EC_POINT_is_on_curve does not return a boolean

The function EC_POINT_is_on_curve does not return a boolean value. It returns 1 if the point is on the curve, 0 if it is not, and -1 on error. Many usages within OpenSSL were incorrectly using this function and therefore not correctly handling error conditions. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
author: Matt Caswell <matt@openssl.org> 2015-06-04 14:22:00 +0100
committer: Matt Caswell <matt@openssl.org> 2015-06-10 10:43:53 +0100
commit: 68886be7e2cd395a759fcd41d2cede461b68843d (patch)
tree: a2cc07973cf021a2601394abee80cf3a4ea22f57 /crypto/ec/ec_check.c
parent: b8b12aadd8edfd3bd327157c8899b1cf3403177f (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/ec/ec_check.c b/crypto/ec/ec_check.c
index 1d44ad2283..bdbf91c470 100644
--- a/crypto/ec/ec_check.c
+++ b/crypto/ec/ec_check.c
@@ -85,7 +85,7 @@ int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx)
         ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_GENERATOR);
         goto err;
     }
-    if (!EC_POINT_is_on_curve(group, group->generator, ctx)) {
+    if (EC_POINT_is_on_curve(group, group->generator, ctx) <= 0) {
         ECerr(EC_F_EC_GROUP_CHECK, EC_R_POINT_IS_NOT_ON_CURVE);
         goto err;
     }
author	Matt Caswell <matt@openssl.org>	2015-06-04 14:22:00 +0100
committer	Matt Caswell <matt@openssl.org>	2015-06-10 10:43:53 +0100
commit	68886be7e2cd395a759fcd41d2cede461b68843d (patch)
tree	a2cc07973cf021a2601394abee80cf3a4ea22f57 /crypto/ec/ec_check.c
parent	b8b12aadd8edfd3bd327157c8899b1cf3403177f (diff)