diff options
| author | tobhe <tobhe@cvs.openbsd.org> | 2020-07-27 14:22:54 +0000 |
|---|---|---|
| committer | tobhe <tobhe@cvs.openbsd.org> | 2020-07-27 14:22:54 +0000 |
| commit | a4e7dd077217e559c5dea262ad22516c4c66e84c (patch) | |
| tree | 7bc51faea45589de29e3b92d39a21f9025f52d39 /sbin | |
| parent | be388469137e6827ab04bb00062e438bc25e8dec (diff) | |
Fix return value check for openssl API used during pubkey validation.
Found thanks to bug report by Michael Scheibel <m.Scheibel (at) tuvit (dot) de>
ok patrick@, markus@, tb@
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/iked/ca.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sbin/iked/ca.c b/sbin/iked/ca.c index 15a0e4bcbff..afb45a24d92 100644 --- a/sbin/iked/ca.c +++ b/sbin/iked/ca.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ca.c,v 1.64 2020/07/15 14:45:15 tobhe Exp $ */ +/* $OpenBSD: ca.c,v 1.65 2020/07/27 14:22:53 tobhe Exp $ */ /* * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org> @@ -1420,7 +1420,7 @@ ca_validate_pubkey(struct iked *env, struct iked_static_id *id, if (localkey == NULL) goto sslerr; - if (peerkey && !EVP_PKEY_cmp(peerkey, localkey)) { + if (peerkey && EVP_PKEY_cmp(peerkey, localkey) != 1) { log_debug("%s: public key does not match %s", __func__, file); goto done; } |