Bug #10229
closedRFC 5649 implementation in OpenSSL breaks Ruby.
Description
Recently updated OpenSSL in Fedora 21+ [1] introduces support for RFC 5649 [2, 3]. However, this breaks Ruby's test suite:
4) Error:
OpenSSL::TestCipher#test_ciphers:
OpenSSL::Cipher::CipherError: wrap mode not allowed
/builddir/build/BUILD/ruby-2.2.0-r47525/test/openssl/test_cipher.rb:107:in `initialize'
/builddir/build/BUILD/ruby-2.2.0-r47525/test/openssl/test_cipher.rb:107:in `new'
/builddir/build/BUILD/ruby-2.2.0-r47525/test/openssl/test_cipher.rb:107:in `block in test_ciphers'
/builddir/build/BUILD/ruby-2.2.0-r47525/test/openssl/test_cipher.rb:105:in `each'
/builddir/build/BUILD/ruby-2.2.0-r47525/test/openssl/test_cipher.rb:105:in `test_ciphers'
I've been suggested by OpenSSL maintainer, that I should ignore the wrap ciphers, so I am going to use this patch for the moment:
diff --git a/test/openssl/test_cipher.rb b/test/openssl/test_cipher.rb
index 156fa2a..3eaf642 100644
--- a/test/openssl/test_cipher.rb
+++ b/test/openssl/test_cipher.rb
@@ -104,6 +104,7 @@ class OpenSSL::TestCipher < Test::Unit::TestCase
def test_ciphers
OpenSSL::Cipher.ciphers.each{|name|
next if /netbsd/ =~ RUBY_PLATFORM && /idea|rc5/i =~ name
+ next if /wrap/ =~ name
assert(OpenSSL::Cipher::Cipher.new(name).is_a?(OpenSSL::Cipher::Cipher))
}
end
but I'd like see this resolved correctly.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1121658
[2] http://tools.ietf.org/html/rfc5649
[3] https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c6f338657758d5f83c25912bed94ab4fd5058168
Updated by vo.x (Vit Ondruch) over 9 years ago
Let me quote Fedora's OpenSSL maintainer on this issue:
>t8m< "Ruby should not expect that blindly trying any cipher it enumerates would work." Some cipher modes might require special parameters or flags.
Updated by vo.x (Vit Ondruch) over 9 years ago
- Backport changed from 2.0.0: UNKNOWN, 2.1: UNKNOWN to 2.0.0: REQUIRED, 2.1: REQUIRED
Hi Martin, any change you can take a look into this?
Updated by vo.x (Vit Ondruch) about 9 years ago
- Status changed from Open to Closed
- Assignee changed from MartinBosslet (Martin Bosslet) to nobu (Nobuyoshi Nakada)
This seems to be resolved by r49525, r49575 and r49579
Updated by zzak (zzak _) about 9 years ago
- Status changed from Closed to Feedback
- Assignee changed from nobu (Nobuyoshi Nakada) to 7150
Hello Vit, Thank you for confirming!
Have these commits been backported?
Updated by vo.x (Vit Ondruch) about 9 years ago
- Backport changed from 2.0.0: REQUIRED, 2.1: REQUIRED to 2.0.0: DONE, 2.1: DONE, 2.2: DONE
Zachary Scott wrote:
Have these commits been backported?
Yes they were. Thanks for asking.
Updated by vo.x (Vit Ondruch) about 9 years ago
- Has duplicate Bug #10839: OpenSSL 1.0.2 does not allow wrap mode (fixed by r49525) added
Updated by vo.x (Vit Ondruch) about 9 years ago
- Status changed from Feedback to Closed