Clear incorrectly reported errors in cms_io.

Fixes openssl#17841. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18109)
2022-03-28 12:53:08 +00:00 · 2022-03-28 12:53:08 +00:00 · 45a3c592b9
parent 3f075967f6
commit 45a3c592b9
4 changed files with 38 additions and 5 deletions
--- a/crypto/cms/cms_io.c
+++ b/crypto/cms/cms_io.c
@ -41,8 +41,11 @@ CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms)
    ci = ASN1_item_d2i_bio_ex(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms,
                              ossl_cms_ctx_get0_libctx(ctx),
                              ossl_cms_ctx_get0_propq(ctx));
-    if (ci != NULL)
+    if (ci != NULL) {
+        ERR_set_mark();
        ossl_cms_resolve_libctx(ci);
+        ERR_pop_to_mark();
+    }
    return ci;
 }

@ -104,8 +107,11 @@ CMS_ContentInfo *SMIME_read_CMS_ex(BIO *bio, int flags, BIO **bcont,
                                               (ASN1_VALUE **)cms,
                                               ossl_cms_ctx_get0_libctx(ctx),
                                               ossl_cms_ctx_get0_propq(ctx));
-    if (ci != NULL)
+    if (ci != NULL) {
+        ERR_set_mark();
        ossl_cms_resolve_libctx(ci);
+        ERR_pop_to_mark();
+    }
    return ci;
 }

--- a/test/cmsapitest.c
+++ b/test/cmsapitest.c
@ -18,6 +18,7 @@

 static X509 *cert = NULL;
 static EVP_PKEY *privkey = NULL;
+static char *derin = NULL;

 static int test_encrypt_decrypt(const EVP_CIPHER *cipher)
 {
@ -288,7 +289,30 @@ static int test_d2i_CMS_bio_NULL(void)
    return ret;
 }

-OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n")
+static int test_d2i_CMS_bio_file_encrypted_data(void)
+{
+    BIO *bio = NULL;
+    CMS_ContentInfo *cms = NULL;
+    int ret = 0;
+
+    ERR_clear_error();
+
+    if (!TEST_ptr(bio = BIO_new_file(derin, "r"))
+      || !TEST_ptr(cms = d2i_CMS_bio(bio, NULL)))
+      goto end;
+
+    if (!TEST_int_eq(ERR_peek_error(), 0))
+        goto end;
+
+    ret = 1;
+end:
+    CMS_ContentInfo_free(cms);
+    BIO_free(bio);
+
+    return ret;
+}
+
+OPT_TEST_DECLARE_USAGE("certfile privkeyfile derfile\n")

 int setup_tests(void)
 {
@ -301,7 +325,8 @@ int setup_tests(void)
    }

    if (!TEST_ptr(certin = test_get_argument(0))
-            || !TEST_ptr(privkeyin = test_get_argument(1)))
+            || !TEST_ptr(privkeyin = test_get_argument(1))
+            || !TEST_ptr(derin = test_get_argument(2)))
        return 0;

    certbio = BIO_new_file(certin, "r");
@ -332,6 +357,7 @@ int setup_tests(void)
    ADD_TEST(test_encrypt_decrypt_aes_192_gcm);
    ADD_TEST(test_encrypt_decrypt_aes_256_gcm);
    ADD_TEST(test_d2i_CMS_bio_NULL);
+    ADD_TEST(test_d2i_CMS_bio_file_encrypted_data);
    return 1;
 }

--- a/test/recipes/80-test_cmsapi.t
+++ b/test/recipes/80-test_cmsapi.t
@ -17,5 +17,6 @@ plan skip_all => "CMS is disabled in this build" if disabled("cms");
 plan tests => 1;

 ok(run(test(["cmsapitest", srctop_file("test", "certs", "servercert.pem"),
-             srctop_file("test", "certs", "serverkey.pem")])),
+             srctop_file("test", "certs", "serverkey.pem"),
+             srctop_file("test", "recipes", "80-test_cmsapi_data", "encryptedData.der")])),
             "running cmsapitest");
--- a/test/recipes/80-test_cmsapi_data/encryptedData.der
+++ b/test/recipes/80-test_cmsapi_data/encryptedData.der