We check that the curve name associated with the point is the same as that
for the curve.
Fixes #6302
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6323)
(cherry picked from commit
b14e60155009f4f1d168e220fa01cd2b75557b72)
if (!BN_copy(dest->Z, src->Z))
return 0;
dest->Z_is_one = src->Z_is_one;
if (!BN_copy(dest->Z, src->Z))
return 0;
dest->Z_is_one = src->Z_is_one;
+ dest->curve_name = src->curve_name;
+ EC_GROUP_set_curve_name(group, curve.nid);
+
if ((P = EC_POINT_new(group)) == NULL) {
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
goto err;
if ((P = EC_POINT_new(group)) == NULL) {
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
goto err;
- EC_GROUP_set_curve_name(ret, nid);
-
struct ec_point_st {
const EC_METHOD *meth;
struct ec_point_st {
const EC_METHOD *meth;
+ /* NID for the curve if known */
+ int curve_name;
/*
* All members except 'meth' are handled by the method functions, even if
* they appear generic
/*
* All members except 'meth' are handled by the method functions, even if
* they appear generic
+
+static ossl_inline int ec_point_is_compat(const EC_POINT *point,
+ const EC_GROUP *group)
+{
+ if (group->meth != point->meth
+ || (group->curve_name != 0
+ && point->curve_name != 0
+ && group->curve_name != point->curve_name))
+ return 0;
+
+ return 1;
+}
+
+
NISTP224_PRE_COMP *EC_nistp224_pre_comp_dup(NISTP224_PRE_COMP *);
NISTP256_PRE_COMP *EC_nistp256_pre_comp_dup(NISTP256_PRE_COMP *);
NISTP521_PRE_COMP *EC_nistp521_pre_comp_dup(NISTP521_PRE_COMP *);
NISTP224_PRE_COMP *EC_nistp224_pre_comp_dup(NISTP224_PRE_COMP *);
NISTP256_PRE_COMP *EC_nistp256_pre_comp_dup(NISTP256_PRE_COMP *);
NISTP521_PRE_COMP *EC_nistp521_pre_comp_dup(NISTP521_PRE_COMP *);
if (dest == src)
return 1;
if (dest == src)
return 1;
+ dest->curve_name = src->curve_name;
+
/* Copy precomputed */
dest->pre_comp_type = src->pre_comp_type;
switch (src->pre_comp_type) {
/* Copy precomputed */
dest->pre_comp_type = src->pre_comp_type;
switch (src->pre_comp_type) {
- dest->curve_name = src->curve_name;
dest->asn1_flag = src->asn1_flag;
dest->asn1_form = src->asn1_form;
dest->asn1_flag = src->asn1_flag;
dest->asn1_form = src->asn1_form;
}
ret->meth = group->meth;
}
ret->meth = group->meth;
+ ret->curve_name = group->curve_name;
if (!ret->meth->point_init(ret)) {
OPENSSL_free(ret);
if (!ret->meth->point_init(ret)) {
OPENSSL_free(ret);
ECerr(EC_F_EC_POINT_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
ECerr(EC_F_EC_POINT_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
- if (dest->meth != src->meth) {
+ if (dest->meth != src->meth
+ || (dest->curve_name != src->curve_name
+ && dest->curve_name != 0
+ && src->curve_name != 0)) {
ECerr(EC_F_EC_POINT_COPY, EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
ECerr(EC_F_EC_POINT_COPY, EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
- if (group->meth != point->meth) {
+ if (!ec_point_is_compat(point, group)) {
ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP,
EC_R_INCOMPATIBLE_OBJECTS);
return 0;
ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP,
EC_R_INCOMPATIBLE_OBJECTS);
return 0;
ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
- if (group->meth != point->meth) {
+ if (!ec_point_is_compat(point, group)) {
ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP,
EC_R_INCOMPATIBLE_OBJECTS);
return 0;
ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP,
EC_R_INCOMPATIBLE_OBJECTS);
return 0;
ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
- if (group->meth != point->meth) {
+ if (!ec_point_is_compat(point, group)) {
ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP,
EC_R_INCOMPATIBLE_OBJECTS);
return 0;
ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP,
EC_R_INCOMPATIBLE_OBJECTS);
return 0;
ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
- if (group->meth != point->meth) {
+ if (!ec_point_is_compat(point, group)) {
ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M,
EC_R_INCOMPATIBLE_OBJECTS);
return 0;
ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M,
EC_R_INCOMPATIBLE_OBJECTS);
return 0;
ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
- if (group->meth != point->meth) {
+ if (!ec_point_is_compat(point, group)) {
ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP,
EC_R_INCOMPATIBLE_OBJECTS);
return 0;
ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP,
EC_R_INCOMPATIBLE_OBJECTS);
return 0;
ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
- if (group->meth != point->meth) {
+ if (!ec_point_is_compat(point, group)) {
ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M,
EC_R_INCOMPATIBLE_OBJECTS);
return 0;
ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M,
EC_R_INCOMPATIBLE_OBJECTS);
return 0;
ECerr(EC_F_EC_POINT_ADD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
ECerr(EC_F_EC_POINT_ADD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
- if ((group->meth != r->meth) || (r->meth != a->meth)
- || (a->meth != b->meth)) {
+ if (!ec_point_is_compat(r, group) || !ec_point_is_compat(a, group)
+ || !ec_point_is_compat(b, group)) {
