From e7395a7d22eb55694f192403fbbfe7b7da2c177f Mon Sep 17 00:00:00 2001
From: Jun Aruga <jaruga@redhat.com>
Date: Tue, 8 Apr 2025 16:55:56 +0200
Subject: [PATCH] Fix the tests using SHA-1 Probabilistic Signature Scheme
 (PSS) parameters.

Fedora OpenSSL 3.5 on rawhide stopped accepting SHA-1 PSS[1] parameters.
This is different from the SHA-1 signatures which Fedora OpenSSL stopped
accepting since Fedora 41.[2]

This commit fixes the following test failures related to the SHA-1 PSS
parameters with Fedora OpenSSL 3.5.
Note these failures are the downstream Fedora OpenSSL RPM specific.

```
184) Error:
OpenSSL::TestPKeyRSA#test_sign_verify_options:
OpenSSL::PKey::PKeyError: EVP_PKEY_CTX_ctrl_str(ctx, "rsa_mgf1_md", "SHA1"): digest not allowed (digest=SHA1)
    /builddir/build/BUILD/ruby-3.4.2-build/ruby-3.4.2/test/openssl/test_pkey_rsa.rb:113:in 'Hash#each'
    /builddir/build/BUILD/ruby-3.4.2-build/ruby-3.4.2/test/openssl/test_pkey_rsa.rb:113:in 'OpenSSL::PKey::PKey#sign'
    /builddir/build/BUILD/ruby-3.4.2-build/ruby-3.4.2/test/openssl/test_pkey_rsa.rb:113:in 'OpenSSL::TestPKeyRSA#test_sign_verify_options'
185) Error:
OpenSSL::TestPKeyRSA#test_sign_verify_pss:
OpenSSL::PKey::RSAError: digest not allowed (digest=SHA1)
    /builddir/build/BUILD/ruby-3.4.2-build/ruby-3.4.2/test/openssl/test_pkey_rsa.rb:191:in 'OpenSSL::PKey::RSA#sign_pss'
    /builddir/build/BUILD/ruby-3.4.2-build/ruby-3.4.2/test/openssl/test_pkey_rsa.rb:191:in 'OpenSSL::TestPKeyRSA#test_sign_verify_pss'
Finished tests in 1152.595208s, 27.9812 tests/s, 5697.0278 assertions/s.
32251 tests, 6566367 assertions, 0 failures, 2 errors, 183 skips
```

According to a maintainer of the rpms/openssl, Dmitry Belyavskiy
<dbelyavs@redhat.com>, the following patch is disabling SHA-1 PSS parameters.
https://src.fedoraproject.org/rpms/openssl/blob/5f41d6a8f54cae29768a24ad72bf9daf521ce462/f/0018-RH-Allow-disabling-of-SHA1-signatures.patch

Resolves: rhbz#2358256
---
 ruby-3.4.2-openssl-Fix-SHA-1-PSS-tests.patch | 136 +++++++++++++++++++
 ruby.spec                                    |  10 +-
 2 files changed, 145 insertions(+), 1 deletion(-)
 create mode 100644 ruby-3.4.2-openssl-Fix-SHA-1-PSS-tests.patch

