From: Nicola Tuveri <nic.tuv@gmail.com>
Date: Fri, 7 Oct 2016 14:23:17 +0000 (+0300)
Subject: Handle "int_ctx_new:unsupported algorithm" error
X-Git-Tag: OpenSSL_1_1_1-pre1~3010
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=86ff6cc6b2f2718fadbdc2a2c7add51949bcd4a4;p=oweals%2Fopenssl.git

Handle "int_ctx_new:unsupported algorithm" error

Calling EVP_PKEY_CTX_new_id(curve_NID, NULL) causes an error for most
curves that are implemented through the EC low-level API, and in the
last commit we call it for every curve to avoid treating X25519 as a
special case.

Last commit code already handles correctly this failure, but does not
remove these events from the thread error queue, thus some
false-positive warnings are printed at the end of execution.

This commit ensures that the error queue is clean, without flushing
other errors.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)
---

diff --git a/apps/speed.c b/apps/speed.c
index c3614800c5..10b7f97370 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -2578,6 +2578,13 @@ int speed_main(int argc, char **argv)
             size_t outlen;
             size_t test_outlen;
 
+            /* Ensure that the error queue is empty */
+            if (ERR_peek_error()) {
+                BIO_printf(bio_err,
+                           "WARNING: the error queue contains previous unhandled errors.\n");
+                ERR_print_errors(bio_err);
+            }
+
             /* Let's try to create a ctx directly from the NID: this works for
              * curves like Curve25519 that are not implemented through the low
              * level EC interface.
@@ -2589,6 +2596,25 @@ int speed_main(int argc, char **argv)
                 EVP_PKEY_CTX *pctx = NULL;
                 EVP_PKEY *params = NULL;
 
+                /* If we reach this code EVP_PKEY_CTX_new_id() failed and a
+                 * "int_ctx_new:unsupported algorithm" error was added to the
+                 * error queue.
+                 * We remove it from the error queue as we are handling it. */
+                unsigned long error = ERR_peek_error(); /* peek the latest error in the queue */
+                if (error == ERR_peek_last_error() && /* oldest and latest errors match */
+                    /* check that the error origin matches */
+                    ERR_GET_LIB(error) == ERR_LIB_EVP &&
+                    ERR_GET_FUNC(error) == EVP_F_INT_CTX_NEW &&
+                    ERR_GET_REASON(error) == EVP_R_UNSUPPORTED_ALGORITHM)
+                    ERR_get_error(); /* pop error from queue */
+                if (ERR_peek_error()) {
+                    BIO_printf(bio_err,
+                               "Unhandled error in the error queue during ECDH init.\n");
+                    ERR_print_errors(bio_err);
+                    rsa_count = 1;
+                    break;
+                }
+
                 if (            /* Create the context for parameter generation */
                        !(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL)) ||
                        /* Initialise the parameter generation */