aboutsummaryrefslogtreecommitdiff
path: root/src/common/cryptohash_openssl.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/common/cryptohash_openssl.c')
-rw-r--r--src/common/cryptohash_openssl.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/src/common/cryptohash_openssl.c b/src/common/cryptohash_openssl.c
index 6c98f1cf95a..8e76ffdee99 100644
--- a/src/common/cryptohash_openssl.c
+++ b/src/common/cryptohash_openssl.c
@@ -117,7 +117,10 @@ pg_cryptohash_create(pg_cryptohash_type type)
/*
* Initialization takes care of assigning the correct type for OpenSSL.
+ * Also ensure that there aren't any unconsumed errors in the queue from
+ * previous runs.
*/
+ ERR_clear_error();
ctx->evpctx = EVP_MD_CTX_create();
if (ctx->evpctx == NULL)
@@ -182,6 +185,12 @@ pg_cryptohash_init(pg_cryptohash_ctx *ctx)
{
ctx->errreason = SSLerrmessage(ERR_get_error());
ctx->error = PG_CRYPTOHASH_ERROR_OPENSSL;
+ /*
+ * The OpenSSL error queue should normally be empty since we've
+ * consumed an error, but cipher initialization can in FIPS-enabled
+ * OpenSSL builds generate two errors so clear the queue here as well.
+ */
+ ERR_clear_error();
return -1;
}
return 0;
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-01 04:02:32 +0000