[pull] master from ruby:master #279
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…from OSSL_DECODER" This reverts commit ruby/openssl@5347880c6eb0 and ruby/openssl@985ba27d6339. These commits attempted to stop processing after the first relevant PEM block, whether it is successful or not, when the input contains multiple keys. It turned out that it cannot be reliably determined using the OSSL_DECODER API. There is an edge case where OSSL_DECODER_from_bio() reports "unsupported" even though the input actually contains an error: https://redirect.github.com/ruby/openssl/pull/931#discussion_r2347813807 Revert the changes for now and keep the existing behavior, as partial support does not seem worth the added complexity. ruby/openssl@319cd4952a
…y.md" This reverts commit fbc7e93. Failures with "GCC 8" and "clang 12". ``` /github/workspace/src/tool/lib/vcs.rb:57:in `system': Command failed with status (pid 7385 exit 128): ["git", "config", "--global", "--add", "safe.directory", "/github/workspace/src"] (RuntimeError) ```
The hash lookup is done by 8-character hash. ruby/openssl@fedb57255c
failures (ruby/openssl#939) * Add AuthTagError exception for AEAD authentication failures - Add OpenSSL::Cipher::AuthTagError as a subclass of CipherError - Raise AuthTagError specifically for AEAD cipher authentication tag verification failures - Enhanced error messages: 'AEAD authentication tag verification failed' for auth failures - Precise detection: Only EVP_CipherFinal_ex failures in AEAD ciphers raise AuthTagError - All other errors (key setup, IV setup, update failures, etc.) still raise CipherError - Comprehensive test coverage for GCM/CCM modes and error inheritance - Fully backwards compatible: AuthTagError < CipherError ruby/openssl@9663b09040
test_post_connect_check_with_anon_ciphers: test_tmp_dh_callback: test_tmp_dh: DH missing the q value on unknown named parameters (ciphers) is not FIPS-approved, according to the FIPS-186-4 APPENDIX B: Key Pair Generation - B.1.1 Key Pair Generation Using Extra Random Bits, the inputs p, q, and g are required. However, TLS doesn't send q. https://csrc.nist.gov/pubs/fips/186-4/final OpenSSL has a special workaround to recover the missing "q" value for known named parameters, which is the reason why other tests that use the default parameters in `lib/openssl/ssl.rb` are working. Note that the test_post_connect_check_with_anon_ciphers test got the following error on `OpenSSL.debug = true` in FIPS. ``` /home/jaruga/var/git/ruby/openssl/lib/openssl/ssl.rb:551: warning: error on stack: error:0A0C0103:SSL routines:tls_construct_server_key_exchange:internal error ``` test_get_ephemeral_key: kRSA (PKCS1-v1_5 padding) is not allowed in FIPS according to the NIST SP 800-131A Rev. 2 - 6 Key Agreement and Key Transport Using RSA - Table 5: Approval Status for the RSA-based Key Agreement and Key Transport Schemes - PKCS1-v1_5 padding - Disallowed after 2023 https://csrc.nist.gov/pubs/sp/800/131/a/r2/final Note that the test_get_ephemeral_key test got the following error on `OpenSSL.debug = true` in FIPS. ``` test/openssl/test_ssl.rb:2326: warning: error on stack: error:1C8000A8:Provider routines:rsa_encrypt:invalid padding mode ``` ruby/openssl@ac3559e51e
Setting v1, v2, v3 when we allocate an object assumes that we always allocate 40 byte objects. By removing v1, v2, v3, we can make the base slot size another size.
Print a concatenated string instead of `print`ing multiple strings, since `$\` is set to `"\n"` because of `-l` command line option.
`Dir.[]` returns list of strings, `map(&:to_s)` does nothing.
It crashes frequently on CI but I am not able to reproduce locally: https://ci.rvm.jp/results/trunk-random1@ruby-sp2-noble-docker/5954509 https://ci.rvm.jp/results/trunk-random0@ruby-sp2-noble-docker/5954501
and also `1 and foo = bar baz` This is a partial fix for ruby/prism#3106 It still accepts `a = b c and 1` ruby/prism@7a13d3535b
We sometimes see silent crashes on CI such as <https://github.com/ruby/ruby/actions/runs/17661854762/job/50196469793>. The default of dumping to stderr could be interacting poorly with the parallel workers, so let's use RUBY_CRASH_REPORT to hopefully get more information.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
9 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )