From a573d08fadfb962d4706cb19197b756cae2b24c1 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Fri, 4 Oct 2019 17:21:24 +0000
Subject: Use a valid curve when constructing an EC_KEY that looks like X25519.

The recent EC group cofactor change results in stricter validation,
which causes the EC_GROUP_set_generator() call to fail.

Issue reported and fix tested by rsadowski@

ok tb@
---
 src/lib/libssl/s3_lib.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 0357a70ca3..2943842ce7 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.186 2019/04/04 15:03:21 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.187 2019/10/04 17:21:24 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1682,7 +1682,8 @@ ssl_ctrl_get_server_tmp_key(SSL *s, EVP_PKEY **pkey_tmp)
 		ret = EVP_PKEY_set1_EC_KEY(pkey, sc->peer_ecdh_tmp);
 	} else if (sc->peer_x25519_tmp != NULL) {
 		/* Fudge up an EC_KEY that looks like X25519... */
-		if ((group = EC_GROUP_new(EC_GFp_mont_method())) == NULL)
+		if ((group = EC_GROUP_new_by_curve_name(
+		    NID_X9_62_prime256v1)) == NULL)
 			goto err;
 		if ((point = EC_POINT_new(group)) == NULL)
 			goto err;
-- 
cgit v1.2.3-55-g6feb