diff options
author | Nicola Tuveri <nic.tuv@gmail.com> | 2019-03-31 18:46:53 +0300 |
---|---|---|
committer | Nicola Tuveri <nic.tuv@gmail.com> | 2019-04-11 12:05:38 +0300 |
commit | ac2b52c6ad0cd40482b1c5c1c4ec68eb16020ae8 (patch) | |
tree | 99deb44793f269cf4403551577a582584521a496 /crypto/ec | |
parent | 8d4f150f70d70d6c3e62661ed7cc16c2f751d8a1 (diff) | |
download | openssl-ac2b52c6ad0cd40482b1c5c1c4ec68eb16020ae8.tar.gz |
Separate the lookup test
This fixes the "verifying the alias" case.
Actually, while working on it, I realized that conceptually we were
testing the 2 different behaviours of `EC_GROUP_check_named_curve()` at
the same time, and actually not in the proper way.
I think it's fair to assume that overwriting the curve name for an
existing group with `NID_undef` could lead to the unexpected behaviour
we were observing and working around.
Thus I decided to separate the lookup test in a dedicated simpler test
that does what the documentation of `EC_GROUP_check_named_curve()`
suggests: the lookup functionality is meant to find a name for a group
generated with explicit parameters.
In case an alternative alias is returned by the lookup instead of the
expected nid, to avoid doing comparisons between `EC_GROUP`s with
different `EC_METHOD`s, the workaround is to retrieve the `ECPARAMETERS`
of the "alias group" and create a new explicit parameters group to use
in `EC_GROUP_cmp()`.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8555)
Diffstat (limited to 'crypto/ec')
-rw-r--r-- | crypto/ec/ec_lib.c | 3 | ||||
-rw-r--r-- | crypto/ec/ec_mult.c | 2 |
2 files changed, 3 insertions, 2 deletions
diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index b2ae11d8ac..762cac4feb 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -536,6 +536,7 @@ int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx) if (r || BN_cmp(a1, b1) != 0 || BN_cmp(a2, b2) != 0 || BN_cmp(a3, b3) != 0) r = 1; + /* XXX EC_POINT_cmp() assumes that the methods are equal */ /* return 1 if the generators are different */ if (r || EC_POINT_cmp(a, EC_GROUP_get0_generator(a), EC_GROUP_get0_generator(b), ctx) != 0) @@ -543,7 +544,7 @@ int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx) if (!r) { const BIGNUM *ao, *bo, *ac, *bc; - /* compare the order's */ + /* compare the orders */ ao = EC_GROUP_get0_order(a); bo = EC_GROUP_get0_order(b); if (ao == NULL || bo == NULL) { diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index 76dc524ba9..755d64400a 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -156,7 +156,7 @@ int ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r, ECerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_UNKNOWN_ORDER); return 0; } - if (BN_is_zero(group->cofactor) || BN_is_zero(group->cofactor)) { + if (BN_is_zero(group->cofactor)) { ECerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_UNKNOWN_COFACTOR); return 0; } |