git.ipfire.org Git - thirdparty/openssl.git/commit

author	Nicola Tuveri <nic.tuv@gmail.com>
	Sun, 31 Mar 2019 15:46:53 +0000 (18:46 +0300)
committer	Nicola Tuveri <nic.tuv@gmail.com>
	Thu, 11 Apr 2019 09:05:38 +0000 (12:05 +0300)
commit	ac2b52c6ad0cd40482b1c5c1c4ec68eb16020ae8
tree	99deb44793f269cf4403551577a582584521a496	tree \| snapshot
parent	8d4f150f70d70d6c3e62661ed7cc16c2f751d8a1	commit \| diff

Separate the lookup test

This fixes the "verifying the alias" case.
Actually, while working on it, I realized that conceptually we were
testing the 2 different behaviours of `EC_GROUP_check_named_curve()` at
the same time, and actually not in the proper way.

I think it's fair to assume that overwriting the curve name for an
existing group with `NID_undef` could lead to the unexpected behaviour
we were observing and working around.
Thus I decided to separate the lookup test in a dedicated simpler test
that does what the documentation of `EC_GROUP_check_named_curve()`
suggests: the lookup functionality is meant to find a name for a group
generated with explicit parameters.

In case an alternative alias is returned by the lookup instead of the
expected nid, to avoid doing comparisons between `EC_GROUP`s with
different `EC_METHOD`s, the workaround is to retrieve the `ECPARAMETERS`
of the "alias group" and create a new explicit parameters group to use
in `EC_GROUP_cmp()`.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8555)

crypto/ec/ec_lib.c		diff \| blob \| blame \| history
crypto/ec/ec_mult.c		diff \| blob \| blame \| history
doc/man1/ecparam.pod		diff \| blob \| blame \| history
test/ectest.c		diff \| blob \| blame \| history