CI: Add the test/openssl/test_pkey.rb on the FIPS mode case.

It's to test the `OpenSSL::PKey.read` in the `test/openssl/test_pkey.rb`. I added the pending status to the following tests failing on the FIPS mode case in the `test/openssl/test_pkey.rb`. * `test_ed25519` * `test_x25519` * `test_compare?`
ruby · Jun 1, 2023 · 8149cdf · 8149cdf
1 parent ab92baf
commit 8149cdf
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 1 deletion.
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -149,5 +149,7 @@ jobs:
       # Run only the passing tests on the FIPS mode as a temporary workaround.
       # TODO Fix other tests, and run all the tests on FIPS mode.
       - name: test on fips mode
-        run:  ruby -Ilib test/openssl/test_fips.rb
+        run:  |
+          ruby -I./lib -ropenssl \
+            -e 'Dir.glob "./test/openssl/{test_fips.rb,test_pkey.rb}", &method(:require)'
         if: matrix.fips_enabled
diff --git a/test/openssl/test_pkey.rb b/test/openssl/test_pkey.rb
@@ -82,6 +82,9 @@ def test_hmac_sign_verify
   end
 
   def test_ed25519
+    # https://github.com/openssl/openssl/issues/20758
+    pend('Not supported on FIPS mode enabled') if OpenSSL.fips_mode
+
     # Test vector from RFC 8032 Section 7.1 TEST 2
     priv_pem = <<~EOF
     -----BEGIN PRIVATE KEY-----
@@ -127,6 +130,8 @@ def test_ed25519
   end
 
   def test_x25519
+    pend('Not supported on FIPS mode enabled') if OpenSSL.fips_mode
+
     # Test vector from RFC 7748 Section 6.1
     alice_pem = <<~EOF
     -----BEGIN PRIVATE KEY-----
@@ -153,6 +158,8 @@ def test_x25519
   end
 
   def test_compare?
+    pend('Not supported on FIPS mode enabled') if OpenSSL.fips_mode
+
     key1 = Fixtures.pkey("rsa1024")
     key2 = Fixtures.pkey("rsa1024")
     key3 = Fixtures.pkey("rsa2048")