From c95ff24db20c3dc063598be1cd18553b21397f79 Mon Sep 17 00:00:00 2001 From: tb Date: Sat, 24 Apr 2021 18:16:39 +0000 Subject: [PATCH] Do not leave errors on the error stack on PKCS12_parse() success. Fix is the same as OpenSSL commit ffbf304d4832bd51bb0618f8ca5b7c26647ee664 Found by Alex Gaynor with a new pyca cryptography regress test. ok inoguchi --- lib/libcrypto/pkcs12/p12_kiss.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/libcrypto/pkcs12/p12_kiss.c b/lib/libcrypto/pkcs12/p12_kiss.c index 102ca3563bd..e0385393d75 100644 --- a/lib/libcrypto/pkcs12/p12_kiss.c +++ b/lib/libcrypto/pkcs12/p12_kiss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_kiss.c,v 1.19 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: p12_kiss.c,v 1.20 2021/04/24 18:16:39 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -132,10 +132,12 @@ PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, while ((x = sk_X509_pop(ocerts))) { if (pkey && *pkey && cert && !*cert) { + ERR_set_mark(); if (X509_check_private_key(x, *pkey)) { *cert = x; x = NULL; } + ERR_pop_to_mark(); } if (ca && x) { -- 2.20.1