From: Daniel Fiala Date: Mon, 28 Mar 2022 12:53:08 +0000 (+0000) Subject: Clear incorrectly reported errors in cms_io. X-Git-Tag: openssl-3.2.0-alpha1~2751 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=45a3c592b94b66cab72e5bffbaf9d810c3fb29c0;p=thirdparty%2Fopenssl.git Clear incorrectly reported errors in cms_io. Fixes openssl#17841. Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18109) --- diff --git a/crypto/cms/cms_io.c b/crypto/cms/cms_io.c index 3768ea4db23..935344167aa 100644 --- a/crypto/cms/cms_io.c +++ b/crypto/cms/cms_io.c @@ -41,8 +41,11 @@ CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms) ci = ASN1_item_d2i_bio_ex(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms, ossl_cms_ctx_get0_libctx(ctx), ossl_cms_ctx_get0_propq(ctx)); - if (ci != NULL) + if (ci != NULL) { + ERR_set_mark(); ossl_cms_resolve_libctx(ci); + ERR_pop_to_mark(); + } return ci; } @@ -104,8 +107,11 @@ CMS_ContentInfo *SMIME_read_CMS_ex(BIO *bio, int flags, BIO **bcont, (ASN1_VALUE **)cms, ossl_cms_ctx_get0_libctx(ctx), ossl_cms_ctx_get0_propq(ctx)); - if (ci != NULL) + if (ci != NULL) { + ERR_set_mark(); ossl_cms_resolve_libctx(ci); + ERR_pop_to_mark(); + } return ci; } diff --git a/test/cmsapitest.c b/test/cmsapitest.c index 683dad48350..28b0d489922 100644 --- a/test/cmsapitest.c +++ b/test/cmsapitest.c @@ -18,6 +18,7 @@ static X509 *cert = NULL; static EVP_PKEY *privkey = NULL; +static char *derin = NULL; static int test_encrypt_decrypt(const EVP_CIPHER *cipher) { @@ -288,7 +289,30 @@ static int test_d2i_CMS_bio_NULL(void) return ret; } -OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n") +static int test_d2i_CMS_bio_file_encrypted_data(void) +{ + BIO *bio = NULL; + CMS_ContentInfo *cms = NULL; + int ret = 0; + + ERR_clear_error(); + + if (!TEST_ptr(bio = BIO_new_file(derin, "r")) + || !TEST_ptr(cms = d2i_CMS_bio(bio, NULL))) + goto end; + + if (!TEST_int_eq(ERR_peek_error(), 0)) + goto end; + + ret = 1; +end: + CMS_ContentInfo_free(cms); + BIO_free(bio); + + return ret; +} + +OPT_TEST_DECLARE_USAGE("certfile privkeyfile derfile\n") int setup_tests(void) { @@ -301,7 +325,8 @@ int setup_tests(void) } if (!TEST_ptr(certin = test_get_argument(0)) - || !TEST_ptr(privkeyin = test_get_argument(1))) + || !TEST_ptr(privkeyin = test_get_argument(1)) + || !TEST_ptr(derin = test_get_argument(2))) return 0; certbio = BIO_new_file(certin, "r"); @@ -332,6 +357,7 @@ int setup_tests(void) ADD_TEST(test_encrypt_decrypt_aes_192_gcm); ADD_TEST(test_encrypt_decrypt_aes_256_gcm); ADD_TEST(test_d2i_CMS_bio_NULL); + ADD_TEST(test_d2i_CMS_bio_file_encrypted_data); return 1; } diff --git a/test/recipes/80-test_cmsapi.t b/test/recipes/80-test_cmsapi.t index 8f8a1189a51..9ec44a5f909 100644 --- a/test/recipes/80-test_cmsapi.t +++ b/test/recipes/80-test_cmsapi.t @@ -17,5 +17,6 @@ plan skip_all => "CMS is disabled in this build" if disabled("cms"); plan tests => 1; ok(run(test(["cmsapitest", srctop_file("test", "certs", "servercert.pem"), - srctop_file("test", "certs", "serverkey.pem")])), + srctop_file("test", "certs", "serverkey.pem"), + srctop_file("test", "recipes", "80-test_cmsapi_data", "encryptedData.der")])), "running cmsapitest"); diff --git a/test/recipes/80-test_cmsapi_data/encryptedData.der b/test/recipes/80-test_cmsapi_data/encryptedData.der new file mode 100644 index 00000000000..4421d08a3e3 Binary files /dev/null and b/test/recipes/80-test_cmsapi_data/encryptedData.der differ