From 1f33aa92ccf565dddc94cfdaece1b981c499b9a1 Mon Sep 17 00:00:00 2001 From: Toddr Bot Date: Tue, 30 Jun 2026 22:39:52 +0000 Subject: [PATCH] Fix EVP_PKEY_sign_init() return value check on OpenSSL 3.x EVP_PKEY_sign_init() returns 1 on success, 0 on error, and -2 if the operation is unsupported. The bare THROW(EVP_PKEY_sign_init(ctx)) only caught 0, treating -2 (truthy) as success. Every other _init() call in RSA.xs already uses == 1 or > 0; this aligns sign_init with that pattern. --- RSA.xs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/RSA.xs b/RSA.xs index 238bebb..90f1659 100644 --- a/RSA.xs +++ b/RSA.xs @@ -1446,7 +1446,7 @@ sign(p_rsa, text_SV) #if OPENSSL_VERSION_NUMBER >= 0x30000000L ctx = EVP_PKEY_CTX_new(p_rsa->rsa, NULL /* no engine */); THROW(ctx); - THROW(EVP_PKEY_sign_init(ctx)); + THROW(EVP_PKEY_sign_init(ctx) == 1); THROW(setup_pss_sign_ctx(ctx, p_rsa->padding, p_rsa->hashMode, &md)); THROW(EVP_PKEY_sign(ctx, NULL, &signature_length, digest, get_digest_length(p_rsa->hashMode)) == 1);