[openssl-commits] [openssl] OpenSSL_1_0_1-stable update
Kurt Roeckx
kurt at openssl.org
Sat Feb 27 12:40:56 UTC 2016
The branch OpenSSL_1_0_1-stable has been updated
via f16bc6f06c8eb454b8fcb457ef890c185d1d5746 (commit)
from a801bf263849a2ef773e5bc0c86438cbba720835 (commit)
- Log -----------------------------------------------------------------
commit f16bc6f06c8eb454b8fcb457ef890c185d1d5746
Author: Kurt Roeckx <kurt at roeckx.be>
Date: Sat Feb 27 13:38:01 2016 +0100
Revert "Don't check RSA_FLAG_SIGN_VER."
This reverts commit 23a58779f53a9060c823d00d76b3070cad61d9a3.
This broke existing engines that didn't properly implement the sign and verify
functions.
Reviewed-by: Richard Levitte <levitte at openssl.org>
MR: #2077
-----------------------------------------------------------------------
Summary of changes:
crypto/rsa/rsa_sign.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c
index cf4c026..41c827f 100644
--- a/crypto/rsa/rsa_sign.c
+++ b/crypto/rsa/rsa_sign.c
@@ -84,7 +84,7 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
return 0;
}
#endif
- if (rsa->meth->rsa_sign) {
+ if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign) {
return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa);
}
/* Special case: SSL signature, just check the length */
@@ -304,7 +304,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
const unsigned char *sigbuf, unsigned int siglen, RSA *rsa)
{
- if (rsa->meth->rsa_verify) {
+ if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify) {
return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa);
}
More information about the openssl-commits
mailing list