diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-09-28 16:14:14 +0200 |
---|---|---|
committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-09-30 20:49:44 +0200 |
commit | 66066e1bba041459c2f879666b79e4a2158f5905 (patch) | |
tree | 3ad2f2014c9a05cd720746fe601dc6500c8b6946 /crypto/encode_decode | |
parent | 9032c2c11b2f14dcdbd253b470abc595a07a6c51 (diff) |
Prune low-level ASN.1 parse errors from error queue in der2key_decode() etc.
Also adds error output tests on loading key files with unsupported algorithms to 30-test_evp.t
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13023)
Diffstat (limited to 'crypto/encode_decode')
-rw-r--r-- | crypto/encode_decode/decoder_lib.c | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/crypto/encode_decode/decoder_lib.c b/crypto/encode_decode/decoder_lib.c index 0bc772e43b..0411da41f4 100644 --- a/crypto/encode_decode/decoder_lib.c +++ b/crypto/encode_decode/decoder_lib.c @@ -11,6 +11,9 @@ #include <openssl/bio.h> #include <openssl/params.h> #include <openssl/provider.h> +#include <openssl/evperr.h> +#include <openssl/ecerr.h> +#include <openssl/x509err.h> #include "internal/passphrase.h" #include "crypto/decoder.h" #include "encoder_local.h" @@ -424,7 +427,7 @@ static int decoder_process(const OSSL_PARAM params[], void *arg) BIO *bio = data->bio; long loc; size_t i; - int ok = 0; + int err, ok = 0; /* For recursions */ struct decoder_process_data_st new_data; @@ -532,6 +535,16 @@ static int decoder_process(const OSSL_PARAM params[], void *arg) &new_data.ctx->pwdata); if (ok) break; + err = ERR_peek_last_error(); + if ((ERR_GET_LIB(err) == ERR_LIB_EVP + && ERR_GET_REASON(err) == EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM) +#ifndef OPENSSL_NO_EC + || (ERR_GET_LIB(err) == ERR_LIB_EC + && ERR_GET_REASON(err) == EC_R_UNKNOWN_GROUP) +#endif + || (ERR_GET_LIB(err) == ERR_LIB_X509 + && ERR_GET_REASON(err) == X509_R_UNSUPPORTED_ALGORITHM)) + break; /* fatal error; preserve it on the error queue and stop */ } end: |