From 9c325392eae38dcb0dea8c9bfa680fc1c945fa59 Mon Sep 17 00:00:00 2001
From: Gordon Tetlow <gordon@FreeBSD.org>
Date: Tue, 21 Apr 2020 15:47:58 +0000
Subject: [PATCH] MFC: r360146 Fix OpenSSL remote denial of service.

See https://www.openssl.org/news/secadv/20200421.txt for details.

Approved by:	so
Security:	FreeBSD-SA-20:11.openssl
Security:	CVE-2020-1967
---
 crypto/openssl/ssl/t1_lib.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/openssl/ssl/t1_lib.c b/crypto/openssl/ssl/t1_lib.c
index a254fd5a055..76b4baa3889 100644
--- a/crypto/openssl/ssl/t1_lib.c
+++ b/crypto/openssl/ssl/t1_lib.c
@@ -2130,7 +2130,7 @@ static int tls1_check_sig_alg(SSL *s, X509 *x, int default_nid)
         sigalg = use_pc_sigalgs
                  ? tls1_lookup_sigalg(s->s3->tmp.peer_cert_sigalgs[i])
                  : s->shared_sigalgs[i];
-        if (sig_nid == sigalg->sigandhash)
+        if (sigalg != NULL && sig_nid == sigalg->sigandhash)
             return 1;
     }
     return 0;
-- 
2.45.0