Ruby Issue Tracking System

05/15/2025

04:40 PM Ruby Revision 0b9644c2 (git): [ruby/openssl] AWS-LC has support for parsing ber constructed strings now

https://github.com/ruby/openssl/commit/cdfc08db50 sachiang (Samuel Chiang)

03/30/2025

01:46 PM Ruby Revision 6b5aa432 (git): [ruby/openssl] Skip PKCS7 with indefinite length test in AWS-LC

AWS-LC had been decoding the indefinite BER to an unusable output. We
should skip the test until indefinite BER decoding in AWS-LC is
properly fixed.
Changes:
1. AWS-LC will be looking to fix the parsing for indefinite BER
constructed s... sachiang (Samuel Chiang)

02/22/2025

03:11 PM Ruby Revision 4ec0e9e2 (git): [ruby/openssl] pkey/ec: AWS-LC disallows serialization of explicit curves

https://github.com/ruby/openssl/commit/65c5a772ea sachiang (Samuel Chiang)

03:11 PM Ruby Revision 7a15ba48 (git): [ruby/openssl] ssl: account for slight behavioral differences in AWS-LC

There are a few SSL discrepencies in AWS-LC when compared to OpenSSL.
1. AWS-LC has slightly different error messages (in all-caps).
2. AWS-LC has no support for DHE ciphersuites.
3. There are no concepts of SSL security levels within A... sachiang (Samuel Chiang)

03:11 PM Ruby Revision fd882fb6 (git): [ruby/openssl] test_ssl_session.rb: test adjustments to work with AWS-LC

The SSL SESSION files we were originally testing against use DHE and
SSLv3. AWS-LC happens to have no support for either and we have newer
possible alternatives available, so I've updated the respective
files to use ECDHE-RSA-AES256-SHA ... sachiang (Samuel Chiang)

03:11 PM Ruby Revision 841d9f25 (git): [ruby/openssl] pkey: EVP_DigestVerify doesn't return -1 in AWS-LC

EVP_DigestVerify in OpenSSL returns 0 to indicate a signature
verification failure and can return -1 to indicate other
failures, such as invalid ASN1 contents. ruby/openssl also
reflects that by returning false with 0 and raising an err... sachiang (Samuel Chiang)

03:11 PM Ruby Revision 23465d84 (git): [ruby/openssl] pkey/dh: tweak break tests for AWS-LC

We reecently tweaked some break tests in test_pkey_dh.rb due to
different behavior with OpenSSL in FIPS mode.
AWS-LC does not inherit the same specific behavior, so tests
have been adjusted accordingly.
https://github.com/ruby/openssl/c... sachiang (Samuel Chiang)

03:11 PM Ruby Revision b995eee8 (git): [ruby/openssl] asn1: adjusting an ASN1 test to use CONTEXT_SPECIFIC

AWS-LC's ASN1 parsing capabilities led to us examine some of our
ASN1 tests. One test in test_asn1.rb happens to use a tag number
of 8224. There are concerns with larger UNIVERSAL tags being
ambiguous with negative ASN1 Integers, so I've... sachiang (Samuel Chiang)

03:11 PM Ruby Revision 6263d0d1 (git): [ruby/openssl] test_pkcs7.rb: skip AWS-LC's unsupported features

1. AWS-LC has no support for SMIME with PKCS7. That may change in the
near future, so I've marked that with "pend" for now.
2. AWS-LC doesn't support printing of PKCS7 contents with
PKCS7_print_ctx.
3. OpenSSL traditionally used in... sachiang (Samuel Chiang)

03:11 PM Ruby Revision f63a1236 (git): [ruby/openssl] pkey: AWS-LC disallows parsing of invalid keys and params

OpenSSL allows invalid EC keys or DH params to be parsed. The consuming
application can then run parameter/key checks to check the validity of
the parameters. We happen to run tests to verify that this behaves as
expected.
AWS-LC on the ... sachiang (Samuel Chiang)