[openssl] master update

shane.lontis at oracle.com shane.lontis at oracle.com
Tue Jun 1 05:31:37 UTC 2021


The branch master has been updated
       via  3c15d677054b952c707aeaf781aec42b86a54ebb (commit)
      from  9ff4b7b0c7b445bcc9b98fde9107fa9520d17f04 (commit)


- Log -----------------------------------------------------------------
commit 3c15d677054b952c707aeaf781aec42b86a54ebb
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Sat May 29 17:16:22 2021 +1000

    Fix error stack for some fetch calls.
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15532)

-----------------------------------------------------------------------

Summary of changes:
 crypto/evp/evp_pbe.c  | 7 ++++++-
 crypto/evp/p5_crpt2.c | 3 +++
 crypto/evp/p_lib.c    | 9 +++++++--
 3 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c
index 6347a0635f..129888f2f7 100644
--- a/crypto/evp/evp_pbe.c
+++ b/crypto/evp/evp_pbe.c
@@ -117,28 +117,33 @@ int EVP_PBE_CipherInit_ex(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
         passlen = strlen(pass);
 
     if (cipher_nid != -1) {
+        (void)ERR_set_mark();
         cipher = cipher_fetch = EVP_CIPHER_fetch(libctx, OBJ_nid2sn(cipher_nid), propq);
         /* Fallback to legacy method */
         if (cipher == NULL)
             cipher = EVP_get_cipherbynid(cipher_nid);
-
         if (cipher == NULL) {
+            (void)ERR_clear_last_mark();
             ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_CIPHER,
                            OBJ_nid2sn(cipher_nid));
             goto err;
         }
+        (void)ERR_pop_to_mark();
     }
 
     if (md_nid != -1) {
+        (void)ERR_set_mark();
         md = md_fetch = EVP_MD_fetch(libctx, OBJ_nid2sn(md_nid), propq);
         /* Fallback to legacy method */
         if (md == NULL)
             EVP_get_digestbynid(md_nid);
 
         if (md == NULL) {
+            (void)ERR_clear_last_mark();
             ERR_raise(ERR_LIB_EVP, EVP_R_UNKNOWN_DIGEST);
             goto err;
         }
+        (void)ERR_pop_to_mark();
     }
 
     /* Try extended keygen with libctx/propq first, fall back to legacy keygen */
diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c
index e7a2b51091..54773304fd 100644
--- a/crypto/evp/p5_crpt2.c
+++ b/crypto/evp/p5_crpt2.c
@@ -141,15 +141,18 @@ int PKCS5_v2_PBE_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
         goto err;
     }
 
+    (void)ERR_set_mark();
     cipher = cipher_fetch = EVP_CIPHER_fetch(libctx, ciph_name, propq);
     /* Fallback to legacy method */
     if (cipher == NULL)
         cipher = EVP_get_cipherbyname(ciph_name);
 
     if (cipher == NULL) {
+        (void)ERR_clear_last_mark();
         ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_CIPHER);
         goto err;
     }
+    (void)ERR_pop_to_mark();
 
     /* Fixup cipher based on AlgorithmIdentifier */
     if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de))
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 9b31c58288..d2c871179e 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -1268,10 +1268,15 @@ static int legacy_asn1_ctrl_to_param(EVP_PKEY *pkey, int op,
                 int mdnum;
                 OSSL_LIB_CTX *libctx = ossl_provider_libctx(pkey->keymgmt->prov);
                 /* Make sure the MD is in the namemap if available */
-                EVP_MD *md = EVP_MD_fetch(libctx, mdname, NULL);
-                OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx);
+                EVP_MD *md;
+                OSSL_NAMEMAP *namemap;
                 int nid = NID_undef;
 
+                (void)ERR_set_mark();
+                md = EVP_MD_fetch(libctx, mdname, NULL);
+                (void)ERR_pop_to_mark();
+                namemap = ossl_namemap_stored(libctx);
+
                 /*
                  * The only reason to fetch the MD was to make sure it is in the
                  * namemap. We can immediately free it.


More information about the openssl-commits mailing list