On 21/07/2020 20:19, prudvi raj wrote:

>

> While upgrading to openssl 1.1.1 from 1.0.2k .

> I came across this code snippet :

> if (rsa->flags & RSA_FLAG_SIGN_VER)

> return rsa->meth->rsa_sign (type, m, lLen, sigret, siglen, rsa);

>

> From Docs :

> Enhance RSA_METHOD structure. Now there are two extra methods, rsa_sign

> and rsa_verify. When the RSA_FLAGS_SIGN_VER option is set these

> functions will be called when RSA_sign() and RSA_verify() are used.

> /*

> * New sign and verify functions: some libraries don't allow arbitrary

> * data to be signed/verified: this allows them to be used. Note: for

> * this to work the RSA_public_decrypt() and RSA_private_encrypt()

> should * *NOT* be used RSA_sign(), RSA_verify() should be used instead.

> */

>

> In Latest Openssl 1.1.1 :

> -- RSA_FLAG_SIGN_VER is not required . To get flags : RSA_flags(rsa).

> -- "struct rsa_meth_st" has "rsa_sign" declared as a function pointer

> . I cannot find any actual function definition that the above

> "meth->rsa_sign " might point to , which can be called as this forward

> declaration is not allowed anymore . Maybe "RSA_sign()" ??

No need to check the flag. Just call RSA_sign().

Matt