[openssl] master update
Matt Caswell
matt at openssl.org
Mon Oct 19 15:21:14 UTC 2020
The branch master has been updated
via 1dc5128577ed983fab8d5b3e65c06dd7e12cf4dc (commit)
from ea7277fd2e27afa3a173ea30d567f45d7bb3d30d (commit)
- Log -----------------------------------------------------------------
commit 1dc5128577ed983fab8d5b3e65c06dd7e12cf4dc
Author: Matt Caswell <matt at openssl.org>
Date: Fri Oct 16 17:16:30 2020 +0100
Fix no-dh
One of the x509 tests checks to make sure spurious errors don't appear on
the stack. The x509 app uses the OSSL_STORE code to load things. The
OSSL_STORE code will try various different formats - which results in
lots of failures. However those failures are typically suppressed by
OSSL_STORE unless they are interesting. OSSL_STORE thinks it knows what
kind of errors are uninteresting (ASN.1 errors) but gets confused if
upper levels of code add additional errors to the stack. This was
happening in the DSA code which confused OSSL_STORE and meant the errors
were not being suppressed properly - and hence the x509 test failed.
Interestingly this only impacts a no-dh build, because in a no-dh build
the DSA param decoder suddenly becomes the last to be tried. If it
happens earlier in the list the errors end up getting suppressed anyway.
The simplest solution is to just to remove the error from the DSA param
decoder code. It's not adding any useful information anyway.
Reviewed-by: Paul Dale <paul.dale at oracle.com>
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13162)
-----------------------------------------------------------------------
Summary of changes:
crypto/dsa/dsa_ameth.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c
index 208c4ec19f..d3e22abc35 100644
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
@@ -374,10 +374,9 @@ static int dsa_param_decode(EVP_PKEY *pkey,
{
DSA *dsa;
- if ((dsa = d2i_DSAparams(NULL, pder, derlen)) == NULL) {
- DSAerr(DSA_F_DSA_PARAM_DECODE, ERR_R_DSA_LIB);
+ if ((dsa = d2i_DSAparams(NULL, pder, derlen)) == NULL)
return 0;
- }
+
dsa->dirty_cnt++;
EVP_PKEY_assign_DSA(pkey, dsa);
return 1;
More information about the openssl-commits
mailing list