From: e@...
Date: 2015-02-23T16:52:27+00:00
Subject: [ruby-core:68266] [Ruby trunk - Bug #10229] [Feedback] RFC 5649 implementation in OpenSSL breaks Ruby.

Issue #10229 has been updated by Zachary Scott.

Status changed from Closed to Feedback
Assignee changed from Nobuyoshi Nakada to openssl

Hello Vit, Thank you for confirming!

Have these commits been backported?

----------------------------------------
Bug #10229: RFC 5649 implementation in OpenSSL breaks Ruby.
https://bugs.ruby-lang.org/issues/10229#change-51621

* Author: Vit Ondruch
* Status: Feedback
* Priority: Normal
* Assignee: openssl
* ruby -v: ruby 2.2.0dev (2014-09-11 trunk 47525) [x86_64-linux]
* Backport: 2.0.0: REQUIRED, 2.1: REQUIRED
----------------------------------------
Recently updated OpenSSL in Fedora 21+ [1] introduces support for RFC 5649 [2, 3]. However, this breaks Ruby's test suite:

~~~
  4) Error:
OpenSSL::TestCipher#test_ciphers:
OpenSSL::Cipher::CipherError: wrap mode not allowed
    /builddir/build/BUILD/ruby-2.2.0-r47525/test/openssl/test_cipher.rb:107:in `initialize'
    /builddir/build/BUILD/ruby-2.2.0-r47525/test/openssl/test_cipher.rb:107:in `new'
    /builddir/build/BUILD/ruby-2.2.0-r47525/test/openssl/test_cipher.rb:107:in `block in test_ciphers'
    /builddir/build/BUILD/ruby-2.2.0-r47525/test/openssl/test_cipher.rb:105:in `each'
    /builddir/build/BUILD/ruby-2.2.0-r47525/test/openssl/test_cipher.rb:105:in `test_ciphers'
~~~

I've been suggested by OpenSSL maintainer, that I should ignore the wrap ciphers, so I am going to use this patch for the moment:

~~~
diff --git a/test/openssl/test_cipher.rb b/test/openssl/test_cipher.rb
index 156fa2a..3eaf642 100644
--- a/test/openssl/test_cipher.rb
+++ b/test/openssl/test_cipher.rb
@@ -104,6 +104,7 @@ class OpenSSL::TestCipher < Test::Unit::TestCase
     def test_ciphers
       OpenSSL::Cipher.ciphers.each{|name|
         next if /netbsd/ =~ RUBY_PLATFORM && /idea|rc5/i =~ name
+        next if /wrap/ =~ name
         assert(OpenSSL::Cipher::Cipher.new(name).is_a?(OpenSSL::Cipher::Cipher))
       }
     end
~~~

but I'd like see this resolved correctly.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1121658
[2] http://tools.ietf.org/html/rfc5649
[3] https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c6f338657758d5f83c25912bed94ab4fd5058168




-- 
https://bugs.ruby-lang.org/