[openssl] master update

Matt Caswell matt at openssl.org
Mon Oct 19 15:21:14 UTC 2020

The branch master has been updated
       via  1dc5128577ed983fab8d5b3e65c06dd7e12cf4dc (commit)
      from  ea7277fd2e27afa3a173ea30d567f45d7bb3d30d (commit)

- Log -----------------------------------------------------------------
commit 1dc5128577ed983fab8d5b3e65c06dd7e12cf4dc
Author: Matt Caswell <matt at openssl.org>
Date:   Fri Oct 16 17:16:30 2020 +0100

    Fix no-dh
    One of the x509 tests checks to make sure spurious errors don't appear on
    the stack. The x509 app uses the OSSL_STORE code to load things. The
    OSSL_STORE code will try various different formats - which results in
    lots of failures. However those failures are typically suppressed by
    OSSL_STORE unless they are interesting. OSSL_STORE thinks it knows what
    kind of errors are uninteresting (ASN.1 errors) but gets confused if
    upper levels of code add additional errors to the stack. This was
    happening in the DSA code which confused OSSL_STORE and meant the errors
    were not being suppressed properly - and hence the x509 test failed.
    Interestingly this only impacts a no-dh build, because in a no-dh build
    the DSA param decoder suddenly becomes the last to be tried. If it
    happens earlier in the list the errors end up getting suppressed anyway.
    The simplest solution is to just to remove the error from the DSA param
    decoder code. It's not adding any useful information anyway.
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/13162)


Summary of changes:
 crypto/dsa/dsa_ameth.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c
index 208c4ec19f..d3e22abc35 100644
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
@@ -374,10 +374,9 @@ static int dsa_param_decode(EVP_PKEY *pkey,
     DSA *dsa;
-    if ((dsa = d2i_DSAparams(NULL, pder, derlen)) == NULL) {
+    if ((dsa = d2i_DSAparams(NULL, pder, derlen)) == NULL)
         return 0;
-    }
     EVP_PKEY_assign_DSA(pkey, dsa);
     return 1;

More information about the openssl-commits mailing list