summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/man/DH_generate_key.3
diff options
context:
space:
mode:
authortb <>2025-07-10 18:48:31 +0000
committertb <>2025-07-10 18:48:31 +0000
commit03d9063618b2994c381512cccdf03470f7b08be4 (patch)
treebdff3d12cb9ca4d9a49cd6c8539e338a3efe28e8 /src/lib/libcrypto/man/DH_generate_key.3
parentaff293dbd9cfabda512ac59dac94bc93acbffc74 (diff)
downloadopenbsd-03d9063618b2994c381512cccdf03470f7b08be4.tar.gz
openbsd-03d9063618b2994c381512cccdf03470f7b08be4.tar.bz2
openbsd-03d9063618b2994c381512cccdf03470f7b08be4.zip
Add missing check to X509_CRL_verify()
When fixing CVE-2014-8275 in commit 684400ce, Henson added a check that the AlgorithmIdentifier in the certificate's signature matches the one in the tbsCertificate. A corresponding check for CRLs was missed. BoringSSL added such a check in 2022, so this should be fine for us to do as well even though OpenSSL still doesn't have it. The only caller will set an error on the stack, so we don't do it here. There's no obvious check that X509_REQ_verify() could do. ok beck kenjiro
Diffstat (limited to 'src/lib/libcrypto/man/DH_generate_key.3')
0 files changed, 0 insertions, 0 deletions