summaryrefslogtreecommitdiff
path: root/crypto/pkcs12
diff options
context:
space:
mode:
authorDr. David von Oheimb <David.von.Oheimb@siemens.com>2020-09-16 12:52:09 +0200
committerDr. David von Oheimb <David.von.Oheimb@siemens.com>2020-09-24 14:34:56 +0200
commit29844ea5b3d2b7240d99b043a0d82cb177f0762d (patch)
tree1cb0954dd516bb5a640876fa64d59ff6fe53d51d /crypto/pkcs12
parent50eb2a507732b4d32879709dbfa335ccb542f676 (diff)
downloadopenssl-new-29844ea5b3d2b7240d99b043a0d82cb177f0762d.tar.gz
Prune low-level ASN.1 parse errors from error queue in decoder_process()
Fixes #12840 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12893)
Diffstat (limited to 'crypto/pkcs12')
-rw-r--r--crypto/pkcs12/p12_decr.c10
-rw-r--r--crypto/pkcs12/p12_kiss.c6
-rw-r--r--crypto/pkcs12/pk12err.c4
3 files changed, 7 insertions, 13 deletions
diff --git a/crypto/pkcs12/p12_decr.c b/crypto/pkcs12/p12_decr.c
index 32e5597e06..37c8e40194 100644
--- a/crypto/pkcs12/p12_decr.c
+++ b/crypto/pkcs12/p12_decr.c
@@ -33,11 +33,8 @@ unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
/* Process data */
if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen,
- algor->parameter, ctx, en_de)) {
- PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,
- PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);
+ algor->parameter, ctx, en_de))
goto err;
- }
/*
* GOST algorithm specifics:
@@ -125,11 +122,8 @@ void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it,
int outlen = 0;
if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length,
- &out, &outlen, 0)) {
- PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,
- PKCS12_R_PKCS12_PBE_CRYPT_ERROR);
+ &out, &outlen, 0))
return NULL;
- }
p = out;
OSSL_TRACE_BEGIN(PKCS12_DECRYPT) {
BIO_printf(trc_out, "\n");
diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c
index 126a6ce94b..ad1f4ee1ed 100644
--- a/crypto/pkcs12/p12_kiss.c
+++ b/crypto/pkcs12/p12_kiss.c
@@ -80,7 +80,11 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
}
if (!parse_pk12(p12, pass, -1, pkey, ocerts)) {
- PKCS12err(PKCS12_F_PKCS12_PARSE, PKCS12_R_PARSE_ERROR);
+ int err = ERR_peek_last_error();
+
+ if (ERR_GET_LIB(err) != ERR_LIB_EVP
+ && ERR_GET_REASON(err) != EVP_R_UNSUPPORTED_ALGORITHM)
+ PKCS12err(0, PKCS12_R_PARSE_ERROR);
goto err;
}
diff --git a/crypto/pkcs12/pk12err.c b/crypto/pkcs12/pk12err.c
index f7789dc8d3..ae835c57be 100644
--- a/crypto/pkcs12/pk12err.c
+++ b/crypto/pkcs12/pk12err.c
@@ -39,12 +39,8 @@ static const ERR_STRING_DATA PKCS12_str_reasons[] = {
{ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_MAC_VERIFY_FAILURE),
"mac verify failure"},
{ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_PARSE_ERROR), "parse error"},
- {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR),
- "pkcs12 algor cipherinit error"},
{ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_PKCS12_CIPHERFINAL_ERROR),
"pkcs12 cipherfinal error"},
- {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_PKCS12_PBE_CRYPT_ERROR),
- "pkcs12 pbe crypt error"},
{ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM),
"unknown digest algorithm"},
{ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_UNSUPPORTED_PKCS12_MODE),