rpms/ruby - ruby - AlmaLinux OS Foundation Git Server

rpms/ruby

Author SHA1 Message Date

Author	SHA1	Message	Date
Jun Aruga	fd43690d47	Fix the tests using SHA-1 Probabilistic Signature Scheme (PSS) parameters. This commit was cherry-picked from Fedora rawhide branch commit <`e7395a7d22`>. Fedora OpenSSL 3.5 on rawhide stopped accepting SHA-1 PSS[1] parameters. This is different from the SHA-1 signatures which Fedora OpenSSL stopped accepting since Fedora 41.[2] This commit fixes the following test failures related to the SHA-1 PSS parameters with Fedora OpenSSL 3.5. Note these failures are the downstream Fedora OpenSSL RPM specific. ``` 184) Error: OpenSSL::TestPKeyRSA#test_sign_verify_options: OpenSSL::PKey::PKeyError: EVP_PKEY_CTX_ctrl_str(ctx, "rsa_mgf1_md", "SHA1"): digest not allowed (digest=SHA1) /builddir/build/BUILD/ruby-3.4.2-build/ruby-3.4.2/test/openssl/test_pkey_rsa.rb:113:in 'Hash#each' /builddir/build/BUILD/ruby-3.4.2-build/ruby-3.4.2/test/openssl/test_pkey_rsa.rb:113:in 'OpenSSL::PKey::PKey#sign' /builddir/build/BUILD/ruby-3.4.2-build/ruby-3.4.2/test/openssl/test_pkey_rsa.rb:113:in 'OpenSSL::TestPKeyRSA#test_sign_verify_options' 185) Error: OpenSSL::TestPKeyRSA#test_sign_verify_pss: OpenSSL::PKey::RSAError: digest not allowed (digest=SHA1) /builddir/build/BUILD/ruby-3.4.2-build/ruby-3.4.2/test/openssl/test_pkey_rsa.rb:191:in 'OpenSSL::PKey::RSA#sign_pss' /builddir/build/BUILD/ruby-3.4.2-build/ruby-3.4.2/test/openssl/test_pkey_rsa.rb:191:in 'OpenSSL::TestPKeyRSA#test_sign_verify_pss' Finished tests in 1152.595208s, 27.9812 tests/s, 5697.0278 assertions/s. 32251 tests, 6566367 assertions, 0 failures, 2 errors, 183 skips ``` According to a maintainer of the rpms/openssl, Dmitry Belyavskiy <dbelyavs@redhat.com>, the following patch is disabling SHA-1 PSS parameters. `5f41d6a8f5/f/0018-RH-Allow-disabling-of-SHA1-signatures.patch` Related: RHEL-87342	2025-04-30 16:47:41 +02:00

Jun Aruga

fd43690d47

Fix the tests using SHA-1 Probabilistic Signature Scheme (PSS) parameters.

This commit was cherry-picked from Fedora rawhide branch commit
<e7395a7d22>.

Fedora OpenSSL 3.5 on rawhide stopped accepting SHA-1 PSS[1] parameters.
This is different from the SHA-1 signatures which Fedora OpenSSL stopped
accepting since Fedora 41.[2]

This commit fixes the following test failures related to the SHA-1 PSS
parameters with Fedora OpenSSL 3.5.
Note these failures are the downstream Fedora OpenSSL RPM specific.

```
184) Error:
OpenSSL::TestPKeyRSA#test_sign_verify_options:
OpenSSL::PKey::PKeyError: EVP_PKEY_CTX_ctrl_str(ctx, "rsa_mgf1_md", "SHA1"): digest not allowed (digest=SHA1)
    /builddir/build/BUILD/ruby-3.4.2-build/ruby-3.4.2/test/openssl/test_pkey_rsa.rb:113:in 'Hash#each'
    /builddir/build/BUILD/ruby-3.4.2-build/ruby-3.4.2/test/openssl/test_pkey_rsa.rb:113:in 'OpenSSL::PKey::PKey#sign'
    /builddir/build/BUILD/ruby-3.4.2-build/ruby-3.4.2/test/openssl/test_pkey_rsa.rb:113:in 'OpenSSL::TestPKeyRSA#test_sign_verify_options'
185) Error:
OpenSSL::TestPKeyRSA#test_sign_verify_pss:
OpenSSL::PKey::RSAError: digest not allowed (digest=SHA1)
    /builddir/build/BUILD/ruby-3.4.2-build/ruby-3.4.2/test/openssl/test_pkey_rsa.rb:191:in 'OpenSSL::PKey::RSA#sign_pss'
    /builddir/build/BUILD/ruby-3.4.2-build/ruby-3.4.2/test/openssl/test_pkey_rsa.rb:191:in 'OpenSSL::TestPKeyRSA#test_sign_verify_pss'
Finished tests in 1152.595208s, 27.9812 tests/s, 5697.0278 assertions/s.
32251 tests, 6566367 assertions, 0 failures, 2 errors, 183 skips
```

According to a maintainer of the rpms/openssl, Dmitry Belyavskiy
<dbelyavs@redhat.com>, the following patch is disabling SHA-1 PSS parameters.
5f41d6a8f5/f/0018-RH-Allow-disabling-of-SHA1-signatures.patch

Related: RHEL-87342

2025-04-30 16:47:41 +02:00

1 Commits