From 386e88d0e4bd7a56a93213932f2761f87ef6eee8 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Tue, 11 Jul 2023 13:44:55 +1000
Subject: [PATCH] Clear OpenSSL errors on EVP_PKEY_get0_EC_KEY failures

(cherry picked from commit abd8c035923a8f8c34324b707e09e85d375a8eee)
---
 lib/dns/opensslecdsa_link.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/dns/opensslecdsa_link.c b/lib/dns/opensslecdsa_link.c
index d468492f3d..5f24967db1 100644
--- a/lib/dns/opensslecdsa_link.c
+++ b/lib/dns/opensslecdsa_link.c
@@ -439,8 +439,10 @@ opensslecdsa_compare(const dst_key_t *key1, const dst_key_t *key2) {
 	eckey1 = EVP_PKEY_get1_EC_KEY(pkey1);
 	eckey2 = EVP_PKEY_get1_EC_KEY(pkey2);
 	if (eckey1 == NULL && eckey2 == NULL) {
+		ERR_clear_error();
 		DST_RET(true);
 	} else if (eckey1 == NULL || eckey2 == NULL) {
+		ERR_clear_error();
 		DST_RET(false);
 	}
 	priv1 = EC_KEY_get0_private_key(eckey1);
@@ -616,6 +618,8 @@ opensslecdsa_isprivate(const dst_key_t *key) {
 	ret = (eckey != NULL && EC_KEY_get0_private_key(eckey) != NULL);
 	if (eckey != NULL) {
 		EC_KEY_free(eckey);
+	} else {
+		ERR_clear_error();
 	}
 #else
 	ret = (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_PRIV_KEY, &priv) ==