]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
Fix error stack for some fetch calls.
authorShane Lontis <shane.lontis@oracle.com>
Sat, 29 May 2021 07:16:22 +0000 (17:16 +1000)
committerShane Lontis <shane.lontis@oracle.com>
Tue, 1 Jun 2021 05:28:18 +0000 (15:28 +1000)
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15532)

crypto/evp/evp_pbe.c
crypto/evp/p5_crpt2.c
crypto/evp/p_lib.c

index 6347a0635ff65bbebef27ae3280a53e3cd94533a..129888f2f75d4232a73cc588293fd664f498f8c4 100644 (file)
@@ -117,28 +117,33 @@ int EVP_PBE_CipherInit_ex(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
         passlen = strlen(pass);
 
     if (cipher_nid != -1) {
+        (void)ERR_set_mark();
         cipher = cipher_fetch = EVP_CIPHER_fetch(libctx, OBJ_nid2sn(cipher_nid), propq);
         /* Fallback to legacy method */
         if (cipher == NULL)
             cipher = EVP_get_cipherbynid(cipher_nid);
-
         if (cipher == NULL) {
+            (void)ERR_clear_last_mark();
             ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_CIPHER,
                            OBJ_nid2sn(cipher_nid));
             goto err;
         }
+        (void)ERR_pop_to_mark();
     }
 
     if (md_nid != -1) {
+        (void)ERR_set_mark();
         md = md_fetch = EVP_MD_fetch(libctx, OBJ_nid2sn(md_nid), propq);
         /* Fallback to legacy method */
         if (md == NULL)
             EVP_get_digestbynid(md_nid);
 
         if (md == NULL) {
+            (void)ERR_clear_last_mark();
             ERR_raise(ERR_LIB_EVP, EVP_R_UNKNOWN_DIGEST);
             goto err;
         }
+        (void)ERR_pop_to_mark();
     }
 
     /* Try extended keygen with libctx/propq first, fall back to legacy keygen */
index e7a2b5109107b1535d48b4da2265fc07b9f024de..54773304fd58ee00d0e44fd93cf9c90742ff813c 100644 (file)
@@ -141,15 +141,18 @@ int PKCS5_v2_PBE_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
         goto err;
     }
 
+    (void)ERR_set_mark();
     cipher = cipher_fetch = EVP_CIPHER_fetch(libctx, ciph_name, propq);
     /* Fallback to legacy method */
     if (cipher == NULL)
         cipher = EVP_get_cipherbyname(ciph_name);
 
     if (cipher == NULL) {
+        (void)ERR_clear_last_mark();
         ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_CIPHER);
         goto err;
     }
+    (void)ERR_pop_to_mark();
 
     /* Fixup cipher based on AlgorithmIdentifier */
     if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de))
index 9b31c582889ef798cd6d13606447d86cc485f259..d2c871179e105c456da65e995658cf3d6293575f 100644 (file)
@@ -1268,10 +1268,15 @@ static int legacy_asn1_ctrl_to_param(EVP_PKEY *pkey, int op,
                 int mdnum;
                 OSSL_LIB_CTX *libctx = ossl_provider_libctx(pkey->keymgmt->prov);
                 /* Make sure the MD is in the namemap if available */
-                EVP_MD *md = EVP_MD_fetch(libctx, mdname, NULL);
-                OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx);
+                EVP_MD *md;
+                OSSL_NAMEMAP *namemap;
                 int nid = NID_undef;
 
+                (void)ERR_set_mark();
+                md = EVP_MD_fetch(libctx, mdname, NULL);
+                (void)ERR_pop_to_mark();
+                namemap = ossl_namemap_stored(libctx);
+
                 /*
                  * The only reason to fetch the MD was to make sure it is in the
                  * namemap. We can immediately free it.