Fix two EC_POINT_is_on_curve() checks

This API can fail for various reasons, in which case it returns -1, so
you need to check if (EC_POINT_is_on_curve_checks(...) <= 0).

ok miod

diff --git a/lib/libcrypto/ecdh/ecdh.c b/lib/libcrypto/ecdh/ecdh.c
index ecb849c..6ab4ff8 100644 (file)
--- a/lib/libcrypto/ecdh/ecdh.c
+++ b/lib/libcrypto/ecdh/ecdh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecdh.c,v 1.5 2023/07/12 08:54:18 tb Exp $ */
+/* $OpenBSD: ecdh.c,v 1.6 2023/07/24 17:08:53 tb Exp $ */
 /* ====================================================================
  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
  *
@@ -176,7 +176,7 @@ ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh
        if ((group = EC_KEY_get0_group(ecdh)) == NULL)
                goto err;
 
-       if (!EC_POINT_is_on_curve(group, pub_key, ctx))
+       if (EC_POINT_is_on_curve(group, pub_key, ctx) <= 0)
                goto err;
 
        if ((point = EC_POINT_new(group)) == NULL) {

diff --git a/lib/libcrypto/gost/gostr341001_key.c b/lib/libcrypto/gost/gostr341001_key.c
index efc9e57..0170ab4 100644 (file)
--- a/lib/libcrypto/gost/gostr341001_key.c
+++ b/lib/libcrypto/gost/gostr341001_key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: gostr341001_key.c,v 1.13 2023/07/08 14:30:44 beck Exp $ */
+/* $OpenBSD: gostr341001_key.c,v 1.14 2023/07/24 17:08:53 tb Exp $ */
 /*
  * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
  * Copyright (c) 2005-2006 Cryptocom LTD
@@ -132,7 +132,7 @@ GOST_KEY_check_key(const GOST_KEY *key)
                goto err;
 
        /* testing whether the pub_key is on the elliptic curve */
-       if (EC_POINT_is_on_curve(key->group, key->pub_key, ctx) == 0) {
+       if (EC_POINT_is_on_curve(key->group, key->pub_key, ctx) <= 0) {
                GOSTerror(EC_R_POINT_IS_NOT_ON_CURVE);
                goto err;
        }