From 5a4b210f922083e52c19fbfc639d6fbf928b75f7 Mon Sep 17 00:00:00 2001 From: tb <> Date: Mon, 24 Jul 2023 17:08:53 +0000 Subject: Fix two EC_POINT_is_on_curve() checks This API can fail for various reasons, in which case it returns -1, so you need to check if (EC_POINT_is_on_curve_checks(...) <= 0). ok miod --- src/lib/libcrypto/ecdh/ecdh.c | 4 ++-- src/lib/libcrypto/gost/gostr341001_key.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'src/lib') diff --git a/src/lib/libcrypto/ecdh/ecdh.c b/src/lib/libcrypto/ecdh/ecdh.c index ecb849c135..6ab4ff8382 100644 --- a/src/lib/libcrypto/ecdh/ecdh.c +++ b/src/lib/libcrypto/ecdh/ecdh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecdh.c,v 1.5 2023/07/12 08:54:18 tb Exp $ */ +/* $OpenBSD: ecdh.c,v 1.6 2023/07/24 17:08:53 tb Exp $ */ /* ==================================================================== * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. * @@ -176,7 +176,7 @@ ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh if ((group = EC_KEY_get0_group(ecdh)) == NULL) goto err; - if (!EC_POINT_is_on_curve(group, pub_key, ctx)) + if (EC_POINT_is_on_curve(group, pub_key, ctx) <= 0) goto err; if ((point = EC_POINT_new(group)) == NULL) { diff --git a/src/lib/libcrypto/gost/gostr341001_key.c b/src/lib/libcrypto/gost/gostr341001_key.c index efc9e57452..0170ab44ba 100644 --- a/src/lib/libcrypto/gost/gostr341001_key.c +++ b/src/lib/libcrypto/gost/gostr341001_key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gostr341001_key.c,v 1.13 2023/07/08 14:30:44 beck Exp $ */ +/* $OpenBSD: gostr341001_key.c,v 1.14 2023/07/24 17:08:53 tb Exp $ */ /* * Copyright (c) 2014 Dmitry Eremin-Solenikov * Copyright (c) 2005-2006 Cryptocom LTD @@ -132,7 +132,7 @@ GOST_KEY_check_key(const GOST_KEY *key) goto err; /* testing whether the pub_key is on the elliptic curve */ - if (EC_POINT_is_on_curve(key->group, key->pub_key, ctx) == 0) { + if (EC_POINT_is_on_curve(key->group, key->pub_key, ctx) <= 0) { GOSTerror(EC_R_POINT_IS_NOT_ON_CURVE); goto err; } -- cgit v1.2.3-55-g6feb