static int mr = 0;
static int usertime = 1;
-typedef void *(*kdf_fn) (const void *in, size_t inlen, void *out,
- size_t *xoutlen);
-
typedef struct loopargs_st {
ASYNC_JOB *inprogress_job;
ASYNC_WAIT_CTX *wait_ctx;
unsigned char *secret_a;
unsigned char *secret_b;
size_t outlen[EC_NUM];
- kdf_fn kdf;
#endif
EVP_CIPHER_CTX *ctx;
HMAC_CTX *hctx;
#endif
if (doit[D_EVP]) {
-#ifdef EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
if (multiblock && evp_cipher) {
if (!
(EVP_CIPHER_flags(evp_cipher) &
ret = 0;
goto end;
}
-#endif
for (testnum = 0; testnum < SIZE_NUM; testnum++) {
if (evp_cipher) {
size_t outlen;
size_t test_outlen;
- if (testnum == R_EC_X25519) {
- kctx = EVP_PKEY_CTX_new_id(test_curves[testnum], NULL); /* keygen ctx from NID */
- } else {
+ /* Ensure that the error queue is empty */
+ if (ERR_peek_error()) {
+ BIO_printf(bio_err,
+ "WARNING: the error queue contains previous unhandled errors.\n");
+ ERR_print_errors(bio_err);
+ }
+
+ /* Let's try to create a ctx directly from the NID: this works for
+ * curves like Curve25519 that are not implemented through the low
+ * level EC interface.
+ * If this fails we try creating a EVP_PKEY_EC generic param ctx,
+ * then we set the curve by NID before deriving the actual keygen
+ * ctx for that specific curve. */
+ kctx = EVP_PKEY_CTX_new_id(test_curves[testnum], NULL); /* keygen ctx from NID */
+ if (!kctx) {
EVP_PKEY_CTX *pctx = NULL;
EVP_PKEY *params = NULL;
+ /* If we reach this code EVP_PKEY_CTX_new_id() failed and a
+ * "int_ctx_new:unsupported algorithm" error was added to the
+ * error queue.
+ * We remove it from the error queue as we are handling it. */
+ unsigned long error = ERR_peek_error(); /* peek the latest error in the queue */
+ if (error == ERR_peek_last_error() && /* oldest and latest errors match */
+ /* check that the error origin matches */
+ ERR_GET_LIB(error) == ERR_LIB_EVP &&
+ ERR_GET_FUNC(error) == EVP_F_INT_CTX_NEW &&
+ ERR_GET_REASON(error) == EVP_R_UNSUPPORTED_ALGORITHM)
+ ERR_get_error(); /* pop error from queue */
+ if (ERR_peek_error()) {
+ BIO_printf(bio_err,
+ "Unhandled error in the error queue during ECDH init.\n");
+ ERR_print_errors(bio_err);
+ rsa_count = 1;
+ break;
+ }
+
if ( /* Create the context for parameter generation */
!(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL)) ||
/* Initialise the parameter generation */
/* Create the parameter object params */
!EVP_PKEY_paramgen(pctx, ¶ms)) {
ecdh_checks = 0;
- BIO_printf(bio_err, "ECDH init failure.\n");
+ BIO_printf(bio_err, "ECDH EC params init failure.\n");
ERR_print_errors(bio_err);
rsa_count = 1;
break;
rsa_count = 1;
break;
}
- for (k = 0; (unsigned int)k < test_outlen && ecdh_checks == 1; k++) {
- if (loopargs[i].secret_a[k] != loopargs[i].secret_b[k])
- ecdh_checks = 0;
- }
- if (ecdh_checks == 0) {
+
+ /* Compare the computation results: CRYPTO_memcmp() returns 0 if equal */
+ if (CRYPTO_memcmp(loopargs[i].secret_a,
+ loopargs[i].secret_b, outlen)) {
+ ecdh_checks = 0;
BIO_printf(bio_err, "ECDH computations don't match.\n");
ERR_print_errors(bio_err);
rsa_count = 1;