Fix EVP_PKEY_sign_init() return value check on OpenSSL 3.x#203
Draft
toddr-bot wants to merge 1 commit into
Draft
Fix EVP_PKEY_sign_init() return value check on OpenSSL 3.x#203toddr-bot wants to merge 1 commit into
toddr-bot wants to merge 1 commit into
Conversation
EVP_PKEY_sign_init() returns 1 on success, 0 on error, and -2 if the operation is unsupported. The bare THROW(EVP_PKEY_sign_init(ctx)) only caught 0, treating -2 (truthy) as success. Every other _init() call in RSA.xs already uses == 1 or > 0; this aligns sign_init with that pattern.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Fix bare truthiness check on
EVP_PKEY_sign_init()return value in thesign()function.Why
EVP_PKEY_sign_init()returns 1 on success, 0 on error, and -2 if the operation is unsupported for the key type. The bareTHROW(EVP_PKEY_sign_init(ctx))only catches 0 — a -2 return (truthy) would be silently accepted as success, leaving the signing context uninitialized for subsequent calls.Every other
_init()call in RSA.xs already checks== 1or> 0:EVP_PKEY_keygen_init(ctx) == 1(line 881)EVP_PKEY_fromdata_init(pctx) > 0(line 930)init_crypt(ctx) == 1(line 509)EVP_PKEY_verify_init(ctx) == 1(line 1518)How
Changed
THROW(EVP_PKEY_sign_init(ctx))toTHROW(EVP_PKEY_sign_init(ctx) == 1).Testing
Full test suite passes on OpenSSL 3.5.5. The fix aligns with the existing pattern used by verify_init on line 1518.
Quality Report
Changes: 1 file changed, 1 insertion(+), 1 deletion(-)
Code scan: clean
Tests: passed (OK)
Branch hygiene: clean
Generated by Kōan