From 4a3141d4f1e6799faf332854cdb41e387747a1ca Mon Sep 17 00:00:00 2001 From: Xabier de Zuazo Date: Wed, 18 Jun 2014 10:29:14 +0200 Subject: [CHEF-5356-gcm] Chef::EncryptedDataBagItem Version3 unit tests added --- spec/unit/encrypted_data_bag_item_spec.rb | 55 +++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) (limited to 'spec') diff --git a/spec/unit/encrypted_data_bag_item_spec.rb b/spec/unit/encrypted_data_bag_item_spec.rb index 1e662a0b7c..0c8e991535 100644 --- a/spec/unit/encrypted_data_bag_item_spec.rb +++ b/spec/unit/encrypted_data_bag_item_spec.rb @@ -92,6 +92,34 @@ describe Chef::EncryptedDataBagItem::Encryptor do end end + describe "when using version 3 format" do + + before do + Chef::Config[:data_bag_encrypt_version] = 3 + end + + it "creates a version 3 encryptor" do + encryptor.should be_a_instance_of(Chef::EncryptedDataBagItem::Encryptor::Version3Encryptor) + end + + it "generates different authentication tags" do + encryptor3 = Chef::EncryptedDataBagItem::Encryptor.new(plaintext_data, key) + encryptor.for_encrypted_item # required to generate the auth_tag + encryptor3.for_encrypted_item + encryptor.auth_tag.should_not eq(encryptor3.auth_tag) + end + + it "includes the auth_tag in the envelope" do + final_data = encryptor.for_encrypted_item + final_data["auth_tag"].should eq(Base64::encode64(encryptor.auth_tag)) + end + + it "throws an error if auth tag is read before encrypting the data" do + lambda { encryptor.auth_tag }.should raise_error(Chef::EncryptedDataBagItem::EncryptionFailure) + end + + end + end describe Chef::EncryptedDataBagItem::Decryptor do @@ -101,6 +129,33 @@ describe Chef::EncryptedDataBagItem::Decryptor do let(:encryption_key) { "passwd" } let(:decryption_key) { encryption_key } + context "when decrypting a version 3 (JSON+aes-256-gcm+random iv+auth tag) encrypted value" do + let(:encrypted_value) do + Chef::EncryptedDataBagItem::Encryptor::Version3Encryptor.new(plaintext_data, encryption_key).for_encrypted_item + end + + let(:bogus_auth_tag) { "bogus_auth_tag" } + + it "decrypts the encrypted value" do + decryptor.decrypted_data.should eq({"json_wrapper" => plaintext_data}.to_json) + end + + it "unwraps the encrypted data and returns it" do + decryptor.for_decrypted_item.should eq plaintext_data + end + + it "rejects the data if the authentication tag is wrong" do + encrypted_value["auth_tag"] = bogus_auth_tag + lambda { decryptor.for_decrypted_item }.should raise_error(Chef::EncryptedDataBagItem::DecryptionFailure) + end + + it "rejects the data if the authentication tag is missing" do + encrypted_value.delete("auth_tag") + lambda { decryptor.for_decrypted_item }.should raise_error(Chef::EncryptedDataBagItem::DecryptionFailure) + end + + end + context "when decrypting a version 2 (JSON+aes-256-cbc+hmac-sha256+random iv) encrypted value" do let(:encrypted_value) do Chef::EncryptedDataBagItem::Encryptor::Version2Encryptor.new(plaintext_data, encryption_key).for_encrypted_item -- cgit v1.2.1 From 72a53edfca3b992aa51946ed471f7cc15627b187 Mon Sep 17 00:00:00 2001 From: Xabier de Zuazo Date: Thu, 5 Jun 2014 21:06:22 +0200 Subject: [CHEF-5356-gcm] Some small improvements to the EncryptedDataBag unit tests Conflicts: spec/unit/encrypted_data_bag_item_spec.rb --- spec/unit/encrypted_data_bag_item_spec.rb | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) (limited to 'spec') diff --git a/spec/unit/encrypted_data_bag_item_spec.rb b/spec/unit/encrypted_data_bag_item_spec.rb index 0c8e991535..68447fd6fb 100644 --- a/spec/unit/encrypted_data_bag_item_spec.rb +++ b/spec/unit/encrypted_data_bag_item_spec.rb @@ -39,14 +39,14 @@ describe Chef::EncryptedDataBagItem::Encryptor do let(:key) { "passwd" } it "encrypts to format version 1 by default" do - encryptor.should