Skip to content

Commit e0e771b

Browse files
junarugajunaruga
committed
Fix the tests using SHA-1 Probabilistic Signature Scheme (PSS) parameters.
Fedora OpenSSL 3.5 on rawhide stopped accepting SHA-1 PSS[1] parameters. This is different from the SHA-1 signatures which Fedora OpenSSL stopped accepting since Fedora 41.[2] This commit fixes the following test failures related to the SHA-1 PSS parameters with Fedora OpenSSL 3.5. Note these failures are the downstream Fedora OpenSSL RPM specific. The tests pass without this commit with the upstream OpenSSL 3.5. ``` $ rpm -q openssl-libs openssl-devel openssl-libs-3.5.0-2.fc43.x86_64 openssl-devel-3.5.0-2.fc43.x86_64 $ bundle exec rake test ... E =============================================================================================== Error: test_sign_verify_options(OpenSSL::TestPKeyRSA): OpenSSL::PKey::PKeyError: EVP_PKEY_CTX_ctrl_str(ctx, "rsa_mgf1_md", "SHA1"): digest not allowed (digest=SHA1) /mnt/git/ruby/openssl/test/openssl/test_pkey_rsa.rb:113:in 'Hash#each' /mnt/git/ruby/openssl/test/openssl/test_pkey_rsa.rb:113:in 'OpenSSL::PKey::PKey#sign' /mnt/git/ruby/openssl/test/openssl/test_pkey_rsa.rb:113:in 'OpenSSL::TestPKeyRSA#test_sign_verify_options' 110: "rsa_pss_saltlen" => 20, 111: "rsa_mgf1_md" => "SHA1" 112: } => 113: sig_pss = key.sign("SHA256", data, pssopts) 114: assert_equal 256, sig_pss.bytesize 115: assert_equal true, key.verify("SHA256", sig_pss, data, pssopts) 116: assert_equal true, key.verify_pss("SHA256", sig_pss, data, =============================================================================================== E =============================================================================================== Error: test_sign_verify_pss(OpenSSL::TestPKeyRSA): OpenSSL::PKey::RSAError: digest not allowed (digest=SHA1) /mnt/git/ruby/openssl/test/openssl/test_pkey_rsa.rb:191:in 'OpenSSL::PKey::RSA#sign_pss' /mnt/git/ruby/openssl/test/openssl/test_pkey_rsa.rb:191:in 'OpenSSL::TestPKeyRSA#test_sign_verify_pss' 188: data = "Sign me!" 189: invalid_data = "Sign me?" 190: => 191: signature = key.sign_pss("SHA256", data, salt_length: 20, mgf1_hash: "SHA1") 192: assert_equal 256, signature.bytesize 193: assert_equal true, 194: key.verify_pss("SHA256", signature, data, salt_length: 20, mgf1_hash: "SHA1") =============================================================================================== ... 577 tests, 4186 assertions, 0 failures, 2 errors, 0 pendings, 3 omissions, 0 notifications ``` [1] https://en.wikipedia.org/wiki/Probabilistic_signature_scheme [2] https://fedoraproject.org/wiki/Changes/OpenSSLDistrustSHA1SigVer
1 parent 13a69dd commit e0e771b

File tree

1 file changed

+14
-14
lines changed

1 file changed

+14
-14
lines changed

test/openssl/test_pkey_rsa.rb

Lines changed: 14 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -108,13 +108,13 @@ def test_sign_verify_options
108108
pssopts = {
109109
"rsa_padding_mode" => "pss",
110110
"rsa_pss_saltlen" => 20,
111-
"rsa_mgf1_md" => "SHA1"
111+
"rsa_mgf1_md" => "SHA256"
112112
}
113113
sig_pss = key.sign("SHA256", data, pssopts)
114114
assert_equal 256, sig_pss.bytesize
115115
assert_equal true, key.verify("SHA256", sig_pss, data, pssopts)
116116
assert_equal true, key.verify_pss("SHA256", sig_pss, data,
117-
salt_length: 20, mgf1_hash: "SHA1")
117+
salt_length: 20, mgf1_hash: "SHA256")
118118
# Defaults to PKCS #1 v1.5 padding => verification failure
119119
assert_equal false, key.verify("SHA256", sig_pss, data)
120120

