diff options
author | Shane Lontis <shane.lontis@oracle.com> | 2020-01-16 17:18:26 +1000 |
---|---|---|
committer | Shane Lontis <shane.lontis@oracle.com> | 2020-03-12 07:14:32 +1000 |
commit | a173cc9c388cbe8105f78ba5a8fdfbf20a35be1a (patch) | |
tree | 152d189a952143596a840e6a7a49121a2c889391 /crypto/ec/ec_check.c | |
parent | 0e6f62e3e1c4cdaa8e3bda7d459f978541dfb1fe (diff) |
Add EC key validation to default provider
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10861)
Diffstat (limited to 'crypto/ec/ec_check.c')
-rw-r--r-- | crypto/ec/ec_check.c | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/crypto/ec/ec_check.c b/crypto/ec/ec_check.c index bb39177d64..1283d8404f 100644 --- a/crypto/ec/ec_check.c +++ b/crypto/ec/ec_check.c @@ -20,26 +20,27 @@ int EC_GROUP_check_named_curve(const EC_GROUP *group, int nist_only, BN_CTX *ctx) { int nid = NID_undef; -#ifndef FIPS_MODE BN_CTX *new_ctx = NULL; + if (group == NULL) { + ECerr(0, ERR_R_PASSED_NULL_PARAMETER); + goto err; + } + if (ctx == NULL) { - ctx = new_ctx = BN_CTX_new(); + ctx = new_ctx = BN_CTX_new_ex(NULL); if (ctx == NULL) { - ECerr(EC_F_EC_GROUP_CHECK_NAMED_CURVE, ERR_R_MALLOC_FAILURE); - goto err; + ECerr(0, ERR_R_MALLOC_FAILURE); + return NID_undef; } } -#endif nid = ec_curve_nid_from_params(group, ctx); if (nid > 0 && nist_only && EC_curve_nid2nist(nid) == NULL) nid = NID_undef; -#ifndef FIPS_MODE - err: - BN_CTX_free(ctx); -#endif +err: + BN_CTX_free(new_ctx); return nid; } |