From: Dr. Stephen Henson <steve@openssl.org>
Date: Thu, 28 Jan 2010 17:49:25 +0000 (+0000)
Subject: In engine_table_select() don't clear out entire error queue: just clear
X-Git-Tag: OpenSSL-fips-2_0-rc1~1296
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=92714455af3147405b6ce1532187bbbf960e5136;p=thirdparty%2Fopenssl.git

In engine_table_select() don't clear out entire error queue: just clear
out any we added using ERR_set_mark() and ERR_pop_to_mark() otherwise
errors from other sources (e.g. SSL library) can be wiped.
---

diff --git a/crypto/engine/eng_table.c b/crypto/engine/eng_table.c
index 954b4d79702..4fde9481852 100644
--- a/crypto/engine/eng_table.c
+++ b/crypto/engine/eng_table.c
@@ -254,6 +254,7 @@ ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, in
 #endif
 		return NULL;
 		}
+	ERR_set_mark();
 	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
 	/* Check again inside the lock otherwise we could race against cleanup
 	 * operations. But don't worry about a fprintf(stderr). */
@@ -327,7 +328,7 @@ end:
 	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
 	/* Whatever happened, any failed init()s are not failures in this
 	 * context, so clear our error state. */
-	ERR_clear_error();
+	ERR_pop_to_mark();
 	return ret;
 	}