From: pvalena@... Date: 2016-06-20T15:05:52+00:00 Subject: [ruby-core:76085] [Ruby trunk Feature#6946] FIPS support? Issue #6946 has been updated by Pavel Valena. File output-230p0.txt added I have attached some more FIPS tests. These can be summarized in comparison with 210p0: Resolved in 230p0 ================ TestResolvAddr#test_invalid_byte_comment: NameError: uninitialized constant TestResolvAddr::Tempfile OpenSSL::TestEngine#test_openssl_engine_cipher_rc4: OpenSSL::Engine::EngineError: no such cipher `RC4' OpenSSL::TestDigest#test_digest_constants: RuntimeError: Unsupported digest algorithm (MD4). OpenSSL::TestPKCS12#test_create: OpenSSL::PKCS12::PKCS12Error: encrypt error OpenSSL::TestPKCS12#test_create_no_pass: OpenSSL::PKCS12::PKCS12Error: encrypt error OpenSSL::TestPKCS12#test_create_with_chain: OpenSSL::PKCS12::PKCS12Error: encrypt error OpenSSL::TestPKCS12#test_create_with_chain_decode: OpenSSL::PKCS12::PKCS12Error: encrypt error OpenSSL::TestPKCS12#test_create_with_itr: OpenSSL::PKCS12::PKCS12Error: encrypt error OpenSSL::TestPKCS12#test_create_with_mac_itr: OpenSSL::PKCS12::PKCS12Error: encrypt error OpenSSL::TestX509Certificate#test_sign_and_verify: OpenSSL::X509::CertificateError: unknown message digest algorithm OpenSSL::TestX509Request#test_sign_and_verify: OpenSSL::X509::RequestError: unknown message digest algorithm (numerous tests) /var/lib/mock/rhel-7-x86_64/root/builddir/build/BUILD/ruby-2.1.0/lib/rubygems/test_case.rb:1329:in `initialize': Neither PUB key nor PRIV key: nested asn1 error (OpenSSL::PKey::RSAError) TestDigest::TestMD5#test_alignment = md5_dgst.c(80): OpenSSL internal error, assertion failed: Digest MD5 forbidden in FIPS mode! TC_HMAC_MD5#test_hexdigest = md5_dgst.c(80): OpenSSL internal error, assertion failed: Digest MD5 forbidden in FIPS mode! TestWEBrickHTTPAuth#test_digest_auth = md5_dgst.c(80): OpenSSL internal error, assertion failed: Digest MD5 forbidden in FIPS mode! Persist in 230p0 =============== TestString#test_crypt: Errno::EPERM: Operation not permitted - crypt TestString2#test_crypt: Errno::EPERM: Operation not permitted - crypt TestXMLRPC::Test_Webrick#test_client_server: RuntimeError: HTTP-Error: 500 Internal Server Error TestWEBrickHTTPAuth#test_basic_auth2 /builddir/build/BUILD/ruby-2.3.0/lib/webrick/httpauth/basicauth.rb:45:in `crypt': Operation not permitted - crypt (Errno::EPERM) /builddir/build/BUILD/ruby-2.3.0/test/lib/minitest/unit.rb:201:in `assert': webrick log doesn't have expected error: /ERROR Basic WEBrick's realm: webrick: password unmatch\./ (MiniTest::Assertion) ---------------------------------------- Feature #6946: FIPS support? https://bugs.ruby-lang.org/issues/6946#change-59286 * Author: Vit Ondruch * Status: Assigned * Priority: Normal * Assignee: openssl ---------------------------------------- =begin Hi, running the test suite on FIPS enabled system using $ find test/ -type f -name test_*.rb -exec make test-all TESTS="-v '{}'" \; command with patch from #6938 applied, it gives me a plenty of errors (see attached output.txt file). There are two kind of errors as far as I understand, some are more or less test suite errors (e.g. #6938), which should be easy to fix, while some others (e.g. #6943) would need bigger changes. Is there any chance that Ruby will provide better support for FIPS and there errors get fixed? =end ---Files-------------------------------- output.txt (114 KB) output-r36887.txt (48.6 KB) output-r38509.txt (44.3 KB) output-200p353.txt (39.5 KB) output-210p0.txt (473 KB) output-230p0.txt (17 KB) -- https://bugs.ruby-lang.org/ Unsubscribe: