Bug 2355359

Summary: "error registering mlkem512 with no hash" when running "rpm -q "
Product: [Fedora] Fedora Reporter: Dan Horák <dan>
Component: oqsproviderAssignee: Dmitry Belyavskiy <dbelyavs>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: unspecified    
Version: rawhideCC: crypto-team, dbelyavs, decathorpe, geert, igor.raits, jjelen, mdomonko, mspacek, mturk, packaging-team-maint, pmatilai, rust-sig, shebburn, suraj.ghimire7, tm
Target Milestone: ---Keywords: Triaged
Target Release: ---Flags: fedora-admin-xmlrpc: mirror+
Hardware: s390x   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2025-07-01 09:58:22 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 467765    

Description Dan Horák 2025-03-27 14:36:34 UTC 
Seems that after rebasing openssl to 3.5.0 there is an error message printed for example when running "rpm -q" queries. Downgrading to openssl 3.2.4 makes the message go away.



Reproducible: Always

Steps to Reproduce:
1. rpm -q rpm openssl-libs
Actual Results:  
error registering mlkem512 with no hash
rpm-4.20.1-1.fc43.s390x
openssl-libs-3.5.0-1.fc43.s390x


Expected Results:  
rpm-4.20.1-1.fc43.s390x
openssl-libs-3.5.0-1.fc43.s390x


with downgraded openssl to 3.2.4

[root@fedora ~]# rpm -q rpm openssl-libs
rpm-4.20.1-1.fc43.s390x
openssl-libs-3.2.4-3.fc43.s390x
Comment 1 Dan Horák 2025-03-27 14:51:30 UTC 
Might be s390x specific as I haven't seen it on eg. ppc64le
Comment 2 Dmitry Belyavskiy 2025-04-01 09:48:37 UTC 
It is not an s390 issue but it also is not OpenSSL issue, OpenSSL doesn't have this line or its parts in code. Looks like a rpm issue to me.
Comment 3 Panu Matilainen 2025-04-01 14:09:42 UTC 
That's funny because there's also nothing resembling such an error in rpm.

My assumption is that something in the Rust side has a closer version dependency on OpenSSL than what is tracked by the soname dependency, and that this can be fixed by just rebuilding rpm-sequoia. But, I don't know why that would be specific to s390x.

The error doesn't come from rpm-sequoia directly either, but reassigning there as that's the only part of rpm actually connected to openssl.
Comment 4 Fabio Valentini 2025-04-01 14:29:00 UTC 
👀 This sounds *very* strange ...

FWIW I built rpm-sequoia 1.8.0 an hour ago, so it was built against OpenSSL 3.5.0. You could try that one.
But I doubt that this has anything to do with ABI, so I don't think this will help.
It's possible that the Rust bindings for OpenSSL still need updates for changes in 3.5.0, but that's out of my control.

Though I do wonder how openssl 3.5.0 was pushed to rawhide with so many failing gating tests:
https://bodhi.fedoraproject.org/updates/FEDORA-2025-a6413a9197
Comment 5 Dmitry Belyavskiy 2025-04-01 16:08:38 UTC 
https://github.com/open-quantum-safe/oqs-provider/blob/ff34addef3e418d6e4c8ee50b537722c9a7f25e3/oqsprov/oqsprov.c#L1193