diff options
| author | beck <> | 2019-04-01 02:09:21 +0000 |
|---|---|---|
| committer | beck <> | 2019-04-01 02:09:21 +0000 |
| commit | 893fd8b877c9005a0b581d00a90b2f6c72a40bc5 (patch) | |
| tree | 2e72979fafd35189a5361981a56eaa71555cbe5c /src | |
| parent | fd2c35571a7ae32e91f4aa0a97a2611030cbdb3d (diff) | |
| download | openbsd-893fd8b877c9005a0b581d00a90b2f6c72a40bc5.tar.gz openbsd-893fd8b877c9005a0b581d00a90b2f6c72a40bc5.tar.bz2 openbsd-893fd8b877c9005a0b581d00a90b2f6c72a40bc5.zip | |
Correct subtle bug in sigalgs, only care about curve_nid if we are
checking the curve.
ok jsing@ tb@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/ssl_sigalgs.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c index 129ccccfbc..37fdcfa73f 100644 --- a/src/lib/libssl/ssl_sigalgs.c +++ b/src/lib/libssl/ssl_sigalgs.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_sigalgs.c,v 1.19 2019/03/25 17:33:26 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_sigalgs.c,v 1.20 2019/04/01 02:09:21 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018-2019 Bob Beck <beck@openbsd.org> | 3 | * Copyright (c) 2018-2019 Bob Beck <beck@openbsd.org> |
| 4 | * | 4 | * |
| @@ -244,11 +244,11 @@ ssl_sigalg_pkey_ok(const struct ssl_sigalg *sigalg, EVP_PKEY *pkey, | |||
| 244 | return 0; | 244 | return 0; |
| 245 | } | 245 | } |
| 246 | 246 | ||
| 247 | if (pkey->type == EVP_PKEY_EC) { | 247 | if (pkey->type == EVP_PKEY_EC && check_curve) { |
| 248 | /* Curve must match for EC keys. */ | ||
| 248 | if (sigalg->curve_nid == 0) | 249 | if (sigalg->curve_nid == 0) |
| 249 | return 0; | 250 | return 0; |
| 250 | /* Curve must match for EC keys. */ | 251 | if (EC_GROUP_get_curve_name(EC_KEY_get0_group |
| 251 | if (check_curve && EC_GROUP_get_curve_name(EC_KEY_get0_group | ||
| 252 | (EVP_PKEY_get0_EC_KEY(pkey))) != sigalg->curve_nid) { | 252 | (EVP_PKEY_get0_EC_KEY(pkey))) != sigalg->curve_nid) { |
| 253 | return 0; | 253 | return 0; |
| 254 | } | 254 | } |