summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/asn1/x_crl.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/asn1/x_crl.c')
-rw-r--r--src/lib/libcrypto/asn1/x_crl.c10
1 files changed, 8 insertions, 2 deletions
diff --git a/src/lib/libcrypto/asn1/x_crl.c b/src/lib/libcrypto/asn1/x_crl.c
index 7ad8350f3d..19caf56cec 100644
--- a/src/lib/libcrypto/asn1/x_crl.c
+++ b/src/lib/libcrypto/asn1/x_crl.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x_crl.c,v 1.48 2025/02/27 20:13:41 tb Exp $ */ 1/* $OpenBSD: x_crl.c,v 1.50 2025/07/10 18:48:31 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -61,11 +61,11 @@
61#include <openssl/opensslconf.h> 61#include <openssl/opensslconf.h>
62 62
63#include <openssl/asn1t.h> 63#include <openssl/asn1t.h>
64#include <openssl/err.h>
65#include <openssl/x509.h> 64#include <openssl/x509.h>
66#include <openssl/x509v3.h> 65#include <openssl/x509v3.h>
67 66
68#include "asn1_local.h" 67#include "asn1_local.h"
68#include "err_local.h"
69#include "x509_local.h" 69#include "x509_local.h"
70 70
71static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp); 71static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp);
@@ -540,6 +540,12 @@ LCRYPTO_ALIAS(X509_CRL_add0_revoked);
540int 540int
541X509_CRL_verify(X509_CRL *crl, EVP_PKEY *pkey) 541X509_CRL_verify(X509_CRL *crl, EVP_PKEY *pkey)
542{ 542{
543 /*
544 * The CertificateList's signature AlgorithmIdentifier must match
545 * the one inside the TBSCertList, see RFC 5280, 5.1.1.2, 5.1.2.2.
546 */
547 if (X509_ALGOR_cmp(crl->sig_alg, crl->crl->sig_alg) != 0)
548 return 0;
543 return ASN1_item_verify(&X509_CRL_INFO_it, crl->sig_alg, crl->signature, 549 return ASN1_item_verify(&X509_CRL_INFO_it, crl->sig_alg, crl->signature,
544 crl->crl, pkey); 550 crl->crl, pkey);
545} 551}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-14 16:37:48 +0000