STORE: Stop the flood of errors

The old 'file:' loader was recently changed to stop the flood of repeated nested ASN.1 errors when trying to decode a DER blob in diverse ways. That is now reproduced in ossl_store_handle_load_result() Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12587)
author: Richard Levitte <levitte@openssl.org> 2020-08-29 09:40:31 +0200
committer: Richard Levitte <levitte@openssl.org> 2020-09-03 17:48:32 +0200
commit: c2150f73571fbcf150d0a7e5eaef537fd43857fa (patch)
tree: ccadefea88cd4257301e689e247da1a92ac9e620 /crypto/store
parent: 67b640135696d4426475fb0c455c094a6c33ee45 (diff)
1 files changed, 35 insertions, 6 deletions
diff --git a/crypto/store/store_result.c b/crypto/store/store_result.c
index 9df29cec0a..47dd21acb9 100644
--- a/crypto/store/store_result.c
+++ b/crypto/store/store_result.c
@@ -83,6 +83,23 @@ static int try_crl(struct extracted_param_data_st *, OSSL_STORE_INFO **,
 static int try_pkcs12(struct extracted_param_data_st *, OSSL_STORE_INFO **,
                       OSSL_STORE_CTX *, OPENSSL_CTX *, const char *);
 
+#define SET_ERR_MARK() ERR_set_mark()
+#define CLEAR_ERR_MARK()                                                \
+    do {                                                                \
+        int err = ERR_peek_last_error();                                \
+                                                                        \
+        if (ERR_GET_LIB(err) == ERR_LIB_ASN1                            \
+            && ERR_GET_REASON(err) == ERR_R_NESTED_ASN1_ERROR)          \
+            ERR_pop_to_mark();                                          \
+        else                                                            \
+            ERR_clear_last_mark();                                      \
+    } while(0)
+#define RESET_ERR_MARK()                                                \
+    do {                                                                \
+        CLEAR_ERR_MARK();                                               \
+        SET_ERR_MARK();                                                 \
+    } while(0)
+
 int ossl_store_handle_load_result(const OSSL_PARAM params[], void *arg)
 {
     struct ossl_load_result_data_st *cbdata = arg;
@@ -123,14 +140,26 @@ int ossl_store_handle_load_result(const OSSL_PARAM params[], void *arg)
      * The helper functions return 0 on actual errors, otherwise 1, even if
      * they didn't fill out |*v|.
      */
-    if (!try_name(&helper_data, v)
-        || !try_key(&helper_data, v, ctx, provider, libctx, propq)
-        || !try_cert(&helper_data, v, libctx, propq)
-        || !try_crl(&helper_data, v, libctx, propq)
-        || !try_pkcs12(&helper_data, v, ctx, libctx, propq))
-        return 0;
+    SET_ERR_MARK();
+    if (!try_name(&helper_data, v))
+        goto err;
+    RESET_ERR_MARK();
+    if (!try_key(&helper_data, v, ctx, provider, libctx, propq))
+        goto err;
+    RESET_ERR_MARK();
+    if (!try_cert(&helper_data, v, libctx, propq))
+        goto err;
+    RESET_ERR_MARK();
+    if (!try_crl(&helper_data, v, libctx, propq))
+        goto err;
+    RESET_ERR_MARK();
+    if (!try_pkcs12(&helper_data, v, ctx, libctx, propq))
+        goto err;
+    CLEAR_ERR_MARK();
 
     return (*v != NULL);
+ err:
+    return 0;
 }
 
 static int try_name(struct extracted_param_data_st *data, OSSL_STORE_INFO **v)
author	Richard Levitte <levitte@openssl.org>	2020-08-29 09:40:31 +0200
committer	Richard Levitte <levitte@openssl.org>	2020-09-03 17:48:32 +0200
commit	c2150f73571fbcf150d0a7e5eaef537fd43857fa (patch)
tree	ccadefea88cd4257301e689e247da1a92ac9e620 /crypto/store
parent	67b640135696d4426475fb0c455c094a6c33ee45 (diff)