You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
40 lines
1.2 KiB
40 lines
1.2 KiB
From 48546ffc0a3f3eb15bfd439a19fc9722eaea592f Mon Sep 17 00:00:00 2001 |
|
From: Florian Festi <ffesti@redhat.com> |
|
Date: Tue, 28 Jun 2022 12:50:54 +0200 |
|
Subject: [PATCH] Give warning on not supported hash for RSA keys |
|
|
|
This can happen when old keys are used on systems that have disabled SHA1 |
|
e.g. for FIPS requirements. |
|
|
|
This is less than ideal but there is currently no way to pass a meaningful |
|
error code up to rpmtsImportPubkey. rpmPubkeyNew just returns a valid key |
|
or NULL. |
|
|
|
See rhbz#2069877 |
|
--- |
|
rpmio/digest_openssl.c | 2 ++ |
|
1 file changed, 2 insertions(+) |
|
|
|
diff --git a/rpmio/digest_openssl.c b/rpmio/digest_openssl.c |
|
index a28a13acc..2ec5140f1 100644 |
|
--- a/rpmio/digest_openssl.c |
|
+++ b/rpmio/digest_openssl.c |
|
@@ -4,6 +4,7 @@ |
|
#include <openssl/rsa.h> |
|
#include <openssl/dsa.h> |
|
#include <rpm/rpmpgp.h> |
|
+#include <rpm/rpmlog.h> |
|
|
|
#include "rpmio/digest.h" |
|
|
|
@@ -483,6 +484,7 @@ static int pgpVerifySigRSA(pgpDigAlg pgpkey, pgpDigAlg pgpsig, |
|
|
|
ret = EVP_PKEY_CTX_set_signature_md(pkey_ctx, getEVPMD(hash_algo)); |
|
if (ret < 0) { |
|
+ rpmlog(RPMLOG_WARNING, "Signature not supported. Hash algorithm %s not available.\n", pgpValString(PGPVAL_HASHALGO, hash_algo)); |
|
rc = 1; |
|
goto done; |
|
} |
|
-- |
|
2.36.1 |
|
|
|
|