Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[openssl.org #2029] Fix openssl dgst -dss1

33 views
Skip to first unread message

Tomas Mraz via RT

unread,
Sep 1, 2009, 4:44:43 AM9/1/09
to
This is a multi-part message in MIME format...

------------=_1251791460-24143-1
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit

In the openssl-1.0.0-beta3 the command openssl dgst -dss1 -verify fails
with error:
Error setting context
139832466196296:error:0A07806A:dsa routines:PKEY_DSA_CTRL:invalid digest
type:dsa_pmeth.c:192:

See https://bugzilla.redhat.com/show_bug.cgi?id=520152 for detailed test
case.

I've patched the pkey_dsa_ctrl function to make the command work (see
the attached patch). However I am not quite sure the fix is completely
right.

--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb


------------=_1251791460-24143-1
Content-Type: text/x-patch;
charset="ISO-8859-2";
name="openssl-1.0.0-beta3-dss1.patch"
Content-Disposition: inline; filename="openssl-1.0.0-beta3-dss1.patch"
Content-Transfer-Encoding: 7bit
RT-Attachment: 2029/23709/11121

diff -up openssl-1.0.0-beta3/crypto/dsa/dsa_pmeth.c.dss1 openssl-1.0.0-beta3/crypto/dsa/dsa_pmeth.c
--- openssl-1.0.0-beta3/crypto/dsa/dsa_pmeth.c.dss1 2008-11-05 19:38:56.000000000 +0100
+++ openssl-1.0.0-beta3/crypto/dsa/dsa_pmeth.c 2009-08-31 12:53:47.000000000 +0200
@@ -186,6 +186,7 @@ static int pkey_dsa_ctrl(EVP_PKEY_CTX *c

case EVP_PKEY_CTRL_MD:
if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 &&
+ EVP_MD_type((const EVP_MD *)p2) != NID_dsa &&
EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
EVP_MD_type((const EVP_MD *)p2) != NID_sha256)
{

------------=_1251791460-24143-1--
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List opens...@openssl.org
Automated List Manager majo...@openssl.org

Stephen Henson via RT

unread,
Sep 2, 2009, 12:46:29 PM9/2/09
to
> [tm...@redhat.com - Tue Sep 01 09:50:59 2009]:

>
> In the openssl-1.0.0-beta3 the command openssl dgst -dss1 -verify fails
> with error:
> Error setting context
> 139832466196296:error:0A07806A:dsa routines:PKEY_DSA_CTRL:invalid digest
> type:dsa_pmeth.c:192:
>
> See https://bugzilla.redhat.com/show_bug.cgi?id=520152 for detailed test
> case.
>
> I've patched the pkey_dsa_ctrl function to make the command work (see
> the attached patch). However I am not quite sure the fix is completely
> right.
>

Yes that fix is OK. In 1.0.0 you don't have to use -dss1 any more, it
works with -sha1 and non-RSA keys, but I hadn't noticed -dss1 had
stopped working.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

0 new messages