ruby-core@ruby-lang.org archive (unofficial mirror)
 help / color / mirror / Atom feed
* [ruby-core:120281] [Ruby master Feature#20960] Support building OpenSSL for Ruby with AWS-LC
@ 2024-12-17 20:16 sachiang (Samuel Chiang) via ruby-core
  2024-12-24 23:51 ` [ruby-core:120401] " alanwu (Alan Wu) via ruby-core
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: sachiang (Samuel Chiang) via ruby-core @ 2024-12-17 20:16 UTC (permalink / raw)
  To: ruby-core; +Cc: sachiang (Samuel Chiang)

Issue #20960 has been reported by sachiang (Samuel Chiang).

----------------------------------------
Feature #20960: Support building OpenSSL for Ruby with AWS-LC 
https://bugs.ruby-lang.org/issues/20960

* Author: sachiang (Samuel Chiang)
* Status: Open
----------------------------------------
Hello,

I’m an engineer at AWS working on [AWS-LC](https://github.com/aws/aws-lc), AWS’s open-source cryptographic library maintained for AWS and their customers. AWS-LC supports CPU-specific performance optimizations for AWS Graviton 2, [AWS Graviton 3](https://github.com/aws/aws-lc/commit/ae87faf735c0241a115542b1c1022d125564bf55), and [Intel x86-64 with AVX-512 instructions](https://github.com/aws/aws-lc/commit/e22cf5065761bec8882c66cea94a9320bc8c0334). We’ve formally verified [a subset of](https://github.com/awslabs/aws-lc-verification#verified-code) AWS-LC’s cryptographic primitives, and continue to invest in expanding this coverage. AWS-LC can be also built in FIPS mode to help consumers meet FIPS 140-3 compliance requirements. To give Ruby users a well-documented and supported way to take advantage of these investments, we would like to upstream build compatibility for AWS-LC into Ruby. We believe that this would provide the best experience for users wishing to build Ruby against AWS-LC. It would also allow users to circumvent maintaining and applying their own patch sets to build Ruby with AWS-LC. Earlier this year, we[engaged with the CPython maintainers](https://discuss.python.org/t/support-building-ssl-and-hashlib-modules-against-aws-lc/44505) to successfully address similar needs for our respective users.

We are working on patch sets to integrate Ruby‘s OpenSSL module with AWS-LC. AWS-LC is committed to backwards compatibility and we aim to keep our API stable. Our open source repository has CI jobs ([here](https://github.com/aws/aws-lc/tree/main/tests/ci/integration) and [here](https://github.com/aws/aws-lc/blob/main/.github/workflows/integrations.yml)) asserting every change’s compatibility with multiple different open-source projects. We’ve [recently added Ruby 3.1 and 3.2](https://github.com/aws/aws-lc/commit/57133c00c71f9a6790c7c9d9a63ab883a7e607cf) to this test suite and we’re in the midst of incorporating Ruby’s main branch and 3.3. These tests are used to catch compatibility regressions against every change before they’re merged and to resolve potential build issues beforehand when upstream projects make relevant changes. Relevant unit tests from the upstream projects’ are also ran to confirm that the underlying `libcrypto` & `libssl` behave as expected. By expanding our regular testing processes to include Ruby, we proactively prevent any unanticipated breaks in the Ruby/AWS-LC build.

The proposed integration supports all features of Ruby’s OpenSSL module, except for the use of DHE cipher suites in `libssl`. Excluding this, we have confirmed that all relevant unit tests for Ruby’s OpenSSL module perform as expected. If you folks agree that this integration would be beneficial for Ruby and its consumers, I’d be more than happy to put together a PR.




-- 
https://bugs.ruby-lang.org/
 ______________________________________________
 ruby-core mailing list -- ruby-core@ml.ruby-lang.org
 To unsubscribe send an email to ruby-core-leave@ml.ruby-lang.org
 ruby-core info -- https://ml.ruby-lang.org/mailman3/lists/ruby-core.ml.ruby-lang.org/

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [ruby-core:120401] [Ruby master Feature#20960] Support building OpenSSL for Ruby with AWS-LC
  2024-12-17 20:16 [ruby-core:120281] [Ruby master Feature#20960] Support building OpenSSL for Ruby with AWS-LC sachiang (Samuel Chiang) via ruby-core
@ 2024-12-24 23:51 ` alanwu (Alan Wu) via ruby-core
  2024-12-26 19:39 ` [ruby-core:120421] " sachiang (Samuel Chiang) via ruby-core
  2025-01-07  6:12 ` [ruby-core:120515] " hsbt (Hiroshi SHIBATA) via ruby-core
  2 siblings, 0 replies; 4+ messages in thread
From: alanwu (Alan Wu) via ruby-core @ 2024-12-24 23:51 UTC (permalink / raw)
  To: ruby-core; +Cc: alanwu (Alan Wu)

Issue #20960 has been updated by alanwu (Alan Wu).


