Handle "int_ctx_new:unsupported algorithm" error

Calling EVP_PKEY_CTX_new_id(curve_NID, NULL) causes an error for most curves that are implemented through the EC low-level API, and in the last commit we call it for every curve to avoid treating X25519 as a special case. Last commit code already handles correctly this failure, but does not remove these events from the thread error queue, thus some false-positive warnings are printed at the end of execution. This commit ensures that the error queue is clean, without flushing other errors. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1658)
author: Nicola Tuveri <nic.tuv@gmail.com> 2016-10-07 17:23:17 +0300
committer: Rich Salz <rsalz@openssl.org> 2016-11-17 00:36:23 -0500
commit: 86ff6cc6b2f2718fadbdc2a2c7add51949bcd4a4 (patch)
tree: e2e44255aed8e9d283620a878db06831e2a31b1b /apps
parent: b756d694b6edb97a2827d97591e486f4096f0cd3 (diff)
1 files changed, 26 insertions, 0 deletions
diff --git a/apps/speed.c b/apps/speed.c
index c3614800c5..10b7f97370 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -2578,6 +2578,13 @@ int speed_main(int argc, char **argv)
             size_t outlen;
             size_t test_outlen;
 
+            /* Ensure that the error queue is empty */
+            if (ERR_peek_error()) {
+                BIO_printf(bio_err,
+                           "WARNING: the error queue contains previous unhandled errors.\n");
+                ERR_print_errors(bio_err);
+            }
+
             /* Let's try to create a ctx directly from the NID: this works for
              * curves like Curve25519 that are not implemented through the low
              * level EC interface.
@@ -2589,6 +2596,25 @@ int speed_main(int argc, char **argv)
                 EVP_PKEY_CTX *pctx = NULL;
                 EVP_PKEY *params = NULL;
 
+                /* If we reach this code EVP_PKEY_CTX_new_id() failed and a
+                 * "int_ctx_new:unsupported algorithm" error was added to the
+                 * error queue.
+                 * We remove it from the error queue as we are handling it. */
+                unsigned long error = ERR_peek_error(); /* peek the latest error in the queue */
+                if (error == ERR_peek_last_error() && /* oldest and latest errors match */
+                    /* check that the error origin matches */
+                    ERR_GET_LIB(error) == ERR_LIB_EVP &&
+                    ERR_GET_FUNC(error) == EVP_F_INT_CTX_NEW &&
+                    ERR_GET_REASON(error) == EVP_R_UNSUPPORTED_ALGORITHM)
+                    ERR_get_error(); /* pop error from queue */
+                if (ERR_peek_error()) {
+                    BIO_printf(bio_err,
+                               "Unhandled error in the error queue during ECDH init.\n");
+                    ERR_print_errors(bio_err);
+                    rsa_count = 1;
+                    break;
+                }
+
                 if (            /* Create the context for parameter generation */
                        !(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL)) ||
                        /* Initialise the parameter generation */
author	Nicola Tuveri <nic.tuv@gmail.com>	2016-10-07 17:23:17 +0300
committer	Rich Salz <rsalz@openssl.org>	2016-11-17 00:36:23 -0500
commit	86ff6cc6b2f2718fadbdc2a2c7add51949bcd4a4 (patch)
tree	e2e44255aed8e9d283620a878db06831e2a31b1b /apps
parent	b756d694b6edb97a2827d97591e486f4096f0cd3 (diff)