Browse Source

Fix no-dh

One of the x509 tests checks to make sure spurious errors don't appear on
the stack. The x509 app uses the OSSL_STORE code to load things. The
OSSL_STORE code will try various different formats - which results in
lots of failures. However those failures are typically suppressed by
OSSL_STORE unless they are interesting. OSSL_STORE thinks it knows what
kind of errors are uninteresting (ASN.1 errors) but gets confused if
upper levels of code add additional errors to the stack. This was
happening in the DSA code which confused OSSL_STORE and meant the errors
were not being suppressed properly - and hence the x509 test failed.

Interestingly this only impacts a no-dh build, because in a no-dh build
the DSA param decoder suddenly becomes the last to be tried. If it
happens earlier in the list the errors end up getting suppressed anyway.

The simplest solution is to just to remove the error from the DSA param
decoder code. It's not adding any useful information anyway.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13162)
master
Matt Caswell 2 years ago
parent
commit
1dc5128577
1 changed files with 2 additions and 3 deletions
  1. +2
    -3
      crypto/dsa/dsa_ameth.c

+ 2
- 3
crypto/dsa/dsa_ameth.c View File

@ -374,10 +374,9 @@ static int dsa_param_decode(EVP_PKEY *pkey,
{
DSA *dsa;
if ((dsa = d2i_DSAparams(NULL, pder, derlen)) == NULL) {
DSAerr(DSA_F_DSA_PARAM_DECODE, ERR_R_DSA_LIB);
if ((dsa = d2i_DSAparams(NULL, pder, derlen)) == NULL)
return 0;
}
dsa->dirty_cnt++;
EVP_PKEY_assign_DSA(pkey, dsa);
return 1;


Loading…
Cancel
Save