[openssl] master update

Thu Jun 24 13:27:18 UTC 2021

The branch master has been updated
       via  ab7554e5a08966c159054ae7df18a879bfe3865f (commit)
       via  42fe3e849362e17c8baac3901087e5130eebd5a7 (commit)
       via  e30b254b63a6947284683f94be5929e7f4b21279 (commit)
      from  77072e274925d26da3a17378e4794dc11f43ace4 (commit)


- Log -----------------------------------------------------------------
commit ab7554e5a08966c159054ae7df18a879bfe3865f
Author: Tomas Mraz <tomas at openssl.org>
Date:   Wed Jun 23 13:53:58 2021 +0200

    OSSL_DECODER_from_bio: Avoid spurious decoder error
    
    If there are any new errors reported we avoid raising the
    OSSL_DECODER_from_bio:unsupported error.
    
    Fixes #14566
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15878)

commit 42fe3e849362e17c8baac3901087e5130eebd5a7
Author: Tomas Mraz <tomas at openssl.org>
Date:   Wed Jun 23 13:53:53 2021 +0200

    epki2pki_decode: passphrase callback failure is fatal error
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15878)

commit e30b254b63a6947284683f94be5929e7f4b21279
Author: Tomas Mraz <tomas at openssl.org>
Date:   Wed Jun 23 13:52:10 2021 +0200

    ossl_pw_get_passphrase: No ui method does not necessarily mean internal error
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15878)

-----------------------------------------------------------------------

Summary of changes:
 crypto/encode_decode/decoder_lib.c                        | 7 +++++--
 crypto/passphrase.c                                       | 3 ++-
 providers/implementations/encode_decode/decode_epki2pki.c | 1 +
 3 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/crypto/encode_decode/decoder_lib.c b/crypto/encode_decode/decoder_lib.c
index c637b5bfef..938f97c282 100644
--- a/crypto/encode_decode/decoder_lib.c
+++ b/crypto/encode_decode/decoder_lib.c
@@ -47,6 +47,7 @@ int OSSL_DECODER_from_bio(OSSL_DECODER_CTX *ctx, BIO *in)
     struct decoder_process_data_st data;
     int ok = 0;
     BIO *new_bio = NULL;
+    unsigned long lasterr;
 
     if (in == NULL) {
         ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER);
@@ -61,6 +62,8 @@ int OSSL_DECODER_from_bio(OSSL_DECODER_CTX *ctx, BIO *in)
         return 0;
     }
 
+    lasterr = ERR_peek_last_error();
+
     if (BIO_tell(in) < 0) {
         new_bio = BIO_new(BIO_f_readbuffer());
         if (new_bio == NULL)
@@ -92,8 +95,8 @@ int OSSL_DECODER_from_bio(OSSL_DECODER_CTX *ctx, BIO *in)
         const char *input_structure
             = ctx->input_structure != NULL ? ctx->input_structure : "";
 
-        if (BIO_eof(in) == 0 || ERR_peek_error() == 0)
-            /* Prevent spurious decoding error */
+        if (ERR_peek_last_error() == lasterr || ERR_peek_error() == 0)
+            /* Prevent spurious decoding error but add at least something */
             ERR_raise_data(ERR_LIB_OSSL_DECODER, ERR_R_UNSUPPORTED,
                            "No supported data to decode. %s%s%s%s%s%s",
                            spaces, input_type_label, input_type, comma,
diff --git a/crypto/passphrase.c b/crypto/passphrase.c
index 170374f9d9..5fb77756c5 100644
--- a/crypto/passphrase.c
+++ b/crypto/passphrase.c
@@ -262,7 +262,8 @@ int ossl_pw_get_passphrase(char *pass, size_t pass_size, size_t *pass_len,
     }
 
     if (ui_method == NULL) {
-        ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR);
+        ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_PASSED_INVALID_ARGUMENT,
+                       "No password method specified");
         return 0;
     }
 
diff --git a/providers/implementations/encode_decode/decode_epki2pki.c b/providers/implementations/encode_decode/decode_epki2pki.c
index c0d014aef1..66f4ff659d 100644
--- a/providers/implementations/encode_decode/decode_epki2pki.c
+++ b/providers/implementations/encode_decode/decode_epki2pki.c
@@ -90,6 +90,7 @@ static int epki2pki_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
 
         if (!pw_cb(pbuf, sizeof(pbuf), &plen, NULL, pw_cbarg)) {
             ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_GET_PASSPHRASE);
+            ok = 0;
         } else {
             const ASN1_OCTET_STRING *oct;
             unsigned char *new_der = NULL;
