diff options
author | Rich Salz <rsalz@openssl.org> | 2017-04-16 21:46:31 -0400 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2017-04-16 21:46:31 -0400 |
commit | 0c44545c0f5781b1d2401b0d3c93c0376399c8e5 (patch) | |
tree | 8acfd57bda57b2299342408e78539267b1bbc3be /test/evp_test.c | |
parent | ff54cd9beb07e47c48dac02d3006b0fbe5fc6cc2 (diff) | |
download | openssl-new-0c44545c0f5781b1d2401b0d3c93c0376399c8e5.tar.gz |
Catch EC_R_UNKNOWN_GROUP in check_unsupported()
If EC support is enabled we should catch also EC_R_UNKNOWN_GROUP as an hint to
an unsupported algorithm/curve (e.g. if binary EC support is disabled).
Before this commit the issue arise for example if binary EC keys are added in
evptests.txt, and the test is run when EC is enabled but EC2m is disabled.
E.g. adding these lines to evptests.txt would reproduce the issue:
~~~
PrivateKey=KAS-ECC-CDH_K-163_C0
-----BEGIN PRIVATE KEY-----
MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAEETDBKAgEBBBUAZlO2B3OY+tx79eYBWBcB
SMPcRSehLgMsAAQHH4sod9YCfZwa3kJE8t6hJpLvI9UFwV7ndiIccrhLNHzjg/OA
Z7icPpo=
-----END PRIVATE KEY-----
PublicKey=KAS-ECC-CDH_K-163_C0-PUBLIC
-----BEGIN PUBLIC KEY-----
MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBx+LKHfWAn2cGt5CRPLeoSaS7yPVBcFe
53YiHHK4SzR844PzgGe4nD6a
-----END PUBLIC KEY-----
PublicKey=KAS-ECC-CDH_K-163_C0-Peer-PUBLIC
-----BEGIN PUBLIC KEY-----
MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBXQjbxQoxDITCUZ4Ols6q7bCfqXWB5CM
JRuNoCHLrCgfEj969PrFs9u4
-----END PUBLIC KEY-----
Derive=KAS-ECC-CDH_K-163_C0
PeerKey=KAS-ECC-CDH_K-163_C0-Peer-PUBLIC
Ctrl=ecdh_cofactor_mode:1
SharedSecret=04325bff38f1b0c83c27f554a6c972a80f14bc23bc
~~~
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3226)
Diffstat (limited to 'test/evp_test.c')
-rw-r--r-- | test/evp_test.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/test/evp_test.c b/test/evp_test.c index f9dafec23a..f99269d33d 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -469,6 +469,18 @@ static int check_unsupported() ERR_clear_error(); return 1; } +#ifndef OPENSSL_NO_EC + /* + * If EC support is enabled we should catch also EC_R_UNKNOWN_GROUP as an + * hint to an unsupported algorithm/curve (e.g. if binary EC support is + * disabled). + */ + if (ERR_GET_LIB(err) == ERR_LIB_EC + && ERR_GET_REASON(err) == EC_R_UNKNOWN_GROUP) { + ERR_clear_error(); + return 1; + } +#endif /* OPENSSL_NO_EC */ return 0; } |