Add expected failure assertion in pkcs unpadded signature test

[derekparker]

OpenSSL has been updated in RHEL9 and is now returning an error while executing this test. The error is expected, so assert we get the expected error back.

[derekparker]

@ueno while this fixes the test, I'm still not totally confident in it as I don't understand why we're now seeing this error and weren't before. I'd like to understand better what underlying change in OpenSSL seems to be causing this.

[ueno]

It turned out that this only happens with a special combination of openssl and openssl-fips-provider, where the former is 3.2.2 while the latter is 3.0.7. In that case, optional factors and CRT parameters in an RSA object are stripped off, when importing the object into EVP_PKEY. This doesn't happen when those parameters are set through the non-legacy API, such as EVP_PKEY_fromdata.

Here are test cases:

• Importing RSA key with EVP_PKEY_set1_RSA, fails on ubi9: test-rsa.c.gz
• Importing RSA key with EVP_PKEY_fromdata, succeeds on ubi9: test-rsa3.c.gz

[derekparker]

@ueno would porting https://github.com/golang-fips/openssl/pull/144/files to 1.19 fix this?

[ueno]

@ueno would porting https://github.com/golang-fips/openssl/pull/144/files to 1.19 fix this?

I doubt this would help; the issue is in importing an RSA object into EVP_PKEY, and the PR doesn't touch that logic.