ECerr(EC_F_EC_POINT_ADD, EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
ECerr(EC_F_EC_POINT_ADD, EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
ECerr(EC_F_EC_POINT_DBL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
ECerr(EC_F_EC_POINT_DBL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
- if ((group->meth != r->meth) || (r->meth != a->meth)) {
+ if (!ec_point_is_compat(r, group) || !ec_point_is_compat(a, group)) {
ECerr(EC_F_EC_POINT_DBL, EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
ECerr(EC_F_EC_POINT_DBL, EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
ECerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
ECerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
- if (group->meth != a->meth) {
+ if (!ec_point_is_compat(a, group)) {
ECerr(EC_F_EC_POINT_INVERT, EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
ECerr(EC_F_EC_POINT_INVERT, EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
- if (group->meth != point->meth) {
+ if (!ec_point_is_compat(point, group)) {
ECerr(EC_F_EC_POINT_IS_AT_INFINITY, EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
ECerr(EC_F_EC_POINT_IS_AT_INFINITY, EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
ECerr(EC_F_EC_POINT_IS_ON_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
ECerr(EC_F_EC_POINT_IS_ON_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
- if (group->meth != point->meth) {
+ if (!ec_point_is_compat(point, group)) {
ECerr(EC_F_EC_POINT_IS_ON_CURVE, EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
ECerr(EC_F_EC_POINT_IS_ON_CURVE, EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return -1;
}
ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return -1;
}
- if ((group->meth != a->meth) || (a->meth != b->meth)) {
+ if (!ec_point_is_compat(a, group) || !ec_point_is_compat(b, group)) {
ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS);
return -1;
}
ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS);
return -1;
}
ECerr(EC_F_EC_POINT_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
ECerr(EC_F_EC_POINT_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
- if (group->meth != point->meth) {
+ if (!ec_point_is_compat(point, group)) {
ECerr(EC_F_EC_POINT_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
ECerr(EC_F_EC_POINT_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
return 0;
}
for (i = 0; i < num; i++) {
return 0;
}
for (i = 0; i < num; i++) {
- if (group->meth != points[i]->meth) {
+ if (!ec_point_is_compat(points[i], group)) {
ECerr(EC_F_EC_POINTS_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
ECerr(EC_F_EC_POINTS_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
* precomputation is not available */
int ret = 0;
* precomputation is not available */
int ret = 0;
- if (group->meth != r->meth) {
+ if (!ec_point_is_compat(r, group)) {
ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
}
for (i = 0; i < num; i++) {
}
for (i = 0; i < num; i++) {
- if (group->meth != points[i]->meth) {
+ if (!ec_point_is_compat(points[i], group)) {
ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
- if (group->meth != point->meth) {
+ if (!ec_point_is_compat(point, group)) {
ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP,
EC_R_INCOMPATIBLE_OBJECTS);
return 0;
ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP,
EC_R_INCOMPATIBLE_OBJECTS);
return 0;
ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
- if (group->meth != point->meth) {
+ if (!ec_point_is_compat(point, group)) {
ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M,
EC_R_INCOMPATIBLE_OBJECTS);
return 0;
ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M,
EC_R_INCOMPATIBLE_OBJECTS);
return 0;
ECerr(EC_F_EC_POINT_POINT2OCT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
ECerr(EC_F_EC_POINT_POINT2OCT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
- if (group->meth != point->meth) {
+ if (!ec_point_is_compat(point, group)) {
ECerr(EC_F_EC_POINT_POINT2OCT, EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
ECerr(EC_F_EC_POINT_POINT2OCT, EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
ECerr(EC_F_EC_POINT_OCT2POINT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
ECerr(EC_F_EC_POINT_OCT2POINT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
- if (group->meth != point->meth) {
+ if (!ec_point_is_compat(point, group)) {
ECerr(EC_F_EC_POINT_OCT2POINT, EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
ECerr(EC_F_EC_POINT_OCT2POINT, EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
- if (group->meth != r->meth) {
+ if (!ec_point_is_compat(r, group)) {
ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
return EC_POINT_set_to_infinity(group, r);
for (j = 0; j < num; j++) {
return EC_POINT_set_to_infinity(group, r);
for (j = 0; j < num; j++) {
- if (group->meth != points[j]->meth) {
+ if (!ec_point_is_compat(points[j], group)) {
ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
if (!BN_copy(dest->Z, src->Z))
return 0;
dest->Z_is_one = src->Z_is_one;
if (!BN_copy(dest->Z, src->Z))
return 0;
dest->Z_is_one = src->Z_is_one;
+ dest->curve_name = src->curve_name;