crypto: handle OpenSSL error queue in CipherBase

This handles all errors produced by OpenSSL within the CipherBase
class. API functions clear the error queue on return, utility
functions such as InitAuthenticated() ensure that they do not add
any new errors to the queue. Previously ignored return values are
now being CHECK'd.

Fixes: nodejs#21281
Refs: nodejs#21287

src/node_crypto.cc

@@ -2590,10 +2590,12 @@ void CipherBase::Init(const char* cipher_type,
  1,
  key,
  iv);
+ CHECK_NE(key_len, 0);
 
  ctx_.reset(EVP_CIPHER_CTX_new());
  const bool encrypt = (kind_ == kCipher);
- EVP_CipherInit_ex(ctx_.get(), cipher, nullptr, nullptr, nullptr, encrypt);
+ CHECK(EVP_CipherInit_ex(ctx_.get(), cipher, nullptr,
+ nullptr, nullptr, encrypt));
 
  int mode = EVP_CIPHER_CTX_mode(ctx_.get());
  if (encrypt && (mode == EVP_CIPH_CTR_MODE || mode == EVP_CIPH_GCM_MODE ||
@@ -2616,12 +2618,12 @@ void CipherBase::Init(const char* cipher_type,
 
  CHECK_EQ(1, EVP_CIPHER_CTX_set_key_length(ctx_.get(), key_len));
 
- EVP_CipherInit_ex(ctx_.get(),
- nullptr,
- nullptr,
- reinterpret_cast<unsigned char*>(key),
- reinterpret_cast<unsigned char*>(iv),
- encrypt);
+ CHECK(EVP_CipherInit_ex(ctx_.get(),
+  nullptr,
+  nullptr,
+  reinterpret_cast<unsigned char*>(key),
+  reinterpret_cast<unsigned char*>(iv),
+  encrypt));
 }
 
 
@@ -2686,25 +2688,27 @@ void CipherBase::InitIv(const char* cipher_type,
  EVP_CIPHER_CTX_set_flags(ctx_.get(), EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
 
  const bool encrypt = (kind_ == kCipher);
- EVP_CipherInit_ex(ctx_.get(), cipher, nullptr, nullptr, nullptr, encrypt);
+ CHECK(EVP_CipherInit_ex(ctx_.get(), cipher, nullptr,
+ nullptr, nullptr, encrypt));
 
  if (IsAuthenticatedMode()) {
  CHECK(has_iv);
  if (!InitAuthenticated(cipher_type, iv_len, auth_tag_len))
  return;
  }
 
+ ClearErrorOnReturn clear_error_on_return;
  if (!EVP_CIPHER_CTX_set_key_length(ctx_.get(), key_len)) {
  ctx_.reset();
  return env()->ThrowError("Invalid key length");
  }
 
- EVP_CipherInit_ex(ctx_.get(),
- nullptr,
- nullptr,
- reinterpret_cast<const unsigned char*>(key),
- reinterpret_cast<const unsigned char*>(iv),
- encrypt);
+ CHECK(EVP_CipherInit_ex(ctx_.get(),
+  nullptr,
+  nullptr,
+  reinterpret_cast<const unsigned char*>(key),
+  reinterpret_cast<const unsigned char*>(iv),
+  encrypt));
 }
 
 
@@ -2749,6 +2753,7 @@ static bool IsValidGCMTagLength(unsigned int tag_len) {
 bool CipherBase::InitAuthenticated(const char* cipher_type, int iv_len,
  unsigned int auth_tag_len) {
  CHECK(IsAuthenticatedMode());
+ MarkPopErrorOnReturn mark_pop_error_on_return;
 
  if (!EVP_CIPHER_CTX_ctrl(ctx_.get(),
  EVP_CTRL_AEAD_SET_IVLEN,
@@ -2893,6 +2898,7 @@ void CipherBase::SetAuthTag(const FunctionCallbackInfo<Value>& args) {
 bool CipherBase::SetAAD(const char* data, unsigned int len, int plaintext_len) {
  if (!ctx_ || !IsAuthenticatedMode())
  return false;
+ ClearErrorOnReturn clear_error_on_return;
 
  int outlen;
  const int mode = EVP_CIPHER_CTX_mode(ctx_.get());
@@ -2952,6 +2958,7 @@ CipherBase::UpdateResult CipherBase::Update(const char* data,
  int* out_len) {
  if (!ctx_)
  return kErrorState;
+ ClearErrorOnReturn clear_error_on_return;
 
  const int mode = EVP_CIPHER_CTX_mode(ctx_.get());
 
@@ -2963,10 +2970,10 @@ CipherBase::UpdateResult CipherBase::Update(const char* data,
  // on first update:
  if (kind_ == kDecipher && IsAuthenticatedMode() && auth_tag_len_ > 0 &&
  auth_tag_len_ != kNoAuthTagLength && !auth_tag_set_) {
- EVP_CIPHER_CTX_ctrl(ctx_.get(),
- EVP_CTRL_GCM_SET_TAG,
- auth_tag_len_,
- reinterpret_cast<unsigned char*>(auth_tag_));
+ CHECK(EVP_CIPHER_CTX_ctrl(ctx_.get(),
+  EVP_CTRL_GCM_SET_TAG,
+  auth_tag_len_,
+  reinterpret_cast<unsigned char*>(auth_tag_)));
  auth_tag_set_ = true;
  }
 
@@ -3044,6 +3051,7 @@ void CipherBase::Update(const FunctionCallbackInfo<Value>& args) {
 bool CipherBase::SetAutoPadding(bool auto_padding) {
  if (!ctx_)
  return false;
+ ClearErrorOnReturn clear_error_on_return;
  return EVP_CIPHER_CTX_set_padding(ctx_.get(), auto_padding);
 }