summaryrefslogtreecommitdiffstats
path: root/crypto/evp/m_sigver.c
diff options
context:
space:
mode:
authorRichard Levitte <levitte@openssl.org>2020-01-10 17:50:03 +0100
committerRichard Levitte <levitte@openssl.org>2020-01-21 14:05:39 +0100
commit0b9dd3842f9bbe7a7c290187056a96827d848f52 (patch)
tree9f693c50a02aedffdc2e0090aa5287917dd57453 /crypto/evp/m_sigver.c
parentFix unwind info in crypto/rc4/asm/rc4-x86_64.pl (diff)
downloadopenssl-0b9dd3842f9bbe7a7c290187056a96827d848f52.tar.xz
openssl-0b9dd3842f9bbe7a7c290187056a96827d848f52.zip
EVP: clear error when falling back from failed EVP_KEYMGMT_fetch()
Since we're falling back to legacy, this isn't an error any more. Among others the failed EVP_KEYMGMT_fetch() error shadows other errors produced by the legacy code, which disrupts our test/evp_test runs. We use the error stack mark to restore the error stack just right, i.e. ERR_set_mark(), ERR_clear_last_mark() and ERR_pop_to_mark() Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/10803)
Diffstat (limited to 'crypto/evp/m_sigver.c')
-rw-r--r--crypto/evp/m_sigver.c27
1 files changed, 23 insertions, 4 deletions
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
index 20c0a1ad59..79099b1e35 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -54,6 +54,12 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
locpctx = ctx->pctx;
evp_pkey_ctx_free_old_ops(locpctx);
+ /*
+ * TODO when we stop falling back to legacy, this and the ERR_pop_to_mark()
+ * calls can be removed.
+ */
+ ERR_set_mark();
+
if (locpctx->keytype == NULL)
goto legacy;
@@ -80,6 +86,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
if (provkey == NULL)
goto legacy;
if (!EVP_KEYMGMT_up_ref(tmp_keymgmt)) {
+ ERR_clear_last_mark();
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
goto err;
}
@@ -108,15 +115,20 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|| (EVP_KEYMGMT_provider(locpctx->keymgmt)
!= EVP_SIGNATURE_provider(signature))) {
/*
- * We don't have the full support we need with provided methods,
- * let's go see if legacy does. Also, we don't need to free
- * ctx->keymgmt here, as it's not necessarily tied to this
- * operation. It will be freed by EVP_PKEY_CTX_free().
+ * We don't need to free ctx->keymgmt here, as it's not necessarily
+ * tied to this operation. It will be freed by EVP_PKEY_CTX_free().
*/
EVP_SIGNATURE_free(signature);
goto legacy;
}
+ /*
+ * TODO remove this when legacy is gone
+ * If we don't have the full support we need with provided methods,
+ * let's go see if legacy does.
+ */
+ ERR_pop_to_mark();
+
/* No more legacy from here down to legacy: */
locpctx->op.sig.signature = signature;
@@ -164,6 +176,13 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
return 0;
legacy:
+ /*
+ * TODO remove this when legacy is gone
+ * If we don't have the full support we need with provided methods,
+ * let's go see if legacy does.
+ */
+ ERR_pop_to_mark();
+
if (ctx->pctx->pmeth == NULL) {
EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
return 0;