From 8a709c5e4b5a6b91ebf5001a94ed80ab20f05472 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Wed, 19 May 2021 18:16:21 +0200
Subject: pem_read_bio_key_legacy: Do not obscure real error if there is one

Fixes #15170

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15355)
---
 crypto/pem/pem_pkey.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'crypto/pem')

diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c
index 3f0a9e4fef..adbf8bcfe7 100644
--- a/crypto/pem/pem_pkey.c
+++ b/crypto/pem/pem_pkey.c
@@ -171,7 +171,8 @@ static EVP_PKEY *pem_read_bio_key_legacy(BIO *bp, EVP_PKEY **x,
     }
 
  p8err:
-    if (ret == NULL)
+    if (ret == NULL && ERR_peek_last_error() == 0)
+        /* ensure some error is reported but do not hide the real one */
         ERR_raise(ERR_LIB_PEM, ERR_R_ASN1_LIB);
  err:
     OPENSSL_secure_free(nm);
-- 
cgit v1.2.3