openssl icon indicating copy to clipboard operation
openssl copied to clipboard
verified publisher icon openssl

The return value of RSA_*_{en,de}crypt() is signed

Open vdukhovni opened this issue 1 month ago • 4 comments

The functions RSA_(public|private)_(en|de)crypt() return a signed result, in particular -1 may be returned on error, so the caller MUST treat the value as signed.

Checklist
  • [ ] documentation is added or updated
  • [ ] tests are added or updated

vdukhovni avatar Dec 06 '25 04:12 vdukhovni

What branches are we targeting this change for?

mattcaswell avatar Dec 08 '25 09:12 mattcaswell

What branches are we targeting this change for?

I hadn't looked into backports, but the code that introduced the unsigned variables to handle the signed returned values was added in 3.4 as part of https://github.com/openssl/openssl/pull/23832

So we could backport to 3.4 if that seems appropriate.

vdukhovni avatar Dec 08 '25 12:12 vdukhovni

The change looks fine. Note that I am not sure how easy it is to get to this path as it happens only AFTER a successful keygen call, which normally would mean that the parameters are correct (it would have to hit a malloc failure I presume)

slontis avatar Dec 08 '25 21:12 slontis

24 hours has passed since 'approval: done' was set, but as this PR has been updated in that time the label 'approval: ready to merge' is not being automatically set. Please review the updates and set the label manually.

openssl-machine avatar Dec 09 '25 10:12 openssl-machine

Merged to the master, 3.6, 3.5 and 3.4 branches. Thank you.

t8m avatar Dec 11 '25 12:12 t8m