From: Jouni Malinen <j@w1.fi>
Date: Tue, 1 May 2018 09:02:57 +0000 (+0300)
Subject: DPP: Fix testing code for invalid keys with OpenSSL 1.1.1
X-Git-Tag: hostap_2_7~389
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2439714f905b1efb2b6b1f45d232703d0458faa9;p=thirdparty%2Fhostap.git

DPP: Fix testing code for invalid keys with OpenSSL 1.1.1

OpenSSL started reporting failures from
EC_POINT_set_affine_coordinates_GFp() similarly to BoringSSL, so use the
same workaround to enable this protocol testing case.

Signed-off-by: Jouni Malinen <j@w1.fi>
---

diff --git a/src/common/dpp.c b/src/common/dpp.c
index fdc54fcaf..ea00c9384 100644
--- a/src/common/dpp.c
+++ b/src/common/dpp.c
@@ -6214,13 +6214,14 @@ static int dpp_test_gen_invalid_key(struct wpabuf *msg,
 
 		if (EC_POINT_set_affine_coordinates_GFp(group, point, x, y,
 							ctx) != 1) {
-#ifdef OPENSSL_IS_BORINGSSL
-		/* Unlike OpenSSL, BoringSSL returns an error from
-		 * EC_POINT_set_affine_coordinates_GFp() is not on the curve. */
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L || defined(OPENSSL_IS_BORINGSSL)
+		/* Unlike older OpenSSL versions, OpenSSL 1.1.1 and BoringSSL
+		 * return an error from EC_POINT_set_affine_coordinates_GFp()
+		 * when the point is not on the curve. */
 			break;
-#else /* OPENSSL_IS_BORINGSSL */
+#else /* >=1.1.1 or OPENSSL_IS_BORINGSSL */
 			goto fail;
-#endif /* OPENSSL_IS_BORINGSSL */
+#endif /* >= 1.1.1 or OPENSSL_IS_BORINGSSL */
 		}
 
 		if (!EC_POINT_is_on_curve(group, point, ctx))