Commit 7cb79c7a authored by Matt Caswell's avatar Matt Caswell
Browse files

EC_POINT_is_on_curve does not return a boolean 



The function EC_POINT_is_on_curve does not return a boolean value.
It returns 1 if the point is on the curve, 0 if it is not, and -1
on error. Many usages within OpenSSL were incorrectly using this
function and therefore not correctly handling error conditions.

With thanks to the Open Crypto Audit Project for reporting this issue.

Reviewed-by: default avatarKurt Roeckx <kurt@openssl.org>
(cherry picked from commit 68886be7)
parent d2725992

crypto/ec/ec2_oct.c

+1 −1
Original line number Diff line number Diff line
@@ -387,7 +387,7 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point, 
    }



    /* test required by X9.62 */

    if (!EC_POINT_is_on_curve(group, point, ctx)) {

    if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {

        ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);

        goto err;

    }

crypto/ec/ec_check.c

+1 −1
Original line number Diff line number Diff line
@@ -85,7 +85,7 @@ int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx) 
        ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_GENERATOR);

        goto err;

    }

    if (!EC_POINT_is_on_curve(group, group->generator, ctx)) {

    if (EC_POINT_is_on_curve(group, group->generator, ctx) <= 0) {

        ECerr(EC_F_EC_GROUP_CHECK, EC_R_POINT_IS_NOT_ON_CURVE);

        goto err;

    }

crypto/ec/ec_key.c

+1 −1
Original line number Diff line number Diff line
@@ -314,7 +314,7 @@ int EC_KEY_check_key(const EC_KEY *eckey) 
        goto err;



    /* testing whether the pub_key is on the elliptic curve */

    if (!EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx)) {

    if (EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx) <= 0) {

        ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE);

        goto err;

    }

crypto/ec/ec_lib.c

+7 −0
Original line number Diff line number Diff line
@@ -970,6 +970,13 @@ int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point) 
    return group->meth->is_at_infinity(group, point);

}



/*

 * Check whether an EC_POINT is on the curve or not. Note that the return

 * value for this function should NOT be treated as a boolean. Return values:

 *  1: The point is on the curve

 *  0: The point is not on the curve

 * -1: An error occurred

 */

int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point,

                         BN_CTX *ctx)

{

crypto/ec/ecp_oct.c

+1 −1
Original line number Diff line number Diff line
@@ -413,7 +413,7 @@ int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point, 
    }



    /* test required by X9.62 */

    if (!EC_POINT_is_on_curve(group, point, ctx)) {

    if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {

        ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);

        goto err;

    }