From: Tomas Mraz <tomas@openssl.foundation>
Date: Thu, 2 Apr 2026 09:08:56 +0000 (+0200)
Subject: evp_test.c: Check error stack for new errors and not stale ones
X-Git-Tag: openssl-4.0.0~50
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1eb70dcfad88af9dc376cbc4972bc1e248a4bc4d;p=thirdparty%2Fopenssl.git

evp_test.c: Check error stack for new errors and not stale ones

The error stack might have stale entries but
we are interested only in those coming from the
EVP call being tested.

Fixes #30454

Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
MergeDate: Fri Apr  3 15:49:52 2026
(Merged from https://github.com/openssl/openssl/pull/30669)

(cherry picked from commit 35868991d148b0e054d972d3874d4d6f6def4e8d)
---

diff --git a/test/evp_test.c b/test/evp_test.c
index 9fcd018cca2..ef359a72ef7 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -1273,18 +1273,23 @@ static int cipher_test_enc(EVP_TEST *t, int enc, size_t out_misalign,
     if (expected->iv != NULL) {
         /* Some (e.g., GCM) tests use IVs longer than EVP_MAX_IV_LENGTH. */
         unsigned char iv[128];
+
+        ERR_set_mark();
         if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx_base, iv, sizeof(iv)))
             || ((EVP_CIPHER_get_flags(expected->cipher) & EVP_CIPH_CUSTOM_IV) == 0
                 && !TEST_mem_eq(expected->iv, expected->iv_len, iv,
                     expected->iv_len))) {
             t->err = "INVALID_IV";
+            ERR_clear_last_mark();
             goto err;
         } else {
-            if (fips_no_silent_error && !TEST_false(ERR_peek_error())) {
+            if (fips_no_silent_error && !TEST_int_eq(ERR_count_to_mark(), 0)) {
                 t->err = "GET_UPDATED_IV_SILENT_ERROR";
+                ERR_clear_last_mark();
                 goto err;
             }
         }
+        ERR_clear_last_mark();
     }
 
     /* Test that the cipher dup functions correctly if it is supported */
@@ -1571,17 +1576,21 @@ static int cipher_test_enc(EVP_TEST *t, int enc, size_t out_misalign,
     if (expected->next_iv != NULL) {
         /* Some (e.g., GCM) tests use IVs longer than EVP_MAX_IV_LENGTH. */
         unsigned char iv[128];
+        ERR_set_mark();
         if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
             || !TEST_mem_eq(expected->next_iv, expected->iv_len, iv,
                 expected->iv_len)) {
             t->err = "INVALID_NEXT_IV";
+            ERR_clear_last_mark();
             goto err;
         } else {
-            if (fips_no_silent_error && !TEST_false(ERR_peek_error())) {
+            if (fips_no_silent_error && !TEST_int_eq(ERR_count_to_mark(), 0)) {
                 t->err = "GET_UPDATED_IV_SILENT_ERROR";
+                ERR_clear_last_mark();
                 goto err;
             }
         }
+        ERR_clear_last_mark();
     }
 
     t->err = NULL;