From ac2b52c6ad0cd40482b1c5c1c4ec68eb16020ae8 Mon Sep 17 00:00:00 2001 From: Nicola Tuveri Date: Sun, 31 Mar 2019 18:46:53 +0300 Subject: Separate the lookup test This fixes the "verifying the alias" case. Actually, while working on it, I realized that conceptually we were testing the 2 different behaviours of `EC_GROUP_check_named_curve()` at the same time, and actually not in the proper way. I think it's fair to assume that overwriting the curve name for an existing group with `NID_undef` could lead to the unexpected behaviour we were observing and working around. Thus I decided to separate the lookup test in a dedicated simpler test that does what the documentation of `EC_GROUP_check_named_curve()` suggests: the lookup functionality is meant to find a name for a group generated with explicit parameters. In case an alternative alias is returned by the lookup instead of the expected nid, to avoid doing comparisons between `EC_GROUP`s with different `EC_METHOD`s, the workaround is to retrieve the `ECPARAMETERS` of the "alias group" and create a new explicit parameters group to use in `EC_GROUP_cmp()`. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8555) --- crypto/ec/ec_lib.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'crypto/ec/ec_lib.c') diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index b2ae11d8ac..762cac4feb 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -536,6 +536,7 @@ int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx) if (r || BN_cmp(a1, b1) != 0 || BN_cmp(a2, b2) != 0 || BN_cmp(a3, b3) != 0) r = 1; + /* XXX EC_POINT_cmp() assumes that the methods are equal */ /* return 1 if the generators are different */ if (r || EC_POINT_cmp(a, EC_GROUP_get0_generator(a), EC_GROUP_get0_generator(b), ctx) != 0) @@ -543,7 +544,7 @@ int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx) if (!r) { const BIGNUM *ao, *bo, *ac, *bc; - /* compare the order's */ + /* compare the orders */ ao = EC_GROUP_get0_order(a); bo = EC_GROUP_get0_order(b); if (ao == NULL || bo == NULL) { -- cgit v1.2.3