Skip curve check if sigalg doesn't specify a curve.

[openssl.git] / ssl / t1_lib.c

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 0ae41cd71ef474e86704947b709f019df13754d5..3e00cdbfd03f89e100d7f44c40817460d4333f1c 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -917,7 +917,7 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
         if (SSL_IS_TLS13(s)) {
             /* For TLS 1.3 check curve matches signature algorithm */
 
-            if (curve != lu->curve) {
+            if (lu->curve != NID_undef && curve != lu->curve) {
                 SSLerr(SSL_F_TLS12_CHECK_PEER_SIGALG, SSL_R_WRONG_CURVE);
                 return 0;
             }
@@ -2201,11 +2201,9 @@ DH *ssl_get_auto_dh(SSL *s)
         else
             dh_secbits = 80;
     } else {
-        CERT_PKEY *cpk;
-        if (s->s3->tmp.cert_idx == -1)
+        if (s->s3->tmp.cert == NULL)
             return NULL;
-        cpk = &s->cert->pkeys[s->s3->tmp.cert_idx];
-        dh_secbits = EVP_PKEY_security_bits(cpk->privatekey);
+        dh_secbits = EVP_PKEY_security_bits(s->s3->tmp.cert->privatekey);
     }
 
     if (dh_secbits >= 128) {
@@ -2350,7 +2348,7 @@ int tls_choose_sigalg(SSL *s, int *al)
 
                     curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
                 }
-                if (curve != lu->curve)
+                if (lu->curve != NID_undef && curve != lu->curve)
                     continue;
 #else
                 continue;
@@ -2369,7 +2367,7 @@ int tls_choose_sigalg(SSL *s, int *al)
         idx = ssl_cipher_get_cert_index(s->s3->tmp.new_cipher);
         /* If no certificate for ciphersuite return */
         if (idx == -1) {
-            s->s3->tmp.cert_idx = -1;
+            s->s3->tmp.cert = NULL;
             s->s3->tmp.sigalg = NULL;
             return 1;
         }
@@ -2445,7 +2443,7 @@ int tls_choose_sigalg(SSL *s, int *al)
             }
         }
     }
-    s->s3->tmp.cert_idx = idx;
+    s->s3->tmp.cert = &s->cert->pkeys[idx];
     s->s3->tmp.sigalg = lu;
     return 1;
 }