diff options
author | Daniel Fiala <daniel@openssl.org> | 2022-04-04 19:41:32 +0200 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2022-04-12 10:39:29 +0200 |
commit | 5585d0da5f27971d39050c213a064ca6b3249e4a (patch) | |
tree | b71eefd4d3abf3163493f04b74f78f3c715aa23e /ssl | |
parent | 2773e758fa55bb765a628fcdfbcd2b4018476130 (diff) |
SSL_conf_cmd: Allow DH Parameters at any position.
Fixes openssl#17326.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18041)
(cherry picked from commit b2b8d1883a3b7e64006b0b4ada0cbcf3eb6dba1a)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/ssl_conf.c | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index c0cbbe5e2c..deb0c9aaa6 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -597,15 +597,19 @@ static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value) = OSSL_DECODER_CTX_new_for_pkey(&dhpkey, "PEM", NULL, "DH", OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, sslctx->libctx, sslctx->propq); - if (decoderctx == NULL - || !OSSL_DECODER_from_bio(decoderctx, in)) { - OSSL_DECODER_CTX_free(decoderctx); + if (decoderctx == NULL) goto end; - } + ERR_set_mark(); + while (!OSSL_DECODER_from_bio(decoderctx, in) + && dhpkey == NULL + && !BIO_eof(in)); OSSL_DECODER_CTX_free(decoderctx); - if (dhpkey == NULL) + if (dhpkey == NULL) { + ERR_clear_last_mark(); goto end; + } + ERR_pop_to_mark(); } else { return 1; } |