Since we're falling back to legacy, this isn't an error any more.
Among others the failed EVP_KEYMGMT_fetch() error shadows other errors
produced by the legacy code, which disrupts our test/evp_test runs.
We use the error stack mark to restore the error stack just right,
i.e. ERR_set_mark(), ERR_clear_last_mark() and ERR_pop_to_mark()
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/10803)
evp_pkey_ctx_free_old_ops(ctx);
ctx->operation = EVP_PKEY_OP_DERIVE;
+ /*
+ * TODO when we stop falling back to legacy, this and the ERR_pop_to_mark()
+ * calls can be removed.
+ */
+ ERR_set_mark();
+
if (ctx->engine != NULL || ctx->keytype == NULL)
goto legacy;
if (provkey == NULL)
goto legacy;
if (!EVP_KEYMGMT_up_ref(tmp_keymgmt)) {
+ ERR_clear_last_mark();
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
goto err;
}
|| (EVP_KEYMGMT_provider(ctx->keymgmt)
!= EVP_KEYEXCH_provider(exchange))) {
/*
- * We don't have the full support we need with provided methods,
- * let's go see if legacy does. Also, we don't need to free
- * ctx->keymgmt here, as it's not necessarily tied to this
- * operation. It will be freed by EVP_PKEY_CTX_free().
+ * We don't need to free ctx->keymgmt here, as it's not necessarily
+ * tied to this operation. It will be freed by EVP_PKEY_CTX_free().
*/
EVP_KEYEXCH_free(exchange);
goto legacy;
}
+ /*
+ * TODO remove this when legacy is gone
+ * If we don't have the full support we need with provided methods,
+ * let's go see if legacy does.
+ */
+ ERR_pop_to_mark();
+
+ /* No more legacy from here down to legacy: */
ctx->op.kex.exchange = exchange;
ctx->op.kex.exchprovctx = exchange->newctx(ossl_provider_ctx(exchange->prov));
return 0;
legacy:
+ /*
+ * TODO remove this when legacy is gone
+ * If we don't have the full support we need with provided methods,
+ * let's go see if legacy does.
+ */
+ ERR_pop_to_mark();
+
if (ctx->pmeth == NULL || ctx->pmeth->derive == NULL) {
EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
return -2;
locpctx = ctx->pctx;
evp_pkey_ctx_free_old_ops(locpctx);
+ /*
+ * TODO when we stop falling back to legacy, this and the ERR_pop_to_mark()
+ * calls can be removed.
+ */
+ ERR_set_mark();
+
if (locpctx->keytype == NULL)
goto legacy;
if (provkey == NULL)
goto legacy;
if (!EVP_KEYMGMT_up_ref(tmp_keymgmt)) {
+ ERR_clear_last_mark();
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
goto err;
}
|| (EVP_KEYMGMT_provider(locpctx->keymgmt)
!= EVP_SIGNATURE_provider(signature))) {
/*
- * We don't have the full support we need with provided methods,
- * let's go see if legacy does. Also, we don't need to free
- * ctx->keymgmt here, as it's not necessarily tied to this
- * operation. It will be freed by EVP_PKEY_CTX_free().
+ * We don't need to free ctx->keymgmt here, as it's not necessarily
+ * tied to this operation. It will be freed by EVP_PKEY_CTX_free().
*/
EVP_SIGNATURE_free(signature);
goto legacy;
}
+ /*
+ * TODO remove this when legacy is gone
+ * If we don't have the full support we need with provided methods,
+ * let's go see if legacy does.
+ */
+ ERR_pop_to_mark();
+
/* No more legacy from here down to legacy: */
locpctx->op.sig.signature = signature;
return 0;
legacy:
+ /*
+ * TODO remove this when legacy is gone
+ * If we don't have the full support we need with provided methods,
+ * let's go see if legacy does.
+ */
+ ERR_pop_to_mark();
+
if (ctx->pctx->pmeth == NULL) {
EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
return 0;
evp_pkey_ctx_free_old_ops(ctx);
ctx->operation = operation;
+ /*
+ * TODO when we stop falling back to legacy, this and the ERR_pop_to_mark()
+ * calls can be removed.
