From 48546ffc0a3f3eb15bfd439a19fc9722eaea592f Mon Sep 17 00:00:00 2001 From: Florian Festi Date: Tue, 28 Jun 2022 12:50:54 +0200 Subject: [PATCH] Give warning on not supported hash for RSA keys This can happen when old keys are used on systems that have disabled SHA1 e.g. for FIPS requirements. This is less than ideal but there is currently no way to pass a meaningful error code up to rpmtsImportPubkey. rpmPubkeyNew just returns a valid key or NULL. See rhbz#2069877 --- rpmio/digest_openssl.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/rpmio/digest_openssl.c b/rpmio/digest_openssl.c index a28a13acc..2ec5140f1 100644 --- a/rpmio/digest_openssl.c +++ b/rpmio/digest_openssl.c @@ -4,6 +4,7 @@ #include #include #include +#include #include "rpmio/digest.h" @@ -483,6 +484,7 @@ static int pgpVerifySigRSA(pgpDigAlg pgpkey, pgpDigAlg pgpsig, ret = EVP_PKEY_CTX_set_signature_md(pkey_ctx, getEVPMD(hash_algo)); if (ret < 0) { + rpmlog(RPMLOG_WARNING, "Signature not supported. Hash algorithm %s not available.\n", pgpValString(PGPVAL_HASHALGO, hash_algo)); rc = 1; goto done; } -- 2.36.1