[openssl-users] Correct the check of RSA_FLAG_SIGN_VER

Eichenberger, John John.Eichenberger at Honeywell.com
Tue Apr 3 22:55:06 UTC 2018

Honeywell Internal

I think I have an answer for why this commit needed to be reverted:
Author:                Dr. Stephen Henson <steve at openssl.org>
Author date:      2 years ago (12/20/2015 10:18:43 AM)
Commit date:    2 years ago (12/20/2015 11:27:03 AM)
Commit hash:    6656ba7152dfe4bba865e327dd362ea08544aa80
Children:              1c7de36f62
Parent(s):            17592f323a

Don't check RSA_FLAG_SIGN_VER.

Reviewed-by: Richard Levitte <levitte at openssl.org>

The change made in that commit was to simply remove the attempt to check for the RSA_FLAG_SIGN_VER flag. But that’s not what is wrong with this code that required changing.
The change should be to add “meth” prior to flags:

@@ -84,7 +89,7 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
         return 0;
-    if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign) {
+    if ((rsa->meth->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign) {
         return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa);
     /* Special case: SSL signature, just check the length */
@@ -293,7 +298,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
                const unsigned char *sigbuf, unsigned int siglen, RSA *rsa)

-    if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify) {
+    if ((rsa->meth->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify) {
         return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa);


  John Eichenberger
Intermec by Honeywell
Principal Engineer: Sustaining Engineering
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180403/7dbc8ee0/attachment-0001.html>

More information about the openssl-users mailing list