From: Tomas Mraz <tomas@openssl.org>
Date: Wed, 19 May 2021 16:16:21 +0000 (+0200)
Subject: pem_read_bio_key_legacy: Do not obscure real error if there is one
X-Git-Tag: openssl-3.0.0-beta1~452
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8a709c5e4b5a6b91ebf5001a94ed80ab20f05472;p=thirdparty%2Fopenssl.git

pem_read_bio_key_legacy: Do not obscure real error if there is one

Fixes #15170

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15355)
---

diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c
index 3f0a9e4fefc..adbf8bcfe70 100644
--- a/crypto/pem/pem_pkey.c
+++ b/crypto/pem/pem_pkey.c
@@ -171,7 +171,8 @@ static EVP_PKEY *pem_read_bio_key_legacy(BIO *bp, EVP_PKEY **x,
     }
 
  p8err:
-    if (ret == NULL)
+    if (ret == NULL && ERR_peek_last_error() == 0)
+        /* ensure some error is reported but do not hide the real one */
         ERR_raise(ERR_LIB_PEM, ERR_R_ASN1_LIB);
  err:
     OPENSSL_secure_free(nm);