Hello, I have found that in the definition of the functions RSA_verify, RSA_verify_ASN1_OCTET_STRING and in the member rsa_verify of the struct rsa_meth_st, the type of the parameter sigbuf is 'unsigned char *', but I think this type should be 'const unsigned char *'. The pointer to the buffer containing the sing must be const to prevent this functions to change the value of the sign itself.
best regards, Luis Recuerda,
