git.openssl.org Git - openssl.git/commit

author	Daniel Bevenius <daniel.bevenius@gmail.com>
	Wed, 28 Apr 2021 08:30:13 +0000 (10:30 +0200)
committer	Benjamin Kaduk <kaduk@mit.edu>
	Sun, 9 May 2021 18:31:52 +0000 (11:31 -0700)
commit	8be513ae46765ab4c4c3e244640652c24633288d
tree	a0460643401c3cb4b30815fd7ee913c378a94d8c	tree \| snapshot
parent	f7f0632b01cf16efccb133e395cf115c194bd003	commit \| diff

Mark pop/clear error stack in der2key_decode_p8

This commit sets the error mark before calling d2i_X509_SIG
and clear it if that function call is successful.

The motivation for this is that if d2i_X509_SIG returns NULL then the
else clause will be entered and d2i_PKCS8_PRIV_KEY_INFO will be
called. If d2i_X509_SIG raised any errors those error will be on the
error stack when d2i_PKCS8_PRIV_KEY_INFO gets called, and even if it
returns successfully those errors will still be on the error stack.

We ran into this issue when upgrading Node.js to 3.0.0-alpha15.
More details can be found in the ref links below.

Refs: https://github.com/nodejs/node/issues/38373
Refs: https://github.com/danbev/learning-libcrypto/blob/master/notes/wrong-tag-issue2.md

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/15067)

providers/implementations/encode_decode/decode_der2key.c		diff \| blob \| history
test/evp_extra_test.c		diff \| blob \| history