Hi, commit 222333cf01e2fec4a20c107ac9e820694611a4db added a check that the size returned by EVP_PKEY_size(ctx->pkey) in M_check_autoarg() in crypto/evp/pmeth_fn.c is != 0.
We are in the process of upgrading from 1.0.2j to 1.0.2k and discovered that the if (pksize == 0) check added in 1.0.2k breaks some of our applications. We use an engine for the RSA sign operation. The applications do not know anything about the keypair being used. The keypair is kept private by the engine so the application couldn't determine the attributes of the keypair if it wanted to do so. If this check is necessary is there a way to bypass it when the application does not have the keypair but the engine being used is holding the keypair? I know we can simply remove this line from our copy of the code but we like to avoid modifying the openssl distributed code if at all possible. Thanks, michael commit info: commit 222333cf01e2fec4a20c107ac9e820694611a4db Author: Richard Levitte <levi...@openssl.org> Date: Tue Dec 20 12:56:14 2016 +0100 M_check_autoarg: sanity check the key For now, checking that the size is non-zero will suffice. Reviewed-by: Rich Salz <rs...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2120) (cherry picked from commit d7c8f142ea5953bf260b70a58739c1c9b0f038eb) -- ---- ---- ---- Michael Reilly micha...@cisco.com Cisco Systems Arizona -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev