]> git.ipfire.org Git - thirdparty/bind9.git/commitdiff
projects / thirdparty / bind9.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2ba62ae)
Clear OpenSSL errors on OSSL_PROVIDER_load failures
authorMark Andrews <marka@isc.org>
Thu, 13 Jul 2023 03:24:10 +0000 (13:24 +1000)
committerMark Andrews <marka@isc.org>
Fri, 1 Sep 2023 02:01:20 +0000 (12:01 +1000)
bin/dnssec/dnssec-keygen.c patch | blob | blame | history
bin/dnssec/dnssec-signzone.c patch | blob | blame | history
bin/named/main.c patch | blob | blame | history

diff --git a/bin/dnssec/dnssec-keygen.c b/bin/dnssec/dnssec-keygen.c
index 461701fbc9cf343f6410e8d7ad0258a0df678871..6e5dd347696e70d51867ef82581c7d31c3f0ba97 100644 (file)
--- a/bin/dnssec/dnssec-keygen.c
+++ b/bin/dnssec/dnssec-keygen.c
@@ -61,6 +61,7 @@
 #include <isccfg/kaspconf.h>
 #include <isccfg/namedconf.h>
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
+#include <openssl/err.h>
 #include <openssl/provider.h>
 #endif
 
@@ -1146,11 +1147,13 @@ main(int argc, char **argv) {
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
                fips = OSSL_PROVIDER_load(NULL, "fips");
                if (fips == NULL) {
+                       ERR_clear_error();
                        fatal("Failed to load FIPS provider");
                }
                base = OSSL_PROVIDER_load(NULL, "base");
                if (base == NULL) {
                        OSSL_PROVIDER_unload(fips);
+                       ERR_clear_error();
                        fatal("Failed to load base provider");
                }
 #endif
diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c
index 6f6df5406cef4fa4c83814b8e27359569de8f09a..e16db1a24c68e357842cb51b358dad584fa1f9e8 100644 (file)
--- a/bin/dnssec/dnssec-signzone.c
+++ b/bin/dnssec/dnssec-signzone.c
@@ -89,6 +89,7 @@
 
 #include <dst/dst.h>
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
+#include <openssl/err.h>
 #include <openssl/provider.h>
 #endif
 
@@ -3737,11 +3738,13 @@ main(int argc, char *argv[]) {
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
                fips = OSSL_PROVIDER_load(NULL, "fips");
                if (fips == NULL) {
+                       ERR_clear_error();
                        fatal("Failed to load FIPS provider");
                }
                base = OSSL_PROVIDER_load(NULL, "base");
                if (base == NULL) {
                        OSSL_PROVIDER_unload(fips);
+                       ERR_clear_error();
                        fatal("Failed to load base provider");
                }
 #endif
diff --git a/bin/named/main.c b/bin/named/main.c
index af87594080a04aa0653063db7786a5468b8deb23..4a38f69fd7dc9402db69d2624f2b27f86c0ea5f0 100644 (file)
--- a/bin/named/main.c
+++ b/bin/named/main.c
@@ -89,6 +89,7 @@
 #include <openssl/evp.h>
 #include <openssl/opensslv.h>
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
+#include <openssl/err.h>
 #include <openssl/provider.h>
 #endif
 #ifdef HAVE_LIBXML2
@@ -962,12 +963,14 @@ parse_command_line(int argc, char *argv[]) {
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
                        fips = OSSL_PROVIDER_load(NULL, "fips");
                        if (fips == NULL) {
+                               ERR_clear_error();
                                named_main_earlyfatal(
                                        "Failed to load FIPS provider");
                        }
                        base = OSSL_PROVIDER_load(NULL, "base");
                        if (base == NULL) {
                                OSSL_PROVIDER_unload(fips);
+                               ERR_clear_error();
                                named_main_earlyfatal(
                                        "Failed to load base provider");
                        }
Mirror of https://gitlab.isc.org/isc-projects/bind9.git