Blame SOURCES/0001-Give-warning-on-not-supported-hash-for-RSA-keys.patch

960205
From 48546ffc0a3f3eb15bfd439a19fc9722eaea592f Mon Sep 17 00:00:00 2001
960205
From: Florian Festi <ffesti@redhat.com>
960205
Date: Tue, 28 Jun 2022 12:50:54 +0200
960205
Subject: [PATCH] Give warning on not supported hash for RSA keys
960205
960205
This can happen when old keys are used on systems that have disabled SHA1
960205
e.g. for FIPS requirements.
960205
960205
This is less than ideal but there is currently no way to pass a meaningful
960205
error code up to rpmtsImportPubkey. rpmPubkeyNew just returns a valid key
960205
or NULL.
960205
960205
See rhbz#2069877
960205
---
960205
 rpmio/digest_openssl.c | 2 ++
960205
 1 file changed, 2 insertions(+)
960205
960205
diff --git a/rpmio/digest_openssl.c b/rpmio/digest_openssl.c
960205
index a28a13acc..2ec5140f1 100644
960205
--- a/rpmio/digest_openssl.c
960205
+++ b/rpmio/digest_openssl.c
960205
@@ -4,6 +4,7 @@
960205
 #include <openssl/rsa.h>
960205
 #include <openssl/dsa.h>
960205
 #include <rpm/rpmpgp.h>
960205
+#include <rpm/rpmlog.h>
960205
 
960205
 #include "rpmio/digest.h"
960205
 
960205
@@ -483,6 +484,7 @@ static int pgpVerifySigRSA(pgpDigAlg pgpkey, pgpDigAlg pgpsig,
960205
 
960205
     ret = EVP_PKEY_CTX_set_signature_md(pkey_ctx, getEVPMD(hash_algo));
960205
     if (ret < 0) {
960205
+	rpmlog(RPMLOG_WARNING, "Signature not supported. Hash algorithm %s not available.\n", pgpValString(PGPVAL_HASHALGO, hash_algo));
960205
         rc = 1;
960205
         goto done;
960205
     }
960205
-- 
960205
2.36.1
960205