]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
projects / thirdparty / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e304aa8)
OSSL_STORE: Prevent spurious error during loading private keys
authorDr. David von Oheimb <David.von.Oheimb@siemens.com>
Fri, 14 May 2021 13:11:00 +0000 (15:11 +0200)
committerDr. David von Oheimb <dev@ddvo.net>
Thu, 6 Jan 2022 08:12:57 +0000 (09:12 +0100)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15283)

providers/implementations/encode_decode/decode_der2key.c patch | blob | blame | history

diff --git a/providers/implementations/encode_decode/decode_der2key.c b/providers/implementations/encode_decode/decode_der2key.c
index 356e65b403a9c243d1b325d1f9fd9e11634d3a62..9e3b86b46eed4811d9e95e56f7c14036e56176ca 100644 (file)
--- a/providers/implementations/encode_decode/decode_der2key.c
+++ b/providers/implementations/encode_decode/decode_der2key.c
@@ -204,19 +204,24 @@ static int der2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
     if (!ok)
         goto next;
 
-    ok = 0;                      /* Assume that we fail */
+    ok = 0; /* Assume that we fail */
 
+    ERR_set_mark();
     if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
         derp = der;
         if (ctx->desc->d2i_PKCS8 != NULL) {
             key = ctx->desc->d2i_PKCS8(NULL, &derp, der_len, ctx);
-            if (ctx->flag_fatal)
+            if (ctx->flag_fatal) {
+                ERR_clear_last_mark();
                 goto end;
+            }
         } else if (ctx->desc->d2i_private_key != NULL) {
             key = ctx->desc->d2i_private_key(NULL, &derp, der_len);
         }
-        if (key == NULL && ctx->selection != 0)
+        if (key == NULL && ctx->selection != 0) {
+            ERR_clear_last_mark();
             goto next;
+        }
     }
     if (key == NULL && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
         derp = der;
@@ -224,16 +229,24 @@ static int der2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
             key = ctx->desc->d2i_PUBKEY(NULL, &derp, der_len);
         else
             key = ctx->desc->d2i_public_key(NULL, &derp, der_len);
-        if (key == NULL && ctx->selection != 0)
+        if (key == NULL && ctx->selection != 0) {
+            ERR_clear_last_mark();
             goto next;
+        }
     }
     if (key == NULL && (selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0) {
         derp = der;
         if (ctx->desc->d2i_key_params != NULL)
             key = ctx->desc->d2i_key_params(NULL, &derp, der_len);
-        if (key == NULL && ctx->selection != 0)
+        if (key == NULL && ctx->selection != 0) {
+            ERR_clear_last_mark();
             goto next;
+        }
     }
+    if (key == NULL)
+        ERR_clear_last_mark();
+    else
+        ERR_pop_to_mark();
 
     /*
      * Last minute check to see if this was the correct type of key.  This
Mirror of https://github.com/openssl/openssl.git