EC_GROUP_cmp should return zero if the groups match.
(I got this wrong when reading the OpenSSL code.)
Change-Id: Ib289ef41d0ab5a3157ad8b9454d2de96d1f86c22
Reviewed-on: https://boringssl-review.googlesource.com/3620
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/ec/ec.c b/crypto/ec/ec.c
index 21a3940..ad47bb5 100644
--- a/crypto/ec/ec.c
+++ b/crypto/ec/ec.c
@@ -500,10 +500,9 @@
}
int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ignored) {
- if (a->curve_name == NID_undef || b->curve_name == NID_undef) {
- return 0;
- }
- return a->curve_name == b->curve_name;
+ return a->curve_name == NID_undef ||
+ b->curve_name == NID_undef ||
+ a->curve_name != b->curve_name;
}
const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group) {
diff --git a/crypto/evp/p_ec_asn1.c b/crypto/evp/p_ec_asn1.c
index 8967b50..670ee74 100644
--- a/crypto/evp/p_ec_asn1.c
+++ b/crypto/evp/p_ec_asn1.c
@@ -382,7 +382,11 @@
static int ec_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) {
const EC_GROUP *group_a = EC_KEY_get0_group(a->pkey.ec),
*group_b = EC_KEY_get0_group(b->pkey.ec);
- return EC_GROUP_cmp(group_a, group_b, NULL);
+ if (EC_GROUP_cmp(group_a, group_b, NULL) != 0) {
+ /* mismatch */
+ return 0;
+ }
+ return 1;
}
static void int_ec_free(EVP_PKEY *pkey) { EC_KEY_free(pkey->pkey.ec); }
diff --git a/include/openssl/ec.h b/include/openssl/ec.h
index c952d9a..318ce0f 100644
--- a/include/openssl/ec.h
+++ b/include/openssl/ec.h
@@ -115,7 +115,7 @@
* error. */
OPENSSL_EXPORT EC_GROUP *EC_GROUP_dup(const EC_GROUP *a);
-/* EC_GROUP_cmp returns one if |a| and |b| are the same group and zero
+/* EC_GROUP_cmp returns zero if |a| and |b| are the same group and non-zero
* otherwise. */
OPENSSL_EXPORT int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b,
BN_CTX *ignored);