From f92e0815b873758582f9c280df0d9ce9a6600197 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Wed, 7 Aug 2019 09:38:05 +0100
Subject: [PATCH] Fix no-ec

Fix some unguarded references to EC code inside the FIPS provider.

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9543)
---
 providers/fips/fipsprov.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
index eb587f9e1d..f6a7aa7fe0 100644
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -104,7 +104,9 @@ static int dummy_evp_call(void *provctx)
     BIGNUM *a = NULL, *b = NULL;
     unsigned char randbuf[128];
     RAND_DRBG *drbg = OPENSSL_CTX_get0_public_drbg(libctx);
+#ifndef OPENSSL_NO_EC
     EC_KEY *key = NULL;
+#endif
 
     if (ctx == NULL || sha256 == NULL || drbg == NULL)
         goto err;
@@ -138,6 +140,7 @@ static int dummy_evp_call(void *provctx)
     if (!BN_rand_ex(a, 256, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, bnctx))
         goto err;
 
+#ifndef OPENSSL_NO_EC
     /* Do some dummy EC calls */
     key = EC_KEY_new_by_curve_name_ex(libctx, NID_X9_62_prime256v1);
     if (key == NULL)
@@ -145,6 +148,7 @@ static int dummy_evp_call(void *provctx)
 
     if (!EC_KEY_generate_key(key))
         goto err;
+#endif
 
     ret = 1;
  err:
@@ -154,7 +158,9 @@ static int dummy_evp_call(void *provctx)
     EVP_MD_CTX_free(ctx);
     EVP_MD_meth_free(sha256);
 
+#ifndef OPENSSL_NO_EC
     EC_KEY_free(key);
+#endif
     return ret;
 }
 
-- 
GitLab