aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDániel Szoboszlay <[email protected]>2015-10-14 15:45:32 +0200
committerDániel Szoboszlay <[email protected]>2016-01-27 10:03:31 +0100
commit76d78818252f0223ee3cffe232a6333428d401a0 (patch)
treeaf837e150f262e0ddc0c68e1e97e3b523a770082
parent6945881b99aeadaf9ed4ec1f8c7811538cee1405 (diff)
downloadotp-76d78818252f0223ee3cffe232a6333428d401a0.tar.gz
otp-76d78818252f0223ee3cffe232a6333428d401a0.tar.bz2
otp-76d78818252f0223ee3cffe232a6333428d401a0.zip
Check the result of EC_GROUP_new_curve_* calls
The FIPS-enabled OpenSSL on RHEL disallows the use of < 256 bit prime fields (like secp128r1 or secp160k1), and the EC_GROUP_new_cuve_GFp call would return a NULL pointer for such fields. Not checking for this failure could result in a segfault in the NIF code.
-rw-r--r--lib/crypto/c_src/crypto.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c
index 3c73c318ed..4966701e41 100644
--- a/lib/crypto/c_src/crypto.c
+++ b/lib/crypto/c_src/crypto.c
@@ -3569,6 +3569,9 @@ static EC_KEY* ec_key_new(ErlNifEnv* env, ERL_NIF_TERM curve_arg)
} else
goto out_err;
+ if (!group)
+ goto out_err;
+
if (enif_inspect_binary(env, prime[2], &seed)) {
EC_GROUP_set_seed(group, seed.data, seed.size);
}