On Mon, Feb 01, 2016 at 10:52:56PM +0000, Viktor Dukhovni wrote:
> The only thing I see that's plausibly pertinent is:
>
> commit 6656ba7152dfe4bba865e327dd362ea08544aa80
> Author: Dr. Stephen Henson <[email protected]>
> Date: Sun Dec 20 18:18:43 2015 +0000
>
> Don't check RSA_FLAG_SIGN_VER.
>
> Reviewed-by: Richard Levitte <[email protected]>
>
This is related to:
commit 1c80019a2c8f59410552197723829fd72ab45a5e
Author: Dr. Stephen Henson <[email protected]>
Date: Sat Sep 18 22:37:44 1999 +0000
Add new sign and verify members to RSA_METHOD and change SSL code to
use sign
and verify rather than direct encrypt/decrypt.
Which was already present in 0.9.7. Thus, presumably engines have
been expected to implement the "new" methods, if they were ported
to OpenSSL 0.9.7 or later.
It seems that perhaps the need to implemnt sign/verify and not just
encrypt/decrypt has not been communicated to the engine maintainers.
The master branch has:
commit 19c6d3ea2d3b4e0ad3e978e42cc7cbdf0c09891f
Author: Dr. Stephen Henson <[email protected]>
Date: Wed Dec 2 14:30:39 2015 +0000
Remove RSA_FLAG_SIGN_VER flag.
Remove RSA_FLAG_SIGN_VER: this was origininally used to retain binary
compatibility after RSA_METHOD was extended to include rsa_sign and
rsa_verify fields. It is no longer needed.
Reviewed-by: Richard Levitte <[email protected]>
And while indeed the structure has been stable with sign/verify
methods for ages, engines that don't implement sign/verify may well
exist, so dropping the flag check can break some engines.
--
Viktor.
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
