On Wed, Feb 24, 2016 at 05:22:08PM +0100, lists wrote:
>
> Before I try some heavy debugging, does anybody know of a change from
> version 1.0.1e to 1.0.1r that would prevent the commands above from working?
Can you try reverting commit
23a58779f53a9060c823d00d76b3070cad61d9a3? I've attached a patch.
This is something that will get reverted in the next release. But
if that fixes something, it's actually something in the engine
that's broken.
Kurt
diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c
index cf4c026..41c827f 100644
--- a/crypto/rsa/rsa_sign.c
+++ b/crypto/rsa/rsa_sign.c
@@ -84,7 +84,7 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
return 0;
}
#endif
- if (rsa->meth->rsa_sign) {
+ if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign) {
return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa);
}
/* Special case: SSL signature, just check the length */
@@ -304,7 +304,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
const unsigned char *sigbuf, unsigned int siglen, RSA *rsa)
{
- if (rsa->meth->rsa_verify) {
+ if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify) {
return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa);
}
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
