From ce8822b7e5f4fdf836677faee336a5cf996d4363 Mon Sep 17 00:00:00 2001 From: Dmitry Belyavskiy Date: Fri, 17 Jun 2022 10:08:22 +0200 Subject: [PATCH] Improve diagnostics on setting groups - If keymgmmt is not available, it's not an error but the error message persists in stack - when setting groups, it's worth saying which group is not available Fixes #18585 Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/18591) --- ssl/t1_lib.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index d73bdffb62c..44204de0e6d 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -343,6 +343,7 @@ static int add_provider_groups(const OSSL_PARAM params[], void *data) * it. */ ret = 1; + ERR_set_mark(); keymgmt = EVP_KEYMGMT_fetch(ctx->libctx, ginf->algorithm, ctx->propq); if (keymgmt != NULL) { /* @@ -364,6 +365,7 @@ static int add_provider_groups(const OSSL_PARAM params[], void *data) } EVP_KEYMGMT_free(keymgmt); } + ERR_pop_to_mark(); err: if (ginf != NULL) { OPENSSL_free(ginf->tlsname); @@ -766,8 +768,11 @@ static int gid_cb(const char *elem, int len, void *arg) etmp[len] = 0; gid = tls1_group_name2id(garg->ctx, etmp); - if (gid == 0) + if (gid == 0) { + ERR_raise_data(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT, + "group '%s' cannot be set", etmp); return 0; + } for (i = 0; i < garg->gidcnt; i++) if (garg->gid_arr[i] == gid) return 0; -- 2.47.3