SSL_conf_cmd: Allow DH Parameters at any position.

Fixes openssl#17326. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18041) (cherry picked from commit b2b8d1883a3b7e64006b0b4ada0cbcf3eb6dba1a)
author: Daniel Fiala <daniel@openssl.org> 2022-04-04 19:41:32 +0200
committer: Tomas Mraz <tomas@openssl.org> 2022-04-12 10:39:29 +0200
commit: 5585d0da5f27971d39050c213a064ca6b3249e4a (patch)
tree: b71eefd4d3abf3163493f04b74f78f3c715aa23e /ssl
parent: 2773e758fa55bb765a628fcdfbcd2b4018476130 (diff)
1 files changed, 9 insertions, 5 deletions
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index c0cbbe5e2c..deb0c9aaa6 100644
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -597,15 +597,19 @@ static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value)
             = OSSL_DECODER_CTX_new_for_pkey(&dhpkey, "PEM", NULL, "DH",
                                             OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
                                             sslctx->libctx, sslctx->propq);
-        if (decoderctx == NULL
-                || !OSSL_DECODER_from_bio(decoderctx, in)) {
-            OSSL_DECODER_CTX_free(decoderctx);
+        if (decoderctx == NULL)
             goto end;
-        }
+        ERR_set_mark();
+        while (!OSSL_DECODER_from_bio(decoderctx, in)
+               && dhpkey == NULL
+               && !BIO_eof(in));
         OSSL_DECODER_CTX_free(decoderctx);
 
-        if (dhpkey == NULL)
+        if (dhpkey == NULL) {
+            ERR_clear_last_mark();
             goto end;
+        }
+        ERR_pop_to_mark();
     } else {
         return 1;
     }
author	Daniel Fiala <daniel@openssl.org>	2022-04-04 19:41:32 +0200
committer	Tomas Mraz <tomas@openssl.org>	2022-04-12 10:39:29 +0200
commit	5585d0da5f27971d39050c213a064ca6b3249e4a (patch)
tree	b71eefd4d3abf3163493f04b74f78f3c715aa23e /ssl
parent	2773e758fa55bb765a628fcdfbcd2b4018476130 (diff)