Add EC key validation to default provider

Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10861)
author: Shane Lontis <shane.lontis@oracle.com> 2020-01-16 17:18:26 +1000
committer: Shane Lontis <shane.lontis@oracle.com> 2020-03-12 07:14:32 +1000
commit: a173cc9c388cbe8105f78ba5a8fdfbf20a35be1a (patch)
tree: 152d189a952143596a840e6a7a49121a2c889391 /crypto/ec/ec_check.c
parent: 0e6f62e3e1c4cdaa8e3bda7d459f978541dfb1fe (diff)
1 files changed, 10 insertions, 9 deletions
diff --git a/crypto/ec/ec_check.c b/crypto/ec/ec_check.c
index bb39177d64..1283d8404f 100644
--- a/crypto/ec/ec_check.c
+++ b/crypto/ec/ec_check.c
@@ -20,26 +20,27 @@ int EC_GROUP_check_named_curve(const EC_GROUP *group, int nist_only,
                                BN_CTX *ctx)
 {
     int nid = NID_undef;
-#ifndef FIPS_MODE
     BN_CTX *new_ctx = NULL;
 
+    if (group == NULL) {
+        ECerr(0, ERR_R_PASSED_NULL_PARAMETER);
+        goto err;
+    }
+
     if (ctx == NULL) {
-        ctx = new_ctx = BN_CTX_new();
+        ctx = new_ctx = BN_CTX_new_ex(NULL);
         if (ctx == NULL) {
-            ECerr(EC_F_EC_GROUP_CHECK_NAMED_CURVE, ERR_R_MALLOC_FAILURE);
-            goto err;
+            ECerr(0, ERR_R_MALLOC_FAILURE);
+            return NID_undef;
         }
     }
-#endif
 
     nid = ec_curve_nid_from_params(group, ctx);
     if (nid > 0 && nist_only && EC_curve_nid2nist(nid) == NULL)
         nid = NID_undef;
 
-#ifndef FIPS_MODE
- err:
-    BN_CTX_free(ctx);
-#endif
+err:
+    BN_CTX_free(new_ctx);
     return nid;
 }
author	Shane Lontis <shane.lontis@oracle.com>	2020-01-16 17:18:26 +1000
committer	Shane Lontis <shane.lontis@oracle.com>	2020-03-12 07:14:32 +1000
commit	a173cc9c388cbe8105f78ba5a8fdfbf20a35be1a (patch)
tree	152d189a952143596a840e6a7a49121a2c889391 /crypto/ec/ec_check.c
parent	0e6f62e3e1c4cdaa8e3bda7d459f978541dfb1fe (diff)