"rsa->meth->rsa_sign" method in Openssl 1.1.1g

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

"rsa->meth->rsa_sign" method in Openssl 1.1.1g

prudvi raj

While upgrading to openssl 1.1.1 from 1.0.2k .
I came across this code snippet :
    if (rsa->flags & RSA_FLAG_SIGN_VER)
        return rsa->meth->rsa_sign (type, m, lLen, sigret, siglen, rsa);

From Docs :
Enhance RSA_METHOD structure. Now there are two extra methods, rsa_sign  and rsa_verify. When the RSA_FLAGS_SIGN_VER option is set these functions will be called when RSA_sign() and RSA_verify() are used.
    /*  
     * New sign and verify functions: some libraries don't allow arbitrary
     * data to be signed/verified: this allows them to be used. Note: for
     * this to work the RSA_public_decrypt() and RSA_private_encrypt() should * *NOT* be used RSA_sign(), RSA_verify() should be used instead.
     */

 In Latest Openssl 1.1.1 :  
-- RSA_FLAG_SIGN_VER is not required . To get flags : RSA_flags(rsa). 
-- "struct rsa_meth_st" has  "rsa_sign" declared as a function pointer .  I cannot find any actual function definition that the above "meth->rsa_sign " might point to , which can be called as this forward declaration is not allowed anymore . Maybe "RSA_sign()" ??   

Moreover , "RSA_sign()" function has the same return code snippet above. .
 
So, what is a suitable replacement for the above snippet in openssl 1.1.1g ??

Can Someone help me on this !!, TIA .

Regards,
Prud.




Reply | Threaded
Open this post in threaded view
|

Re: "rsa->meth->rsa_sign" method in Openssl 1.1.1g

Matt Caswell-2


On 21/07/2020 20:19, prudvi raj wrote:

>
> While upgrading to openssl 1.1.1 from 1.0.2k .
> I came across this code snippet :
>     if (rsa->flags & RSA_FLAG_SIGN_VER)
>         return rsa->meth->rsa_sign (type, m, lLen, sigret, siglen, rsa);
>
> From Docs :
> Enhance RSA_METHOD structure. Now there are two extra methods, rsa_sign 
> and rsa_verify. When the RSA_FLAGS_SIGN_VER option is set these
> functions will be called when RSA_sign() and RSA_verify() are used.
>     /*  
>      * New sign and verify functions: some libraries don't allow arbitrary
>      * data to be signed/verified: this allows them to be used. Note: for
>      * this to work the RSA_public_decrypt() and RSA_private_encrypt()
> should * *NOT* be used RSA_sign(), RSA_verify() should be used instead.
>      */
>
>  In Latest Openssl 1.1.1 :  
> -- RSA_FLAG_SIGN_VER is not required . To get flags : RSA_flags(rsa). 
> -- "struct rsa_meth_st" has  "rsa_sign" declared as a function pointer
> .  I cannot find any actual function definition that the above
> "meth->rsa_sign " might point to , which can be called as this forward
> declaration is not allowed anymore . Maybe "RSA_sign()" ??

No need to check the flag. Just call RSA_sign().

Matt