From: Mark Andrews Date: Tue, 11 Jul 2023 03:25:47 +0000 (+1000) Subject: Clear OpenSSL errors on EVP_PKEY_new failures X-Git-Tag: v9.19.17~17^2~16 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6df53cdb8757b287023a8caa32b0d9757e4eeb0a;p=thirdparty%2Fbind9.git Clear OpenSSL errors on EVP_PKEY_new failures --- diff --git a/bin/tests/system/rsabigexponent/bigkey.c b/bin/tests/system/rsabigexponent/bigkey.c index d3cdc97bd6f..8b42b0b564f 100644 --- a/bin/tests/system/rsabigexponent/bigkey.c +++ b/bin/tests/system/rsabigexponent/bigkey.c @@ -83,6 +83,7 @@ main(int argc, char **argv) { !EVP_PKEY_set1_RSA(pkey, rsa)) { fprintf(stderr, "fatal error: basic OpenSSL failure\n"); + ERR_clear_error(); exit(1); } @@ -98,6 +99,7 @@ main(int argc, char **argv) { "fatal error: RSA_generate_key_ex() fails " "at file %s line %d\n", __FILE__, __LINE__); + ERR_clear_error(); exit(1); } diff --git a/lib/dns/opensslecdsa_link.c b/lib/dns/opensslecdsa_link.c index 19596dbd131..a2239e26514 100644 --- a/lib/dns/opensslecdsa_link.c +++ b/lib/dns/opensslecdsa_link.c @@ -323,7 +323,7 @@ opensslecdsa_create_pkey_legacy(unsigned int key_alg, bool private, pkey = EVP_PKEY_new(); if (pkey == NULL) { - DST_RET(ISC_R_NOMEMORY); + DST_RET(dst__openssl_toresult(ISC_R_NOMEMORY)); } if (!EVP_PKEY_set1_EC_KEY(pkey, eckey)) { DST_RET(dst__openssl_toresult(ISC_R_FAILURE)); @@ -515,7 +515,7 @@ opensslecdsa_generate_pkey(unsigned int key_alg, EVP_PKEY **retkey) { pkey = EVP_PKEY_new(); if (pkey == NULL) { - DST_RET(ISC_R_NOMEMORY); + DST_RET(dst__openssl_toresult(ISC_R_NOMEMORY)); } if (EVP_PKEY_set1_EC_KEY(pkey, eckey) != 1) { DST_RET(dst__openssl_toresult2("EVP_PKEY_set1_EC_KEY", diff --git a/lib/isc/hmac.c b/lib/isc/hmac.c index 8fce30bda90..15a217f218e 100644 --- a/lib/isc/hmac.c +++ b/lib/isc/hmac.c @@ -55,6 +55,7 @@ isc_hmac_init(isc_hmac_t *hmac, const void *key, const size_t keylen, pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, key, keylen); if (pkey == NULL) { + ERR_clear_error(); return (ISC_R_CRYPTOFAILURE); }