DPP: Fix test functionality for invalid keys with OpenSSL 1.1.0
It looks like at least OpenSSL 1.1.0i includes the extra checks in EC_POINT_set_affine_coordinates_GFp() that break the previously used mechanism for generating invalid keys. Fix this by using the alternative design that was used with OpenSSL 1.1.1 and BoringSSL. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen
Jouni Malinen
parent
cc6263ef60
commit
2b92c4f3c0
1 changed files with 3 additions and 3 deletions
|
|
@ -6219,14 +6219,14 @@ static int dpp_test_gen_invalid_key(struct wpabuf *msg,
|
||||||
|
|
||||||
if (EC_POINT_set_affine_coordinates_GFp(group, point, x, y,
|
if (EC_POINT_set_affine_coordinates_GFp(group, point, x, y,
|
||||||
ctx) != 1) {
|
ctx) != 1) {
|
||||||
#if OPENSSL_VERSION_NUMBER >= 0x10101000L || defined(OPENSSL_IS_BORINGSSL)
|
#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_IS_BORINGSSL)
|
||||||
/* Unlike older OpenSSL versions, OpenSSL 1.1.1 and BoringSSL
|
/* Unlike older OpenSSL versions, OpenSSL 1.1.1 and BoringSSL
|
||||||
* return an error from EC_POINT_set_affine_coordinates_GFp()
|
* return an error from EC_POINT_set_affine_coordinates_GFp()
|
||||||
* when the point is not on the curve. */
|
* when the point is not on the curve. */
|
||||||
break;
|
break;
|
||||||
#else /* >=1.1.1 or OPENSSL_IS_BORINGSSL */
|
#else /* >=1.1.0 or OPENSSL_IS_BORINGSSL */
|
||||||
goto fail;
|
goto fail;
|
||||||
#endif /* >= 1.1.1 or OPENSSL_IS_BORINGSSL */
|
#endif /* >= 1.1.0 or OPENSSL_IS_BORINGSSL */
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!EC_POINT_is_on_curve(group, point, ctx))
|
if (!EC_POINT_is_on_curve(group, point, ctx))
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue