From: Dr. Stephen Henson Date: Tue, 14 Feb 2017 14:27:15 +0000 (+0000) Subject: Skip curve check if sigalg doesn't specify a curve. X-Git-Tag: OpenSSL_1_1_1-pre1~2393 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=a34a9df0712ac27256ec48e6f88c61064613ac08;p=oweals%2Fopenssl.git Skip curve check if sigalg doesn't specify a curve. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2623) --- diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 31c3b04fc1..3e00cdbfd0 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -917,7 +917,7 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey) if (SSL_IS_TLS13(s)) { /* For TLS 1.3 check curve matches signature algorithm */ - if (curve != lu->curve) { + if (lu->curve != NID_undef && curve != lu->curve) { SSLerr(SSL_F_TLS12_CHECK_PEER_SIGALG, SSL_R_WRONG_CURVE); return 0; } @@ -2348,7 +2348,7 @@ int tls_choose_sigalg(SSL *s, int *al) curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); } - if (curve != lu->curve) + if (lu->curve != NID_undef && curve != lu->curve) continue; #else continue;