From: Shane Lontis <shane.lontis@oracle.com>
Date: Sat, 29 May 2021 07:16:22 +0000 (+1000)
Subject: Fix error stack for some fetch calls.
X-Git-Tag: openssl-3.0.0-beta1~288
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3c15d677054b952c707aeaf781aec42b86a54ebb;p=thirdparty%2Fopenssl.git

Fix error stack for some fetch calls.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15532)
---

diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c
index 6347a0635ff..129888f2f75 100644
--- a/crypto/evp/evp_pbe.c
+++ b/crypto/evp/evp_pbe.c
@@ -117,28 +117,33 @@ int EVP_PBE_CipherInit_ex(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
         passlen = strlen(pass);
 
     if (cipher_nid != -1) {
+        (void)ERR_set_mark();
         cipher = cipher_fetch = EVP_CIPHER_fetch(libctx, OBJ_nid2sn(cipher_nid), propq);
         /* Fallback to legacy method */
         if (cipher == NULL)
             cipher = EVP_get_cipherbynid(cipher_nid);
-
         if (cipher == NULL) {
+            (void)ERR_clear_last_mark();
             ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_CIPHER,
                            OBJ_nid2sn(cipher_nid));
             goto err;
         }
+        (void)ERR_pop_to_mark();
     }
 
     if (md_nid != -1) {
+        (void)ERR_set_mark();
         md = md_fetch = EVP_MD_fetch(libctx, OBJ_nid2sn(md_nid), propq);
         /* Fallback to legacy method */
         if (md == NULL)
             EVP_get_digestbynid(md_nid);
 
         if (md == NULL) {
+            (void)ERR_clear_last_mark();
             ERR_raise(ERR_LIB_EVP, EVP_R_UNKNOWN_DIGEST);
             goto err;
         }
+        (void)ERR_pop_to_mark();
     }
 
     /* Try extended keygen with libctx/propq first, fall back to legacy keygen */
diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c
index e7a2b510910..54773304fd5 100644
--- a/crypto/evp/p5_crpt2.c
+++ b/crypto/evp/p5_crpt2.c
@@ -141,15 +141,18 @@ int PKCS5_v2_PBE_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
         goto err;
     }
 
+    (void)ERR_set_mark();
     cipher = cipher_fetch = EVP_CIPHER_fetch(libctx, ciph_name, propq);
     /* Fallback to legacy method */
     if (cipher == NULL)
         cipher = EVP_get_cipherbyname(ciph_name);
 
     if (cipher == NULL) {
+        (void)ERR_clear_last_mark();
         ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_CIPHER);
         goto err;
     }
+    (void)ERR_pop_to_mark();
 
     /* Fixup cipher based on AlgorithmIdentifier */
     if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de))
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 9b31c582889..d2c871179e1 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -1268,10 +1268,15 @@ static int legacy_asn1_ctrl_to_param(EVP_PKEY *pkey, int op,
                 int mdnum;
                 OSSL_LIB_CTX *libctx = ossl_provider_libctx(pkey->keymgmt->prov);
                 /* Make sure the MD is in the namemap if available */
-                EVP_MD *md = EVP_MD_fetch(libctx, mdname, NULL);
-                OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx);
+                EVP_MD *md;
+                OSSL_NAMEMAP *namemap;
                 int nid = NID_undef;
 
+                (void)ERR_set_mark();
+                md = EVP_MD_fetch(libctx, mdname, NULL);
+                (void)ERR_pop_to_mark();
+                namemap = ossl_namemap_stored(libctx);
+
                 /*
                  * The only reason to fetch the MD was to make sure it is in the
                  * namemap. We can immediately free it.