From 3a873fda98eef683583083b7f50e01ece851702c Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Wed, 23 Oct 2024 16:13:29 +0200
Subject: [PATCH] utils: Do not propagate OpenSSL errors when non-mandatory
 attribute is missing

The fallback is handled for multiple attributes, but not for single
attribute, which is not recognized by the module. This is demonstrated
by softokn and the CKA_ALLOWED_MECHANISMS attribute.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
 src/util.c | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/src/util.c b/src/util.c
index 66a3bd0f..3039f9fd 100644
--- a/src/util.c
+++ b/src/util.c
@@ -110,13 +110,8 @@ CK_RV p11prov_fetch_attributes(P11PROV_CTX *ctx, P11PROV_SESSION *session,
         ret = CKR_OK;
     }
 done:
-    if (ret == CKR_OK) {
-        /* if there was any error, remove it, as we got success */
-        p11prov_pop_error_to_mark(ctx);
-    } else {
-        /* otherwise clear the mark and leave errors on the stack */
-        p11prov_clear_last_error_mark(ctx);
-    }
+    /* if there was any error, remove it, as it will be handled by the caller */
+    p11prov_pop_error_to_mark(ctx);
     return ret;
 }