be_a_kind_of(Chef::EncryptedDataBagItem::Encryptor::Version1Encryptor) + encryptor.should be_a_instance_of(Chef::EncryptedDataBagItem::Encryptor::Version1Encryptor) end describe "generating a random IV" do it "generates a new IV for each encryption pass" do encryptor2 = Chef::EncryptedDataBagItem::Encryptor.new(plaintext_data, key) - # No API in ruby OpenSSL to get the iv it used for the encryption back + # No API in ruby OpenSSL to get the iv is used for the encryption back # out. Instead we test if the encrypted data is the same. If it *is* the # same, we assume the IV was the same each time. encryptor.encrypted_data.should_not eq encryptor2.encrypted_data @@ -56,7 +56,7 @@ describe Chef::EncryptedDataBagItem::Encryptor do describe "when encrypting a non-hash non-array value" do let(:plaintext_data) { 5 } it "serializes the value in a de-serializable way" do - Chef::JSONCompat.from_json(subject.serialized_data)["json_wrapper"].should eq 5 + Chef::JSONCompat.from_json(encryptor.serialized_data)["json_wrapper"].should eq 5 end end @@ -78,10 +78,10 @@ describe Chef::EncryptedDataBagItem::Encryptor do end it "creates a version 2 encryptor" do - encryptor.should be_a_kind_of(Chef::EncryptedDataBagItem::Encryptor::Version2Encryptor) + encryptor.should be_a_instance_of(Chef::EncryptedDataBagItem::Encryptor::Version2Encryptor) end - it "generates an hmac based on ciphertext including iv" do + it "generates an hmac based on ciphertext with different iv" do encryptor2 = Chef::EncryptedDataBagItem::Encryptor.new(plaintext_data, key) encryptor.hmac.should_not eq(encryptor2.hmac) end @@ -167,6 +167,14 @@ describe Chef::EncryptedDataBagItem::Decryptor do Base64.encode64(raw_hmac) end + it "decrypts the encrypted value" do + decryptor.decrypted_data.should eq({"json_wrapper" => plaintext_data}.to_json) + end + + it "unwraps the encrypted data and returns it" do + decryptor.for_decrypted_item.should eq plaintext_data + end + it "rejects the data if the hmac is wrong" do encrypted_value["hmac"] = bogus_hmac lambda { decryptor.for_decrypted_item }.should raise_error(Chef::EncryptedDataBagItem::DecryptionFailure) @@ -186,7 +194,7 @@ describe Chef::EncryptedDataBagItem::Decryptor do end it "selects the correct strategy for version 1" do - decryptor.should be_a_kind_of Chef::EncryptedDataBagItem::Decryptor::Version1Decryptor + decryptor.should be_a_instance_of Chef::EncryptedDataBagItem::Decryptor::Version1Decryptor end it "decrypts the encrypted value" do @@ -246,7 +254,7 @@ describe Chef::EncryptedDataBagItem::Decryptor do end it "selects the correct strategy for version 0" do - decryptor.should be_a_kind_of(Chef::EncryptedDataBagItem::Decryptor::Version0Decryptor) + decryptor.should be_a_instance_of(Chef::EncryptedDataBagItem::Decryptor::Version0Decryptor) end it "decrypts the encrypted value" do -- cgit v1.2.1 From 4d3932688018c68505579df3859de6f28712cc2a Mon Sep 17 00:00:00 2001 From: Xabier de Zuazo Date: Tue, 1 Jul 2014 10:27:54 +0200 Subject: [CHEF-5356-gcm] Avoid testing GCM with ruby or OpenSSL versions --- spec/unit/encrypted_data_bag_item_spec.rb | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'spec') diff --git a/spec/unit/encrypted_data_bag_item_spec.rb b/spec/unit/encrypted_data_bag_item_spec.rb index 68447fd6fb..68379e2f17 100644 --- a/spec/unit/encrypted_data_bag_item_spec.rb +++ b/spec/unit/encrypted_data_bag_item_spec.rb @@ -92,7 +92,8 @@ describe Chef::EncryptedDataBagItem::Encryptor do end end - describe "when using version 3 format" do + describe "when using version 3 format", + :if => (RUBY_VERSION >= "2" and OpenSSL::OPENSSL_VERSION_NUMBER >= 10001000) do before do Chef::Config[:data_bag_encrypt_version] = 3 @@ -129,7 +130,9 @@ describe Chef::EncryptedDataBagItem::Decryptor do let(:encryption_key) { "passwd" } let(:decryption_key) { encryption_key } - context "when decrypting a version 3 (JSON+aes-256-gcm+random iv+auth tag) encrypted value" do + context "when decrypting a version 3 (JSON+aes-256-gcm+random iv+auth tag) encrypted value", + :if => (RUBY_VERSION >= "2" and OpenSSL::OPENSSL_VERSION_NUMBER >= 10001000) do + let(:encrypted_value) do Chef::EncryptedDataBagItem::Encryptor::Version3Encryptor.new(plaintext_data, encryption_key).for_encrypted_item end -- cgit v1.2.1 From 67fe30df3a5700927788b363fbcbf9423ceeb3d2 Mon Sep 17 00:00:00 2001 From: Xabier de Zuazo Date: Sun, 6 Jul 2014 21:07:42 +0200 Subject: [CHEF-5356-gcm] If the requirements to use Encryted Data Bags 3 are not met, give a meaningful error message --- spec/unit/encrypted_data_bag_item_spec.rb | 141 +++++++++++++++++++++--------- 1 file changed, 100 insertions(+), 41 deletions(-) (limited to 'spec') diff --git a/spec/unit/encrypted_data_bag_item_spec.rb b/spec/unit/encrypted_data_bag_item_spec.rb index 68379e2f17..53fe8cd778 100644 --- a/spec/unit/encrypted_data_bag_item_spec.rb +++ b/spec/unit/encrypted_data_bag_item_spec.rb @@ -92,34 +92,59 @@ describe Chef::EncryptedDataBagItem::Encryptor do end end - describe "when using version 3 format", - :if => (RUBY_VERSION >= "2" and OpenSSL::OPENSSL_VERSION_NUMBER >= 10001000) do - + describe "when using version 3 format" do before do Chef::Config[:data_bag_encrypt_version] = 3 end - it "creates a version 3 encryptor" do - encryptor.should be_a_instance_of(Chef::EncryptedDataBagItem::Encryptor::Version3Encryptor) - end + context "on supported platforms", + :if => (RUBY_VERSION >= "2" and OpenSSL::OPENSSL_VERSION_NUMBER >= 10001000) do - it "generates different authentication tags" do - encryptor3 = Chef::EncryptedDataBagItem::Encryptor.new(plaintext_data, key) - encryptor.for_encrypted_item # required to generate the auth_tag - encryptor3.for_encrypted_item - encryptor.auth_tag.should_not eq(encryptor3.auth_tag) - end + it "creates a version 3 encryptor" do + encryptor.should be_a_instance_of(Chef::EncryptedDataBagItem::Encryptor::Version3Encryptor) + end - it "includes the auth_tag in the envelope" do - final_data = encryptor.for_encrypted_item - final_data["auth_tag"].should eq(Base64::encode64(encryptor.auth_tag)) - end + it "generates different authentication tags" do + encryptor3 = Chef::EncryptedDataBagItem::Encryptor.new(plaintext_data, key) + encryptor.for_encrypted_item # required to generate the auth_tag + encryptor3.for_encrypted_item + encryptor.auth_tag.should_not eq(encryptor3.auth_tag) + end - it "throws an error if auth tag is read before encrypting the data" do - lambda { encryptor.auth_tag }.should raise_error(Chef::EncryptedDataBagItem::EncryptionFailure) - end + it "includes the auth_tag in the envelope" do + final_data = encryptor.for_encrypted_item + final_data["auth_tag"].should eq(Base64::encode64(encryptor.auth_tag)) + end - end + it "throws an error if auth tag is read before encrypting the data" do + lambda { encryptor.auth_tag }.should raise_error(Chef::EncryptedDataBagItem::EncryptionFailure) + end + + end # context on supported platforms + + context "on unsupported platforms" do + + context "on platforms with old Ruby", + :if => RUBY_VERSION < "2" do + + it "throws an error warning about the Ruby version" do + lambda { encryptor }.should raise_error(Chef::EncryptedDataBagItem::EncryptedDataBagRequirementsFailure, /requires Ruby/) + end + + end # context on platforms with old Ruby + + context "on platforms with old OpenSSL", + :if => OpenSSL::OPENSSL_VERSION_NUMBER < 10001000 do + + it "throws an error warning about the OpenSSL version" do + lambda { encryptor }.should raise_error(Chef::EncryptedDataBagItem::EncryptedDataBagRequirementsFailure, /requires an OpenSSL/) + end + + end # context on