crypto: clear openssl error stack after en/decrypt

src/node_crypto.cc

@@ -5026,6 +5026,7 @@ template <PublicKeyCipher::Operation operation,
           PublicKeyCipher::EVP_PKEY_cipher_init_t EVP_PKEY_cipher_init,
           PublicKeyCipher::EVP_PKEY_cipher_t EVP_PKEY_cipher>
 void PublicKeyCipher::Cipher(const FunctionCallbackInfo<Value>& args) {
+  MarkPopErrorOnReturn mark_pop_error_on_return;
   Environment* env = Environment::GetCurrent(args);
 
   unsigned int offset = 0;
@@ -5056,8 +5057,6 @@ void PublicKeyCipher::Cipher(const FunctionCallbackInfo<Value>& args) {
 
   AllocatedBuffer out;
 
-  ClearErrorOnReturn clear_error_on_return;
-
   bool r = Cipher<operation, EVP_PKEY_cipher_init, EVP_PKEY_cipher>(
       env,
       pkey,

test/parallel/test-crypto-private-decrypt-gh32240.js

@@ -0,0 +1,38 @@
+'use strict';
+
+// Verify that privateDecrypt() does not leave an error on the
+// openssl error stack that is visible to subsequent operations.
+
+const common = require('../common');
+if (!common.hasCrypto)
+  common.skip('missing crypto');
+
+const assert = require('assert');
+const {
+  generateKeyPairSync,
+  publicEncrypt,
+  privateDecrypt,
+} = require('crypto');
+
+const pair = generateKeyPairSync('rsa', { modulusLength: 512 });
+
+const expected = Buffer.from('shibboleth');
+const encrypted = publicEncrypt(pair.publicKey, expected);
+
+const pkey = pair.privateKey.export({ type: 'pkcs1', format: 'pem' });
+const pkeyEncrypted =
+  pair.privateKey.export({
+    type: 'pkcs1',
+    format: 'pem',
+    cipher: 'aes128',
+    passphrase: 'secret',
+  });
+
+function decrypt(key) {
+  const decrypted = privateDecrypt(key, encrypted);
+  assert.deepStrictEqual(decrypted, expected);
+}
+
+decrypt(pkey);
+assert.throws(() => decrypt(pkeyEncrypted), { code: 'ERR_MISSING_PASSPHRASE' });
+decrypt(pkey);  // Should not throw.