Bad exit code with pkeyutl -verify in 1.0.2f
Philip Prindeville
philipp_subx at redfish-solutions.com
Sun May 15 04:13:09 UTC 2022
I know this is an ancient version, but I was wondering if this was a known bug so I could figure out which release it was fixed in, as I have to disable the check for the exit status in my regression tests:
[philipp at centos7 asterisk]$ openssl version
OpenSSL 1.0.2k-fips 26 Jan 2017
[philipp at centos7 asterisk]$ echo -n "Mary had a little lamb." | openssl dgst -sha1 -binary > hash
[philipp at centos7 asterisk]$ od -t x1 hash
0000000 4e 07 b8 c7 aa f2 a4 ed 4c e3 9e 76 f6 5d 2a 04
0000020 bd ef 57 00
0000024
[philipp at centos7 asterisk]$ openssl pkeyutl -sign -inkey tests/keys/rsa_key1.key -pkeyopt digest:sha1 < hash > signing
[philipp at centos7 asterisk]$ echo $?
0
[philipp at centos7 asterisk]$ od -t x1 signing
0000000 14 03 f6 e2 b5 62 fc a3 32 6c f3 a7 2b 65 ad fd
0000020 ae 32 41 d7 c5 29 37 51 cd a3 e6 e2 87 2d 6d f1
0000040 32 01 88 99 05 b2 7d 1c f4 88 ef 3a 1b 49 8b 1a
0000060 47 0a 6b 11 a0 21 ea d6 1d 52 38 3d cb f4 ad 8b
0000100 6e b1 ab bb f3 2e 7d 83 2a 9c 18 a9 6a 48 f6 52
0000120 dc 30 86 5d 07 07 8f 45 ad 56 c5 25 3b 9c ef c7
0000140 ce 40 dd 74 6a cc 3b c5 ea d8 54 b4 d2 d9 81 25
0000160 71 91 be 08 5a 78 33 7d d8 45 2d 45 da f8 08 e1
0000200
[philipp at centos7 asterisk]$ openssl pkeyutl -verify -inkey tests/keys/rsa_key1.pub -pubin -sigfile signing -pkeyopt digest:sha1 < hash
Signature Verified Successfully
[philipp at centos7 asterisk]$ echo $?
1
[philipp at centos7 asterisk]$
I'm unclear why it says "Signature Verified Successfully" but then exits with 1.
It looks like it was fixed here:
https://github.com/openssl/openssl/commit/7e1b7485706c2b11091b5fa897fe496a2faa56cc#diff-91617164072ee6a7ebbae1d9aecf2916064cedf9623c56b3ae46b1d310a50963R296
although the commit doesn't mention an explicit bug.
Was 1.0.2 using "issues" in Github, or were bugs tracked somewhere else? I can't remember...
Thanks,
-Philip
More information about the openssl-users
mailing list