Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix return value check for openssl API used during pubkey validation.
Found thanks to bug report by Michael Scheibel <m.Scheibel (at) tuvit (dot) de>
ok patrick@, markus@, tb@
  • Loading branch information
tobhe committed Jul 27, 2020
1 parent 4da86b8 commit 7afb2d4
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions sbin/iked/ca.c
@@ -1,4 +1,4 @@
/* $OpenBSD: ca.c,v 1.64 2020/07/15 14:45:15 tobhe Exp $ */
/* $OpenBSD: ca.c,v 1.65 2020/07/27 14:22:53 tobhe Exp $ */

/*
* Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
Expand Down Expand Up @@ -1420,7 +1420,7 @@ ca_validate_pubkey(struct iked *env, struct iked_static_id *id,
if (localkey == NULL)
goto sslerr;

if (peerkey && !EVP_PKEY_cmp(peerkey, localkey)) {
if (peerkey && EVP_PKEY_cmp(peerkey, localkey) != 1) {
log_debug("%s: public key does not match %s", __func__, file);
goto done;
}
Expand Down

0 comments on commit 7afb2d4

Please sign in to comment.