RSA_FLAG_SIGN_VER indicates the special rsa_sign and rsa_verify function

pointers should be used.  It doesn't necessarely mean it should go through
the ENGINE framework.

crypto/rsa/rsa_sign.c

@@ -79,12 +79,16 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
 	const unsigned char *s = NULL;
 	X509_ALGOR algor;
 	ASN1_OCTET_STRING digest;
+	if(rsa->flags & RSA_FLAG_SIGN_VER)
+		{
 #ifndef OPENSSL_NO_ENGINE
-	if((rsa->flags & RSA_FLAG_SIGN_VER)
-	      && ENGINE_get_RSA(rsa->engine)->rsa_sign)
-	      return ENGINE_get_RSA(rsa->engine)->rsa_sign(type,
-			m, m_len, sigret, siglen, rsa);
+		if(ENGINE_get_RSA(rsa->engine)->rsa_sign)
+			return ENGINE_get_RSA(rsa->engine)->rsa_sign(type,
+				m, m_len, sigret, siglen, rsa);
 #endif
+		return rsa->meth->rsa_sign(type, m, m_len,
+			sigret, siglen, rsa);
+		}
 	/* Special case: SSL signature, just check the length */
 	if(type == NID_md5_sha1) {
 		if(m_len != SSL_SIG_LENGTH) {
@@ -159,12 +163,16 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
 		return(0);
 		}
 
+	if(rsa->flags & RSA_FLAG_SIGN_VER)
+		{
 #ifndef OPENSSL_NO_ENGINE
-	if((rsa->flags & RSA_FLAG_SIGN_VER)
-	    && ENGINE_get_RSA(rsa->engine)->rsa_verify)
-	    return ENGINE_get_RSA(rsa->engine)->rsa_verify(dtype,
-			m, m_len, sigbuf, siglen, rsa);
+		if(ENGINE_get_RSA(rsa->engine)->rsa_verify)
+			return ENGINE_get_RSA(rsa->engine)->rsa_verify(dtype,
+				m, m_len, sigbuf, siglen, rsa);
 #endif
+		return rsa->meth->rsa_verify(dtype, m, m_len,
+			sigbuf, siglen, rsa);
+		}
 
 	s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen);
 	if (s == NULL)