Fix two EC_POINT_is_on_curve() checks

This API can fail for various reasons, in which case it returns -1, so
you need to check if (EC_POINT_is_on_curve_checks(...) <= 0).

ok miod

2 files changed, 4 insertions, 4 deletions

diff --git a/src/lib/libcrypto/ecdh/ecdh.c b/src/lib/libcrypto/ecdh/ecdh.c
index ecb849c135..6ab4ff8382 100644
--- a/src/lib/libcrypto/ecdh/ecdh.c
+++ b/src/lib/libcrypto/ecdh/ecdh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecdh.c,v 1.5 2023/07/12 08:54:18 tb Exp $ */
+/* $OpenBSD: ecdh.c,v 1.6 2023/07/24 17:08:53 tb Exp $ */
 /* ====================================================================
  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
  *
@@ -176,7 +176,7 @@ ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh
         if ((group = EC_KEY_get0_group(ecdh)) == NULL)
                 goto err;
 
-        if (!EC_POINT_is_on_curve(group, pub_key, ctx))
+        if (EC_POINT_is_on_curve(group, pub_key, ctx) <= 0)
                 goto err;
 
         if ((point = EC_POINT_new(group)) == NULL) {
diff --git a/src/lib/libcrypto/gost/gostr341001_key.c b/src/lib/libcrypto/gost/gostr341001_key.c
index efc9e57452..0170ab44ba 100644
--- a/src/lib/libcrypto/gost/gostr341001_key.c
+++ b/src/lib/libcrypto/gost/gostr341001_key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: gostr341001_key.c,v 1.13 2023/07/08 14:30:44 beck Exp $ */
+/* $OpenBSD: gostr341001_key.c,v 1.14 2023/07/24 17:08:53 tb Exp $ */
 /*
  * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
  * Copyright (c) 2005-2006 Cryptocom LTD
@@ -132,7 +132,7 @@ GOST_KEY_check_key(const GOST_KEY *key)
                 goto err;
 
         /* testing whether the pub_key is on the elliptic curve */
-        if (EC_POINT_is_on_curve(key->group, key->pub_key, ctx) == 0) {
+        if (EC_POINT_is_on_curve(key->group, key->pub_key, ctx) <= 0) {
                 GOSTerror(EC_R_POINT_IS_NOT_ON_CURVE);
                 goto err;
         }