Prune low-level ASN.1 parse errors from error queue in decoder_process()

Fixes #12840 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12893)
author: Dr. David von Oheimb <David.von.Oheimb@siemens.com> 2020-09-16 12:52:09 +0200
committer: Dr. David von Oheimb <David.von.Oheimb@siemens.com> 2020-09-24 14:34:56 +0200
commit: 29844ea5b3d2b7240d99b043a0d82cb177f0762d (patch)
tree: 1cb0954dd516bb5a640876fa64d59ff6fe53d51d /crypto/store/store_result.c
parent: 50eb2a507732b4d32879709dbfa335ccb542f676 (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/crypto/store/store_result.c b/crypto/store/store_result.c
index 0c78e94ec4..a309acc115 100644
--- a/crypto/store/store_result.c
+++ b/crypto/store/store_result.c
@@ -87,7 +87,8 @@ static int try_pkcs12(struct extracted_param_data_st *, OSSL_STORE_INFO **,
         int err = ERR_peek_last_error();                                \
                                                                         \
         if (ERR_GET_LIB(err) == ERR_LIB_ASN1                            \
-            && ERR_GET_REASON(err) == ERR_R_NESTED_ASN1_ERROR)          \
+            && (ERR_GET_REASON(err) == ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE   \
+                || ERR_GET_REASON(err) == ERR_R_NESTED_ASN1_ERROR))     \
             ERR_pop_to_mark();                                          \
         else                                                            \
             ERR_clear_last_mark();                                      \
@@ -279,11 +280,13 @@ static EVP_PKEY *try_key_value_legacy(struct extracted_param_data_st *data,
     const unsigned char *der = data->octet_data, *derp;
     long der_len = (long)data->octet_data_size;
 
+    SET_ERR_MARK();
     /* Try PUBKEY first, that's a real easy target */
     derp = der;
     pk = d2i_PUBKEY_ex(NULL, &derp, der_len, libctx, propq);
     if (pk != NULL)
         *store_info_new = OSSL_STORE_INFO_new_PUBKEY;
+    RESET_ERR_MARK();
 
     /* Try private keys next */
     if (pk == NULL) {
@@ -319,6 +322,7 @@ static EVP_PKEY *try_key_value_legacy(struct extracted_param_data_st *data,
             }
             X509_SIG_free(p8);
         }
+        RESET_ERR_MARK();
 
         /*
          * If the encrypted PKCS#8 couldn't be decrypted,
@@ -328,6 +332,7 @@ static EVP_PKEY *try_key_value_legacy(struct extracted_param_data_st *data,
             /* Try to unpack an unencrypted PKCS#8, that's easy */
             derp = der;
             p8info = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp, der_len);
+            RESET_ERR_MARK();
             if (p8info != NULL) {
                 pk = EVP_PKCS82PKEY_with_libctx(p8info, libctx, propq);
                 PKCS8_PRIV_KEY_INFO_free(p8info);
@@ -344,6 +349,7 @@ static EVP_PKEY *try_key_value_legacy(struct extracted_param_data_st *data,
                 pk = d2i_PrivateKey_ex(EVP_PKEY_SM2, NULL,
                                        &derp, der_len,
                                        libctx, NULL);
+                RESET_ERR_MARK();
             }
         }
 
@@ -363,9 +369,11 @@ static EVP_PKEY *try_key_value_legacy(struct extracted_param_data_st *data,
     if (pk == NULL) {
         derp = der;
         pk = d2i_KeyParams(EVP_PKEY_SM2, NULL, &derp, der_len);
+        RESET_ERR_MARK();
         if (pk != NULL)
             *store_info_new = OSSL_STORE_INFO_new_PARAMS;
     }
+    CLEAR_ERR_MARK();
 
     return pk;
 }
author	Dr. David von Oheimb <David.von.Oheimb@siemens.com>	2020-09-16 12:52:09 +0200
committer	Dr. David von Oheimb <David.von.Oheimb@siemens.com>	2020-09-24 14:34:56 +0200
commit	29844ea5b3d2b7240d99b043a0d82cb177f0762d (patch)
tree	1cb0954dd516bb5a640876fa64d59ff6fe53d51d /crypto/store/store_result.c
parent	50eb2a507732b4d32879709dbfa335ccb542f676 (diff)