platforms with old OpenSSL + + end # context on unsupported platforms + + end # when using version 3 format end @@ -130,34 +155,68 @@ describe Chef::EncryptedDataBagItem::Decryptor do let(:encryption_key) { "passwd" } let(:decryption_key) { encryption_key } - context "when decrypting a version 3 (JSON+aes-256-gcm+random iv+auth tag) encrypted value", - :if => (RUBY_VERSION >= "2" and OpenSSL::OPENSSL_VERSION_NUMBER >= 10001000) do + context "when decrypting a version 3 (JSON+aes-256-gcm+random iv+auth tag) encrypted value" do - let(:encrypted_value) do - Chef::EncryptedDataBagItem::Encryptor::Version3Encryptor.new(plaintext_data, encryption_key).for_encrypted_item - end + context "on supported platforms", + :if => (RUBY_VERSION >= "2" and OpenSSL::OPENSSL_VERSION_NUMBER >= 10001000) do - let(:bogus_auth_tag) { "bogus_auth_tag" } + let(:encrypted_value) do + Chef::EncryptedDataBagItem::Encryptor::Version3Encryptor.new(plaintext_data, encryption_key).for_encrypted_item + end - it "decrypts the encrypted value" do - decryptor.decrypted_data.should eq({"json_wrapper" => plaintext_data}.to_json) - end + let(:bogus_auth_tag) { "bogus_auth_tag" } - it "unwraps the encrypted data and returns it" do - decryptor.for_decrypted_item.should eq plaintext_data - end + it "decrypts the encrypted value" do + decryptor.decrypted_data.should eq({"json_wrapper" => plaintext_data}.to_json) + end - it "rejects the data if the authentication tag is wrong" do - encrypted_value["auth_tag"] = bogus_auth_tag - lambda { decryptor.for_decrypted_item }.should raise_error(Chef::EncryptedDataBagItem::DecryptionFailure) - end + it "unwraps the encrypted data and returns it" do + decryptor.for_decrypted_item.should eq plaintext_data + end - it "rejects the data if the authentication tag is missing" do - encrypted_value.delete("auth_tag") - lambda { decryptor.for_decrypted_item }.should raise_error(Chef::EncryptedDataBagItem::DecryptionFailure) - end + it "rejects the data if the authentication tag is wrong" do + encrypted_value["auth_tag"] = bogus_auth_tag + lambda { decryptor.for_decrypted_item }.should raise_error(Chef::EncryptedDataBagItem::DecryptionFailure) + end - end + it "rejects the data if the authentication tag is missing" do + encrypted_value.delete("auth_tag") + lambda { decryptor.for_decrypted_item }.should raise_error(Chef::EncryptedDataBagItem::DecryptionFailure) + end + + end # context on supported platforms + + context "on unsupported platforms" do + let(:encrypted_value) do + { + "encrypted_data" => "", + "iv" => "", + "version" => 3, + "cipher" => "aes-256-cbc", + } + end + + context "on platforms with old Ruby", + :if => RUBY_VERSION < "2" do + + it "throws an error warning about the Ruby version" do + lambda { decryptor }.should raise_error(Chef::EncryptedDataBagItem::EncryptedDataBagRequirementsFailure, /requires Ruby/) + end + + end # context on platforms with old Ruby + + context "on platforms with old OpenSSL", + :if => OpenSSL::OPENSSL_VERSION_NUMBER < 10001000 do + + it "throws an error warning about the OpenSSL version" do + lambda { decryptor }.should raise_error(Chef::EncryptedDataBagItem::EncryptedDataBagRequirementsFailure, /requires an OpenSSL/) + end + + end # context on unsupported platforms + + end # context on platforms with old OpenSSL + + end # context when decrypting a version 3 context "when decrypting a version 2 (JSON+aes-256-cbc+hmac-sha256+random iv) encrypted value" do let(:encrypted_value) do -- cgit v1.2.1 From 24af166939aea7dc0f360c4221c75774077873cc Mon Sep 17 00:00:00 2001 From: Xabier de Zuazo Date: Tue, 8 Jul 2014 12:32:47 +0200 Subject: [CHEF-5356-gcm] Use OpenSSL::Cipher and OpenSSL::Digest instead of OpenSSL::Cipher::Cipher and OpenSSL::Digest::Digest --- spec/unit/encrypted_data_bag_item_spec.