Fix test_provider.rb test_openssl_provider_names.

This commit fixes the following test failure of the test_openssl_provider_names in the test/openssl/test_provider.rb. ``` 159) Failure: OpenSSL::TestProvider#test_openssl_provider_names [/builddir/build/BUILD/ruby-3.3.8/test/openssl/test_provider.rb:65]: <2> expected but was <3>. ``` Because the test_openssl_provider_names assumes the total number of the providers calculating the number of the providers as a default status (1), adding the legacy provider (1) is 2 at the following line. https://github.com/ruby/ruby/blob/v3_3_8/test/openssl/test_provider.rb#L18 However, it is not the case on the current c10s. Because the number of the providers as a default status is not 1 but 2 according the following result on c10s mock environment. Therefore the total number of the providers adding the one provider should be 3. ``` <mock-chroot> sh-5.2# rpm -q openssl openssl-libs oqsprovider openssl-3.2.2-16.el10.x86_64 openssl-libs-3.2.2-16.el10.x86_64 oqsprovider-0.8.0-5.el10.x86_64 <mock-chroot> sh-5.2# openssl list -providers Providers: default name: OpenSSL Default Provider version: 3.2.2 status: active oqsprovider name: OpenSSL OQS Provider version: 0.8.0 status: active ``` The patch files fixes the test_openssl_provider_names, considering this case. Related: RHEL-87342
2025-04-25 09:59:52 +02:00 · 2025-04-25 09:59:52 +02:00 · 7e3369a9b4
commit 7e3369a9b4
parent 696e6836dc
3 changed files with 129 additions and 0 deletions
--- a/ruby-3.4.0-openssl-fix-test-provider-in-fips.patch
+++ b/ruby-3.4.0-openssl-fix-test-provider-in-fips.patch
@ -0,0 +1,61 @@
+From 570582fb78bc4adaafba44f47465507f649fa9dc Mon Sep 17 00:00:00 2001
+From: Jun Aruga <jaruga@redhat.com>
+Date: Thu, 5 Sep 2024 20:06:37 +0200
+Subject: [PATCH] [ruby/openssl] Fix test_provider.rb in FIPS.
+
+https://github.com/ruby/openssl/commit/7bdbc52100
+---
+ test/openssl/test_provider.rb | 25 ++++++++++++++++++-------
+ 1 file changed, 18 insertions(+), 7 deletions(-)
+
+diff --git a/test/openssl/test_provider.rb b/test/openssl/test_provider.rb
+index 4e050b4bc2..e27968602a 100644
+--- a/test/openssl/test_provider.rb
+++ b/test/openssl/test_provider.rb
+@@ -1,6 +1,6 @@
+ # frozen_string_literal: true
+ require_relative 'utils'
+-if defined?(OpenSSL) && defined?(OpenSSL::Provider) && !OpenSSL.fips_mode
+if defined?(OpenSSL) && defined?(OpenSSL::Provider)
+ 
+ class OpenSSL::TestProvider < OpenSSL::TestCase
+   def test_openssl_provider_name_inspect
+@@ -13,14 +13,22 @@ def test_openssl_provider_name_inspect
+ 
+   def test_openssl_provider_names
+     omit 'not working on freebsd RubyCI' if ENV['RUBYCI_NICKNAME'] =~ /freebsd/
+    # We expect the following providers are loaded in the cases:
+    # * Non-FIPS: default
+    # * FIPS: fips, base
+    # Use the null provider to test the added provider.
+    # See provider(7) - OPENSSL PROVIDERS to see the list of providers, and
+    # OSSL_PROVIDER-null(7) to check the details of the null provider.
+     with_openssl <<-'end;'
+-      base_provider = OpenSSL::Provider.load("base")
+-      assert_equal(2, OpenSSL::Provider.provider_names.size)
+-      assert_includes(OpenSSL::Provider.provider_names, "base")
+      num = OpenSSL::Provider.provider_names.size
+ 
+-      assert_equal(true, base_provider.unload)
+-      assert_equal(1, OpenSSL::Provider.provider_names.size)
+-      assert_not_includes(OpenSSL::Provider.provider_names, "base")
+      added_provider = OpenSSL::Provider.load("null")
+      assert_equal(num + 1, OpenSSL::Provider.provider_names.size)
+      assert_includes(OpenSSL::Provider.provider_names, "null")
+
+      assert_equal(true, added_provider.unload)
+      assert_equal(num, OpenSSL::Provider.provider_names.size)
+      assert_not_includes(OpenSSL::Provider.provider_names, "null")
+     end;
+   end
+ 
+@@ -35,6 +43,9 @@ def test_unloaded_openssl_provider
+ 
+   def test_openssl_legacy_provider
