Clear the OpenSSL error queue before cryptohash operations

Setting up an EVP context for ciphers banned under FIPS generate two OpenSSL errors in the queue, and as we only consume one from the queue the other is at the head for the next invocation: postgres=# select md5('foo'); ERROR: could not compute MD5 hash: unsupported postgres=# select md5('foo'); ERROR: could not compute MD5 hash: initialization error Clearing the error queue when creating the context ensures that we don't pull in an error from an earlier operation. Discussion: https://postgr.es/m/[email protected]
author: Daniel Gustafsson 2022-05-06 12:41:31 +0000
committer: Daniel Gustafsson 2022-05-06 12:41:31 +0000
commit: 17ec5fa502d299b1919b1afacda839fb7d8206ad (patch)
tree: bccfedf100f58ba986f7fec0203837a8f6f58e87 /src/common/hmac_openssl.c
parent: 59a32f00937c85fe944cf1fac3e8b98d091e2bc6 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/src/common/hmac_openssl.c b/src/common/hmac_openssl.c
index 44f36d51dcb..8874d6a240c 100644
--- a/src/common/hmac_openssl.c
+++ b/src/common/hmac_openssl.c
@@ -106,9 +106,13 @@ pg_hmac_create(pg_cryptohash_type type)
 	ctx->error = PG_HMAC_ERROR_NONE;
 	ctx->errreason = NULL;
 
+
 	/*
 	 * Initialization takes care of assigning the correct type for OpenSSL.
+	 * Also ensure that there aren't any unconsumed errors in the queue from
+	 * previous runs.
 	 */
+	ERR_clear_error();
 #ifdef HAVE_HMAC_CTX_NEW
 #ifndef FRONTEND
 	ResourceOwnerEnlargeHMAC(CurrentResourceOwner);
author	Daniel Gustafsson	2022-05-06 12:41:31 +0000
committer	Daniel Gustafsson	2022-05-06 12:41:31 +0000
commit	17ec5fa502d299b1919b1afacda839fb7d8206ad (patch)
tree	bccfedf100f58ba986f7fec0203837a8f6f58e87 /src/common/hmac_openssl.c
parent	59a32f00937c85fe944cf1fac3e8b98d091e2bc6 (diff)