From 8529be30bbbb65f8e1661466cd5c3bab2422d7a7 Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Tue, 11 Jul 2023 14:00:29 +1000 Subject: [PATCH] Clear OpenSSL errors on EVP_MD_CTX_create failures --- lib/dns/opensslecdsa_link.c | 2 +- lib/dns/opensslrsa_link.c | 2 +- util/gen-eddsa-vectors.c | 8 ++++++++ util/gen-rsa-sha-vectors.c | 6 ++++++ 4 files changed, 16 insertions(+), 2 deletions(-) diff --git a/lib/dns/opensslecdsa_link.c b/lib/dns/opensslecdsa_link.c index 0c6dd0200f..0dcbc8544e 100644 --- a/lib/dns/opensslecdsa_link.c +++ b/lib/dns/opensslecdsa_link.c @@ -571,7 +571,7 @@ opensslecdsa_createctx(dst_key_t *key, dst_context_t *dctx) { evp_md_ctx = EVP_MD_CTX_create(); if (evp_md_ctx == NULL) { - DST_RET(ISC_R_NOMEMORY); + DST_RET(dst__openssl_toresult(ISC_R_NOMEMORY)); } if (dctx->key->key_alg == DST_ALG_ECDSA256) { type = EVP_sha256(); diff --git a/lib/dns/opensslrsa_link.c b/lib/dns/opensslrsa_link.c index 79cae64add..384ee2a963 100644 --- a/lib/dns/opensslrsa_link.c +++ b/lib/dns/opensslrsa_link.c @@ -196,7 +196,7 @@ opensslrsa_createctx(dst_key_t *key, dst_context_t *dctx) { evp_md_ctx = EVP_MD_CTX_create(); if (evp_md_ctx == NULL) { - return (ISC_R_NOMEMORY); + return (dst__openssl_toresult(ISC_R_NOMEMORY)); } switch (dctx->key->key_alg) { diff --git a/util/gen-eddsa-vectors.c b/util/gen-eddsa-vectors.c index 12faa36008..023951cd4c 100644 --- a/util/gen-eddsa-vectors.c +++ b/util/gen-eddsa-vectors.c @@ -39,17 +39,20 @@ main() { EVP_MD_CTX *evp_md_ctx = EVP_MD_CTX_create(); if (ctx == NULL || evp_md_ctx == NULL) { + ERR_clear_error(); return (1); } if (EVP_PKEY_keygen_init(ctx) != 1 || EVP_PKEY_keygen(ctx, &pkey) != 1 || pkey == NULL) { + ERR_clear_error(); return (1); } bytes = sizeof(buf); if (EVP_PKEY_get_raw_public_key(pkey, buf, &bytes) != 1) { + ERR_clear_error(); return (1); } @@ -64,6 +67,7 @@ main() { EVP_DigestSign(evp_md_ctx, buf, &bytes, (const unsigned char *)"test", 4) != 1) { + ERR_clear_error(); return (1); } @@ -80,17 +84,20 @@ main() { ctx = EVP_PKEY_CTX_new_id(NID_ED448, NULL); evp_md_ctx = EVP_MD_CTX_create(); if (ctx == NULL || evp_md_ctx == NULL) { + ERR_clear_error(); return (1); } if (EVP_PKEY_keygen_init(ctx) != 1 || EVP_PKEY_keygen(ctx, &pkey) != 1 || pkey == NULL) { + ERR_clear_error(); return (1); } bytes = sizeof(buf); if (EVP_PKEY_get_raw_public_key(pkey, buf, &bytes) != 1) { + ERR_clear_error(); return (1); } @@ -105,6 +112,7 @@ main() { EVP_DigestSign(evp_md_ctx, buf, &bytes, (const unsigned char *)"test", 4) != 1) { + ERR_clear_error(); return (1); } diff --git a/util/gen-rsa-sha-vectors.c b/util/gen-rsa-sha-vectors.c index 7f76036b84..4d4d5137a5 100644 --- a/util/gen-rsa-sha-vectors.c +++ b/util/gen-rsa-sha-vectors.c @@ -51,6 +51,7 @@ main() { unsigned int siglen = sizeof(buf); if (e == NULL || n == NULL || ctx == NULL || evp_md_ctx == NULL) { + ERR_clear_error(); return (1); } @@ -62,11 +63,13 @@ main() { EVP_PKEY_CTX_set1_rsa_keygen_pubexp(ctx, e) != 1 || EVP_PKEY_keygen(ctx, &pkey) != 1 || pkey == NULL) { + ERR_clear_error(); return (1); } EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_N, &n); if (n == NULL) { + ERR_clear_error(); return (1); } @@ -90,6 +93,7 @@ main() { EVP_DigestUpdate(evp_md_ctx, "test", 4) != 1 || EVP_SignFinal(evp_md_ctx, buf, &siglen, pkey) != 1) { + ERR_clear_error(); return (1); } bytes = siglen; @@ -103,6 +107,7 @@ main() { EVP_DigestUpdate(evp_md_ctx, "test", 4) != 1 || EVP_SignFinal(evp_md_ctx, buf, &siglen, pkey) != 1) { + ERR_clear_error(); return (1); } bytes = siglen; @@ -116,6 +121,7 @@ main() { EVP_DigestUpdate(evp_md_ctx, "test", 4) != 1 || EVP_SignFinal(evp_md_ctx, buf, &siglen, pkey) != 1) { + ERR_clear_error(); return (1); } bytes = siglen;