diff options
| author | Dániel Szoboszlay <[email protected]> | 2015-10-14 15:45:32 +0200 |
|---|---|---|
| committer | Dániel Szoboszlay <[email protected]> | 2016-01-27 10:03:31 +0100 |
| commit | 76d78818252f0223ee3cffe232a6333428d401a0 (patch) | |
| tree | af837e150f262e0ddc0c68e1e97e3b523a770082 /lib/crypto | |
| parent | 6945881b99aeadaf9ed4ec1f8c7811538cee1405 (diff) | |
| download | otp-76d78818252f0223ee3cffe232a6333428d401a0.tar.gz otp-76d78818252f0223ee3cffe232a6333428d401a0.tar.bz2 otp-76d78818252f0223ee3cffe232a6333428d401a0.zip | |
Check the result of EC_GROUP_new_curve_* calls
The FIPS-enabled OpenSSL on RHEL disallows the use of < 256 bit prime
fields (like secp128r1 or secp160k1), and the EC_GROUP_new_cuve_GFp
call would return a NULL pointer for such fields. Not checking for
this failure could result in a segfault in the NIF code.
Diffstat (limited to 'lib/crypto')
| -rw-r--r-- | lib/crypto/c_src/crypto.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c index 3c73c318ed..4966701e41 100644 --- a/lib/crypto/c_src/crypto.c +++ b/lib/crypto/c_src/crypto.c @@ -3569,6 +3569,9 @@ static EC_KEY* ec_key_new(ErlNifEnv* env, ERL_NIF_TERM curve_arg) } else goto out_err; + if (!group) + goto out_err; + if (enif_inspect_binary(env, prime[2], &seed)) { EC_GROUP_set_seed(group, seed.data, seed.size); } |