diff --git a/ruby-3.4.2-openssl-Fix-SHA-1-PSS-tests.patch b/ruby-3.4.2-openssl-Fix-SHA-1-PSS-tests.patch
new file mode 100644
index 0000000..5695824
--- /dev/null
+++ b/ruby-3.4.2-openssl-Fix-SHA-1-PSS-tests.patch
@@ -0,0 +1,136 @@
+From e0e771b76fbede656fe51c8bf18ce810f4afeee0 Mon Sep 17 00:00:00 2001
+From: Jun Aruga <jaruga@redhat.com>
+Date: Tue, 8 Apr 2025 15:03:06 +0200
+Subject: [PATCH] Fix the tests using SHA-1 Probabilistic Signature Scheme
+ (PSS) parameters.
+
+Fedora OpenSSL 3.5 on rawhide stopped accepting SHA-1 PSS[1] parameters.
+This is different from the SHA-1 signatures which Fedora OpenSSL stopped
+accepting since Fedora 41.[2]
+
+This commit fixes the following test failures related to the SHA-1 PSS
+parameters with Fedora OpenSSL 3.5.
+Note these failures are the downstream Fedora OpenSSL RPM specific. The tests
+pass without this commit with the upstream OpenSSL 3.5.
+
+```
+$ rpm -q openssl-libs openssl-devel
+openssl-libs-3.5.0-2.fc43.x86_64
+openssl-devel-3.5.0-2.fc43.x86_64
+
+$ bundle exec rake test
+...
+E
+===============================================================================================
+Error: test_sign_verify_options(OpenSSL::TestPKeyRSA): OpenSSL::PKey::PKeyError: EVP_PKEY_CTX_ctrl_str(ctx, "rsa_mgf1_md", "SHA1"): digest not allowed (digest=SHA1)
+/mnt/git/ruby/openssl/test/openssl/test_pkey_rsa.rb:113:in 'Hash#each'
+/mnt/git/ruby/openssl/test/openssl/test_pkey_rsa.rb:113:in 'OpenSSL::PKey::PKey#sign'
+/mnt/git/ruby/openssl/test/openssl/test_pkey_rsa.rb:113:in 'OpenSSL::TestPKeyRSA#test_sign_verify_options'
+     110:       "rsa_pss_saltlen" => 20,
+     111:       "rsa_mgf1_md" => "SHA1"
+     112:     }
+  => 113:     sig_pss = key.sign("SHA256", data, pssopts)
+     114:     assert_equal 256, sig_pss.bytesize
+     115:     assert_equal true, key.verify("SHA256", sig_pss, data, pssopts)
+     116:     assert_equal true, key.verify_pss("SHA256", sig_pss, data,
+===============================================================================================
+E
+===============================================================================================
+Error: test_sign_verify_pss(OpenSSL::TestPKeyRSA): OpenSSL::PKey::RSAError: digest not allowed (digest=SHA1)
+/mnt/git/ruby/openssl/test/openssl/test_pkey_rsa.rb:191:in 'OpenSSL::PKey::RSA#sign_pss'
+/mnt/git/ruby/openssl/test/openssl/test_pkey_rsa.rb:191:in 'OpenSSL::TestPKeyRSA#test_sign_verify_pss'
+     188:     data = "Sign me!"
+     189:     invalid_data = "Sign me?"
+     190:
+  => 191:     signature = key.sign_pss("SHA256", data, salt_length: 20, mgf1_hash: "SHA1")
+     192:     assert_equal 256, signature.bytesize
+     193:     assert_equal true,
+     194:       key.verify_pss("SHA256", signature, data, salt_length: 20, mgf1_hash: "SHA1")
+===============================================================================================
+...
+577 tests, 4186 assertions, 0 failures, 2 errors, 0 pendings, 3 omissions, 0 notifications
+```
+
+[1] https://en.wikipedia.org/wiki/Probabilistic_signature_scheme
+[2] https://fedoraproject.org/wiki/Changes/OpenSSLDistrustSHA1SigVer
+---
+ test/openssl/test_pkey_rsa.rb | 28 ++++++++++++++--------------
+ 1 file changed, 14 insertions(+), 14 deletions(-)
+
+diff --git a/test/openssl/test_pkey_rsa.rb b/test/openssl/test_pkey_rsa.rb
+index 360309b..850c16a 100644
+--- a/test/openssl/test_pkey_rsa.rb
++++ b/test/openssl/test_pkey_rsa.rb
+@@ -108,13 +108,13 @@ class OpenSSL::TestPKeyRSA < OpenSSL::PKeyTestCase
+     pssopts = {
+       "rsa_padding_mode" => "pss",
+       "rsa_pss_saltlen" => 20,
+-      "rsa_mgf1_md" => "SHA1"
++      "rsa_mgf1_md" => "SHA256"
+     }
+     sig_pss = key.sign("SHA256", data, pssopts)
+     assert_equal 256, sig_pss.bytesize
+     assert_equal true, key.verify("SHA256", sig_pss, data, pssopts)
+     assert_equal true, key.verify_pss("SHA256", sig_pss, data,
+-                                      salt_length: 20, mgf1_hash: "SHA1")
++                                      salt_length: 20, mgf1_hash: "SHA256")
+     # Defaults to PKCS #1 v1.5 padding => verification failure
+     assert_equal false, key.verify("SHA256", sig_pss, data)
+ 
+@@ -188,22 +188,22 @@ class OpenSSL::TestPKeyRSA < OpenSSL::PKeyTestCase
+     data = "Sign me!"
+     invalid_data = "Sign me?"
+ 
+-    signature = key.sign_pss("SHA256", data, salt_length: 20, mgf1_hash: "SHA1")
