From 4049f0bbd953551b618d048a82ef8d1594299e10 Mon Sep 17 00:00:00 2001 From: samuel40791765 Date: Mon, 9 Dec 2024 21:00:40 +0000 Subject: [PATCH] Add PKCS7 logic to patch --- .github/workflows/integrations.yml | 2 +- .../ruby_3_1/aws-lc-ruby-temp.patch | 101 ++++++++++-------- .../ruby_3_2/aws-lc-ruby-temp.patch | 101 ++++++++++-------- 3 files changed, 115 insertions(+), 89 deletions(-) diff --git a/.github/workflows/integrations.yml b/.github/workflows/integrations.yml index ea56b36763..b9f62d6976 100644 --- a/.github/workflows/integrations.yml +++ b/.github/workflows/integrations.yml @@ -264,7 +264,7 @@ jobs: - name: Install OS Dependencies run: | sudo apt-get update - sudo apt-get -y --no-install-recommends install cmake gcc ninja-build golang make autoconf ruby + sudo apt-get -y --no-install-recommends install cmake gcc ninja-build golang make autoconf ruby libyaml-dev - uses: actions/checkout@v3 - name: Build AWS-LC, build ruby, run tests run: | diff --git a/tests/ci/integration/ruby_patch/ruby_3_1/aws-lc-ruby-temp.patch b/tests/ci/integration/ruby_patch/ruby_3_1/aws-lc-ruby-temp.patch index 439d969aa5..63de2bf270 100644 --- a/tests/ci/integration/ruby_patch/ruby_3_1/aws-lc-ruby-temp.patch +++ b/tests/ci/integration/ruby_patch/ruby_3_1/aws-lc-ruby-temp.patch @@ -47,50 +47,6 @@ index fb947df..969aa25 100644 obj = NewPKCS12(cPKCS12); x509s = NIL_P(ca) ? NULL : ossl_x509_ary2sk(ca); p12 = PKCS12_create(passphrase, friendlyname, key, x509, x509s, -diff --git a/ext/openssl/ossl_pkcs7.c b/ext/openssl/ossl_pkcs7.c -index dbe5347..2dd771d 100644 ---- a/ext/openssl/ossl_pkcs7.c -+++ b/ext/openssl/ossl_pkcs7.c -@@ -8,6 +8,7 @@ - * (See the file 'LICENCE'.) - */ - #include "ossl.h" -+#if !defined(OPENSSL_IS_AWSLC) - - #define NewPKCS7si(klass) \ - TypedData_Wrap_Struct((klass), &ossl_pkcs7_signer_info_type, 0) -@@ -1079,3 +1080,10 @@ Init_ossl_pkcs7(void) - DefPKCS7Const(NOATTR); - DefPKCS7Const(NOSMIMECAP); - } -+ -+#else -+void -+Init_ossl_pkcs7(void) -+{ -+} -+#endif -\ No newline at end of file -diff --git a/ext/openssl/ossl_pkcs7.h b/ext/openssl/ossl_pkcs7.h -index 3e1b094..f85efcc 100644 ---- a/ext/openssl/ossl_pkcs7.h -+++ b/ext/openssl/ossl_pkcs7.h -@@ -8,6 +8,7 @@ - * (See the file 'LICENCE'.) - */ - #if !defined(_OSSL_PKCS7_H_) -+#if !defined(OPENSSL_IS_AWSLC) - #define _OSSL_PKCS7_H_ - - #define NewPKCS7(klass) \ -@@ -30,6 +31,7 @@ extern VALUE cPKCS7; - extern VALUE cPKCS7Signer; - extern VALUE cPKCS7Recipient; - extern VALUE ePKCS7Error; -+#endif - - void Init_ossl_pkcs7(void); - diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c index 06d59c2..74f41db 100644 --- a/ext/openssl/ossl_pkey_ec.c @@ -245,6 +201,63 @@ index ec67674..be21f47 100644 2048 ) +diff --git a/test/openssl/test_pkcs7.rb b/test/openssl/test_pkcs7.rb +index ba8b93d..7a23104 100644 +--- a/test/openssl/test_pkcs7.rb ++++ b/test/openssl/test_pkcs7.rb +@@ -191,6 +191,8 @@ def test_set_type_encrypted + end + + def test_smime ++ pend "AWS-LC has no current support for SMIME with PKCS7" if aws_lc? ++ + store = OpenSSL::X509::Store.new + store.add_cert(@ca_cert) + ca_certs = [@ca_cert] +@@ -315,12 +317,42 @@ def test_split_content + AwlEke0Uze1367QKgxM0nc3SZDlptY7zPIJC5saWXb8Rt2bw2JxEBOTavrp+ZwJ8 + tcH961onq8Tme2ICaCzk + -----END PKCS7----- ++END ++ # NOTE: below PEM differs very slightly from upstream ruby ++ # in that it encodes the inner EncryptedContent in ++ # definite-length DER OCTET_STRING whereas upstream (i.e. ++ # OpenSSL) encodes EncryptedContent as indefinite-length ++ # BER OCTET_STRING. The discrepancy is due to AWS-LC's lack ++ # of support for indefinite OCTET_STRINGS. ++ pki_message_content_pem_awslc = <