@@ -188,22 +188,22 @@ def test_sign_verify_pss
188188
data = "Sign me!"
189189
invalid_data = "Sign me?"
190190

191-
signature = key.sign_pss("SHA256", data, salt_length: 20, mgf1_hash: "SHA1")
191+
signature = key.sign_pss("SHA256", data, salt_length: 20, mgf1_hash: "SHA256")
192192
assert_equal 256, signature.bytesize
193193
assert_equal true,
194-
key.verify_pss("SHA256", signature, data, salt_length: 20, mgf1_hash: "SHA1")
194+
key.verify_pss("SHA256", signature, data, salt_length: 20, mgf1_hash: "SHA256")
195195
assert_equal true,
196-
key.verify_pss("SHA256", signature, data, salt_length: :auto, mgf1_hash: "SHA1")
196+
key.verify_pss("SHA256", signature, data, salt_length: :auto, mgf1_hash: "SHA256")
197197
assert_equal false,
198-
key.verify_pss("SHA256", signature, invalid_data, salt_length: 20, mgf1_hash: "SHA1")
198+
key.verify_pss("SHA256", signature, invalid_data, salt_length: 20, mgf1_hash: "SHA256")
199199

200-
signature = key.sign_pss("SHA256", data, salt_length: :digest, mgf1_hash: "SHA1")
200+
signature = key.sign_pss("SHA256", data, salt_length: :digest, mgf1_hash: "SHA256")
201201
assert_equal true,
202-
key.verify_pss("SHA256", signature, data, salt_length: 32, mgf1_hash: "SHA1")
202+
key.verify_pss("SHA256", signature, data, salt_length: 32, mgf1_hash: "SHA256")
203203
assert_equal true,
204-
key.verify_pss("SHA256", signature, data, salt_length: :auto, mgf1_hash: "SHA1")
204+
key.verify_pss("SHA256", signature, data, salt_length: :auto, mgf1_hash: "SHA256")
205205
assert_equal false,
206-
key.verify_pss("SHA256", signature, data, salt_length: 20, mgf1_hash: "SHA1")
206+
key.verify_pss("SHA256", signature, data, salt_length: 20, mgf1_hash: "SHA256")
207207

208208
# The sign_pss with `salt_length: :max` raises the "invalid salt length"
209209
# error in FIPS. We need to skip the tests in FIPS.
@@ -213,18 +213,18 @@ def test_sign_verify_pss
213213
# FIPS 186-5 section 5.4 PKCS #1
214214
# https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf
215215
unless OpenSSL.fips_mode
216-
signature = key.sign_pss("SHA256", data, salt_length: :max, mgf1_hash: "SHA1")
216+
signature = key.sign_pss("SHA256", data, salt_length: :max, mgf1_hash: "SHA256")
217217
# Should verify on the following salt_length (sLen).
218218
# sLen <= emLen (octat) - 2 - hLen (octet) = 2048 / 8 - 2 - 256 / 8 = 222
219219
# https://datatracker.ietf.org/doc/html/rfc8017#section-9.1.1
220220
assert_equal true,
221-
key.verify_pss("SHA256", signature, data, salt_length: 222, mgf1_hash: "SHA1")
221+
key.verify_pss("SHA256", signature, data, salt_length: 222, mgf1_hash: "SHA256")
222222
assert_equal true,
223-
key.verify_pss("SHA256", signature, data, salt_length: :auto, mgf1_hash: "SHA1")
223+
key.verify_pss("SHA256", signature, data, salt_length: :auto, mgf1_hash: "SHA256")
224224
end
225225

226226
assert_raise(OpenSSL::PKey::RSAError) {
227-
key.sign_pss("SHA256", data, salt_length: 223, mgf1_hash: "SHA1")
227+
key.sign_pss("SHA256", data, salt_length: 223, mgf1_hash: "SHA256")
228228
}
229229
end
230230

0 commit comments

Comments
 (0)