[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

Richard Levitte levitte at openssl.org
Tue Apr 17 19:11:47 UTC 2018

The branch OpenSSL_1_0_2-stable has been updated
       via  82d8cec06ae8af5dbe68c8e4be38ad32ce9fa594 (commit)
      from  363c9f0ba4973a3d7d4ce743fadbc252aa9f0d4c (commit)

- Log -----------------------------------------------------------------
commit 82d8cec06ae8af5dbe68c8e4be38ad32ce9fa594
Author: John Eichenberger <john.eichenberger at honeywell.com>
Date:   Tue Apr 3 16:08:31 2018 -0700

    Correct the check of RSA_FLAG_SIGN_VER
    The wrong flags were being tested. It is the rsa->meth flags not the rsa
    flags that should be tested.
    wpa_supplicant has a bit of code that
    1. Allocates and defines a RSA_METHOD structure.
    2. calls RSA_new();
    3. calls RSA_set_method().
    In current versions of that code the rsa_sign and rsa_verify members of
    the RSA_METHOD structure are not defined, thus making it compatible
    with the really old versions of OpenSSL.
    But should one change it use the rsa_sign method one must set the
    RSA_FLAG_SIGN_VER bit of the RSA_METHOD structure to indicate that
    one or both of those new methods are required.  In doing so, OpenSSL
    will not call the new methods, not without this change.
    CLA: trivial
    Change-Id: I6e65a80f21399f25e966466ff676e3b21f85f360
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/5971)


Summary of changes:
 crypto/rsa/rsa_sign.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c
index 82ca832..b7fff43 100644
--- a/crypto/rsa/rsa_sign.c
+++ b/crypto/rsa/rsa_sign.c
@@ -84,7 +84,7 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
         return 0;
-    if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign) {
+    if ((rsa->meth->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign) {
         return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa);
     /* Special case: SSL signature, just check the length */
@@ -293,7 +293,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
                const unsigned char *sigbuf, unsigned int siglen, RSA *rsa)
-    if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify) {
+    if ((rsa->meth->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify) {
         return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa);

More information about the openssl-commits mailing list