Skip curve check if sigalg doesn't specify a curve.

author Dr. Stephen Henson <steve@openssl.org>

Tue, 14 Feb 2017 14:27:15 +0000 (14:27 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Wed, 15 Feb 2017 02:23:55 +0000 (02:23 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Tue, 14 Feb 2017 14:27:15 +0000 (14:27 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Wed, 15 Feb 2017 02:23:55 +0000 (02:23 +0000)
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c

index 31c3b04fc13497974bec5e2d3155c5de7b83bb54..3e00cdbfd03f89e100d7f44c40817460d4333f1c 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -917,7 +917,7 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
          if (SSL_IS_TLS13(s)) {
              /* For TLS 1.3 check curve matches signature algorithm */
  
-            if (curve != lu->curve) {
+            if (lu->curve != NID_undef && curve != lu->curve) {
                  SSLerr(SSL_F_TLS12_CHECK_PEER_SIGALG, SSL_R_WRONG_CURVE);
                  return 0;
              }
@@ -2348,7 +2348,7 @@ int tls_choose_sigalg(SSL *s, int *al)
  
                      curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
                  }
-                if (curve != lu->curve)
+                if (lu->curve != NID_undef && curve != lu->curve)
                      continue;
  #else
                  continue;
author	Dr. Stephen Henson <steve@openssl.org>
	Tue, 14 Feb 2017 14:27:15 +0000 (14:27 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Wed, 15 Feb 2017 02:23:55 +0000 (02:23 +0000)