From 36ad7f26648c87c63edaa9659d100b44b14f0ae1 Mon Sep 17 00:00:00 2001
From: beck <>
Date: Wed, 28 Jan 2015 04:14:31 +0000
Subject: Fix a number of issues relating to algorithms in signatures, Mostly
 from OpenSSL with a hint of boring and some things done here. Addresses
 CVE-2014-8275 for OpenSSL fully ok miod@ doug@

---
 src/lib/libcrypto/x509/x_all.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src/lib/libcrypto/x509/x_all.c')

diff --git a/src/lib/libcrypto/x509/x_all.c b/src/lib/libcrypto/x509/x_all.c
index edb5f520fa..28a81c14a7 100644
--- a/src/lib/libcrypto/x509/x_all.c
+++ b/src/lib/libcrypto/x509/x_all.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x_all.c,v 1.18 2014/07/11 08:44:49 jsing Exp $ */
+/* $OpenBSD: x_all.c,v 1.19 2015/01/28 04:14:31 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -76,6 +76,8 @@
 int
 X509_verify(X509 *a, EVP_PKEY *r)
 {
+	if (X509_ALGOR_cmp(a->sig_alg, a->cert_info->signature))
+		return 0;
 	return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF), a->sig_alg,
 	    a->signature, a->cert_info, r));
 }
-- 
cgit v1.2.3-55-g6feb