Hi Philip, I just had a look a look at the commit you referenced. Indeed this bug got fixed there, apparently without this fact being mentioned there. This commit was part of OpenSSL_1_1_0-pre1, so presumably it was released with 1.1.0. ---------------------------------------- 15 May 2022 06:14:14 Philip Prindeville <philipp_subx@xxxxxxxxxxxxxxxxxxxxx>: > I know this is an ancient version, but I was wondering if this was a known bug so I could figure out which release it was fixed in, as I have to disable the check for the exit status in my regression tests: > > [philipp@centos7 asterisk]$ openssl version > OpenSSL 1.0.2k-fips 26 Jan 2017 > [philipp@centos7 asterisk]$ echo -n "Mary had a little lamb." | openssl dgst -sha1 -binary > hash > [philipp@centos7 asterisk]$ od -t x1 hash > 0000000 4e 07 b8 c7 aa f2 a4 ed 4c e3 9e 76 f6 5d 2a 04 > 0000020 bd ef 57 00 > 0000024 > [philipp@centos7 asterisk]$ openssl pkeyutl -sign -inkey tests/keys/rsa_key1.key -pkeyopt digest:sha1 < hash > signing > [philipp@centos7 asterisk]$ echo $? > 0 > [philipp@centos7 asterisk]$ od -t x1 signing > 0000000 14 03 f6 e2 b5 62 fc a3 32 6c f3 a7 2b 65 ad fd > 0000020 ae 32 41 d7 c5 29 37 51 cd a3 e6 e2 87 2d 6d f1 > 0000040 32 01 88 99 05 b2 7d 1c f4 88 ef 3a 1b 49 8b 1a > 0000060 47 0a 6b 11 a0 21 ea d6 1d 52 38 3d cb f4 ad 8b > 0000100 6e b1 ab bb f3 2e 7d 83 2a 9c 18 a9 6a 48 f6 52 > 0000120 dc 30 86 5d 07 07 8f 45 ad 56 c5 25 3b 9c ef c7 > 0000140 ce 40 dd 74 6a cc 3b c5 ea d8 54 b4 d2 d9 81 25 > 0000160 71 91 be 08 5a 78 33 7d d8 45 2d 45 da f8 08 e1 > 0000200 > [philipp@centos7 asterisk]$ openssl pkeyutl -verify -inkey tests/keys/rsa_key1.pub -pubin -sigfile signing -pkeyopt digest:sha1 < hash > Signature Verified Successfully > [philipp@centos7 asterisk]$ echo $? > 1 > [philipp@centos7 asterisk]$ > > > I'm unclear why it says "Signature Verified Successfully" but then exits with 1. > > It looks like it was fixed here: > > https://github.com/openssl/openssl/commit/7e1b7485706c2b11091b5fa897fe496a2faa56cc#diff-91617164072ee6a7ebbae1d9aecf2916064cedf9623c56b3ae46b1d310a50963R296 > > although the commit doesn't mention an explicit bug. > > Was 1.0.2 using "issues" in Github, or were bugs tracked somewhere else? I can't remember... > > Thanks, > > -Philip
