Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add integration patches/CI for Ruby main and 3.3 #2071

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add integration patches/CI for Ruby main and 3.3 #2071

wants to merge 1 commit into from
+1,381 −39

Conversation

samuel40791765
Copy link
Contributor

Issues:

Resolves CryptoAlg-2784

Description of changes:

Ruby 3.3 is relatively the same as 3.2 with just one more test failure due to conflicting error messages.
Ruby's master branch has added much more however.

  1. More tests revolving internal session caching on the SSL client. We don't support these tests and I've adjusted accordingly.
  2. We don't support the ancient MSIE extensions that this PKCS12 commit introduces: ruby/ruby@63e9eaa I don't think there's an actual ask for us to support this, so I've ifdefed out the symbols and skipped the test when building with AWS-LC.
  3. The PKCS8 RSA private key in test/openssl/pkey_rsa.rb generated by certtool isn't parsable by us. I've pinned down the reason to a missing NULL field in the ASN1 contents. I've cut an issue to gnutls, more details can be found there.
    I've replaced the file that Ruby's been using for the time being and replaced the original generation to use OpenSSL instead. OpenSSL's PKCS8 files adhere to the RFC.

Call-outs:

N/A

Testing:

New CI

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

@samuel40791765 samuel40791765 requested a review from a team as a code owner December 20, 2024 01:38
@codecov-commenter
Copy link

codecov-commenter commented Dec 20, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 78.96%. Comparing base (29be983) to head (3ee9bb3).

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #2071      +/-   ##
==========================================
+ Coverage   78.95%   78.96%   +0.01%     
==========================================
  Files         610      610              
  Lines      105293   105294       +1     
  Branches    14911    14920       +9     
==========================================
+ Hits        83129    83143      +14     
+ Misses      21511    21500      -11     
+ Partials      653      651       -2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@samuel40791765 samuel40791765 force-pushed the ruby-integration-main branch 2 times, most recently from e146fd0 to 584efab Compare December 21, 2024 00:23
@WillChilds-Klein
Copy link
Contributor

WillChilds-Klein commented Dec 30, 2024
edited
Loading

Per a recent test run, it looks like we need to implement PKCS12_set_mac as of last week:

  ./test/runner.rb: OpenSSL::TestPKCS12#test_set_mac_pkcs12kdf: symbol lookup error: /home/runner/work/aws-lc/aws-lc/RUBY_BUILD_ROOT/ruby-src/master/.ext/x86_64-linux/openssl.so: undefined symbol: PKCS12_set_mac
  make: *** [uncommon.mk:963: yes-test-all] Error 127

Even when under review, these integration tests help us respond to upstream changes :)

@WillChilds-Klein
Copy link
Contributor

I've replaced the file that Ruby's been using for the time being and replaced the original generation to use OpenSSL instead.

Are we planning to submit a PR upstream to Ruby?

@samuel40791765
Copy link
Contributor Author

Ahh I'll put up a PR to add support for PKCS12_set_mac. Thanks for the call out!

Are we planning to submit a PR upstream to Ruby?

Yeah I've submitted a PR upstream and cut an issue to GnuTLS as well. ruby/openssl#830

@samuel40791765 samuel40791765 mentioned this pull request Jan 18, 2025
Open
@samuel40791765 samuel40791765 mentioned this pull request Jan 22, 2025
Merged
samuel40791765 added a commit that referenced this pull request Jan 22, 2025
@samuel40791765
Minor symbols to work with Ruby's mainline (#2132)
29be983 
Ruby's made a couple larger refactors to require versions later than
OpenSSL 1.1.1.

These changes require us to make a few tweaks to the patch in
#2071 and have exposed a couple minor
symbols that we don't support. Adding support for the ones that aren't
complicated in this commit.

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license and the ISC license.
@samuel40791765 samuel40791765 force-pushed the ruby-integration-main branch 2 times, most recently from c8eda30 to 01e7f25 Compare January 23, 2025 20:31
manastasova pushed a commit to manastasova/aws-lc that referenced this pull request Jan 30, 2025
@samuel40791765 @manastasova
Minor symbols to work with Ruby's mainline (aws#2132)
a66a1a5 
Ruby's made a couple larger refactors to require versions later than
OpenSSL 1.1.1.

These changes require us to make a few tweaks to the patch in
aws#2071 and have exposed a couple minor
symbols that we don't support. Adding support for the ones that aren't
complicated in this commit.

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license and the ISC license.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@samuel40791765 @codecov-commenter @WillChilds-Klein