Skip to content

Commit

Permalink
Fix return value check for openssl API used during pubkey validation.
Browse files Browse the repository at this point in the history 
Found thanks to bug report by Michael Scheibel <m.Scheibel (at) tuvit (dot) de>
ok patrick@, markus@, tb@
  • Loading branch information
@tobhe
tobhe committed Jul 27, 2020
1 parent 4da86b8 commit 7afb2d4
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions sbin/iked/ca.c
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
/* $OpenBSD: ca.c,v 1.64 2020/07/15 14:45:15 tobhe Exp $ */
/* $OpenBSD: ca.c,v 1.65 2020/07/27 14:22:53 tobhe Exp $ */

/*
* Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
Expand Down Expand Up @@ -1420,7 +1420,7 @@ ca_validate_pubkey(struct iked *env, struct iked_static_id *id,
if (localkey == NULL)
goto sslerr;

if (peerkey && !EVP_PKEY_cmp(peerkey, localkey)) {
if (peerkey && EVP_PKEY_cmp(peerkey, localkey) != 1) {
log_debug("%s: public key does not match %s", __func__, file);
goto done;
}
Expand Down

0 comments on commit 7afb2d4

Please sign in to comment.