gh-135401: Test AWS-LC as a cryptography library in CI #135402
Conversation
This reverts commit 7d37e6a.
AA-Turner
changed the title
Misc/NEWS.d/next/Tests/2025-06-11-16-52-49.gh-issue-135401.ccMXmL.rst
Outdated
Show resolved
Hide resolved
| @@ -1,12 +1,12 @@ | |||
| #!./python | |||
| """Run Python tests against multiple installations of OpenSSL and LibreSSL | |||
| """Run Python tests against multiple installations of crypto libraries | |||
There was a problem hiding this comment.
| """Run Python tests against multiple installations of crypto libraries | |
| """Run Python tests against multiple installations of cryptographic libraries. | |
| Currently tested are: | |
| * OpenSSL | |
| * LibreSSL | |
| * AWS-LC |
There was a problem hiding this comment.
I agree that "crypto" is unfortunate shorthand. Not to get too deep in the semantic weeds, but I wonder if "cryptography" might be more appropriate than "cryptographic". The former noun-based nomenclature is more idiomatic when referring to libraries ("compression library", "serialization library", etc.) while the latter's adjective seems a bit off.
I don't have a strong preference, what do you think @AA-Turner?
by the way, thank you for the quick review :)
| @@ -70,7 +74,7 @@ | |||
| parser = argparse.ArgumentParser( | |||
| prog='multissl', | |||
| description=( | |||
| "Run CPython tests with multiple OpenSSL and LibreSSL " | |||
| "Run CPython tests with multiple crypto libraries" | |||
There was a problem hiding this comment.
| "Run CPython tests with multiple crypto libraries" | |
| "Run CPython tests with multiple cryptographic libraries" |
.github/workflows/build.yml
Outdated
| with: | ||
| path: ./multissl/aws-lc/${{ matrix.awslc_ver }} | ||
| key: ${{ matrix.os }}-multissl-aws-lc-${{ matrix.awslc_ver }} | ||
| # TODO [childw] can we use env.* instead of env vars here? |
There was a problem hiding this comment.
I'd suggest for the initial version, keep as similar to the OpenSSL job/workflow, and then perhaps update both at once afterwards?
There was a problem hiding this comment.
Fair enough. I'll remove the TODOs. Perhaps we can leave this comment unresolved as a reminder for me to clean up both (if tenable) if/after this PR has been merged.
Co-authored-by: Adam Turner <9087854+AA-Turner@users.noreply.github.com>
Co-authored-by: Adam Turner <9087854+AA-Turner@users.noreply.github.com>
…XmL.rst Co-authored-by: Adam Turner <9087854+AA-Turner@users.noreply.github.com>
WillChilds-Klein
changed the title
Notes
Currently in draft status to test the new workflow. Building AWS-LC, linking the interpreter to it dynamically, and running the
ssltests all appear to work fine. I'm still working on remaining issues intest_hmac.TODO
NID_blake2b512from./configure'shashlibfeature probe may be controversial, so we need to make sure this is adequately discussed. I believe that this is safe to do because CPython now guards BLAKE2 usages based on whether or not the underlying cryptography library supports it.test_hmacfailures