Prune low-level ASN.1 parse errors from error queue in decoder_process()

Fixes #12840 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12893)
author: Dr. David von Oheimb <David.von.Oheimb@siemens.com> 2020-09-16 12:52:09 +0200
committer: Dr. David von Oheimb <David.von.Oheimb@siemens.com> 2020-09-24 14:34:56 +0200
commit: 29844ea5b3d2b7240d99b043a0d82cb177f0762d (patch)
tree: 1cb0954dd516bb5a640876fa64d59ff6fe53d51d /crypto/pkcs12
parent: 50eb2a507732b4d32879709dbfa335ccb542f676 (diff)
download: openssl-new-29844ea5b3d2b7240d99b043a0d82cb177f0762d.tar.gz
3 files changed, 7 insertions, 13 deletions
diff --git a/crypto/pkcs12/p12_decr.c b/crypto/pkcs12/p12_decr.c
index 32e5597e06..37c8e40194 100644
--- a/crypto/pkcs12/p12_decr.c
+++ b/crypto/pkcs12/p12_decr.c
@@ -33,11 +33,8 @@ unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
 
     /* Process data */
     if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen,
-                            algor->parameter, ctx, en_de)) {
-        PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,
-                  PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);
+                            algor->parameter, ctx, en_de))
         goto err;
-    }
 
     /*
      * GOST algorithm specifics:
@@ -125,11 +122,8 @@ void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it,
     int outlen = 0;
 
     if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length,
-                          &out, &outlen, 0)) {
-        PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,
-                  PKCS12_R_PKCS12_PBE_CRYPT_ERROR);
+                          &out, &outlen, 0))
         return NULL;
-    }
     p = out;
     OSSL_TRACE_BEGIN(PKCS12_DECRYPT) {
         BIO_printf(trc_out, "\n");
diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c
index 126a6ce94b..ad1f4ee1ed 100644
--- a/crypto/pkcs12/p12_kiss.c
+++ b/crypto/pkcs12/p12_kiss.c
@@ -80,7 +80,11 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
     }
 
     if (!parse_pk12(p12, pass, -1, pkey, ocerts)) {
-        PKCS12err(PKCS12_F_PKCS12_PARSE, PKCS12_R_PARSE_ERROR);
+        int err = ERR_peek_last_error();
+
+        if (ERR_GET_LIB(err) != ERR_LIB_EVP
+                && ERR_GET_REASON(err) != EVP_R_UNSUPPORTED_ALGORITHM)
+            PKCS12err(0, PKCS12_R_PARSE_ERROR);
         goto err;
     }
 
diff --git a/crypto/pkcs12/pk12err.c b/crypto/pkcs12/pk12err.c
index f7789dc8d3..ae835c57be 100644
--- a/crypto/pkcs12/pk12err.c
+++ b/crypto/pkcs12/pk12err.c
@@ -39,12 +39,8 @@ static const ERR_STRING_DATA PKCS12_str_reasons[] = {
     {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_MAC_VERIFY_FAILURE),
     "mac verify failure"},
     {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_PARSE_ERROR), "parse error"},
-    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR),
-    "pkcs12 algor cipherinit error"},
     {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_PKCS12_CIPHERFINAL_ERROR),
     "pkcs12 cipherfinal error"},
-    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_PKCS12_PBE_CRYPT_ERROR),
-    "pkcs12 pbe crypt error"},
     {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM),
     "unknown digest algorithm"},
     {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_UNSUPPORTED_PKCS12_MODE),
author	Dr. David von Oheimb <David.von.Oheimb@siemens.com>	2020-09-16 12:52:09 +0200
committer	Dr. David von Oheimb <David.von.Oheimb@siemens.com>	2020-09-24 14:34:56 +0200
commit	29844ea5b3d2b7240d99b043a0d82cb177f0762d (patch)
tree	1cb0954dd516bb5a640876fa64d59ff6fe53d51d /crypto/pkcs12
parent	50eb2a507732b4d32879709dbfa335ccb542f676 (diff)
download	openssl-new-29844ea5b3d2b7240d99b043a0d82cb177f0762d.tar.gz