Merge pull request #863 from junaruga/wip/fix-aws-lc-test

rhenium · web-flow · commit 97911e641fbd · 2025-03-04T00:27:49.000+09:00
Improve AWS-LC tests
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -93,7 +93,7 @@ jobs:
         with:
           path: ~/openssl
           key: openssl-${{ runner.os }}-${{ matrix.openssl }}-${{ matrix.append-configure || 'default' }}
-        if: matrix.openssl != 'openssl-master' && matrix.openssl != 'libressl-master'
+        if: matrix.openssl != 'openssl-master' && matrix.openssl != 'libressl-master' && matrix.openssl != 'aws-lc-latest'
 
       - name: Compile OpenSSL library
         if: steps.cache-openssl.outputs.cache-hit != 'true'
@@ -127,7 +127,7 @@ jobs:
             git clone https://github.com/aws/aws-lc.git .
             AWS_LC_RELEASE=$(git tag --sort=-creatordate --list "v*"  | head -1)
             git checkout $AWS_LC_RELEASE
-            cmake -DCMAKE_INSTALL_PREFIX=$HOME/openssl
+            cmake -DCMAKE_INSTALL_PREFIX=$HOME/openssl -DCMAKE_INSTALL_LIBDIR=lib
             make -j4 && make install
             ;;
           *)
diff --git a/test/openssl/test_pkey_dh.rb b/test/openssl/test_pkey_dh.rb
@@ -18,25 +18,20 @@ def test_new_generate
     assert_key(dh)
   end if ENV["OSSL_TEST_ALL"]
 
-  def test_new_break_on_non_fips
-    omit_on_fips if !aws_lc?
-
-    assert_nil(OpenSSL::PKey::DH.new(NEW_KEYLEN) { break })
-    assert_raise(RuntimeError) do
-      OpenSSL::PKey::DH.new(NEW_KEYLEN) { raise }
+  def test_new_break
+    unless openssl? && OpenSSL.fips_mode
+      assert_nil(OpenSSL::PKey::DH.new(NEW_KEYLEN) { break })
+      assert_raise(RuntimeError) do
+        OpenSSL::PKey::DH.new(NEW_KEYLEN) { raise }
+      end
+    else
+      # The block argument is not executed in FIPS case.
+      # See https://github.com/ruby/openssl/issues/692 for details.
+      assert(OpenSSL::PKey::DH.new(NEW_KEYLEN) { break })
+      assert(OpenSSL::PKey::DH.new(NEW_KEYLEN) { raise })
     end
   end
 
-  def test_new_break_on_fips
-    omit_on_non_fips
-    return unless openssl? # This behavior only applies to OpenSSL.
-
-    # The block argument is not executed in FIPS case.
-    # See https://github.com/ruby/openssl/issues/692 for details.
-    assert(OpenSSL::PKey::DH.new(NEW_KEYLEN) { break })
-    assert(OpenSSL::PKey::DH.new(NEW_KEYLEN) { raise })
-  end
-
   def test_derive_key
     params = Fixtures.pkey("dh2048_ffdhe2048")
     dh1 = OpenSSL::PKey.generate_key(params)
