Fix no-ec

Fix some unguarded references to EC code inside the FIPS provider.

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9543)

diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
index eb587f9e1da8695f5727bc3e2fe3d602fb5d55cb..f6a7aa7fe03cab8cd58dfc6928881362182fc121 100644 (file)
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -104,7 +104,9 @@ static int dummy_evp_call(void *provctx)
     BIGNUM *a = NULL, *b = NULL;
     unsigned char randbuf[128];
     RAND_DRBG *drbg = OPENSSL_CTX_get0_public_drbg(libctx);
+#ifndef OPENSSL_NO_EC
     EC_KEY *key = NULL;
+#endif
 
     if (ctx == NULL || sha256 == NULL || drbg == NULL)
         goto err;
@@ -138,6 +140,7 @@ static int dummy_evp_call(void *provctx)
     if (!BN_rand_ex(a, 256, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, bnctx))
         goto err;
 
+#ifndef OPENSSL_NO_EC
     /* Do some dummy EC calls */
     key = EC_KEY_new_by_curve_name_ex(libctx, NID_X9_62_prime256v1);
     if (key == NULL)
@@ -145,6 +148,7 @@ static int dummy_evp_call(void *provctx)
 
     if (!EC_KEY_generate_key(key))
         goto err;
+#endif
 
     ret = 1;
  err:
@@ -154,7 +158,9 @@ static int dummy_evp_call(void *provctx)
     EVP_MD_CTX_free(ctx);
     EVP_MD_meth_free(sha256);
 
+#ifndef OPENSSL_NO_EC
     EC_KEY_free(key);
+#endif
     return ret;
 }