Fix error stack for some fetch calls.

Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15532)
author: Shane Lontis <shane.lontis@oracle.com> 2021-05-29 17:16:22 +1000
committer: Shane Lontis <shane.lontis@oracle.com> 2021-06-01 15:28:18 +1000
commit: 3c15d677054b952c707aeaf781aec42b86a54ebb (patch)
tree: 8c5ab3b0a701a67ba464358bf157271b303c74ac /crypto
parent: 9ff4b7b0c7b445bcc9b98fde9107fa9520d17f04 (diff)
3 files changed, 16 insertions, 3 deletions
diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c
index 6347a0635f..129888f2f7 100644
--- a/crypto/evp/evp_pbe.c
+++ b/crypto/evp/evp_pbe.c
@@ -117,28 +117,33 @@ int EVP_PBE_CipherInit_ex(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
         passlen = strlen(pass);
 
     if (cipher_nid != -1) {
+        (void)ERR_set_mark();
         cipher = cipher_fetch = EVP_CIPHER_fetch(libctx, OBJ_nid2sn(cipher_nid), propq);
         /* Fallback to legacy method */
         if (cipher == NULL)
             cipher = EVP_get_cipherbynid(cipher_nid);
-
         if (cipher == NULL) {
+            (void)ERR_clear_last_mark();
             ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_CIPHER,
                            OBJ_nid2sn(cipher_nid));
             goto err;
         }
+        (void)ERR_pop_to_mark();
     }
 
     if (md_nid != -1) {
+        (void)ERR_set_mark();
         md = md_fetch = EVP_MD_fetch(libctx, OBJ_nid2sn(md_nid), propq);
         /* Fallback to legacy method */
         if (md == NULL)
             EVP_get_digestbynid(md_nid);
 
         if (md == NULL) {
+            (void)ERR_clear_last_mark();
             ERR_raise(ERR_LIB_EVP, EVP_R_UNKNOWN_DIGEST);
             goto err;
         }
+        (void)ERR_pop_to_mark();
     }
 
     /* Try extended keygen with libctx/propq first, fall back to legacy keygen */
diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c
index e7a2b51091..54773304fd 100644
--- a/crypto/evp/p5_crpt2.c
+++ b/crypto/evp/p5_crpt2.c
@@ -141,15 +141,18 @@ int PKCS5_v2_PBE_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
         goto err;
     }
 
+    (void)ERR_set_mark();
     cipher = cipher_fetch = EVP_CIPHER_fetch(libctx, ciph_name, propq);
     /* Fallback to legacy method */
     if (cipher == NULL)
         cipher = EVP_get_cipherbyname(ciph_name);
 
     if (cipher == NULL) {
+        (void)ERR_clear_last_mark();
         ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_CIPHER);
         goto err;
     }
+    (void)ERR_pop_to_mark();
 
     /* Fixup cipher based on AlgorithmIdentifier */
     if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de))
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 9b31c58288..d2c871179e 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -1268,10 +1268,15 @@ static int legacy_asn1_ctrl_to_param(EVP_PKEY *pkey, int op,
                 int mdnum;
                 OSSL_LIB_CTX *libctx = ossl_provider_libctx(pkey->keymgmt->prov);
                 /* Make sure the MD is in the namemap if available */
-                EVP_MD *md = EVP_MD_fetch(libctx, mdname, NULL);
-                OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx);
+                EVP_MD *md;
+                OSSL_NAMEMAP *namemap;
                 int nid = NID_undef;
 
+                (void)ERR_set_mark();
+                md = EVP_MD_fetch(libctx, mdname, NULL);
+                (void)ERR_pop_to_mark();
+                namemap = ossl_namemap_stored(libctx);
+
                 /*
                  * The only reason to fetch the MD was to make sure it is in the
                  * namemap. We can immediately free it.
author	Shane Lontis <shane.lontis@oracle.com>	2021-05-29 17:16:22 +1000
committer	Shane Lontis <shane.lontis@oracle.com>	2021-06-01 15:28:18 +1000
commit	3c15d677054b952c707aeaf781aec42b86a54ebb (patch)
tree	8c5ab3b0a701a67ba464358bf157271b303c74ac /crypto
parent	9ff4b7b0c7b445bcc9b98fde9107fa9520d17f04 (diff)