From 7517bd339323c180e62ab8b7b58b4f26c20d4982 Mon Sep 17 00:00:00 2001 From: Jun Aruga Date: Tue, 25 Feb 2025 16:27:53 +0100 Subject: [PATCH 1/3] CI: Exclude aws-lc-latest not to use cache. Because aws-lc-latest is a rolling release. If the cache is enabled, CI just downloads and compiles only at once, then will never do again. --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index d33f94141..1d45e2074 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -93,7 +93,7 @@ jobs: with: path: ~/openssl key: openssl-${{ runner.os }}-${{ matrix.openssl }}-${{ matrix.append-configure || 'default' }} - if: matrix.openssl != 'openssl-master' && matrix.openssl != 'libressl-master' + if: matrix.openssl != 'openssl-master' && matrix.openssl != 'libressl-master' && matrix.openssl != 'aws-lc-latest' - name: Compile OpenSSL library if: steps.cache-openssl.outputs.cache-hit != 'true' From e6758ab4b8a618417b2e8183d6bb55d5049442fd Mon Sep 17 00:00:00 2001 From: Jun Aruga Date: Tue, 25 Feb 2025 17:33:34 +0100 Subject: [PATCH 2/3] CI: AWS-LC: Specify the library directory lib. Added the `-DCMAKE_INSTALL_LIBDIR=lib` option to specify the library directory explicitly. While the CI AWS-LC case creates the "lib" directory without the option, I observed the `lib64` directory was created on my local environment. So, this change is useful to provide information to create a local environment. --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 1d45e2074..1efd7d604 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -127,7 +127,7 @@ jobs: git clone https://github.com/aws/aws-lc.git . AWS_LC_RELEASE=$(git tag --sort=-creatordate --list "v*" | head -1) git checkout $AWS_LC_RELEASE - cmake -DCMAKE_INSTALL_PREFIX=$HOME/openssl + cmake -DCMAKE_INSTALL_PREFIX=$HOME/openssl -DCMAKE_INSTALL_LIBDIR=lib make -j4 && make install ;; *) From 446ff3e11fe83541318ade70baf1a949950839ba Mon Sep 17 00:00:00 2001 From: Jun Aruga Date: Mon, 3 Mar 2025 14:28:12 +0100 Subject: [PATCH 3/3] test_pkey_dh.rb: Merge 2 test_new_break tests to one test. Merge 2 test_new_break tests to one test because it's easy to maintain the test. --- test/openssl/test_pkey_dh.rb | 27 +++++++++++---------------- 1 file changed, 11 insertions(+), 16 deletions(-) diff --git a/test/openssl/test_pkey_dh.rb b/test/openssl/test_pkey_dh.rb index fdb1b0442..cf56032cb 100644 --- a/test/openssl/test_pkey_dh.rb +++ b/test/openssl/test_pkey_dh.rb @@ -18,25 +18,20 @@ def test_new_generate assert_key(dh) end if ENV["OSSL_TEST_ALL"] - def test_new_break_on_non_fips - omit_on_fips if !aws_lc? - - assert_nil(OpenSSL::PKey::DH.new(NEW_KEYLEN) { break }) - assert_raise(RuntimeError) do - OpenSSL::PKey::DH.new(NEW_KEYLEN) { raise } + def test_new_break + unless openssl? && OpenSSL.fips_mode + assert_nil(OpenSSL::PKey::DH.new(NEW_KEYLEN) { break }) + assert_raise(RuntimeError) do + OpenSSL::PKey::DH.new(NEW_KEYLEN) { raise } + end + else + # The block argument is not executed in FIPS case. + # See https://github.com/ruby/openssl/issues/692 for details. + assert(OpenSSL::PKey::DH.new(NEW_KEYLEN) { break }) + assert(OpenSSL::PKey::DH.new(NEW_KEYLEN) { raise }) end end - def test_new_break_on_fips - omit_on_non_fips - return unless openssl? # This behavior only applies to OpenSSL. - - # The block argument is not executed in FIPS case. - # See https://github.com/ruby/openssl/issues/692 for details. - assert(OpenSSL::PKey::DH.new(NEW_KEYLEN) { break }) - assert(OpenSSL::PKey::DH.new(NEW_KEYLEN) { raise }) - end - def test_derive_key params = Fixtures.pkey("dh2048_ffdhe2048") dh1 = OpenSSL::PKey.generate_key(params)