Bad exit code with pkeyutl -verify in 1.0.2f

David von Oheimb it at von-Oheimb.de
Sun May 15 06:07:45 UTC 2022 

Hi Philip,
I just had a look a look at the commit you referenced.
Indeed this bug got fixed there, apparently without this fact being mentioned there. This commit was part of OpenSSL_1_1_0-pre1, so presumably it was released with 1.1.0.
----------------------------------------

15 May 2022 06:14:14 Philip Prindeville <philipp_subx at redfish-solutions.com>:

> I know this is an ancient version, but I was wondering if this was a known bug so I could figure out which release it was fixed in, as I have to disable the check for the exit status in my regression tests:
> 
> [philipp at centos7 asterisk]$ openssl version
> OpenSSL 1.0.2k-fips  26 Jan 2017
> [philipp at centos7 asterisk]$ echo -n "Mary had a little lamb." | openssl dgst -sha1 -binary > hash
> [philipp at centos7 asterisk]$ od -t x1 hash
> 0000000 4e 07 b8 c7 aa f2 a4 ed 4c e3 9e 76 f6 5d 2a 04
> 0000020 bd ef 57 00
> 0000024
> [philipp at centos7 asterisk]$ openssl pkeyutl -sign -inkey tests/keys/rsa_key1.key -pkeyopt digest:sha1 < hash > signing
> [philipp at centos7 asterisk]$ echo $?
> 0
> [philipp at centos7 asterisk]$ od -t x1 signing
> 0000000 14 03 f6 e2 b5 62 fc a3 32 6c f3 a7 2b 65 ad fd
> 0000020 ae 32 41 d7 c5 29 37 51 cd a3 e6 e2 87 2d 6d f1
> 0000040 32 01 88 99 05 b2 7d 1c f4 88 ef 3a 1b 49 8b 1a
> 0000060 47 0a 6b 11 a0 21 ea d6 1d 52 38 3d cb f4 ad 8b
> 0000100 6e b1 ab bb f3 2e 7d 83 2a 9c 18 a9 6a 48 f6 52
> 0000120 dc 30 86 5d 07 07 8f 45 ad 56 c5 25 3b 9c ef c7
> 0000140 ce 40 dd 74 6a cc 3b c5 ea d8 54 b4 d2 d9 81 25
> 0000160 71 91 be 08 5a 78 33 7d d8 45 2d 45 da f8 08 e1
> 0000200
> [philipp at centos7 asterisk]$ openssl pkeyutl -verify -inkey tests/keys/rsa_key1.pub -pubin -sigfile signing -pkeyopt digest:sha1 < hash
> Signature Verified Successfully
> [philipp at centos7 asterisk]$ echo $?
> 1
> [philipp at centos7 asterisk]$
> 
> 
> I'm unclear why it says "Signature Verified Successfully" but then exits with 1.
> 
> It looks like it was fixed here:
> 
> https://github.com/openssl/openssl/commit/7e1b7485706c2b11091b5fa897fe496a2faa56cc#diff-91617164072ee6a7ebbae1d9aecf2916064cedf9623c56b3ae46b1d310a50963R296
> 
> although the commit doesn't mention an explicit bug.
> 
> Was 1.0.2 using "issues" in Github, or were bugs tracked somewhere else?  I can't remember...
> 
> Thanks,
> 
> -Philip

More information about the openssl-users mailing list