From 3d80b5e611f112fd004a4320cb5ecce93c73b7d4 Mon Sep 17 00:00:00 2001
From: Richard Levitte <levitte@openssl.org>
Date: Fri, 23 Apr 2021 15:47:59 +0200
Subject: STORE: Simplify error filtering in der2obj_decode()

We do here like in all other decoder implementations, drop all errors
that were caused by a failing asn1_d2i_read_bio(), as it's most likely
to mean that the input isn't DER, and another decoder implementation,
if there is any left, should have a go.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/15008)
---
 .../implementations/storemgmt/file_store_der2obj.c | 24 ++++++----------------
 1 file changed, 6 insertions(+), 18 deletions(-)

(limited to 'providers/implementations/storemgmt')

diff --git a/providers/implementations/storemgmt/file_store_der2obj.c b/providers/implementations/storemgmt/file_store_der2obj.c
index 2ecf20bac7..4f90535842 100644
--- a/providers/implementations/storemgmt/file_store_der2obj.c
+++ b/providers/implementations/storemgmt/file_store_der2obj.c
@@ -87,29 +87,18 @@ static int der2obj_decode(void *provctx, OSSL_CORE_BIO *cin, int selection,
      */
     BIO *in = ossl_bio_new_from_core_bio(provctx, cin);
     BUF_MEM *mem = NULL;
-    int err, ok;
+    int ok;
 
     if (in == NULL)
         return 0;
 
     ERR_set_mark();
     ok = (asn1_d2i_read_bio(in, &mem) >= 0);
-    /*
-     * Prune low-level ASN.1 parse errors from error queue, assuming that
-     * this is called by decoder_process() in a loop trying several formats.
-     */
-    if (!ok) {
-        err = ERR_peek_last_error();
-        if (ERR_GET_LIB(err) == ERR_LIB_ASN1
-            && (ERR_GET_REASON(err) == ASN1_R_HEADER_TOO_LONG
-                || ERR_GET_REASON(err) == ASN1_R_UNSUPPORTED_TYPE
-                || ERR_GET_REASON(err) == ERR_R_NESTED_ASN1_ERROR
-                || ERR_GET_REASON(err) == ASN1_R_NOT_ENOUGH_DATA)) {
-            ERR_pop_to_mark();
-        } else {
-            ERR_clear_last_mark();
-            goto end;
-        }
+    ERR_pop_to_mark();
+    if (!ok && mem != NULL) {
+        OPENSSL_free(mem->data);
+        OPENSSL_free(mem);
+        mem = NULL;
     }
 
     ok = 1;
@@ -128,7 +117,6 @@ static int der2obj_decode(void *provctx, OSSL_CORE_BIO *cin, int selection,
         OPENSSL_free(mem->data);
         OPENSSL_free(mem);
     }
- end:
     BIO_free(in);
     return ok;
 }
-- 
cgit v1.2.3