Hi there, > (1) While testing I found that verification of certain signed > documents crashed OpenSSL. The problem appears to be that > hw_ubsec.c:ubsec_dsa_verify() calls > p_UBSEC_dsa_verify_ioctl() and if this call fails then the code tries > using software crypto, indirectly calling dsa_ossl.c:dsa_do_verify(). > However, dsa_do_verify() tries to do: > > if (!ENGINE_get_DSA(dsa->engine)->dsa_mod_exp(dsa, &t1,dsa->g,&u1, > dsa->pub_key,&u2, > dsa->p,ctx,mont)) > goto err; > > and this dies because dsa_mod_exp is NULL. The current workaround is > to set up pointers in ubsec_dsa for dsa_mod_exp and dsa_bn_mod_exp > (just in case):
Actually you must be looking at one of the openssl-engine-0.9.6 releases? The linking between algorithm contexts and both their METHOD implementations and ENGINE handles was altered as of 0.9.7, and the above line of code thus changed. The problem is nonetheless still there, and I am looking at it. However, to test possible fixes to this, you will need to start working with 0.9.7 or snapshots (ie. CVS development leading up to 0.9.8). Can you confirm this misunderstanding of versions, or are you working with a custom source tree? Cheers, Geoff -- Geoff Thorpe, RT/openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
