From fee4c4f337e8afe9053476ac9921c2060763f16f Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi Date: Thu, 30 Jan 2025 00:58:21 +0900 Subject: [PATCH 1/3] Backport changes related to extracted stdlibs in Ruby 3.4-3.5 [ This is a backport to the 3.1 branch. ] This is a squash of the following commits, and brings the content of Gemfile to match master: b0acc1a48eec Make optional benchmark test in OpenSSL::OSSL#test_memcmp_timing 4312b072fb02 Add rdoc as a development dependency. f59ec589d012 Use the test-unit-ruby-core gem for Test::Unit::CoreAssertions 459f20b588e7 Add prime gem to development dependency --- Gemfile | 4 ++++ test/openssl/test_ossl.rb | 8 ++++++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/Gemfile b/Gemfile index f4a8b0da7..9d912bee1 100644 --- a/Gemfile +++ b/Gemfile @@ -4,4 +4,8 @@ group :development do gem "rake" gem "rake-compiler" gem "test-unit", "~> 3.0", ">= 3.4.6" + gem "test-unit-ruby-core" + gem "prime" + # In the case of Ruby whose rdoc is not a default gem. + gem "rdoc" end diff --git a/test/openssl/test_ossl.rb b/test/openssl/test_ossl.rb index e1d86bd40..a709258a0 100644 --- a/test/openssl/test_ossl.rb +++ b/test/openssl/test_ossl.rb @@ -1,8 +1,6 @@ # frozen_string_literal: true require_relative "utils" -require 'benchmark' - if defined?(OpenSSL) class OpenSSL::OSSL < OpenSSL::SSLTestCase @@ -44,6 +42,12 @@ def test_secure_compare end def test_memcmp_timing + begin + require "benchmark" + rescue LoadError + pend "Benchmark is not available in this environment. Please install it with `gem install benchmark`." + end + # Ensure using fixed_length_secure_compare takes almost exactly the same amount of time to compare two different strings. # Regular string comparison will short-circuit on the first non-matching character, failing this test. # NOTE: this test may be susceptible to noise if the system running the tests is otherwise under load. From 9a746ed1a4aced9585cc33954a886e14aadf7193 Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi Date: Thu, 30 Jan 2025 00:07:07 +0900 Subject: [PATCH 2/3] test/openssl/test_ossl.rb: use clock_gettime for measuring time The benchmark library is planned to become a bundled gem in Ruby 3.5. While we can add it in our Gemfile, it is only used in test_memcmp_timing and the usage can be easily replaced with a few Process.clock_gettime calls. --- test/openssl/test_ossl.rb | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/test/openssl/test_ossl.rb b/test/openssl/test_ossl.rb index a709258a0..95634ce0a 100644 --- a/test/openssl/test_ossl.rb +++ b/test/openssl/test_ossl.rb @@ -42,12 +42,6 @@ def test_secure_compare end def test_memcmp_timing - begin - require "benchmark" - rescue LoadError - pend "Benchmark is not available in this environment. Please install it with `gem install benchmark`." - end - # Ensure using fixed_length_secure_compare takes almost exactly the same amount of time to compare two different strings. # Regular string comparison will short-circuit on the first non-matching character, failing this test. # NOTE: this test may be susceptible to noise if the system running the tests is otherwise under load. @@ -58,8 +52,14 @@ def test_memcmp_timing a_b_time = a_c_time = 0 100.times do - a_b_time += Benchmark.measure { 100.times { OpenSSL.fixed_length_secure_compare(a, b) } }.real - a_c_time += Benchmark.measure { 100.times { OpenSSL.fixed_length_secure_compare(a, c) } }.real + t1 = Process.clock_gettime(Process::CLOCK_MONOTONIC) + 100.times { OpenSSL.fixed_length_secure_compare(a, b) } + t2 = Process.clock_gettime(Process::CLOCK_MONOTONIC) + 100.times { OpenSSL.fixed_length_secure_compare(a, c) } + t3 = Process.clock_gettime(Process::CLOCK_MONOTONIC) + + a_b_time += t2 - t1 + a_c_time += t3 - t2 end assert_operator(a_b_time, :<, a_c_time * 10, "fixed_length_secure_compare timing test failed") assert_operator(a_c_time, :<, a_b_time * 10, "fixed_length_secure_compare timing test failed") From befdfb078cb6adaee2e11768747d9da08c2eaed0 Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi Date: Thu, 30 Jan 2025 00:33:43 +0900 Subject: [PATCH 3/3] Cleanup Gemfile The :development group is pointless because Gemfile is relevant for those who run ruby/openssl tests in this repository only, and not included in the gem package. Let's list the test dependency in the top level. The rdoc library is now a bundled gem in Ruby master, not just in Fedora's Ruby distributions. --- Gemfile | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/Gemfile b/Gemfile index 9d912bee1..1dc3e88ab 100644 --- a/Gemfile +++ b/Gemfile @@ -1,11 +1,8 @@ source "https://rubygems.org" -group :development do - gem "rake" - gem "rake-compiler" - gem "test-unit", "~> 3.0", ">= 3.4.6" - gem "test-unit-ruby-core" - gem "prime" - # In the case of Ruby whose rdoc is not a default gem. - gem "rdoc" -end +gem "rake" +gem "rake-compiler" +gem "test-unit", "~> 3.0", ">= 3.4.6" +gem "test-unit-ruby-core" +gem "prime" +gem "rdoc"