Issue #6946 has been updated by Pavel Valena.

File output-230p0.txt added

I have attached some more FIPS tests. These can be summarized in comparison with 210p0:


Resolved in 230p0
================

TestResolvAddr#test_invalid_byte_comment:
  NameError: uninitialized constant TestResolvAddr::Tempfile

OpenSSL::TestEngine#test_openssl_engine_cipher_rc4:
  OpenSSL::Engine::EngineError: no such cipher `RC4'

OpenSSL::TestDigest#test_digest_constants:
  RuntimeError: Unsupported digest algorithm (MD4).

OpenSSL::TestPKCS12#test_create:
  OpenSSL::PKCS12::PKCS12Error: encrypt error

OpenSSL::TestPKCS12#test_create_no_pass:
  OpenSSL::PKCS12::PKCS12Error: encrypt error

OpenSSL::TestPKCS12#test_create_with_chain:
  OpenSSL::PKCS12::PKCS12Error: encrypt error

OpenSSL::TestPKCS12#test_create_with_chain_decode:
  OpenSSL::PKCS12::PKCS12Error: encrypt error

OpenSSL::TestPKCS12#test_create_with_itr:
  OpenSSL::PKCS12::PKCS12Error: encrypt error

OpenSSL::TestPKCS12#test_create_with_mac_itr:
  OpenSSL::PKCS12::PKCS12Error: encrypt error

OpenSSL::TestX509Certificate#test_sign_and_verify:
  OpenSSL::X509::CertificateError: unknown message digest algorithm

OpenSSL::TestX509Request#test_sign_and_verify:
  OpenSSL::X509::RequestError: unknown message digest algorithm

(numerous tests)
  /var/lib/mock/rhel-7-x86_64/root/builddir/build/BUILD/ruby-2.1.0/lib/rubygems/test_case.rb:1329:in `initialize': Neither PUB key nor PRIV key: nested asn1 error (OpenSSL::PKey::RSAError)

TestDigest::TestMD5#test_alignment = md5_dgst.c(80): OpenSSL internal error, assertion failed: Digest MD5 forbidden in FIPS mode!

TC_HMAC_MD5#test_hexdigest = md5_dgst.c(80): OpenSSL internal error, assertion failed: Digest MD5 forbidden in FIPS mode!

TestWEBrickHTTPAuth#test_digest_auth = md5_dgst.c(80): OpenSSL internal error, assertion failed: Digest MD5 forbidden in FIPS mode!


Persist in 230p0
===============

TestString#test_crypt:
  Errno::EPERM: Operation not permitted - crypt

TestString2#test_crypt:
  Errno::EPERM: Operation not permitted - crypt

TestXMLRPC::Test_Webrick#test_client_server:
  RuntimeError: HTTP-Error: 500 Internal Server Error 

TestWEBrickHTTPAuth#test_basic_auth2 
  /builddir/build/BUILD/ruby-2.3.0/lib/webrick/httpauth/basicauth.rb:45:in `crypt': Operation not permitted - crypt (Errno::EPERM)

  /builddir/build/BUILD/ruby-2.3.0/test/lib/minitest/unit.rb:201:in `assert': webrick log doesn't have expected error: /ERROR Basic WEBrick's realm: webrick: password unmatch\./ (MiniTest::Assertion)


----------------------------------------
Feature #6946: FIPS support?
https://bugs.ruby-lang.org/issues/6946#change-59286

* Author: Vit Ondruch
* Status: Assigned
* Priority: Normal
* Assignee: openssl
----------------------------------------
=begin
Hi, running the test suite on FIPS enabled system using 

 $ find test/ -type f -name test_*.rb -exec make test-all TESTS="-v '{}'" \;

command with patch from #6938 applied, it gives me a plenty of errors (see attached output.txt file). There are two kind of errors as far as I understand, some are more or less test suite errors (e.g. #6938), which should be easy to fix, while some others (e.g. #6943) would need bigger changes.

Is there any chance that Ruby will provide better support for FIPS and there errors get fixed?
=end


---Files--------------------------------
output.txt (114 KB)
output-r36887.txt (48.6 KB)
output-r38509.txt (44.3 KB)
output-200p353.txt (39.5 KB)
output-210p0.txt (473 KB)
output-230p0.txt (17 KB)


-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request / ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>