On Mon, Feb 01, 2016 at 08:56:16PM +0000, Salz, Rich wrote:
> > This impact all users who upgrade to OpenSSL 1.0.2f and will cause smtpd
> > to crash as soon as the RSA engine is used (ie: whenever there's crypto)
>
> It would be interesting to see what they think was wrong.
>
> Our intent is to NOT change API's across letter releases.
The only thing I see that's plausibly pertinent is:
commit 6656ba7152dfe4bba865e327dd362ea08544aa80
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Sun Dec 20 18:18:43 2015 +0000
Don't check RSA_FLAG_SIGN_VER.
Reviewed-by: Richard Levitte <levi...@openssl.org>
diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c
index 82ca832..ed63a1d 100644
--- a/crypto/rsa/rsa_sign.c
+++ b/crypto/rsa/rsa_sign.c
@@ -84,7 +84,7 @@ int RSA_sign(int type, const unsigned char *m, unsigned int
m_len,
return 0;
}
#endif
- if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign) {
+ if (rsa->meth->rsa_sign) {
return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa);
}
/* Special case: SSL signature, just check the length */
@@ -293,7 +293,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned
int m_len,
const unsigned char *sigbuf, unsigned int siglen, RSA *rsa)
{
- if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify) {
+ if (rsa->meth->rsa_verify) {
return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa);
}
--
Viktor.
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
