From ac2b52c6ad0cd40482b1c5c1c4ec68eb16020ae8 Mon Sep 17 00:00:00 2001 From: Nicola Tuveri Date: Sun, 31 Mar 2019 18:46:53 +0300 Subject: Separate the lookup test This fixes the "verifying the alias" case. Actually, while working on it, I realized that conceptually we were testing the 2 different behaviours of `EC_GROUP_check_named_curve()` at the same time, and actually not in the proper way. I think it's fair to assume that overwriting the curve name for an existing group with `NID_undef` could lead to the unexpected behaviour we were observing and working around. Thus I decided to separate the lookup test in a dedicated simpler test that does what the documentation of `EC_GROUP_check_named_curve()` suggests: the lookup functionality is meant to find a name for a group generated with explicit parameters. In case an alternative alias is returned by the lookup instead of the expected nid, to avoid doing comparisons between `EC_GROUP`s with different `EC_METHOD`s, the workaround is to retrieve the `ECPARAMETERS` of the "alias group" and create a new explicit parameters group to use in `EC_GROUP_cmp()`. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8555) --- crypto/ec/ec_mult.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'crypto/ec/ec_mult.c') diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index 76dc524ba9..755d64400a 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -156,7 +156,7 @@ int ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r, ECerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_UNKNOWN_ORDER); return 0; } - if (BN_is_zero(group->cofactor) || BN_is_zero(group->cofactor)) { + if (BN_is_zero(group->cofactor)) { ECerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_UNKNOWN_COFACTOR); return 0; } -- cgit v1.2.3