summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/libcrypto/asn1/x_crl.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/src/lib/libcrypto/asn1/x_crl.c b/src/lib/libcrypto/asn1/x_crl.c
index f614884eec..19caf56cec 100644
--- a/src/lib/libcrypto/asn1/x_crl.c
+++ b/src/lib/libcrypto/asn1/x_crl.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x_crl.c,v 1.49 2025/05/10 05:54:38 tb Exp $ */ 1/* $OpenBSD: x_crl.c,v 1.50 2025/07/10 18:48:31 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -540,6 +540,12 @@ LCRYPTO_ALIAS(X509_CRL_add0_revoked);
540int 540int
541X509_CRL_verify(X509_CRL *crl, EVP_PKEY *pkey) 541X509_CRL_verify(X509_CRL *crl, EVP_PKEY *pkey)
542{ 542{
543 /*
544 * The CertificateList's signature AlgorithmIdentifier must match
545 * the one inside the TBSCertList, see RFC 5280, 5.1.1.2, 5.1.2.2.
546 */
547 if (X509_ALGOR_cmp(crl->sig_alg, crl->crl->sig_alg) != 0)
548 return 0;
543 return ASN1_item_verify(&X509_CRL_INFO_it, crl->sig_alg, crl->signature, 549 return ASN1_item_verify(&X509_CRL_INFO_it, crl->sig_alg, crl->signature,
544 crl->crl, pkey); 550 crl->crl, pkey);
545} 551}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-07 18:53:36 +0000