally. So, we omit a test depending the legacy provider if the legacy provider is not loadable. For the test_openssl_provider_names test, we use base provider[2] instead of legacy provider, because we would expect the base provider is always loadable in OpenSSL 3 for now. * [1] https://www.freshports.org/security/openssl/ * [2] https://wiki.openssl.org/index.php/OpenSSL_3.0#Providers --- test/openssl/test_provider.rb | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/test/openssl/test_provider.rb b/test/openssl/test_provider.rb index d0e667858..b0ffae9ce 100644 --- a/test/openssl/test_provider.rb +++ b/test/openssl/test_provider.rb @@ -13,13 +13,13 @@ def test_openssl_provider_name_inspect def test_openssl_provider_names with_openssl <<-'end;' - legacy_provider = OpenSSL::Provider.load("legacy") + base_provider = OpenSSL::Provider.load("base") assert_equal(2, OpenSSL::Provider.provider_names.size) - assert_includes(OpenSSL::Provider.provider_names, "legacy") + assert_includes(OpenSSL::Provider.provider_names, "base") - assert_equal(true, legacy_provider.unload) + assert_equal(true, base_provider.unload) assert_equal(1, OpenSSL::Provider.provider_names.size) - assert_not_includes(OpenSSL::Provider.provider_names, "legacy") + assert_not_includes(OpenSSL::Provider.provider_names, "base") end; end @@ -34,7 +34,12 @@ def test_unloaded_openssl_provider def test_openssl_legacy_provider with_openssl(<<-'end;') - OpenSSL::Provider.load("legacy") + begin + OpenSSL::Provider.load("legacy") + rescue OpenSSL::Provider::ProviderError + omit "Only for OpenSSL with legacy provider" + end + algo = "RC4" data = "a" * 1000 key = OpenSSL::Random.random_bytes(16)