#include <openssl/params.h>
#include <openssl/err.h>
#include "prov/provider_ctx.h"
+#include "prov/providercommon.h"
#include "prov/implementations.h"
+#include "prov/securitycheck.h"
#include "crypto/ec.h" /* ecdh_KDF_X9_63() */
static OSSL_FUNC_keyexch_newctx_fn ecdh_newctx;
static
void *ecdh_newctx(void *provctx)
{
- PROV_ECDH_CTX *pectx = OPENSSL_zalloc(sizeof(*pectx));
+ PROV_ECDH_CTX *pectx;
+ if (!ossl_prov_is_running())
+ return NULL;
+
+ pectx = OPENSSL_zalloc(sizeof(*pectx));
if (pectx == NULL)
return NULL;
{
PROV_ECDH_CTX *pecdhctx = (PROV_ECDH_CTX *)vpecdhctx;
- if (pecdhctx == NULL || vecdh == NULL || !EC_KEY_up_ref(vecdh))
+ if (!ossl_prov_is_running()
+ || pecdhctx == NULL
+ || vecdh == NULL
+ || !EC_KEY_up_ref(vecdh))
return 0;
EC_KEY_free(pecdhctx->k);
pecdhctx->k = vecdh;
pecdhctx->cofactor_mode = -1;
pecdhctx->kdf_type = PROV_ECDH_KDF_NONE;
- return 1;
+ return ec_check_key(vecdh, 1);
}
static
{
PROV_ECDH_CTX *pecdhctx = (PROV_ECDH_CTX *)vpecdhctx;
- if (pecdhctx == NULL || vecdh == NULL || !EC_KEY_up_ref(vecdh))
+ if (!ossl_prov_is_running()
+ || pecdhctx == NULL
+ || vecdh == NULL
+ || !EC_KEY_up_ref(vecdh))
return 0;
EC_KEY_free(pecdhctx->peerk);
pecdhctx->peerk = vecdh;
- return 1;
+ return ec_check_key(vecdh, 1);
}
static
PROV_ECDH_CTX *srcctx = (PROV_ECDH_CTX *)vpecdhctx;
PROV_ECDH_CTX *dstctx;
+ if (!ossl_prov_is_running())
+ return NULL;
+
dstctx = OPENSSL_zalloc(sizeof(*srcctx));
if (dstctx == NULL)
return NULL;
EVP_MD_free(pectx->kdf_md);
pectx->kdf_md = EVP_MD_fetch(pectx->libctx, name, mdprops);
-
+ if (!digest_is_allowed(pectx->kdf_md)) {
+ EVP_MD_free(pectx->kdf_md);
+ pectx->kdf_md = NULL;
+ }
if (pectx->kdf_md == NULL)
return 0;
}