From ebd9addcd11034b7415e937c1c49857a1f61395b Mon Sep 17 00:00:00 2001
From: Fedor Indutny <fedor@indutny.com>
Date: Thu, 14 Jan 2016 04:35:04 -0500
Subject: [PATCH] crypto: clear error stack in ECDH::Initialize

Clean up OpenSSL error stack in `ECDH::Initialize`, some curves have
faulty implementations that are leaving dangling errors after
initializing the curve.

Fix: #4686
PR-URL: https://github.com/nodejs/node/pull/4689
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
---
 src/node_crypto.cc              | 2 ++
 test/parallel/test-crypto-dh.js | 5 +++++
 2 files changed, 7 insertions(+)

diff --git a/src/node_crypto.cc b/src/node_crypto.cc
index 35a0687b9f95ec..700e658417d2aa 100644
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@@ -4678,6 +4678,8 @@ void ECDH::Initialize(Environment* env, Local<Object> target) {
 void ECDH::New(const FunctionCallbackInfo<Value>& args) {
   Environment* env = Environment::GetCurrent(args);
 
+  MarkPopErrorOnReturn mark_pop_error_on_return;
+
   // TODO(indutny): Support raw curves?
   CHECK(args[0]->IsString());
   node::Utf8Value curve(env->isolate(), args[0]);
diff --git a/test/parallel/test-crypto-dh.js b/test/parallel/test-crypto-dh.js
index a1e8fb1d7da4ac..68394dd9bcaff9 100644
--- a/test/parallel/test-crypto-dh.js
+++ b/test/parallel/test-crypto-dh.js
@@ -159,6 +159,11 @@ secret2 = ecdh2.computeSecret(key1, 'binary', 'buffer');
 
 assert.equal(secret1, secret2.toString('base64'));
 
+// Oakley curves do not clean up ERR stack, it was causing unexpected failure
+// when accessing other OpenSSL APIs afterwards.
+crypto.createECDH('Oakley-EC2N-3');
+crypto.createHash('sha256');
+
 // Point formats
 assert.equal(ecdh1.getPublicKey('buffer', 'uncompressed')[0], 4);
 let firstByte = ecdh1.getPublicKey('buffer', 'compressed')[0];