diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/asn1/x_crl.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/src/lib/libcrypto/asn1/x_crl.c b/src/lib/libcrypto/asn1/x_crl.c index f614884eec..19caf56cec 100644 --- a/src/lib/libcrypto/asn1/x_crl.c +++ b/src/lib/libcrypto/asn1/x_crl.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x_crl.c,v 1.49 2025/05/10 05:54:38 tb Exp $ */ | 1 | /* $OpenBSD: x_crl.c,v 1.50 2025/07/10 18:48:31 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -540,6 +540,12 @@ LCRYPTO_ALIAS(X509_CRL_add0_revoked); | |||
| 540 | int | 540 | int |
| 541 | X509_CRL_verify(X509_CRL *crl, EVP_PKEY *pkey) | 541 | X509_CRL_verify(X509_CRL *crl, EVP_PKEY *pkey) |
| 542 | { | 542 | { |
| 543 | /* | ||
| 544 | * The CertificateList's signature AlgorithmIdentifier must match | ||
| 545 | * the one inside the TBSCertList, see RFC 5280, 5.1.1.2, 5.1.2.2. | ||
| 546 | */ | ||
| 547 | if (X509_ALGOR_cmp(crl->sig_alg, crl->crl->sig_alg) != 0) | ||
| 548 | return 0; | ||
| 543 | return ASN1_item_verify(&X509_CRL_INFO_it, crl->sig_alg, crl->signature, | 549 | return ASN1_item_verify(&X509_CRL_INFO_it, crl->sig_alg, crl->signature, |
| 544 | crl->crl, pkey); | 550 | crl->crl, pkey); |
| 545 | } | 551 | } |