Clear incorrectly reported errors in cms_io.

Fixes openssl#17841.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18109)

(cherry picked from commit 45a3c592b94b66cab72e5bffbaf9d810c3fb29c0)

diff --git a/crypto/cms/cms_io.c b/crypto/cms/cms_io.c
index 3768ea4db2361120d4ddbb43a8f8745dab3c0569..935344167aae240243e47c7fe55f6295d051aad5 100644 (file)
--- a/crypto/cms/cms_io.c
+++ b/crypto/cms/cms_io.c
@@ -41,8 +41,11 @@ CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms)
     ci = ASN1_item_d2i_bio_ex(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms,
                               ossl_cms_ctx_get0_libctx(ctx),
                               ossl_cms_ctx_get0_propq(ctx));
-    if (ci != NULL)
+    if (ci != NULL) {
+        ERR_set_mark();
         ossl_cms_resolve_libctx(ci);
+        ERR_pop_to_mark();
+    }
     return ci;
 }
 
@@ -104,8 +107,11 @@ CMS_ContentInfo *SMIME_read_CMS_ex(BIO *bio, int flags, BIO **bcont,
                                                (ASN1_VALUE **)cms,
                                                ossl_cms_ctx_get0_libctx(ctx),
                                                ossl_cms_ctx_get0_propq(ctx));
-    if (ci != NULL)
+    if (ci != NULL) {
+        ERR_set_mark();
         ossl_cms_resolve_libctx(ci);
+        ERR_pop_to_mark();
+    }
     return ci;
 }
 

diff --git a/test/cmsapitest.c b/test/cmsapitest.c
index 683dad48350e480f50cb4fc5149202f785f0acb8..28b0d489922f0f139876bc458a15e463d55708ce 100644 (file)
--- a/test/cmsapitest.c
+++ b/test/cmsapitest.c
@@ -18,6 +18,7 @@
 
 static X509 *cert = NULL;
 static EVP_PKEY *privkey = NULL;
+static char *derin = NULL;
 
 static int test_encrypt_decrypt(const EVP_CIPHER *cipher)
 {
@@ -288,7 +289,30 @@ static int test_d2i_CMS_bio_NULL(void)
     return ret;
 }
 
-OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n")
+static int test_d2i_CMS_bio_file_encrypted_data(void)
+{
+    BIO *bio = NULL;
+    CMS_ContentInfo *cms = NULL;
+    int ret = 0;
+
+    ERR_clear_error();
+
+    if (!TEST_ptr(bio = BIO_new_file(derin, "r"))
+      || !TEST_ptr(cms = d2i_CMS_bio(bio, NULL)))
+      goto end;
+
+    if (!TEST_int_eq(ERR_peek_error(), 0))
+        goto end;
+
+    ret = 1;
+end:
+    CMS_ContentInfo_free(cms);
+    BIO_free(bio);
+
+    return ret;
+}
+
+OPT_TEST_DECLARE_USAGE("certfile privkeyfile derfile\n")
 
 int setup_tests(void)
 {
@@ -301,7 +325,8 @@ int setup_tests(void)
     }
 
     if (!TEST_ptr(certin = test_get_argument(0))
-            || !TEST_ptr(privkeyin = test_get_argument(1)))
+            || !TEST_ptr(privkeyin = test_get_argument(1))
+            || !TEST_ptr(derin = test_get_argument(2)))
         return 0;
 
     certbio = BIO_new_file(certin, "r");
@@ -332,6 +357,7 @@ int setup_tests(void)
     ADD_TEST(test_encrypt_decrypt_aes_192_gcm);
     ADD_TEST(test_encrypt_decrypt_aes_256_gcm);
     ADD_TEST(test_d2i_CMS_bio_NULL);
+    ADD_TEST(test_d2i_CMS_bio_file_encrypted_data);
     return 1;
 }
 

diff --git a/test/recipes/80-test_cmsapi.t b/test/recipes/80-test_cmsapi.t
index 8f8a1189a51a4d68c765d734280d5012e16b3492..9ec44a5f909ef36257fa0a7f610e28e560956659 100644 (file)
--- a/test/recipes/80-test_cmsapi.t
+++ b/test/recipes/80-test_cmsapi.t
@@ -17,5 +17,6 @@ plan skip_all => "CMS is disabled in this build" if disabled("cms");
 plan tests => 1;
 
 ok(run(test(["cmsapitest", srctop_file("test", "certs", "servercert.pem"),
-             srctop_file("test", "certs", "serverkey.pem")])),
+             srctop_file("test", "certs", "serverkey.pem"),
+             srctop_file("test", "recipes", "80-test_cmsapi_data", "encryptedData.der")])),
              "running cmsapitest");

diff --git a/test/recipes/80-test_cmsapi_data/encryptedData.der b/test/recipes/80-test_cmsapi_data/encryptedData.der
new file mode 100644 (file)
index 0000000..4421d08
Binary files /dev/null and b/test/recipes/80-test_cmsapi_data/encryptedData.der differ