Deprecate the ECDSA and EV_KEY_METHOD functions.

[openssl.git] / crypto / ec / ec_check.c

diff --git a/crypto/ec/ec_check.c b/crypto/ec/ec_check.c
index 315b9fd4dfadfed9eb956c47ba2e40d47644fd25..bb39177d644bc384a71e637f18f51096a7c8ba30 100644 (file)
--- a/crypto/ec/ec_check.c
+++ b/crypto/ec/ec_check.c
@@ -7,16 +7,39 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "ec_lcl.h"
+/*
+ * ECDSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
+#include "ec_local.h"
 #include <openssl/err.h>
 
-int EC_GROUP_check_named_curve(const EC_GROUP *group, int nist_only)
+int EC_GROUP_check_named_curve(const EC_GROUP *group, int nist_only,
+                               BN_CTX *ctx)
 {
-    int nid;
+    int nid = NID_undef;
+#ifndef FIPS_MODE
+    BN_CTX *new_ctx = NULL;
 
-    nid = ec_curve_nid_from_params(group);
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL) {
+            ECerr(EC_F_EC_GROUP_CHECK_NAMED_CURVE, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+#endif
+
+    nid = ec_curve_nid_from_params(group, ctx);
     if (nid > 0 && nist_only && EC_curve_nid2nist(nid) == NULL)
         nid = NID_undef;
+
+#ifndef FIPS_MODE
+ err:
+    BN_CTX_free(ctx);
+#endif
     return nid;
 }
 
@@ -27,7 +50,7 @@ int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx)
     * ECC domain parameter validation.
     * See SP800-56A R3 5.5.2 "Assurances of Domain-Parameter Validity" Part 1b.
     */
-    return EC_GROUP_check_named_curve(group, 1) >= 0 ? 1 : 0;
+    return EC_GROUP_check_named_curve(group, 1, ctx) >= 0 ? 1 : 0;
 #else
     int ret = 0;
     const BIGNUM *order;