diff options
| author | Richard Levitte <levitte@openssl.org> | 2020-01-10 17:50:03 +0100 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2020-01-21 14:05:39 +0100 |
| commit | 0b9dd3842f9bbe7a7c290187056a96827d848f52 (patch) | |
| tree | 9f693c50a02aedffdc2e0090aa5287917dd57453 /crypto/evp/m_sigver.c | |
| parent | 967ef73013becef2aec3439f8c45204b24121018 (diff) | |
EVP: clear error when falling back from failed EVP_KEYMGMT_fetch()
Since we're falling back to legacy, this isn't an error any more.
Among others the failed EVP_KEYMGMT_fetch() error shadows other errors
produced by the legacy code, which disrupts our test/evp_test runs.
We use the error stack mark to restore the error stack just right,
i.e. ERR_set_mark(), ERR_clear_last_mark() and ERR_pop_to_mark()
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/10803)
Diffstat (limited to 'crypto/evp/m_sigver.c')
| -rw-r--r-- | crypto/evp/m_sigver.c | 27 |
1 files changed, 23 insertions, 4 deletions
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c index 20c0a1ad59..79099b1e35 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -54,6 +54,12 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, locpctx = ctx->pctx; evp_pkey_ctx_free_old_ops(locpctx); + /* + * TODO when we stop falling back to legacy, this and the ERR_pop_to_mark() + * calls can be removed. + */ + ERR_set_mark(); + if (locpctx->keytype == NULL) goto legacy; @@ -80,6 +86,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, if (provkey == NULL) goto legacy; if (!EVP_KEYMGMT_up_ref(tmp_keymgmt)) { + ERR_clear_last_mark(); ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); goto err; } @@ -108,15 +115,20 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, || (EVP_KEYMGMT_provider(locpctx->keymgmt) != EVP_SIGNATURE_provider(signature))) { /* - * We don't have the full support we need with provided methods, - * let's go see if legacy does. Also, we don't need to free - * ctx->keymgmt here, as it's not necessarily tied to this - * operation. It will be freed by EVP_PKEY_CTX_free(). + * We don't need to free ctx->keymgmt here, as it's not necessarily + * tied to this operation. It will be freed by EVP_PKEY_CTX_free(). */ EVP_SIGNATURE_free(signature); goto legacy; } + /* + * TODO remove this when legacy is gone + * If we don't have the full support we need with provided methods, + * let's go see if legacy does. + */ + ERR_pop_to_mark(); + /* No more legacy from here down to legacy: */ locpctx->op.sig.signature = signature; @@ -164,6 +176,13 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, return 0; legacy: + /* + * TODO remove this when legacy is gone + * If we don't have the full support we need with provided methods, + * let's go see if legacy does. + */ + ERR_pop_to_mark(); + if (ctx->pctx->pmeth == NULL) { EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); return 0; |