Clear OpenSSL errors on EVP failures

diff --git a/lib/isc/hmac.c b/lib/isc/hmac.c
index 15a217f218ea25082e99e66e20ffbc1646639ca0..bc35befc1e8faabce8e22169629f0967c7879d16 100644 (file)
--- a/lib/isc/hmac.c
+++ b/lib/isc/hmac.c
@@ -11,6 +11,7 @@
  * information regarding copyright ownership.
  */
 
+#include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/opensslv.h>
 
@@ -61,6 +62,7 @@ isc_hmac_init(isc_hmac_t *hmac, const void *key, const size_t keylen,
 
        if (EVP_DigestSignInit(hmac, NULL, md_type, NULL, pkey) != 1) {
                EVP_PKEY_free(pkey);
+               ERR_clear_error();
                return (ISC_R_CRYPTOFAILURE);
        }
 
@@ -74,6 +76,7 @@ isc_hmac_reset(isc_hmac_t *hmac) {
        REQUIRE(hmac != NULL);
 
        if (EVP_MD_CTX_reset(hmac) != 1) {
+               ERR_clear_error();
                return (ISC_R_CRYPTOFAILURE);
        }
 
@@ -89,6 +92,7 @@ isc_hmac_update(isc_hmac_t *hmac, const unsigned char *buf, const size_t len) {
        }
 
        if (EVP_DigestSignUpdate(hmac, buf, len) != 1) {
+               ERR_clear_error();
                return (ISC_R_CRYPTOFAILURE);
        }
 
@@ -105,6 +109,7 @@ isc_hmac_final(isc_hmac_t *hmac, unsigned char *digest,
        size_t len = *digestlen;
 
        if (EVP_DigestSignFinal(hmac, digest, &len) != 1) {
+               ERR_clear_error();
                return (ISC_R_CRYPTOFAILURE);
        }
 

diff --git a/lib/isc/iterated_hash.c b/lib/isc/iterated_hash.c
index 3127b6dc595c30f1068130d6673b4e304b6ef381..e402e42221e12d62662d20ec9ad0f3a07c08678e 100644 (file)
--- a/lib/isc/iterated_hash.c
+++ b/lib/isc/iterated_hash.c
@@ -130,6 +130,7 @@ isc_iterated_hash(unsigned char *out, const unsigned int hashalg,
        return (outlength);
 
 fail:
+       ERR_clear_error();
        return (0);
 }
 

diff --git a/lib/isc/md.c b/lib/isc/md.c
index 4efaee4466b57c00c635c88fcc4db5057c3a96e0..da655c2e5832147547c0b7266832cb6b9844882c 100644 (file)
--- a/lib/isc/md.c
+++ b/lib/isc/md.c
@@ -47,6 +47,7 @@ isc_md_init(isc_md_t *md, const isc_md_type_t *md_type) {
        }
 
        if (EVP_DigestInit_ex(md, md_type, NULL) != 1) {
+               ERR_clear_error();
                return (ISC_R_CRYPTOFAILURE);
        }
 
@@ -58,6 +59,7 @@ isc_md_reset(isc_md_t *md) {
        REQUIRE(md != NULL);
 
        if (EVP_MD_CTX_reset(md) != 1) {
+               ERR_clear_error();
                return (ISC_R_CRYPTOFAILURE);
        }
 
@@ -73,6 +75,7 @@ isc_md_update(isc_md_t *md, const unsigned char *buf, const size_t len) {
        }
 
        if (EVP_DigestUpdate(md, buf, len) != 1) {
+               ERR_clear_error();
                return (ISC_R_CRYPTOFAILURE);
        }
 
@@ -85,6 +88,7 @@ isc_md_final(isc_md_t *md, unsigned char *digest, unsigned int *digestlen) {
        REQUIRE(digest != NULL);
 
        if (EVP_DigestFinal_ex(md, digest, digestlen) != 1) {
+               ERR_clear_error();
                return (ISC_R_CRYPTOFAILURE);
        }