+     omit 'not working on freebsd RubyCI' if ENV['RUBYCI_NICKNAME'] =~ /freebsd/
+    # The legacy provider is not supported on FIPS.
+    omit_on_fips
+
+     with_openssl(<<-'end;')
+       begin
+         OpenSSL::Provider.load("legacy")
--- a/ruby-3.4.0-openssl-make-a-legacy-provider-test-optional.patch
+++ b/ruby-3.4.0-openssl-make-a-legacy-provider-test-optional.patch
@ -0,0 +1,58 @@
+From 02c40367d918d3bc42098e1fcfe0c822319f4d37 Mon Sep 17 00:00:00 2001
+From: Jun Aruga <jaruga@redhat.com>
+Date: Thu, 8 Feb 2024 18:53:32 +0100
+Subject: [PATCH] [ruby/openssl] test_provider.rb: Make a legacy provider test
+ optional.
+
+In some cases such as OpenSSL package in FreeBSD[1], the legacy provider is not
+installed intentionally. So, we omit a test depending the legacy provider if the
+legacy provider is not loadable.
+
+For the test_openssl_provider_names test, we use base provider[2] instead of
+legacy provider, because we would expect the base provider is always loadable
+in OpenSSL 3 for now.
+
+* [1] https://www.freshports.org/security/openssl/
+* [2] https://wiki.openssl.org/index.php/OpenSSL_3.0#Providers
+
+https://github.com/ruby/openssl/commit/7223da7730
+---
+ test/openssl/test_provider.rb | 15 ++++++++++-----
+ 1 file changed, 10 insertions(+), 5 deletions(-)
+
+diff --git a/test/openssl/test_provider.rb b/test/openssl/test_provider.rb
+index 7361a0e250..4e050b4bc2 100644
+--- a/test/openssl/test_provider.rb
+++ b/test/openssl/test_provider.rb
+@@ -14,13 +14,13 @@ def test_openssl_provider_name_inspect
+   def test_openssl_provider_names
+     omit 'not working on freebsd RubyCI' if ENV['RUBYCI_NICKNAME'] =~ /freebsd/
+     with_openssl <<-'end;'
+-      legacy_provider = OpenSSL::Provider.load("legacy")
+      base_provider = OpenSSL::Provider.load("base")
+       assert_equal(2, OpenSSL::Provider.provider_names.size)
+-      assert_includes(OpenSSL::Provider.provider_names, "legacy")
+      assert_includes(OpenSSL::Provider.provider_names, "base")
+ 
+-      assert_equal(true, legacy_provider.unload)
+      assert_equal(true, base_provider.unload)
+       assert_equal(1, OpenSSL::Provider.provider_names.size)
+-      assert_not_includes(OpenSSL::Provider.provider_names, "legacy")
+      assert_not_includes(OpenSSL::Provider.provider_names, "base")
+     end;
+   end
+ 
+@@ -36,7 +36,12 @@ def test_unloaded_openssl_provider
+   def test_openssl_legacy_provider
+     omit 'not working on freebsd RubyCI' if ENV['RUBYCI_NICKNAME'] =~ /freebsd/
+     with_openssl(<<-'end;')
+-      OpenSSL::Provider.load("legacy")
+      begin
+        OpenSSL::Provider.load("legacy")
+      rescue OpenSSL::Provider::ProviderError
+        omit "Only for OpenSSL with legacy provider"
+      end
+
+       algo = "RC4"
+       data = "a" * 1000
+       key = OpenSSL::Random.random_bytes(16)
--- a/ruby.spec
+++ b/ruby.spec
@ -285,6 +285,14 @@ Patch12: ruby-3.4.0-Extract-hardening-CFLAGS-to-a-special-hardenflags-variable.p
 # https://github.com/ruby/openssl/pull/710
 # https://github.com/ruby/ruby/commit/6213ab1a51387fd9cdcb5e87908722f3bbdf78cb
 Patch13: ruby-3.4.0-openssl-respect-crypto-policies-tls-min.patch
+# test_provider.rb: Make a legacy provider test optional.
+# https://github.com/ruby/openssl/pull/721
+# https://github.com/ruby/ruby/commit/eb4082284aace391a16a389a70eeaf1e7db5c542
+Patch14: ruby-3.4.0-openssl-make-a-legacy-provider-test-optional.patch
+# Fix test_provider.rb in FIPS.
+# https://github.com/ruby/openssl/pull/794
+# https://github.com/ruby/ruby/commit/ad742de79bcce53290005429868f63c51cbeb0f2
+Patch15: ruby-3.4.0-openssl-fix-test-provider-in-fips.patch

 Requires: %{name}-libs%{?_isa} = %{version}-%{release}
 %{?with_rubypick:Suggests: rubypick}
@ -771,6 +779,8 @@ analysis result in RBS format, a standard type description format for Ruby
 %patch 9 -p1
 %patch 12 -p1
 %patch 13 -p1
+%patch 14 -p1
+%patch 15 -p1

 # Provide an example of usage of the tapset:
 cp -a %{SOURCE3} .