EC_POINT_is_on_curve does not return a boolean

The function EC_POINT_is_on_curve does not return a boolean value. It returns 1 if the point is on the curve, 0 if it is not, and -1 on error. Many usages within OpenSSL were incorrectly using this function and therefore not correctly handling error conditions. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Kurt Roeckx <kurt@openssl.org> (cherry picked from commit 68886be7e2cd395a759fcd41d2cede461b68843d) Conflicts: crypto/ec/ec2_oct.c crypto/ec/ecp_oct.c crypto/ec/ectest.c
author: Matt Caswell <matt@openssl.org> 2015-06-04 14:22:00 +0100
committer: Matt Caswell <matt@openssl.org> 2015-06-10 10:57:05 +0100
commit: cb9f1bc1d118bfe17d7c3004bbf33746df1855bd (patch)
tree: 145e1e9fb36c717b453cbe70908b0ccaf00c0bfc /crypto/ec/ec_check.c
parent: 9545eac45bc79496763d2ded02629f88a8629fb9 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/ec/ec_check.c b/crypto/ec/ec_check.c
index d3f534999e..dd6f0ac409 100644
--- a/crypto/ec/ec_check.c
+++ b/crypto/ec/ec_check.c
@@ -85,7 +85,7 @@ int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx)
         ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_GENERATOR);
         goto err;
     }
-    if (!EC_POINT_is_on_curve(group, group->generator, ctx)) {
+    if (EC_POINT_is_on_curve(group, group->generator, ctx) <= 0) {
         ECerr(EC_F_EC_GROUP_CHECK, EC_R_POINT_IS_NOT_ON_CURVE);
         goto err;
     }
author	Matt Caswell <matt@openssl.org>	2015-06-04 14:22:00 +0100
committer	Matt Caswell <matt@openssl.org>	2015-06-10 10:57:05 +0100
commit	cb9f1bc1d118bfe17d7c3004bbf33746df1855bd (patch)
tree	145e1e9fb36c717b453cbe70908b0ccaf00c0bfc /crypto/ec/ec_check.c
parent	9545eac45bc79496763d2ded02629f88a8629fb9 (diff)