DPP: Fix test functionality for invalid keys with OpenSSL 1.1.0

It looks like at least OpenSSL 1.1.0i includes the extra checks in
EC_POINT_set_affine_coordinates_GFp() that break the previously used
mechanism for generating invalid keys. Fix this by using the alternative
design that was used with OpenSSL 1.1.1 and BoringSSL.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2018-09-17 17:23:10 +03:00 committed by Jouni Malinen
parent cc6263ef60
commit 2b92c4f3c0

View file

@ -6219,14 +6219,14 @@ static int dpp_test_gen_invalid_key(struct wpabuf *msg,
if (EC_POINT_set_affine_coordinates_GFp(group, point, x, y, if (EC_POINT_set_affine_coordinates_GFp(group, point, x, y,
ctx) != 1) { ctx) != 1) {
#if OPENSSL_VERSION_NUMBER >= 0x10101000L || defined(OPENSSL_IS_BORINGSSL) #if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_IS_BORINGSSL)
/* Unlike older OpenSSL versions, OpenSSL 1.1.1 and BoringSSL /* Unlike older OpenSSL versions, OpenSSL 1.1.1 and BoringSSL
* return an error from EC_POINT_set_affine_coordinates_GFp() * return an error from EC_POINT_set_affine_coordinates_GFp()
* when the point is not on the curve. */ * when the point is not on the curve. */
break; break;
#else /* >=1.1.1 or OPENSSL_IS_BORINGSSL */ #else /* >=1.1.0 or OPENSSL_IS_BORINGSSL */
goto fail; goto fail;
#endif /* >= 1.1.1 or OPENSSL_IS_BORINGSSL */ #endif /* >= 1.1.0 or OPENSSL_IS_BORINGSSL */
} }
if (!EC_POINT_is_on_curve(group, point, ctx)) if (!EC_POINT_is_on_curve(group, point, ctx))