diff options
author | Daniel Fiala <daniel@openssl.org> | 2022-04-04 19:41:32 +0200 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2022-04-12 10:39:09 +0200 |
commit | b2b8d1883a3b7e64006b0b4ada0cbcf3eb6dba1a (patch) | |
tree | 1244bcc00a036e570bdeb26c7224f63e1751ec87 /ssl | |
parent | 4908787f21f4f5fa24b721ed3ebbc4d3e93ef70c (diff) | |
download | openssl-new-b2b8d1883a3b7e64006b0b4ada0cbcf3eb6dba1a.tar.gz |
SSL_conf_cmd: Allow DH Parameters at any position.
Fixes openssl#17326.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18041)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/ssl_conf.c | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index 9a5fe7171c..6baf0e6fae 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -597,15 +597,19 @@ static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value) = OSSL_DECODER_CTX_new_for_pkey(&dhpkey, "PEM", NULL, "DH", OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, sslctx->libctx, sslctx->propq); - if (decoderctx == NULL - || !OSSL_DECODER_from_bio(decoderctx, in)) { - OSSL_DECODER_CTX_free(decoderctx); + if (decoderctx == NULL) goto end; - } + ERR_set_mark(); + while (!OSSL_DECODER_from_bio(decoderctx, in) + && dhpkey == NULL + && !BIO_eof(in)); OSSL_DECODER_CTX_free(decoderctx); - if (dhpkey == NULL) + if (dhpkey == NULL) { + ERR_clear_last_mark(); goto end; + } + ERR_pop_to_mark(); } else { return 1; } |