Check index >= 0 as 0 is a valid index.
authorDr. Stephen Henson <steve@openssl.org>
Fri, 10 Feb 2017 04:22:18 +0000 (04:22 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Fri, 10 Feb 2017 20:08:35 +0000 (20:08 +0000)
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2587)

ssl/t1_lib.c

index 43340d4..d6a841a 100644 (file)
@@ -1601,7 +1601,7 @@ int tls1_process_sigalgs(SSL *s)
         if (SSL_IS_TLS13(s) && sigptr->sig == EVP_PKEY_RSA)
             continue;
         idx = tls12_get_pkey_idx(sigptr->sig);
-        if (idx > 0 && pmd[idx] == NULL) {
+        if (idx >= 0 && pmd[idx] == NULL) {
             md = ssl_md(sigptr->hash_idx);
             pmd[idx] = md;
             pvalid[idx] = CERT_PKEY_EXPLICIT_SIGN;