openssl -noverify doesn't work since 6.4?

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

openssl -noverify doesn't work since 6.4?

Federico Giannici
Hi.
I have just upgraded an amd64 system from OpenBSD 6.3 to 6.5 (passing
from 6.4, to be sure).

It seems that since OpenBSD 6.4 the -noverify option in openssl doesn't
work any more.


Here is the OpenBSD 6.3 output (openssl-63 is the openssl binary from 6.3):

aragorn:/home/giannici# /openssl-63 smime -verify -noverify -inform DER
-in file.p7m -out file
Verification successful


Here is the OpenBSD 6.4 output:

aragorn:/home/giannici# /openssl-64  smime -verify -noverify -inform DER
-in file.p7m -out file
Verification failure
14270753673760:error:04FFF068:rsa routines:CRYPTO_internal:bad
signature:/usr/src/lib/libcrypto/rsa/rsa_sign.c:249:
14270753673760:error:21FFF069:PKCS7 routines:func(4095):signature
failure:/usr/src/lib/libcrypto/pkcs7/pk7_doit.c:1072:
14270753673760:error:21FFF069:PKCS7 routines:func(4095):signature
failure:/usr/src/lib/libcrypto/pkcs7/pk7_smime.c:407:


Here is the OpenBSD 6.5 output:

aragorn:/home/giannici# /usr/bin/openssl smime -verify -noverify -inform
DER -in file.p7m -out file
Verification failure
19006006410240:error:04FFF068:rsa routines:CRYPTO_internal:bad
signature:/usr/src/lib/libcrypto/rsa/rsa_sign.c:249:
19006006410240:error:21FFF069:PKCS7 routines:func(4095):signature
failure:/usr/src/lib/libcrypto/pkcs7/pk7_doit.c:1072:
19006006410240:error:21FFF069:PKCS7 routines:func(4095):signature
failure:/usr/src/lib/libcrypto/pkcs7/pk7_smime.c:407:


Am I doing something wrong, that worked with 6.3 but no longer then?
Or is it a bug?

Thanks.

--
___________________________________________________
     __
    |-                      [hidden email]
    |ederico Giannici      http://www.neomedia.it
___________________________________________________