[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Rich Salz rsalz at openssl.org
Mon Apr 17 01:55:40 UTC 2017 

The branch OpenSSL_1_1_0-stable has been updated
       via  dca39445fc4ef95adc46d0ba33491934adfbef77 (commit)
      from  cece12299b3163857a65c384885b91a9c7de93b8 (commit)


- Log -----------------------------------------------------------------
commit dca39445fc4ef95adc46d0ba33491934adfbef77
Author: Rich Salz <rsalz at openssl.org>
Date:   Sun Apr 16 21:46:31 2017 -0400

    Catch EC_R_UNKNOWN_GROUP in check_unsupported()
    
    If EC support is enabled we should catch also EC_R_UNKNOWN_GROUP as an hint to
    an unsupported algorithm/curve (e.g. if binary EC support is disabled).
    
    Before this commit the issue arise for example if binary EC keys are added in
    evptests.txt, and the test is run when EC is enabled but EC2m is disabled.
    
    E.g. adding these lines to evptests.txt would reproduce the issue:
    
    ~~~
    
    PrivateKey=KAS-ECC-CDH_K-163_C0
    -----BEGIN PRIVATE KEY-----
    MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAEETDBKAgEBBBUAZlO2B3OY+tx79eYBWBcB
    SMPcRSehLgMsAAQHH4sod9YCfZwa3kJE8t6hJpLvI9UFwV7ndiIccrhLNHzjg/OA
    Z7icPpo=
    -----END PRIVATE KEY-----
    
    PublicKey=KAS-ECC-CDH_K-163_C0-PUBLIC
    -----BEGIN PUBLIC KEY-----
    MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBx+LKHfWAn2cGt5CRPLeoSaS7yPVBcFe
    53YiHHK4SzR844PzgGe4nD6a
    -----END PUBLIC KEY-----
    
    PublicKey=KAS-ECC-CDH_K-163_C0-Peer-PUBLIC
    -----BEGIN PUBLIC KEY-----
    MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBXQjbxQoxDITCUZ4Ols6q7bCfqXWB5CM
    JRuNoCHLrCgfEj969PrFs9u4
    -----END PUBLIC KEY-----
    
    Derive=KAS-ECC-CDH_K-163_C0
    PeerKey=KAS-ECC-CDH_K-163_C0-Peer-PUBLIC
    Ctrl=ecdh_cofactor_mode:1
    SharedSecret=04325bff38f1b0c83c27f554a6c972a80f14bc23bc
    
    ~~~
    
    Reviewed-by: Andy Polyakov <appro at openssl.org>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/3226)
    
    (cherry picked from commit 0c44545c0f5781b1d2401b0d3c93c0376399c8e5)

-----------------------------------------------------------------------

Summary of changes:
 test/evp_test.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/test/evp_test.c b/test/evp_test.c
index 41cbe11..d52bbfe 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -469,6 +469,18 @@ static int check_unsupported()
         ERR_clear_error();
         return 1;
     }
+#ifndef OPENSSL_NO_EC
+    /*
+     * If EC support is enabled we should catch also EC_R_UNKNOWN_GROUP as an
+     * hint to an unsupported algorithm/curve (e.g. if binary EC support is
+     * disabled).
+     */
+    if (ERR_GET_LIB(err) == ERR_LIB_EC
+        && ERR_GET_REASON(err) == EC_R_UNKNOWN_GROUP) {
+        ERR_clear_error();
+        return 1;
+    }
+#endif /* OPENSSL_NO_EC */
     return 0;
 }

More information about the openssl-commits mailing list