11# frozen_string_literal: true
22require_relative 'utils'
3- if defined? ( OpenSSL ) && defined? ( OpenSSL ::Provider ) && ! OpenSSL . fips_mode
3+ if defined? ( OpenSSL ) && defined? ( OpenSSL ::Provider )
44
55class OpenSSL ::TestProvider < OpenSSL ::TestCase
66 def test_openssl_provider_name_inspect
@@ -12,14 +12,22 @@ def test_openssl_provider_name_inspect
1212 end
1313
1414 def test_openssl_provider_names
15+ # We expect the following providers are loaded in the cases:
16+ # * Non-FIPS: default
17+ # * FIPS: fips, base
18+ # Use the null provider to test the added provider.
19+ # See provider(7) - OPENSSL PROVIDERS to see the list of providers, and
20+ # OSSL_PROVIDER-null(7) to check the details of the null provider.
1521 with_openssl <<-'end;'
16- base_provider = OpenSSL::Provider.load("base")
17- assert_equal(2, OpenSSL::Provider.provider_names.size)
18- assert_includes(OpenSSL::Provider.provider_names, "base")
22+ num = OpenSSL::Provider.provider_names.size
1923
20- assert_equal(true, base_provider.unload)
21- assert_equal(1, OpenSSL::Provider.provider_names.size)
22- assert_not_includes(OpenSSL::Provider.provider_names, "base")
24+ added_provider = OpenSSL::Provider.load("null")
25+ assert_equal(num + 1, OpenSSL::Provider.provider_names.size)
26+ assert_includes(OpenSSL::Provider.provider_names, "null")
27+
28+ assert_equal(true, added_provider.unload)
29+ assert_equal(num, OpenSSL::Provider.provider_names.size)
30+ assert_not_includes(OpenSSL::Provider.provider_names, "null")
2331 end;
2432 end
2533
@@ -33,6 +41,9 @@ def test_unloaded_openssl_provider
3341 end
3442
3543 def test_openssl_legacy_provider
44+ # The legacy provider is not supported on FIPS.
45+ omit_on_fips
46+
3647 with_openssl ( <<-'end;' )
3748 begin
3849 OpenSSL::Provider.load("legacy")
0 commit comments