diff options
Diffstat (limited to 'src/lib/libcrypto/x509/x_all.c')
| -rw-r--r-- | src/lib/libcrypto/x509/x_all.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/lib/libcrypto/x509/x_all.c b/src/lib/libcrypto/x509/x_all.c index 5997714061..b5d50ae4ee 100644 --- a/src/lib/libcrypto/x509/x_all.c +++ b/src/lib/libcrypto/x509/x_all.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x_all.c,v 1.32 2024/06/19 08:00:53 tb Exp $ */ | 1 | /* $OpenBSD: x_all.c,v 1.33 2025/07/10 18:50:23 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -399,7 +399,11 @@ LCRYPTO_ALIAS(i2d_PKCS8PrivateKeyInfo_fp); | |||
| 399 | int | 399 | int |
| 400 | X509_verify(X509 *a, EVP_PKEY *r) | 400 | X509_verify(X509 *a, EVP_PKEY *r) |
| 401 | { | 401 | { |
| 402 | if (X509_ALGOR_cmp(a->sig_alg, a->cert_info->signature)) | 402 | /* |
| 403 | * The Certificate's signature AlgorithmIdentifier must match the one | ||
| 404 | * inside the TBSCertificate, see RFC 5280, 4.1.1.2, 4.1.2.3. | ||
| 405 | */ | ||
| 406 | if (X509_ALGOR_cmp(a->sig_alg, a->cert_info->signature) != 0) | ||
| 403 | return 0; | 407 | return 0; |
| 404 | return ASN1_item_verify(&X509_CINF_it, a->sig_alg, | 408 | return ASN1_item_verify(&X509_CINF_it, a->sig_alg, |
| 405 | a->signature, a->cert_info, r); | 409 | a->signature, a->cert_info, r); |