From ef935713a3ff3d53600ea7e012f892ed4ecf59c6 Mon Sep 17 00:00:00 2001
From: Adam Langley <agl@google.com>
Date: Wed, 25 Feb 2015 11:16:32 -0800
Subject: EC_GROUP_cmp should return zero if the groups match.

(I got this wrong when reading the OpenSSL code.)

(Cherry-picked form upstream BoringSSL's
7c21925a10d451ed13ab201e0161dea40b974397)

Change-Id: Icedaa45c9d17e7c2b95fa5be1f7c0bf41cac0880
---
 src/crypto/ec/ec.c         | 9 ++++-----
 src/crypto/evp/p_ec_asn1.c | 6 +++++-
 src/include/openssl/ec.h   | 2 +-
 3 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/src/crypto/ec/ec.c b/src/crypto/ec/ec.c
index 0d70959..15e5735 100644
--- a/src/crypto/ec/ec.c
+++ b/src/crypto/ec/ec.c
@@ -491,11 +491,10 @@ err:
   }
 }
 
-int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ignored) {
-  if (a->curve_name == NID_undef || b->curve_name == NID_undef) {
-    return 0;
-  }
-  return a->curve_name == b->curve_name;
+int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b) {
+  return a->curve_name == NID_undef ||
+         b->curve_name == NID_undef ||
+         a->curve_name != b->curve_name;
 }
 
 const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group) {
diff --git a/src/crypto/evp/p_ec_asn1.c b/src/crypto/evp/p_ec_asn1.c
index 37f5135..914cc2f 100644
--- a/src/crypto/evp/p_ec_asn1.c
+++ b/src/crypto/evp/p_ec_asn1.c
@@ -379,7 +379,11 @@ static int ec_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) {
 static int ec_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) {
   const EC_GROUP *group_a = EC_KEY_get0_group(a->pkey.ec),
                  *group_b = EC_KEY_get0_group(b->pkey.ec);
-  return EC_GROUP_cmp(group_a, group_b, NULL);
+  if (EC_GROUP_cmp(group_a, group_b, NULL) != 0) {
+    /* mismatch */
+    return 0;
+  }
+  return 1;
 }
 
 static void int_ec_free(EVP_PKEY *pkey) { EC_KEY_free(pkey->pkey.ec); }
diff --git a/src/include/openssl/ec.h b/src/include/openssl/ec.h
index f915635..eb9a153 100644
--- a/src/include/openssl/ec.h
+++ b/src/include/openssl/ec.h
@@ -115,7 +115,7 @@ OPENSSL_EXPORT int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src);
  * error. */
 OPENSSL_EXPORT EC_GROUP *EC_GROUP_dup(const EC_GROUP *a);
 
-/* EC_GROUP_cmp returns one if |a| and |b| are the same group and zero
+/* EC_GROUP_cmp returns zero if |a| and |b| are the same group and non-zero
  * otherwise. */
 OPENSSL_EXPORT int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b,
                                 BN_CTX *ignored);
-- 
cgit v1.1