diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-09-16 12:52:09 +0200 |
---|---|---|
committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-09-24 14:34:56 +0200 |
commit | 29844ea5b3d2b7240d99b043a0d82cb177f0762d (patch) | |
tree | 1cb0954dd516bb5a640876fa64d59ff6fe53d51d /crypto/pkcs12 | |
parent | 50eb2a507732b4d32879709dbfa335ccb542f676 (diff) | |
download | openssl-new-29844ea5b3d2b7240d99b043a0d82cb177f0762d.tar.gz |
Prune low-level ASN.1 parse errors from error queue in decoder_process()
Fixes #12840
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12893)
Diffstat (limited to 'crypto/pkcs12')
-rw-r--r-- | crypto/pkcs12/p12_decr.c | 10 | ||||
-rw-r--r-- | crypto/pkcs12/p12_kiss.c | 6 | ||||
-rw-r--r-- | crypto/pkcs12/pk12err.c | 4 |
3 files changed, 7 insertions, 13 deletions
diff --git a/crypto/pkcs12/p12_decr.c b/crypto/pkcs12/p12_decr.c index 32e5597e06..37c8e40194 100644 --- a/crypto/pkcs12/p12_decr.c +++ b/crypto/pkcs12/p12_decr.c @@ -33,11 +33,8 @@ unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor, /* Process data */ if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen, - algor->parameter, ctx, en_de)) { - PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, - PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR); + algor->parameter, ctx, en_de)) goto err; - } /* * GOST algorithm specifics: @@ -125,11 +122,8 @@ void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it, int outlen = 0; if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length, - &out, &outlen, 0)) { - PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I, - PKCS12_R_PKCS12_PBE_CRYPT_ERROR); + &out, &outlen, 0)) return NULL; - } p = out; OSSL_TRACE_BEGIN(PKCS12_DECRYPT) { BIO_printf(trc_out, "\n"); diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c index 126a6ce94b..ad1f4ee1ed 100644 --- a/crypto/pkcs12/p12_kiss.c +++ b/crypto/pkcs12/p12_kiss.c @@ -80,7 +80,11 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, } if (!parse_pk12(p12, pass, -1, pkey, ocerts)) { - PKCS12err(PKCS12_F_PKCS12_PARSE, PKCS12_R_PARSE_ERROR); + int err = ERR_peek_last_error(); + + if (ERR_GET_LIB(err) != ERR_LIB_EVP + && ERR_GET_REASON(err) != EVP_R_UNSUPPORTED_ALGORITHM) + PKCS12err(0, PKCS12_R_PARSE_ERROR); goto err; } diff --git a/crypto/pkcs12/pk12err.c b/crypto/pkcs12/pk12err.c index f7789dc8d3..ae835c57be 100644 --- a/crypto/pkcs12/pk12err.c +++ b/crypto/pkcs12/pk12err.c @@ -39,12 +39,8 @@ static const ERR_STRING_DATA PKCS12_str_reasons[] = { {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_MAC_VERIFY_FAILURE), "mac verify failure"}, {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_PARSE_ERROR), "parse error"}, - {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR), - "pkcs12 algor cipherinit error"}, {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_PKCS12_CIPHERFINAL_ERROR), "pkcs12 cipherfinal error"}, - {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_PKCS12_PBE_CRYPT_ERROR), - "pkcs12 pbe crypt error"}, {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM), "unknown digest algorithm"}, {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_UNSUPPORTED_PKCS12_MODE), |