From b143eca16e288159471945316fead517ccbda20d Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Wed, 5 Aug 2015 11:49:19 -0400 Subject: [PATCH] Consistently participate in err for PKCS12_* functions. err is a horrible API, but functions should consistently participate or not participate in it. We were missing a few codepaths. Change-Id: I762074d5030b8e9d3e5bba9f8fa91fbdccbee25a Reviewed-on: https://boringssl-review.googlesource.com/5571 Reviewed-by: Adam Langley --- crypto/pkcs8/pkcs8.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/crypto/pkcs8/pkcs8.c b/crypto/pkcs8/pkcs8.c index aa2d4dad..8ac203df 100644 --- a/crypto/pkcs8/pkcs8.c +++ b/crypto/pkcs8/pkcs8.c @@ -652,6 +652,7 @@ static int PKCS12_handle_content_infos(CBS *content_infos, * conversion cannot see through those wrappings. So each time we step * through one we need to convert to DER again. */ if (!CBS_asn1_ber_to_der(content_infos, &der_bytes, &der_len)) { + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); return 0; } @@ -858,6 +859,7 @@ int PKCS12_get_key_and_certs(EVP_PKEY **out_key, STACK_OF(X509) *out_certs, /* The input may be in BER format. */ if (!CBS_asn1_ber_to_der(ber_in, &der_bytes, &der_len)) { + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); return 0; } if (der_bytes != NULL) { @@ -1105,6 +1107,7 @@ int PKCS12_parse(const PKCS12 *p12, const char *password, EVP_PKEY **out_pkey, if (!ca_certs) { ca_certs = sk_X509_new_null(); if (ca_certs == NULL) { + OPENSSL_PUT_ERROR(PKCS8, ERR_R_MALLOC_FAILURE); return 0; } ca_certs_alloced = 1;