++    signature = key.sign_pss("SHA256", data, salt_length: 20, mgf1_hash: "SHA256")
+     assert_equal 256, signature.bytesize
+     assert_equal true,
+-      key.verify_pss("SHA256", signature, data, salt_length: 20, mgf1_hash: "SHA1")
++      key.verify_pss("SHA256", signature, data, salt_length: 20, mgf1_hash: "SHA256")
+     assert_equal true,
+-      key.verify_pss("SHA256", signature, data, salt_length: :auto, mgf1_hash: "SHA1")
++      key.verify_pss("SHA256", signature, data, salt_length: :auto, mgf1_hash: "SHA256")
+     assert_equal false,
+-      key.verify_pss("SHA256", signature, invalid_data, salt_length: 20, mgf1_hash: "SHA1")
++      key.verify_pss("SHA256", signature, invalid_data, salt_length: 20, mgf1_hash: "SHA256")
+ 
+-    signature = key.sign_pss("SHA256", data, salt_length: :digest, mgf1_hash: "SHA1")
++    signature = key.sign_pss("SHA256", data, salt_length: :digest, mgf1_hash: "SHA256")
+     assert_equal true,
+-      key.verify_pss("SHA256", signature, data, salt_length: 32, mgf1_hash: "SHA1")
++      key.verify_pss("SHA256", signature, data, salt_length: 32, mgf1_hash: "SHA256")
+     assert_equal true,
+-      key.verify_pss("SHA256", signature, data, salt_length: :auto, mgf1_hash: "SHA1")
++      key.verify_pss("SHA256", signature, data, salt_length: :auto, mgf1_hash: "SHA256")
+     assert_equal false,
+-      key.verify_pss("SHA256", signature, data, salt_length: 20, mgf1_hash: "SHA1")
++      key.verify_pss("SHA256", signature, data, salt_length: 20, mgf1_hash: "SHA256")
+ 
+     # The sign_pss with `salt_length: :max` raises the "invalid salt length"
+     # error in FIPS. We need to skip the tests in FIPS.
+@@ -213,18 +213,18 @@ class OpenSSL::TestPKeyRSA < OpenSSL::PKeyTestCase
+     # FIPS 186-5 section 5.4 PKCS #1
+     # https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf
+     unless OpenSSL.fips_mode
+-      signature = key.sign_pss("SHA256", data, salt_length: :max, mgf1_hash: "SHA1")
++      signature = key.sign_pss("SHA256", data, salt_length: :max, mgf1_hash: "SHA256")
+       # Should verify on the following salt_length (sLen).
+       # sLen <= emLen (octat) - 2 - hLen (octet) = 2048 / 8 - 2 - 256 / 8 = 222
+       # https://datatracker.ietf.org/doc/html/rfc8017#section-9.1.1
+       assert_equal true,
+-        key.verify_pss("SHA256", signature, data, salt_length: 222, mgf1_hash: "SHA1")
++        key.verify_pss("SHA256", signature, data, salt_length: 222, mgf1_hash: "SHA256")
+       assert_equal true,
+-        key.verify_pss("SHA256", signature, data, salt_length: :auto, mgf1_hash: "SHA1")
++        key.verify_pss("SHA256", signature, data, salt_length: :auto, mgf1_hash: "SHA256")
+     end
+ 
+     assert_raise(OpenSSL::PKey::RSAError) {
+-      key.sign_pss("SHA256", data, salt_length: 223, mgf1_hash: "SHA1")
++      key.sign_pss("SHA256", data, salt_length: 223, mgf1_hash: "SHA256")
+     }
+   end
+ 
+-- 
+2.48.1
+
diff --git a/ruby.spec b/ruby.spec
index a9d940b..dd338e0 100644
--- a/ruby.spec
+++ b/ruby.spec
@@ -177,7 +177,7 @@
 Summary: An interpreter of object-oriented scripting language
 Name: ruby
 Version: %{ruby_version}%{?development_release}
-Release: 23%{?dist}
+Release: 24%{?dist}
 # Licenses, which are likely not included in binary RPMs:
 # Apache-2.0:
 #   benchmark/gc/redblack.rb
@@ -278,6 +278,9 @@ Patch6: ruby-2.7.0-Initialize-ABRT-hook.patch
 # Disable syntax_suggest test suite, which tries to download its dependencies.
 # https://bugs.ruby-lang.org/issues/19297
 Patch9: ruby-3.3.0-Disable-syntax-suggest-test-case.patch
+# Fix the tests using SHA-1 Probabilistic Signature Scheme (PSS) parameters.
+# https://github.com/ruby/openssl/pull/879
+Patch10: ruby-3.4.2-openssl-Fix-SHA-1-PSS-tests.patch
 
 Requires: %{name}-libs%{?_isa} = %{version}-%{release}
 %{?with_rubypick:Suggests: rubypick}
@@ -770,6 +773,7 @@ analysis result in RBS format, a standard type description format for Ruby
 %patch 4 -p1
 %patch 6 -p1
 %patch 9 -p1
+%patch 10 -p1
 
 # Provide an example of usage of the tapset:
 cp -a %{SOURCE3} .
@@ -1875,6 +1879,10 @@ make -C %{_vpath_builddir} runruby TESTRUN_SCRIPT=" \
 
 
 %changelog
+* Tue Apr 08 2025 Jun Aruga <jaruga@redhat.com> - 3.4.2-24
+- Fix the tests using SHA-1 Probabilistic Signature Scheme (PSS) parameters.
+  Resolves: rhbz#2358256
+
 * Wed Feb 19 2025 Vít Ondruch <vondruch@redhat.com> - 3.4.2-23
 - Upgrade to Ruby 3.4.2.
   Resolves: rhbz#2345875