Discussion for this should probably move to <https://github.com/ruby/openssl/issues>. Ruby  is downstream to the `openssl` gem.

----------------------------------------
Feature #20960: Support building OpenSSL for Ruby with AWS-LC 
https://bugs.ruby-lang.org/issues/20960#change-111181

* Author: sachiang (Samuel Chiang)
* Status: Open
----------------------------------------
Hello,

I’m an engineer at AWS working on [AWS-LC](https://github.com/aws/aws-lc), AWS’s open-source cryptographic library maintained for AWS and their customers. AWS-LC supports CPU-specific performance optimizations for AWS Graviton 2, [AWS Graviton 3](https://github.com/aws/aws-lc/commit/ae87faf735c0241a115542b1c1022d125564bf55), and [Intel x86-64 with AVX-512 instructions](https://github.com/aws/aws-lc/commit/e22cf5065761bec8882c66cea94a9320bc8c0334). We’ve formally verified [a subset of](https://github.com/awslabs/aws-lc-verification#verified-code) AWS-LC’s cryptographic primitives, and continue to invest in expanding this coverage. AWS-LC can be also built in [FIPS mode](https://aws.amazon.com/blogs/security/aws-lc-fips-3-0-first-cryptographic-library-to-include-ml-kem-in-fips-140-3-validation/) to help consumers meet FIPS 140-3 compliance requirements. To give Ruby users a well-documented and supported way to take advantage of these investments, we would like to upstream build compatibility for AWS-LC into Ruby. We believe that this would provide the best experience for users wishing to build Ruby against AWS-LC. It would also allow users to circumvent maintaining and applying their own patch sets to build Ruby with AWS-LC. Earlier this year, we[engaged with the CPython maintainers](https://discuss.python.org/t/support-building-ssl-and-hashlib-modules-against-aws-lc/44505) to successfully address similar needs for our respective users.

We are working on patch sets to integrate Ruby‘s OpenSSL module with AWS-LC. AWS-LC is committed to backwards compatibility and we aim to keep our API stable. Our open source repository has CI jobs ([here](https://github.com/aws/aws-lc/tree/main/tests/ci/integration) and [here](https://github.com/aws/aws-lc/blob/main/.github/workflows/integrations.yml)) asserting every change’s compatibility with multiple different open-source projects. We’ve [recently added Ruby 3.1 and 3.2](https://github.com/aws/aws-lc/commit/57133c00c71f9a6790c7c9d9a63ab883a7e607cf) to this test suite and we’re in the midst of incorporating Ruby’s main branch and 3.3. These tests are used to catch compatibility regressions against every change before they’re merged and to resolve potential build issues beforehand when upstream projects make relevant changes. Relevant unit tests from the upstream projects’ are also ran to confirm that the underlying `libcrypto` & `libssl` behave as expected. By expanding our regular testing processes to include Ruby, we proactively prevent any unanticipated breaks in the Ruby/AWS-LC build.

The proposed integration supports all features of Ruby’s OpenSSL module, except for the use of DHE cipher suites in `libssl`. Excluding this, we have confirmed that all relevant unit tests for Ruby’s OpenSSL module perform as expected. If you folks agree that this integration would be beneficial for Ruby and its consumers, I’d be more than happy to put together a PR.




-- 
https://bugs.ruby-lang.org/
 ______________________________________________
 ruby-core mailing list -- ruby-core@ml.ruby-lang.org
 To unsubscribe send an email to ruby-core-leave@ml.ruby-lang.org
 ruby-core info -- https://ml.ruby-lang.org/mailman3/lists/ruby-core.ml.ruby-lang.org/

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [ruby-core:120421] [Ruby master Feature#20960] Support building OpenSSL for Ruby with AWS-LC
  2024-12-17 20:16 [ruby-core:120281] [Ruby master Feature#20960] Support building OpenSSL for Ruby with AWS-LC sachiang (Samuel Chiang) via ruby-core
  2024-12-24 23:51 ` [ruby-core:120401] " alanwu (Alan Wu) via ruby-core
@ 2024-12-26 19:39 ` sachiang (Samuel Chiang) via ruby-core
  2025-01-07  6:12 ` [ruby-core:120515] " hsbt (Hiroshi SHIBATA) via ruby-core
  2 siblings, 0 replies; 4+ messages in thread
From: sachiang (Samuel Chiang) via ruby-core @ 2024-12-26 19:39 UTC (permalink / raw)
  To: ruby-core; +Cc: sachiang (Samuel Chiang)

Issue #20960 has been updated by sachiang (Samuel Chiang).


alanwu (Alan Wu) wrote in #note-2:
> Discussion for this should probably move to <https://github.com/ruby/openssl/issues>. Ruby  is downstream to the `openssl` gem.

