diff options
author | Matt Caswell <matt@openssl.org> | 2019-07-03 17:30:03 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2019-08-06 11:19:07 +0100 |
commit | a9612d6c034f47c4788c67d85651d0cd58c3faf7 (patch) | |
tree | b3af6481b8c7a2a50b8834c3cec70841ae739f95 /crypto/ec/ec_check.c | |
parent | c1a3f16f735057b45df1803d58f40e4e17b233e5 (diff) | |
download | openssl-a9612d6c034f47c4788c67d85651d0cd58c3faf7.tar.gz |
Make the EC code available from inside the FIPS provider
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/9380)
Diffstat (limited to 'crypto/ec/ec_check.c')
-rw-r--r-- | crypto/ec/ec_check.c | 25 |
1 files changed, 21 insertions, 4 deletions
diff --git a/crypto/ec/ec_check.c b/crypto/ec/ec_check.c index 315b9fd4df..974fcb2446 100644 --- a/crypto/ec/ec_check.c +++ b/crypto/ec/ec_check.c @@ -10,13 +10,30 @@ #include "ec_lcl.h" #include <openssl/err.h> -int EC_GROUP_check_named_curve(const EC_GROUP *group, int nist_only) +int EC_GROUP_check_named_curve(const EC_GROUP *group, int nist_only, + BN_CTX *ctx) { - int nid; + int nid = NID_undef; +#ifndef FIPS_MODE + BN_CTX *new_ctx = NULL; + + if (ctx == NULL) { + ctx = new_ctx = BN_CTX_new(); + if (ctx == NULL) { + ECerr(EC_F_EC_GROUP_CHECK_NAMED_CURVE, ERR_R_MALLOC_FAILURE); + goto err; + } + } +#endif - nid = ec_curve_nid_from_params(group); + nid = ec_curve_nid_from_params(group, ctx); if (nid > 0 && nist_only && EC_curve_nid2nist(nid) == NULL) nid = NID_undef; + +#ifndef FIPS_MODE + err: + BN_CTX_free(ctx); +#endif return nid; } @@ -27,7 +44,7 @@ int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx) * ECC domain parameter validation. * See SP800-56A R3 5.5.2 "Assurances of Domain-Parameter Validity" Part 1b. */ - return EC_GROUP_check_named_curve(group, 1) >= 0 ? 1 : 0; + return EC_GROUP_check_named_curve(group, 1, ctx) >= 0 ? 1 : 0; #else int ret = 0; const BIGNUM *order; |