From 37be4a20442f6b455d94047ef6196dff7e7031f3 Mon Sep 17 00:00:00 2001
From: Thom Wiggers <thom@thomwiggers.nl>
Date: Tue, 29 Jan 2019 16:05:44 +0100
Subject: [PATCH] Don't fail if decapsulating with wrong keys doesn't return -1

Closes #11
---
 README.md                  | 2 +-
 test/crypto_kem/functest.c | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 8c31d706..5310f0e4 100644
--- a/README.md
+++ b/README.md
@@ -42,7 +42,7 @@ _The checking of items on this list is still being developed. Checked items shou
   * [x] `randombytes.c`
 * [ ] API functions return `0` on success, negative on failure
     * [x] 0 on success
-    * [ ] Negative on failure (currently: partially)
+    * [ ] Negative on failure (within restrictions of FO transform).
 * [ ] No dynamic memory allocations
 * [ ] No branching on secret data (dynamically checked using valgrind)
 * [ ] No access to secret memory locations (dynamically checked using valgrind)
diff --git a/test/crypto_kem/functest.c b/test/crypto_kem/functest.c
index 7f4c7beb..51a3996e 100644
--- a/test/crypto_kem/functest.c
+++ b/test/crypto_kem/functest.c
@@ -137,8 +137,8 @@ static int test_invalid_ciphertext(void) {
         sendb[pos % CRYPTO_CIPHERTEXTBYTES] ^= 23;
 
         // Alice uses Bobs response to get her secret key
-        if ((returncode = crypto_kem_dec(key_a, sendb, sk_a)) > -1) {
-            printf("ERROR crypto_kem_dec should fail (negative returncode) but returned %d\n", returncode);
+        if ((returncode = crypto_kem_dec(key_a, sendb, sk_a)) > 0) {
+            printf("ERROR crypto_kem_dec should either fail (negative returncode) or succeed (return 0) but returned %d\n", returncode);
             return -1;
         }