diff options
| author | jsing <> | 2019-10-04 17:21:24 +0000 |
|---|---|---|
| committer | jsing <> | 2019-10-04 17:21:24 +0000 |
| commit | a573d08fadfb962d4706cb19197b756cae2b24c1 (patch) | |
| tree | d3337d31b46c753ee03a84f70d1e8877224c79ab /src | |
| parent | 5e5005b92f5807443f04e3f78e5c3a0c65b10de5 (diff) | |
| download | openbsd-a573d08fadfb962d4706cb19197b756cae2b24c1.tar.gz openbsd-a573d08fadfb962d4706cb19197b756cae2b24c1.tar.bz2 openbsd-a573d08fadfb962d4706cb19197b756cae2b24c1.zip | |
Use a valid curve when constructing an EC_KEY that looks like X25519.
The recent EC group cofactor change results in stricter validation,
which causes the EC_GROUP_set_generator() call to fail.
Issue reported and fix tested by rsadowski@
ok tb@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/s3_lib.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 0357a70ca3..2943842ce7 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_lib.c,v 1.186 2019/04/04 15:03:21 jsing Exp $ */ | 1 | /* $OpenBSD: s3_lib.c,v 1.187 2019/10/04 17:21:24 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1682,7 +1682,8 @@ ssl_ctrl_get_server_tmp_key(SSL *s, EVP_PKEY **pkey_tmp) | |||
| 1682 | ret = EVP_PKEY_set1_EC_KEY(pkey, sc->peer_ecdh_tmp); | 1682 | ret = EVP_PKEY_set1_EC_KEY(pkey, sc->peer_ecdh_tmp); |
| 1683 | } else if (sc->peer_x25519_tmp != NULL) { | 1683 | } else if (sc->peer_x25519_tmp != NULL) { |
| 1684 | /* Fudge up an EC_KEY that looks like X25519... */ | 1684 | /* Fudge up an EC_KEY that looks like X25519... */ |
| 1685 | if ((group = EC_GROUP_new(EC_GFp_mont_method())) == NULL) | 1685 | if ((group = EC_GROUP_new_by_curve_name( |
| 1686 | NID_X9_62_prime256v1)) == NULL) | ||
| 1686 | goto err; | 1687 | goto err; |
| 1687 | if ((point = EC_POINT_new(group)) == NULL) | 1688 | if ((point = EC_POINT_new(group)) == NULL) |
| 1688 | goto err; | 1689 | goto err; |