+ */
+ ERR_set_mark();
+
if (ctx->keytype == NULL || ctx->engine != NULL)
goto legacy;
&tmp_keymgmt, ctx->propquery, 0);
if (provkey == NULL)
goto legacy;
- EVP_KEYMGMT_up_ref(tmp_keymgmt);
+ if (!EVP_KEYMGMT_up_ref(tmp_keymgmt)) {
+ ERR_clear_last_mark();
+ ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
+ goto err;
+ }
EVP_KEYMGMT_free(ctx->keymgmt);
ctx->keymgmt = tmp_keymgmt;
|| (EVP_KEYMGMT_provider(ctx->keymgmt)
!= EVP_ASYM_CIPHER_provider(cipher))) {
/*
- * We don't have the full support we need with provided methods,
- * let's go see if legacy does. Also, we don't need to free
- * ctx->keymgmt here, as it's not necessarily tied to this
- * operation. It will be freed by EVP_PKEY_CTX_free().
+ * We don't need to free ctx->keymgmt here, as it's not necessarily
+ * tied to this operation. It will be freed by EVP_PKEY_CTX_free().
*/
EVP_ASYM_CIPHER_free(cipher);
goto legacy;
}
+ /*
+ * TODO remove this when legacy is gone
+ * If we don't have the full support we need with provided methods,
+ * let's go see if legacy does.
+ */
+ ERR_pop_to_mark();
+
+ /* No more legacy from here down to legacy: */
+
ctx->op.ciph.cipher = cipher;
ctx->op.ciph.ciphprovctx = cipher->newctx(ossl_provider_ctx(cipher->prov));
if (ctx->op.ciph.ciphprovctx == NULL) {
return 1;
legacy:
+ /*
+ * TODO remove this when legacy is gone
+ * If we don't have the full support we need with provided methods,
+ * let's go see if legacy does.
+ */
+ ERR_pop_to_mark();
+
if (ctx->pmeth == NULL || ctx->pmeth->encrypt == NULL) {
EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
return -2;
evp_pkey_ctx_free_old_ops(ctx);
ctx->operation = operation;
+ /*
+ * TODO when we stop falling back to legacy, this and the ERR_pop_to_mark()
+ * calls can be removed.
+ */
+ ERR_set_mark();
+
if (ctx->keytype == NULL)
goto legacy;
if (provkey == NULL)
goto legacy;
if (!EVP_KEYMGMT_up_ref(tmp_keymgmt)) {
+ ERR_clear_last_mark();
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
goto err;
}
|| (EVP_KEYMGMT_provider(ctx->keymgmt)
!= EVP_SIGNATURE_provider(signature))) {
/*
- * We don't have the full support we need with provided methods,
- * let's go see if legacy does. Also, we don't need to free
- * ctx->keymgmt here, as it's not necessarily tied to this
- * operation. It will be freed by EVP_PKEY_CTX_free().
+ * We don't need to free ctx->keymgmt here, as it's not necessarily
+ * tied to this operation. It will be freed by EVP_PKEY_CTX_free().
*/
EVP_SIGNATURE_free(signature);
goto legacy;
}
+ /*
+ * TODO remove this when legacy is gone
+ * If we don't have the full support we need with provided methods,
+ * let's go see if legacy does.
+ */
+ ERR_pop_to_mark();
+
+ /* No more legacy from here down to legacy: */
+
ctx->op.sig.signature = signature;
ctx->op.sig.sigprovctx = signature->newctx(ossl_provider_ctx(signature->prov));
if (ctx->op.sig.sigprovctx == NULL) {
return 1;
legacy:
+ /*
+ * TODO remove this when legacy is gone
+ * If we don't have the full support we need with provided methods,
+ * let's go see if legacy does.
+ */
+ ERR_pop_to_mark();
+
if (ctx->pmeth == NULL
|| (operation == EVP_PKEY_OP_SIGN && ctx->pmeth->sign == NULL)
|| (operation == EVP_PKEY_OP_VERIFY && ctx->pmeth->verify == NULL)
projects / oweals / openssl.git / commitdiff