From e57336cf6e58591c4ee1cdf3ccb183f3095da292 Mon Sep 17 00:00:00 2001 From: Derek Parker Date: Thu, 20 Feb 2025 11:24:11 -0800 Subject: [PATCH] Add expected failure assertion in pkcs unpadded signature test OpenSSL has been updated in RHEL9 and is now returning an error while executing this test. The error is expected, so assert we get the expected error back. --- patches/013-fix-pkcs-test.patch | 37 +++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 patches/013-fix-pkcs-test.patch diff --git a/patches/013-fix-pkcs-test.patch b/patches/013-fix-pkcs-test.patch new file mode 100644 index 0000000000..4336893fc9 --- /dev/null +++ b/patches/013-fix-pkcs-test.patch @@ -0,0 +1,37 @@ +diff --git a/src/crypto/rsa/pkcs1v15_test.go b/src/crypto/rsa/pkcs1v15_test.go +index c164ec5706..42b479aa50 100644 +--- a/src/crypto/rsa/pkcs1v15_test.go ++++ b/src/crypto/rsa/pkcs1v15_test.go +@@ -16,6 +16,7 @@ import ( + "encoding/hex" + "io" + "math/big" ++ "strings" + "testing" + "testing/quick" + ) +@@ -268,6 +269,12 @@ func TestUnpaddedSignature(t *testing.T) { + + sig, err := SignPKCS1v15(nil, boringRsaPrivateKey, crypto.Hash(0), msg) + if err != nil { ++ if boring.Enabled() { ++ if !strings.Contains(err.Error(), "operation not supported for this keytype") { ++ t.Fatal("unexpected error message in FIPS mode:", err) ++ } ++ t.Skip("skipping test in FIPS mode with expected error:", err) ++ } + t.Fatalf("SignPKCS1v15 failed: %s", err) + } + if !bytes.Equal(sig, expectedSig) { +@@ -325,10 +332,9 @@ var rsaPrivateKey = &PrivateKey{ + }, + } + +- + // This key is generated with the following command: + // +-// openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out key.pem ++// openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out key.pem + // + // In order to generate new test vectors you'll need the PEM form of this key (and s/TESTING/PRIVATE/): + // -----BEGIN RSA TESTING KEY-----