mirror of
https://github.com/ruby/ruby.git
synced 2022-11-09 12:17:21 -05:00
a3b753b282
mode manually. * test/openssl/utils.rb: turn off FIPS mode for tests. This prevents OpenSSL installations with FIPS mode enabled by default from raising FIPS-related errors during the tests. * test/openssl/test_fips.rb: add tests for FIPS-capable OpenSSL installations. [Feature #6946] [ruby-core:47345] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38480 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
55 lines
1.2 KiB
Ruby
55 lines
1.2 KiB
Ruby
require_relative 'utils'
|
|
|
|
if defined?(OpenSSL) && OpenSSL::OPENSSL_FIPS
|
|
|
|
class OpenSSL::TestFIPS < Test::Unit::TestCase
|
|
|
|
def test_reject_md5
|
|
data = "test"
|
|
assert_not_nil(OpenSSL::Digest.new("MD5").digest(data))
|
|
in_fips_mode do
|
|
assert_raise(OpenSSL::Digest::DigestError) do
|
|
OpenSSL::Digest.new("MD5").digest(data)
|
|
end
|
|
end
|
|
end
|
|
|
|
def test_reject_short_key_rsa
|
|
assert_key_too_short(OpenSSL::PKey::RSAError) { dh = OpenSSL::PKey::RSA.new(256) }
|
|
end
|
|
|
|
def test_reject_short_key_dsa
|
|
assert_key_too_short(OpenSSL::PKey::DSAError) { dh = OpenSSL::PKey::DSA.new(256) }
|
|
end
|
|
|
|
def test_reject_short_key_dh
|
|
assert_key_too_short(OpenSSL::PKey::DHError) { dh = OpenSSL::PKey::DH.new(256) }
|
|
end
|
|
|
|
def test_reject_short_key_ec
|
|
assert_key_too_short(OpenSSL::PKey::ECError) do
|
|
group = OpenSSL::PKey::EC::Group.new('secp112r1')
|
|
key = OpenSSL::PKey::EC.new
|
|
key.group = group
|
|
key.generate_key
|
|
end
|
|
end
|
|
|
|
private
|
|
|
|
def in_fips_mode
|
|
OpenSSL.fips_mode = true
|
|
yield
|
|
ensure
|
|
OpenSSL.fips_mode = false
|
|
end
|
|
|
|
def assert_key_too_short(expected_error)
|
|
in_fips_mode do
|
|
assert_raise(expected_error) { yield }
|
|
end
|
|
end
|
|
|
|
end
|
|
|
|
end
|