38 lines
1.3 KiB
Diff
38 lines
1.3 KiB
Diff
commit 4dd8a952fc00dd54cce090e4c053de408ba3884b
|
|
Author: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
Date: Tue Aug 24 10:14:39 2021 +0200
|
|
|
|
SOFT: Detect unsupported EC curves with OpenSSL 3.0
|
|
|
|
OpenSSL 3.0 behaves different in reporting an error when an unsupported
|
|
EC curve is used to generate an EC key. OpenSSL 1.1.1 returns an error
|
|
at EVP_PKEY_CTX_set_ec_paramgen_curve_nid() already, but OpenSSL 3.0 returns
|
|
an error only at EVP_PKEY_keygen().
|
|
|
|
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
|
|
diff --git a/usr/lib/soft_stdll/soft_specific.c b/usr/lib/soft_stdll/soft_specific.c
|
|
index 43fd17c3..03767ec8 100644
|
|
--- a/usr/lib/soft_stdll/soft_specific.c
|
|
+++ b/usr/lib/soft_stdll/soft_specific.c
|
|
@@ -51,6 +51,7 @@
|
|
#include <openssl/cmac.h>
|
|
#include <openssl/ec.h>
|
|
#include <openssl/bn.h>
|
|
+#include <openssl/err.h>
|
|
#if OPENSSL_VERSION_PREREQ(3, 0)
|
|
#include <openssl/core_names.h>
|
|
#include <openssl/param_build.h>
|
|
@@ -4548,7 +4549,10 @@ CK_RV token_specific_ec_generate_keypair(STDLL_TokData_t *tokdata,
|
|
|
|
if (EVP_PKEY_keygen(ctx, &ec_pkey) <= 0) {
|
|
TRACE_ERROR("EVP_PKEY_keygen failed\n");
|
|
- rc = CKR_FUNCTION_FAILED;
|
|
+ if (ERR_GET_REASON(ERR_peek_last_error()) == EC_R_INVALID_CURVE)
|
|
+ rc = CKR_CURVE_NOT_SUPPORTED;
|
|
+ else
|
|
+ rc = CKR_FUNCTION_FAILED;
|
|
goto out;
|
|
}
|
|
|