Skip to content

Commit 2cdab83

Browse files
toddr-botclaude
andcommitted
Fix missing return value check in EVP_PKEY_sign_init
THROW(EVP_PKEY_sign_init(ctx)) treats any non-zero return as success, including negative error codes (-2 = operation not supported). The verify() path already checks == 1 correctly; bring sign() in line. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
1 parent 24e227d commit 2cdab83

1 file changed

Lines changed: 1 addition & 1 deletion

File tree

RSA.xs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1446,7 +1446,7 @@ sign(p_rsa, text_SV)
14461446
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
14471447
ctx = EVP_PKEY_CTX_new(p_rsa->rsa, NULL /* no engine */);
14481448
THROW(ctx);
1449-
THROW(EVP_PKEY_sign_init(ctx));
1449+
THROW(EVP_PKEY_sign_init(ctx) == 1);
14501450
THROW(setup_pss_sign_ctx(ctx, p_rsa->padding, p_rsa->hashMode, &md));
14511451
THROW(EVP_PKEY_sign(ctx, NULL, &signature_length, digest, get_digest_length(p_rsa->hashMode)) == 1);
14521452

0 commit comments

Comments
 (0)