rsa_verify does not clear the openssl error stack on signature failure.
When a signature verification fails, m2crypto fails to clear the error stack. This causes other libraries in the same process to fail if they make assertions about the error stack being empty on initialization, for example. This occurs here: https://gitlab.com/m2crypto/m2crypto/blob/8bbd1126681b87d0fc45ce34bc51a6eafdafc7c9/SWIG/_rsa.i#L409-411
The RSA_verify call appears to result in two errors being placed on the stack: '0x7fa6bb35111a "block type is not 01"' and '0x7fa6bb35141d "padding check failed"'.
Personally I'd prefer the entire stack of errors resulting from a call returned, I'm just not sure how best to format that. It looks like a single call to ERR_get_error is very common in the codebase, so this might not be the only place this causes a problem, either. I think it would be best if every method ensured the stack was empty before making a call and ensured its emptied after each call.