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'spec') diff --git a/spec/unit/encrypted_data_bag_item_spec.rb b/spec/unit/encrypted_data_bag_item_spec.rb index 53fe8cd778..a02174ce78 100644 --- a/spec/unit/encrypted_data_bag_item_spec.rb +++ b/spec/unit/encrypted_data_bag_item_spec.rb @@ -23,7 +23,7 @@ module Version0Encryptor def self.encrypt_value(plaintext_data, key) data = plaintext_data.to_yaml - cipher = OpenSSL::Cipher::Cipher.new("aes-256-cbc") + cipher = OpenSSL::Cipher.new("aes-256-cbc") cipher.encrypt cipher.pkcs5_keyivgen(key) encrypted_bytes = cipher.update(data) @@ -224,7 +224,7 @@ describe Chef::EncryptedDataBagItem::Decryptor do end let(:bogus_hmac) do - digest = OpenSSL::Digest::Digest.new("sha256") + digest = OpenSSL::Digest.new("sha256") raw_hmac = OpenSSL::HMAC.digest(digest, "WRONG", encrypted_value["encrypted_data"]) Base64.encode64(raw_hmac) end -- cgit v1.2.1 From e11d4ad82fc57d9d7b96b788a024aa1d263f625e Mon Sep 17 00:00:00 2001 From: Xabier de Zuazo Date: Wed, 9 Jul 2014 09:58:59 +0200 Subject: [CHEF-5356-gcm] Use rspec filters instead of conditionals and add some alternative tests using stubs --- spec/spec_helper.rb | 3 +++ spec/support/platform_helpers.rb | 12 +++++++++++ spec/unit/encrypted_data_bag_item_spec.rb | 35 ++++++++++++++++++++----------- 3 files changed, 38 insertions(+), 12 deletions(-) (limited to 'spec') diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 09e7642d98..7c11957997 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -124,6 +124,9 @@ RSpec.configure do |config| config.filter_run_excluding :requires_root_or_running_windows => true unless (root? || windows?) config.filter_run_excluding :requires_unprivileged_user => true if root? config.filter_run_excluding :uses_diff => true unless has_diff? + config.filter_run_excluding :ruby_gte_20_and_openssl_gte_101 => true unless (ruby_gte_20? && openssl_gte_101?) + config.filter_run_excluding :openssl_lt_101 => true unless openssl_lt_101? + config.filter_run_excluding :ruby_lt_20 => true unless ruby_lt_20? running_platform_arch = `uname -m`.strip diff --git a/spec/support/platform_helpers.rb b/spec/support/platform_helpers.rb index 75ab0c9cde..0d20e8f645 100644 --- a/spec/support/platform_helpers.rb +++ b/spec/support/platform_helpers.rb @@ -7,6 +7,10 @@ def ruby_gte_20? RUBY_VERSION.to_f >= 2.0 end +def ruby_lt_20? + !ruby_gte_20? +end + def ruby_gte_19? RUBY_VERSION.to_f >= 1.9 end @@ -124,3 +128,11 @@ def root? return false if windows? Process.euid == 0 end + +def openssl_gte_101? + OpenSSL::OPENSSL_VERSION_NUMBER >= 10001000 +end + +def openssl_lt_101? + !openssl_gte_101? +end diff --git a/spec/unit/encrypted_data_bag_item_spec.rb b/spec/unit/encrypted_data_bag_item_spec.rb index a02174ce78..84d7d19c7d 100644 --- a/spec/unit/encrypted_data_bag_item_spec.rb +++ b/spec/unit/encrypted_data_bag_item_spec.rb @@ -97,8 +97,7 @@ describe Chef::EncryptedDataBagItem::Encryptor do Chef::Config[:data_bag_encrypt_version] = 3 end - context "on supported platforms", - :if => (RUBY_VERSION >= "2" and OpenSSL::OPENSSL_VERSION_NUMBER >= 10001000) do + context "on supported platforms", :ruby_gte_20_and_openssl_gte_101 do it "creates a version 3 encryptor" do encryptor.should be_a_instance_of(Chef::EncryptedDataBagItem::Encryptor::Version3Encryptor) @@ -123,9 +122,25 @@ describe Chef::EncryptedDataBagItem::Encryptor do end # context on supported platforms context "on unsupported platforms" do + let(:aead_algorithm) { Chef::EncryptedDataBagItem::AEAD_ALGORITHM } + + it "throws an error warning about the Ruby version if it has no GCM support" do + # Force OpenSSL with AEAD support + OpenSSL::Cipher.stub(:ciphers).and_return([ aead_algorithm ]) + # Ruby with AEAD support + OpenSSL::Cipher.should_receive(:method_defined?).with(:auth_data=).and_return(false) + lambda { encryptor }.should raise_error(Chef::EncryptedDataBagItem::EncryptedDataBagRequirementsFailure, /requires Ruby/) + end + + it "throws an error warning about the OpenSSL version if it has no GCM support" do + # Force Ruby with AEAD support + OpenSSL::Cipher.stub(:method_defined?).with(:auth_data=).and_return(true) + # OpenSSL without AEAD support + OpenSSL::Cipher.should_receive(:ciphers).and_return([]) + lambda { encryptor }.should raise_error(Chef::EncryptedDataBagItem::EncryptedDataBagRequirementsFailure, /requires an OpenSSL/) + end - context "on platforms with old Ruby", - :if => RUBY_VERSION < "2" do + context "on platforms with old Ruby", :ruby_lt_20 do it "throws an error warning about the Ruby version" do lambda { encryptor }.should raise_error(Chef::EncryptedDataBagItem::EncryptedDataBagRequirementsFailure, /requires Ruby/) @@ -133,8 +148,7 @@ describe Chef::EncryptedDataBagItem::Encryptor do end # context on platforms with old Ruby - context "on platforms with old OpenSSL", - :if => OpenSSL::OPENSSL_VERSION_NUMBER < 10001000 do + context "on platforms with old OpenSSL", :openssl_lt_101 do it "throws an error warning about the OpenSSL version" do lambda { encryptor }.should raise_error(Chef::EncryptedDataBagItem::EncryptedDataBagRequirementsFailure, /requires an OpenSSL/) @@ -157,8 +171,7 @@ describe Chef::EncryptedDataBagItem::Decryptor do context "when decrypting a version 3 (JSON+aes-256-gcm+random iv+auth tag) encrypted value" do - context "on supported platforms", - :if => (RUBY_VERSION >= "2" and OpenSSL::OPENSSL_VERSION_NUMBER >= 10001000) do + context "on supported platforms", :ruby_gte_20_and_openssl_gte_101 do let(:encrypted_value) do Chef::EncryptedDataBagItem::Encryptor::Version3Encryptor.new(plaintext_data, encryption_key).for_encrypted_item @@ -196,8 +209,7 @@ describe Chef::EncryptedDataBagItem::Decryptor do } end - context "on platforms with old Ruby", - :if => RUBY_VERSION < "2" do + context "on platforms with old Ruby", :ruby_lt_20 do it "throws an error warning about the Ruby version" do lambda { decryptor }.should raise_error(Chef::EncryptedDataBagItem::EncryptedDataBagRequirementsFailure, /requires Ruby/) @@ -205,8 +217,7 @@ describe Chef::EncryptedDataBagItem::Decryptor do end # context on platforms with old Ruby - context "on platforms with old OpenSSL", - :if => OpenSSL::OPENSSL_VERSION_NUMBER < 10001000 do + context "on platforms with old OpenSSL", :openssl_lt_101 do it "throws an error warning about the OpenSSL version" do lambda { decryptor }.should raise_error(Chef::EncryptedDataBagItem::EncryptedDataBagRequirementsFailure, /requires an OpenSSL/) -- cgit v1.2.1 From e0575be762f17cad759aaa4cb1cb24e524304fa4 Mon Sep 17 00:00:00 2001 From: Xabier de Zuazo Date: Wed, 9 Jul 2014 17:59:13 +0200 Subject: [CHEF-5356-gcm] spec/unit/encrypted_data_bag_item_spec.rb: small typo fix, "Ruby with_out_ AEAD support" --- spec/unit/encrypted_data_bag_item_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'spec') diff --git a/spec/unit/encrypted_data_bag_item_spec.rb b/spec/unit/encrypted_data_bag_item_spec.rb index 84d7d19c7d..24ceb452ef 100644 --- a/spec/unit/encrypted_data_bag_item_spec.rb +++ b/spec/unit/encrypted_data_bag_item_spec.rb @@ -127,7 +127,7 @@ describe Chef::EncryptedDataBagItem::Encryptor do it "throws an error warning about the Ruby version if it has no GCM support" do # Force OpenSSL with AEAD support OpenSSL::Cipher.stub(:ciphers).and_return([ aead_algorithm ]) - # Ruby with AEAD support + # Ruby without AEAD support OpenSSL::Cipher.should_receive(:method_defined?).with(:auth_data=).and_return(false) lambda { encryptor }.should raise_error(Chef::EncryptedDataBagItem::EncryptedDataBagRequirementsFailure, /requires Ruby/) end -- cgit v1.2.1