Skip curve check if sigalg doesn't specify a curve.

Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2623)
author: Dr. Stephen Henson <steve@openssl.org> 2017-02-14 14:27:15 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2017-02-15 02:23:55 +0000
commit: a34a9df0712ac27256ec48e6f88c61064613ac08 (patch)
tree: cbae441368d290692379f8da2c1b741f0cb1ab89 /ssl
parent: a497cf25162e100ad46bd08222b6e7584b2d5bee (diff)
download: openssl-a34a9df0712ac27256ec48e6f88c61064613ac08.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 31c3b04fc1..3e00cdbfd0 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -917,7 +917,7 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
         if (SSL_IS_TLS13(s)) {
             /* For TLS 1.3 check curve matches signature algorithm */
 
-            if (curve != lu->curve) {
+            if (lu->curve != NID_undef && curve != lu->curve) {
                 SSLerr(SSL_F_TLS12_CHECK_PEER_SIGALG, SSL_R_WRONG_CURVE);
                 return 0;
             }
@@ -2348,7 +2348,7 @@ int tls_choose_sigalg(SSL *s, int *al)
 
                     curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
                 }
-                if (curve != lu->curve)
+                if (lu->curve != NID_undef && curve != lu->curve)
                     continue;
 #else
                 continue;
author	Dr. Stephen Henson <steve@openssl.org>	2017-02-14 14:27:15 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2017-02-15 02:23:55 +0000
commit	a34a9df0712ac27256ec48e6f88c61064613ac08 (patch)
tree	cbae441368d290692379f8da2c1b741f0cb1ab89 /ssl
parent	a497cf25162e100ad46bd08222b6e7584b2d5bee (diff)
download	openssl-a34a9df0712ac27256ec48e6f88c61064613ac08.tar.gz