Clear incorrectly reported errors in cms_io.

Fixes openssl#17841. Reviewed-by: Shane Lontis <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#18109)
talhaozcan · Apr 21, 2022 · 45a3c59 · 45a3c59
1 parent 3f07596
commit 45a3c59
Show file tree

Hide file tree

Showing 4 changed files with 38 additions and 5 deletions.
diff --git a/crypto/cms/cms_io.c b/crypto/cms/cms_io.c
@@ -41,8 +41,11 @@ CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms)
     ci = ASN1_item_d2i_bio_ex(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms,
                               ossl_cms_ctx_get0_libctx(ctx),
                               ossl_cms_ctx_get0_propq(ctx));
-    if (ci != NULL)
+    if (ci != NULL) {
+        ERR_set_mark();
         ossl_cms_resolve_libctx(ci);
+        ERR_pop_to_mark();
+    }
     return ci;
 }
 
@@ -104,8 +107,11 @@ CMS_ContentInfo *SMIME_read_CMS_ex(BIO *bio, int flags, BIO **bcont,
                                                (ASN1_VALUE **)cms,
                                                ossl_cms_ctx_get0_libctx(ctx),
                                                ossl_cms_ctx_get0_propq(ctx));
-    if (ci != NULL)
+    if (ci != NULL) {
+        ERR_set_mark();
         ossl_cms_resolve_libctx(ci);
+        ERR_pop_to_mark();
+    }
     return ci;
 }
 

diff --git a/test/cmsapitest.c b/test/cmsapitest.c
@@ -18,6 +18,7 @@
 
 static X509 *cert = NULL;
 static EVP_PKEY *privkey = NULL;
+static char *derin = NULL;
 
 static int test_encrypt_decrypt(const EVP_CIPHER *cipher)
 {
@@ -288,7 +289,30 @@ static int test_d2i_CMS_bio_NULL(void)
     return ret;
 }
 
-OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n")
+static int test_d2i_CMS_bio_file_encrypted_data(void)
+{
+    BIO *bio = NULL;
+    CMS_ContentInfo *cms = NULL;
+    int ret = 0;
+
+    ERR_clear_error();
+
+    if (!TEST_ptr(bio = BIO_new_file(derin, "r"))
+      || !TEST_ptr(cms = d2i_CMS_bio(bio, NULL)))
+      goto end;
+
+    if (!TEST_int_eq(ERR_peek_error(), 0))
+        goto end;
+
+    ret = 1;
+end:
+    CMS_ContentInfo_free(cms);
+    BIO_free(bio);
+
+    return ret;
+}
+
+OPT_TEST_DECLARE_USAGE("certfile privkeyfile derfile\n")
 
 int setup_tests(void)
 {
@@ -301,7 +325,8 @@ int setup_tests(void)
     }
 
     if (!TEST_ptr(certin = test_get_argument(0))
-            || !TEST_ptr(privkeyin = test_get_argument(1)))
+            || !TEST_ptr(privkeyin = test_get_argument(1))
+            || !TEST_ptr(derin = test_get_argument(2)))
         return 0;
 
     certbio = BIO_new_file(certin, "r");
@@ -332,6 +357,7 @@ int setup_tests(void)
     ADD_TEST(test_encrypt_decrypt_aes_192_gcm);
     ADD_TEST(test_encrypt_decrypt_aes_256_gcm);
     ADD_TEST(test_d2i_CMS_bio_NULL);
+    ADD_TEST(test_d2i_CMS_bio_file_encrypted_data);
     return 1;
 }
 

diff --git a/test/recipes/80-test_cmsapi.t b/test/recipes/80-test_cmsapi.t
@@ -17,5 +17,6 @@ plan skip_all => "CMS is disabled in this build" if disabled("cms");
 plan tests => 1;
 
 ok(run(test(["cmsapitest", srctop_file("test", "certs", "servercert.pem"),
-             srctop_file("test", "certs", "serverkey.pem")])),
+             srctop_file("test", "certs", "serverkey.pem"),
+             srctop_file("test", "recipes", "80-test_cmsapi_data", "encryptedData.der")])),
              "running cmsapitest");
diff --git a/test/recipes/80-test_cmsapi_data/encryptedData.der b/test/recipes/80-test_cmsapi_data/encryptedData.der