From: v.ondruch@...
Date: 2015-02-23T15:35:05+00:00
Subject: [ruby-core:68262] [Ruby trunk - Bug #10229] [Closed] RFC 5649 implementation in OpenSSL breaks Ruby.

Issue #10229 has been updated by Vit Ondruch.

Status changed from Open to Closed
Assignee changed from Martin Bosslet to Nobuyoshi Nakada

This seems to be resolved by r49525, r49575 and r49579

----------------------------------------
Bug #10229: RFC 5649 implementation in OpenSSL breaks Ruby.
https://bugs.ruby-lang.org/issues/10229#change-51616

* Author: Vit Ondruch
* Status: Closed
* Priority: Normal
* Assignee: Nobuyoshi Nakada
* ruby -v: ruby 2.2.0dev (2014-09-11 trunk 47525) [x86_64-linux]
* Backport: 2.0.0: REQUIRED, 2.1: REQUIRED
----------------------------------------
Recently updated OpenSSL in Fedora 21+ [1] introduces support for RFC 5649 [2, 3]. However, this breaks Ruby's test suite:

~~~
  4) Error:
OpenSSL::TestCipher#test_ciphers:
OpenSSL::Cipher::CipherError: wrap mode not allowed
    /builddir/build/BUILD/ruby-2.2.0-r47525/test/openssl/test_cipher.rb:107:in `initialize'
    /builddir/build/BUILD/ruby-2.2.0-r47525/test/openssl/test_cipher.rb:107:in `new'
    /builddir/build/BUILD/ruby-2.2.0-r47525/test/openssl/test_cipher.rb:107:in `block in test_ciphers'
    /builddir/build/BUILD/ruby-2.2.0-r47525/test/openssl/test_cipher.rb:105:in `each'
    /builddir/build/BUILD/ruby-2.2.0-r47525/test/openssl/test_cipher.rb:105:in `test_ciphers'
~~~

I've been suggested by OpenSSL maintainer, that I should ignore the wrap ciphers, so I am going to use this patch for the moment:

~~~
diff --git a/test/openssl/test_cipher.rb b/test/openssl/test_cipher.rb
index 156fa2a..3eaf642 100644
--- a/test/openssl/test_cipher.rb
+++ b/test/openssl/test_cipher.rb
@@ -104,6 +104,7 @@ class OpenSSL::TestCipher < Test::Unit::TestCase
     def test_ciphers
       OpenSSL::Cipher.ciphers.each{|name|
         next if /netbsd/ =~ RUBY_PLATFORM && /idea|rc5/i =~ name
+        next if /wrap/ =~ name
         assert(OpenSSL::Cipher::Cipher.new(name).is_a?(OpenSSL::Cipher::Cipher))
       }
     end
~~~

but I'd like see this resolved correctly.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1121658
[2] http://tools.ietf.org/html/rfc5649
[3] https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c6f338657758d5f83c25912bed94ab4fd5058168




-- 
https://bugs.ruby-lang.org/