Thanks for the tip! I'll move this conversation over there then.

----------------------------------------
Feature #20960: Support building OpenSSL for Ruby with AWS-LC 
https://bugs.ruby-lang.org/issues/20960#change-111201

* Author: sachiang (Samuel Chiang)
* Status: Open
----------------------------------------
Hello,

I’m an engineer at AWS working on [AWS-LC](https://github.com/aws/aws-lc), AWS’s open-source cryptographic library maintained for AWS and their customers. AWS-LC supports CPU-specific performance optimizations for AWS Graviton 2, [AWS Graviton 3](https://github.com/aws/aws-lc/commit/ae87faf735c0241a115542b1c1022d125564bf55), and [Intel x86-64 with AVX-512 instructions](https://github.com/aws/aws-lc/commit/e22cf5065761bec8882c66cea94a9320bc8c0334). We’ve formally verified [a subset of](https://github.com/awslabs/aws-lc-verification#verified-code) AWS-LC’s cryptographic primitives, and continue to invest in expanding this coverage. AWS-LC can be also built in [FIPS mode](https://aws.amazon.com/blogs/security/aws-lc-fips-3-0-first-cryptographic-library-to-include-ml-kem-in-fips-140-3-validation/) to help consumers meet FIPS 140-3 compliance requirements. To give Ruby users a well-documented and supported way to take advantage of these investments, we would like to upstream build compatibility for AWS-LC into Ruby. We believe that this would provide the best experience for users wishing to build Ruby against AWS-LC. It would also allow users to circumvent maintaining and applying their own patch sets to build Ruby with AWS-LC. Earlier this year, we[engaged with the CPython maintainers](https://discuss.python.org/t/support-building-ssl-and-hashlib-modules-against-aws-lc/44505) to successfully address similar needs for our respective users.

We are working on patch sets to integrate Ruby‘s OpenSSL module with AWS-LC. AWS-LC is committed to backwards compatibility and we aim to keep our API stable. Our open source repository has CI jobs ([here](https://github.com/aws/aws-lc/tree/main/tests/ci/integration) and [here](https://github.com/aws/aws-lc/blob/main/.github/workflows/integrations.yml)) asserting every change’s compatibility with multiple different open-source projects. We’ve [recently added Ruby 3.1 and 3.2](https://github.com/aws/aws-lc/commit/57133c00c71f9a6790c7c9d9a63ab883a7e607cf) to this test suite and we’re in the midst of incorporating Ruby’s main branch and 3.3. These tests are used to catch compatibility regressions against every change before they’re merged and to resolve potential build issues beforehand when upstream projects make relevant changes. Relevant unit tests from the upstream projects’ are also ran to confirm that the underlying `libcrypto` & `libssl` behave as expected. By expanding our regular testing processes to include Ruby, we proactively prevent any unanticipated breaks in the Ruby/AWS-LC build.

The proposed integration supports all features of Ruby’s OpenSSL module, except for the use of DHE cipher suites in `libssl`. Excluding this, we have confirmed that all relevant unit tests for Ruby’s OpenSSL module perform as expected. If you folks agree that this integration would be beneficial for Ruby and its consumers, I’d be more than happy to put together a PR.




-- 
https://bugs.ruby-lang.org/
 ______________________________________________
 ruby-core mailing list -- ruby-core@ml.ruby-lang.org
 To unsubscribe send an email to ruby-core-leave@ml.ruby-lang.org
 ruby-core info -- https://ml.ruby-lang.org/mailman3/lists/ruby-core.ml.ruby-lang.org/

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [ruby-core:120515] [Ruby master Feature#20960] Support building OpenSSL for Ruby with AWS-LC
  2024-12-17 20:16 [ruby-core:120281] [Ruby master Feature#20960] Support building OpenSSL for Ruby with AWS-LC sachiang (Samuel Chiang) via ruby-core
  2024-12-24 23:51 ` [ruby-core:120401] " alanwu (Alan Wu) via ruby-core
  2024-12-26 19:39 ` [ruby-core:120421] " sachiang (Samuel Chiang) via ruby-core
@ 2025-01-07  6:12 ` hsbt (Hiroshi SHIBATA) via ruby-core
  2 siblings, 0 replies; 4+ messages in thread
From: hsbt (Hiroshi SHIBATA) via ruby-core @ 2025-01-07  6:12 UTC (permalink / raw)
  To: ruby-core; +Cc: hsbt (Hiroshi SHIBATA)

Issue #20960 has been updated by hsbt (Hiroshi SHIBATA).

