diff options
| author |   jsing <jsing@openbsd.org> | 2019-10-04 17:21:24 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2019-10-04 17:21:24 +0000 |
| commit | eb2e4b5b78f9806b2ff803eebdc3869ad7090bab (patch) | |
| tree | 9ce04b30738a1b11be18144281235b57118e156b /lib/libssl/s3_lib.c | |
| parent | Provide internal RSA_padding_{add,check}_PKCS1_OAEP_mgf1() functions. (diff) | |
| download | wireguard-openbsd-eb2e4b5b78f9806b2ff803eebdc3869ad7090bab.tar.xz wireguard-openbsd-eb2e4b5b78f9806b2ff803eebdc3869ad7090bab.zip | |
Use a valid curve when constructing an EC_KEY that looks like X25519.
The recent EC group cofactor change results in stricter validation,
which causes the EC_GROUP_set_generator() call to fail.
Issue reported and fix tested by rsadowski@
ok tb@
Diffstat (limited to 'lib/libssl/s3_lib.c')
| -rw-r--r-- | lib/libssl/s3_lib.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c index 0357a70ca3a..2943842ce70 100644 --- a/lib/libssl/s3_lib.c +++ b/lib/libssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.186 2019/04/04 15:03:21 jsing Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.187 2019/10/04 17:21:24 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1682,7 +1682,8 @@ ssl_ctrl_get_server_tmp_key(SSL *s, EVP_PKEY **pkey_tmp) ret = EVP_PKEY_set1_EC_KEY(pkey, sc->peer_ecdh_tmp); } else if (sc->peer_x25519_tmp != NULL) { /* Fudge up an EC_KEY that looks like X25519... */ - if ((group = EC_GROUP_new(EC_GFp_mont_method())) == NULL) + if ((group = EC_GROUP_new_by_curve_name( + NID_X9_62_prime256v1)) == NULL) goto err; if ((point = EC_POINT_new(group)) == NULL) goto err; |