Do not leave errors on the error stack on PKCS12_parse() success.

Fix is the same as OpenSSL commit ffbf304d4832bd51bb0618f8ca5b7c26647ee664

Found by Alex Gaynor with a new pyca cryptography regress test.

ok inoguchi

1 files changed, 3 insertions, 1 deletions

diff --git a/src/lib/libcrypto/pkcs12/p12_kiss.c b/src/lib/libcrypto/pkcs12/p12_kiss.c
index 102ca3563b..e0385393d7 100644
--- a/src/lib/libcrypto/pkcs12/p12_kiss.c
+++ b/src/lib/libcrypto/pkcs12/p12_kiss.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p12_kiss.c,v 1.19 2017/01/29 17:49:23 beck Exp $ */
+/* $OpenBSD: p12_kiss.c,v 1.20 2021/04/24 18:16:39 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -132,10 +132,12 @@ PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
 
         while ((x = sk_X509_pop(ocerts))) {
                 if (pkey && *pkey && cert && !*cert) {
+                        ERR_set_mark();
                         if (X509_check_private_key(x, *pkey)) {
                                 *cert = x;
                                 x = NULL;
                         }
+                        ERR_pop_to_mark();
                 }
 
                 if (ca && x) {