Add a return value check

If the call to OBJ_find_sigid_by_algs fails to find the relevant NID then
we should set the NID to NID_undef.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 330dcb09b2)
This commit is contained in:
Matt Caswell 2015-11-11 10:44:07 +00:00
parent 9501418ea2
commit f4d1926f95

View file

@ -3583,7 +3583,7 @@ static int tls12_get_pkey_idx(unsigned char sig_alg)
static void tls1_lookup_sigalg(int *phash_nid, int *psign_nid,
int *psignhash_nid, const unsigned char *data)
{
int sign_nid = 0, hash_nid = 0;
int sign_nid = NID_undef, hash_nid = NID_undef;
if (!phash_nid && !psign_nid && !psignhash_nid)
return;
if (phash_nid || psignhash_nid) {
@ -3599,9 +3599,9 @@ static void tls1_lookup_sigalg(int *phash_nid, int *psign_nid,
*psign_nid = sign_nid;
}
if (psignhash_nid) {
if (sign_nid && hash_nid)
OBJ_find_sigid_by_algs(psignhash_nid, hash_nid, sign_nid);
else
if (sign_nid == NID_undef || hash_nid == NID_undef
|| OBJ_find_sigid_by_algs(psignhash_nid, hash_nid,
sign_nid) <= 0)
*psignhash_nid = NID_undef;
}
}