From c78bfa3f7ab2551df2e65770a15fb983c84adf55 Mon Sep 17 00:00:00 2001 From: Jun Aruga Date: Mon, 17 Apr 2023 19:05:48 +0200 Subject: [PATCH] CI: Add the test/openssl/test_pkey.rb on the FIPS mode case. It's to test the `OpenSSL::PKey.read` in the `test/openssl/test_pkey.rb`. I added the pending status to the following tests that fails on the FIPS mode case. * `test_ed25519` * `test_x25519` * `test_compare?` --- .github/workflows/test.yml | 4 +++- test/openssl/test_pkey.rb | 7 +++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index becf99029..f60f99bea 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -149,5 +149,7 @@ jobs: # Run only the passing tests on the FIPS mode as a temporary workaround. # TODO Fix other tests, and run all the tests on FIPS mode. - name: test on fips mode - run: ruby -Ilib test/openssl/test_fips.rb + run: | + ruby -I./lib -ropenssl \ + -e 'Dir.glob "./test/openssl/{test_fips.rb,test_pkey.rb}", &method(:require)' if: matrix.fips_enabled diff --git a/test/openssl/test_pkey.rb b/test/openssl/test_pkey.rb index 2b99e8f37..2cd5290f4 100644 --- a/test/openssl/test_pkey.rb +++ b/test/openssl/test_pkey.rb @@ -82,6 +82,9 @@ def test_hmac_sign_verify end def test_ed25519 + # https://github.com/openssl/openssl/issues/20758 + pend('Not supported on FIPS mode enabled') if OpenSSL.fips_mode + # Test vector from RFC 8032 Section 7.1 TEST 2 priv_pem = <<~EOF -----BEGIN PRIVATE KEY----- @@ -127,6 +130,8 @@ def test_ed25519 end def test_x25519 + pend('Not supported on FIPS mode enabled') if OpenSSL.fips_mode + # Test vector from RFC 7748 Section 6.1 alice_pem = <<~EOF -----BEGIN PRIVATE KEY----- @@ -153,6 +158,8 @@ def test_x25519 end def test_compare? + pend('Not supported on FIPS mode enabled') if OpenSSL.fips_mode + key1 = Fixtures.pkey("rsa1024") key2 = Fixtures.pkey("rsa1024") key3 = Fixtures.pkey("rsa2048")