diff options
author | Matt Caswell <matt@openssl.org> | 2020-11-04 11:34:15 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2020-11-06 10:34:48 +0000 |
commit | b9b2135d22b93f949fd77f293925fc66158416ff (patch) | |
tree | e82c316f4f3ef24d8ec2e77a9de085d583b1adc3 /crypto | |
parent | b8ae4a83de0de38fd382f3981e503f2ab5461c07 (diff) |
Don't clear the whole error stack when loading engines
Loading the various built-in engines was unconditionally clearing the
whole error stack. During config file processing processing a .include
directive which fails results in errors being added to the stack - but
we carry on anyway. These errors were then later being removed by the
engine loading code, meaning that problems with the .include directive
never get shown.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13311)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/conf/conf_mod.c | 1 | ||||
-rw-r--r-- | crypto/engine/eng_dyn.c | 4 | ||||
-rw-r--r-- | crypto/engine/eng_openssl.c | 9 | ||||
-rw-r--r-- | crypto/engine/eng_rdrand.c | 12 |
4 files changed, 22 insertions, 4 deletions
diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c index e7fb890378..f287cb28eb 100644 --- a/crypto/conf/conf_mod.c +++ b/crypto/conf/conf_mod.c @@ -208,7 +208,6 @@ DEFINE_RUN_ONCE_STATIC(do_load_builtin_modules) /* Need to load ENGINEs */ ENGINE_load_builtin_engines(); #endif - ERR_clear_error(); return 1; } diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c index 01935578c2..3b0d8eb91f 100644 --- a/crypto/engine/eng_dyn.c +++ b/crypto/engine/eng_dyn.c @@ -257,6 +257,8 @@ void engine_load_dynamic_int(void) ENGINE *toadd = engine_dynamic(); if (!toadd) return; + + ERR_set_mark(); ENGINE_add(toadd); /* * If the "add" worked, it gets a structural reference. So either way, we @@ -268,7 +270,7 @@ void engine_load_dynamic_int(void) * already added (eg. someone calling ENGINE_load_blah then calling * ENGINE_load_builtin_engines() perhaps). */ - ERR_clear_error(); + ERR_pop_to_mark(); } static int dynamic_init(ENGINE *e) diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c index 2374af8ae9..a51ccf129f 100644 --- a/crypto/engine/eng_openssl.c +++ b/crypto/engine/eng_openssl.c @@ -152,13 +152,20 @@ void engine_load_openssl_int(void) ENGINE *toadd = engine_openssl(); if (!toadd) return; + + ERR_set_mark(); ENGINE_add(toadd); /* * If the "add" worked, it gets a structural reference. So either way, we * release our just-created reference. */ ENGINE_free(toadd); - ERR_clear_error(); + /* + * If the "add" didn't work, it was probably a conflict because it was + * already added (eg. someone calling ENGINE_load_blah then calling + * ENGINE_load_builtin_engines() perhaps). + */ + ERR_pop_to_mark(); } /* diff --git a/crypto/engine/eng_rdrand.c b/crypto/engine/eng_rdrand.c index 39e4055a90..f46a514597 100644 --- a/crypto/engine/eng_rdrand.c +++ b/crypto/engine/eng_rdrand.c @@ -87,9 +87,19 @@ void engine_load_rdrand_int(void) ENGINE *toadd = ENGINE_rdrand(); if (!toadd) return; + ERR_set_mark(); ENGINE_add(toadd); + /* + * If the "add" worked, it gets a structural reference. So either way, we + * release our just-created reference. + */ ENGINE_free(toadd); - ERR_clear_error(); + /* + * If the "add" didn't work, it was probably a conflict because it was + * already added (eg. someone calling ENGINE_load_blah then calling + * ENGINE_load_builtin_engines() perhaps). + */ + ERR_pop_to_mark(); } } #else |