Commit 35868991d1 for openssl.org

commit 35868991d148b0e054d972d3874d4d6f6def4e8d
Author: Tomas Mraz <tomas@openssl.foundation>
Date:   Thu Apr 2 11:08:56 2026 +0200

    evp_test.c: Check error stack for new errors and not stale ones

    The error stack might have stale entries but
    we are interested only in those coming from the
    EVP call being tested.

    Fixes #30454

    Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
    Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
    MergeDate: Fri Apr  3 15:49:52 2026
    (Merged from https://github.com/openssl/openssl/pull/30669)

diff --git a/test/evp_test.c b/test/evp_test.c
index 9fcd018cca..ef359a72ef 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -1273,18 +1273,23 @@ static int cipher_test_enc(EVP_TEST *t, int enc, size_t out_misalign,
     if (expected->iv != NULL) {
         /* Some (e.g., GCM) tests use IVs longer than EVP_MAX_IV_LENGTH. */
         unsigned char iv[128];
+
+        ERR_set_mark();
         if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx_base, iv, sizeof(iv)))
             || ((EVP_CIPHER_get_flags(expected->cipher) & EVP_CIPH_CUSTOM_IV) == 0
                 && !TEST_mem_eq(expected->iv, expected->iv_len, iv,
                     expected->iv_len))) {
             t->err = "INVALID_IV";
+            ERR_clear_last_mark();
             goto err;
         } else {
-            if (fips_no_silent_error && !TEST_false(ERR_peek_error())) {
+            if (fips_no_silent_error && !TEST_int_eq(ERR_count_to_mark(), 0)) {
                 t->err = "GET_UPDATED_IV_SILENT_ERROR";
+                ERR_clear_last_mark();
                 goto err;
             }
         }
+        ERR_clear_last_mark();
     }

     /* Test that the cipher dup functions correctly if it is supported */
@@ -1571,17 +1576,21 @@ static int cipher_test_enc(EVP_TEST *t, int enc, size_t out_misalign,
     if (expected->next_iv != NULL) {
         /* Some (e.g., GCM) tests use IVs longer than EVP_MAX_IV_LENGTH. */
         unsigned char iv[128];
+        ERR_set_mark();
         if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
             || !TEST_mem_eq(expected->next_iv, expected->iv_len, iv,
                 expected->iv_len)) {
             t->err = "INVALID_NEXT_IV";
+            ERR_clear_last_mark();
             goto err;
         } else {
-            if (fips_no_silent_error && !TEST_false(ERR_peek_error())) {
+            if (fips_no_silent_error && !TEST_int_eq(ERR_count_to_mark(), 0)) {
                 t->err = "GET_UPDATED_IV_SILENT_ERROR";
+                ERR_clear_last_mark();
                 goto err;
             }
         }
+        ERR_clear_last_mark();
     }

     t->err = NULL;