* https://www.openssl.org/source/license.html
*/
-#include "ec_lcl.h"
+/*
+ * ECDSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
+#include "ec_local.h"
#include <openssl/err.h>
-int EC_GROUP_check_named_curve(const EC_GROUP *group, int nist_only)
+int EC_GROUP_check_named_curve(const EC_GROUP *group, int nist_only,
+ BN_CTX *ctx)
{
- int nid;
+ int nid = NID_undef;
+#ifndef FIPS_MODE
+ BN_CTX *new_ctx = NULL;
- nid = ec_curve_nid_from_params(group);
+ if (ctx == NULL) {
+ ctx = new_ctx = BN_CTX_new();
+ if (ctx == NULL) {
+ ECerr(EC_F_EC_GROUP_CHECK_NAMED_CURVE, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ }
+#endif
+
+ nid = ec_curve_nid_from_params(group, ctx);
if (nid > 0 && nist_only && EC_curve_nid2nist(nid) == NULL)
nid = NID_undef;
+
+#ifndef FIPS_MODE
+ err:
+ BN_CTX_free(ctx);
+#endif
return nid;
}
* ECC domain parameter validation.
* See SP800-56A R3 5.5.2 "Assurances of Domain-Parameter Validity" Part 1b.
*/
- return EC_GROUP_check_named_curve(group, 1) >= 0 ? 1 : 0;
+ return EC_GROUP_check_named_curve(group, 1, ctx) >= 0 ? 1 : 0;
#else
int ret = 0;
const BIGNUM *order;