The branch master has been updated via 3c15d677054b952c707aeaf781aec42b86a54ebb (commit) from 9ff4b7b0c7b445bcc9b98fde9107fa9520d17f04 (commit)
- Log ----------------------------------------------------------------- commit 3c15d677054b952c707aeaf781aec42b86a54ebb Author: Shane Lontis <shane.lon...@oracle.com> Date: Sat May 29 17:16:22 2021 +1000 Fix error stack for some fetch calls. Reviewed-by: Richard Levitte <levi...@openssl.org> Reviewed-by: Paul Dale <pa...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15532) ----------------------------------------------------------------------- Summary of changes: crypto/evp/evp_pbe.c | 7 ++++++- crypto/evp/p5_crpt2.c | 3 +++ crypto/evp/p_lib.c | 9 +++++++-- 3 files changed, 16 insertions(+), 3 deletions(-) diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c index 6347a0635f..129888f2f7 100644 --- a/crypto/evp/evp_pbe.c +++ b/crypto/evp/evp_pbe.c @@ -117,28 +117,33 @@ int EVP_PBE_CipherInit_ex(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, passlen = strlen(pass); if (cipher_nid != -1) { + (void)ERR_set_mark(); cipher = cipher_fetch = EVP_CIPHER_fetch(libctx, OBJ_nid2sn(cipher_nid), propq); /* Fallback to legacy method */ if (cipher == NULL) cipher = EVP_get_cipherbynid(cipher_nid); - if (cipher == NULL) { + (void)ERR_clear_last_mark(); ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_CIPHER, OBJ_nid2sn(cipher_nid)); goto err; } + (void)ERR_pop_to_mark(); } if (md_nid != -1) { + (void)ERR_set_mark(); md = md_fetch = EVP_MD_fetch(libctx, OBJ_nid2sn(md_nid), propq); /* Fallback to legacy method */ if (md == NULL) EVP_get_digestbynid(md_nid); if (md == NULL) { + (void)ERR_clear_last_mark(); ERR_raise(ERR_LIB_EVP, EVP_R_UNKNOWN_DIGEST); goto err; } + (void)ERR_pop_to_mark(); } /* Try extended keygen with libctx/propq first, fall back to legacy keygen */ diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c index e7a2b51091..54773304fd 100644 --- a/crypto/evp/p5_crpt2.c +++ b/crypto/evp/p5_crpt2.c @@ -141,15 +141,18 @@ int PKCS5_v2_PBE_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, goto err; } + (void)ERR_set_mark(); cipher = cipher_fetch = EVP_CIPHER_fetch(libctx, ciph_name, propq); /* Fallback to legacy method */ if (cipher == NULL) cipher = EVP_get_cipherbyname(ciph_name); if (cipher == NULL) { + (void)ERR_clear_last_mark(); ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_CIPHER); goto err; } + (void)ERR_pop_to_mark(); /* Fixup cipher based on AlgorithmIdentifier */ if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de)) diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 9b31c58288..d2c871179e 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -1268,10 +1268,15 @@ static int legacy_asn1_ctrl_to_param(EVP_PKEY *pkey, int op, int mdnum; OSSL_LIB_CTX *libctx = ossl_provider_libctx(pkey->keymgmt->prov); /* Make sure the MD is in the namemap if available */ - EVP_MD *md = EVP_MD_fetch(libctx, mdname, NULL); - OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx); + EVP_MD *md; + OSSL_NAMEMAP *namemap; int nid = NID_undef; + (void)ERR_set_mark(); + md = EVP_MD_fetch(libctx, mdname, NULL); + (void)ERR_pop_to_mark(); + namemap = ossl_namemap_stored(libctx); + /* * The only reason to fetch the MD was to make sure it is in the * namemap. We can immediately free it.