Status changed from Open to Third Party's Issue

We moved to discuss this on https://github.com/ruby/openssl/issues/833


----------------------------------------
Feature #20960: Support building OpenSSL for Ruby with AWS-LC 
https://bugs.ruby-lang.org/issues/20960#change-111309

* Author: sachiang (Samuel Chiang)
* Status: Third Party's Issue
----------------------------------------
Hello,

I’m an engineer at AWS working on [AWS-LC](https://github.com/aws/aws-lc), AWS’s open-source cryptographic library maintained for AWS and their customers. AWS-LC supports CPU-specific performance optimizations for AWS Graviton 2, [AWS Graviton 3](https://github.com/aws/aws-lc/commit/ae87faf735c0241a115542b1c1022d125564bf55), and [Intel x86-64 with AVX-512 instructions](https://github.com/aws/aws-lc/commit/e22cf5065761bec8882c66cea94a9320bc8c0334). We’ve formally verified [a subset of](https://github.com/awslabs/aws-lc-verification#verified-code) AWS-LC’s cryptographic primitives, and continue to invest in expanding this coverage. AWS-LC can be also built in [FIPS mode](https://aws.amazon.com/blogs/security/aws-lc-fips-3-0-first-cryptographic-library-to-include-ml-kem-in-fips-140-3-validation/) to help consumers meet FIPS 140-3 compliance requirements. To give Ruby users a well-documented and supported way to take advantage of these investments, we would like to upstream build compatibility for AWS-LC into Ruby. We believe that this would provide the best experience for users wishing to build Ruby against AWS-LC. It would also allow users to circumvent maintaining and applying their own patch sets to build Ruby with AWS-LC. Earlier this year, we[engaged with the CPython maintainers](https://discuss.python.org/t/support-building-ssl-and-hashlib-modules-against-aws-lc/44505) to successfully address similar needs for our respective users.

We are working on patch sets to integrate Ruby‘s OpenSSL module with AWS-LC. AWS-LC is committed to backwards compatibility and we aim to keep our API stable. Our open source repository has CI jobs ([here](https://github.com/aws/aws-lc/tree/main/tests/ci/integration) and [here](https://github.com/aws/aws-lc/blob/main/.github/workflows/integrations.yml)) asserting every change’s compatibility with multiple different open-source projects. We’ve [recently added Ruby 3.1 and 3.2](https://github.com/aws/aws-lc/commit/57133c00c71f9a6790c7c9d9a63ab883a7e607cf) to this test suite and we’re in the midst of incorporating Ruby’s main branch and 3.3. These tests are used to catch compatibility regressions against every change before they’re merged and to resolve potential build issues beforehand when upstream projects make relevant changes. Relevant unit tests from the upstream projects’ are also ran to confirm that the underlying `libcrypto` & `libssl` behave as expected. By expanding our regular testing processes to include Ruby, we proactively prevent any unanticipated breaks in the Ruby/AWS-LC build.

The proposed integration supports all features of Ruby’s OpenSSL module, except for the use of DHE cipher suites in `libssl`. Excluding this, we have confirmed that all relevant unit tests for Ruby’s OpenSSL module perform as expected. If you folks agree that this integration would be beneficial for Ruby and its consumers, I’d be more than happy to put together a PR.




-- 
https://bugs.ruby-lang.org/
 ______________________________________________
 ruby-core mailing list -- ruby-core@ml.ruby-lang.org
 To unsubscribe send an email to ruby-core-leave@ml.ruby-lang.org
 ruby-core info -- https://ml.ruby-lang.org/mailman3/lists/ruby-core.ml.ruby-lang.org/

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2025-01-07  6:12 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-12-17 20:16 [ruby-core:120281] [Ruby master Feature#20960] Support building OpenSSL for Ruby with AWS-LC sachiang (Samuel Chiang) via ruby-core
2024-12-24 23:51 ` [ruby-core:120401] " alanwu (Alan Wu) via ruby-core
2024-12-26 19:39 ` [ruby-core:120421] " sachiang (Samuel Chiang) via ruby-core
2025-01-07  6:12 ` [ruby-core:120515] " hsbt (Hiroshi SHIBATA) via ruby-core

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).