From 54b7e03a99e6dbd79315380653c1bf578c8444b0 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Wed, 4 Dec 2024 09:50:52 +0000
Subject: Annotate WTLS7 as being wrong

This should really have been using SECP 160R2, not SECP 160R1. Of course
this means in particular that nobody ever used this curve, at least not
against another implementation than OpenSSL. Quasi-monocultures are
poisonous whether the monopolist is benevolent and competent or not.
---
 src/lib/libcrypto/ec/ec_curve.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/lib/libcrypto/ec/ec_curve.c b/src/lib/libcrypto/ec/ec_curve.c
index fd7831598b..a37f324a24 100644
--- a/src/lib/libcrypto/ec/ec_curve.c
+++ b/src/lib/libcrypto/ec/ec_curve.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_curve.c,v 1.50 2024/11/24 10:12:05 tb Exp $ */
+/* $OpenBSD: ec_curve.c,v 1.51 2024/12/04 09:50:52 tb Exp $ */
 /*
  * Written by Nils Larsch for the OpenSSL project.
  */
@@ -2121,6 +2121,7 @@ static const struct ec_curve {
 		.cofactor = 1,
 	},
 	{
+		/* XXX - this one's been wrong all along. Should use 160r1. */
 		.comment = "SECG/WTLS curve over a 160 bit prime field",
 		.nid = NID_wap_wsg_idm_ecid_wtls7,
 		.seed_len = sizeof(_EC_SECG_PRIME_160R2.seed),
-- 
cgit v1.2.3-55-g6feb