diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-09-16 12:52:09 +0200 |
---|---|---|
committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-09-24 14:34:56 +0200 |
commit | 29844ea5b3d2b7240d99b043a0d82cb177f0762d (patch) | |
tree | 1cb0954dd516bb5a640876fa64d59ff6fe53d51d /crypto/store/store_result.c | |
parent | 50eb2a507732b4d32879709dbfa335ccb542f676 (diff) |
Prune low-level ASN.1 parse errors from error queue in decoder_process()
Fixes #12840
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12893)
Diffstat (limited to 'crypto/store/store_result.c')
-rw-r--r-- | crypto/store/store_result.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/crypto/store/store_result.c b/crypto/store/store_result.c index 0c78e94ec4..a309acc115 100644 --- a/crypto/store/store_result.c +++ b/crypto/store/store_result.c @@ -87,7 +87,8 @@ static int try_pkcs12(struct extracted_param_data_st *, OSSL_STORE_INFO **, int err = ERR_peek_last_error(); \ \ if (ERR_GET_LIB(err) == ERR_LIB_ASN1 \ - && ERR_GET_REASON(err) == ERR_R_NESTED_ASN1_ERROR) \ + && (ERR_GET_REASON(err) == ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE \ + || ERR_GET_REASON(err) == ERR_R_NESTED_ASN1_ERROR)) \ ERR_pop_to_mark(); \ else \ ERR_clear_last_mark(); \ @@ -279,11 +280,13 @@ static EVP_PKEY *try_key_value_legacy(struct extracted_param_data_st *data, const unsigned char *der = data->octet_data, *derp; long der_len = (long)data->octet_data_size; + SET_ERR_MARK(); /* Try PUBKEY first, that's a real easy target */ derp = der; pk = d2i_PUBKEY_ex(NULL, &derp, der_len, libctx, propq); if (pk != NULL) *store_info_new = OSSL_STORE_INFO_new_PUBKEY; + RESET_ERR_MARK(); /* Try private keys next */ if (pk == NULL) { @@ -319,6 +322,7 @@ static EVP_PKEY *try_key_value_legacy(struct extracted_param_data_st *data, } X509_SIG_free(p8); } + RESET_ERR_MARK(); /* * If the encrypted PKCS#8 couldn't be decrypted, @@ -328,6 +332,7 @@ static EVP_PKEY *try_key_value_legacy(struct extracted_param_data_st *data, /* Try to unpack an unencrypted PKCS#8, that's easy */ derp = der; p8info = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp, der_len); + RESET_ERR_MARK(); if (p8info != NULL) { pk = EVP_PKCS82PKEY_with_libctx(p8info, libctx, propq); PKCS8_PRIV_KEY_INFO_free(p8info); @@ -344,6 +349,7 @@ static EVP_PKEY *try_key_value_legacy(struct extracted_param_data_st *data, pk = d2i_PrivateKey_ex(EVP_PKEY_SM2, NULL, &derp, der_len, libctx, NULL); + RESET_ERR_MARK(); } } @@ -363,9 +369,11 @@ static EVP_PKEY *try_key_value_legacy(struct extracted_param_data_st *data, if (pk == NULL) { derp = der; pk = d2i_KeyParams(EVP_PKEY_SM2, NULL, &derp, der_len); + RESET_ERR_MARK(); if (pk != NULL) *store_info_new = OSSL_STORE_INFO_new_PARAMS; } + CLEAR_ERR_MARK(); return pk; } |