OpenBSD 5.8 errata 9, Dec 3, 2015:

CVE-2015-3194 - NULL pointer dereference in client certificate validation
    make install

===================================================================
diff -Naurwp libressl.orig/crypto/rsa/rsa_ameth.c libressl/crypto/rsa/rsa_ameth.c
--- libressl.orig/crypto/rsa/rsa_ameth.c	2015-09-11 00:32:56.000000000 -0700
+++ libressl/crypto/rsa/rsa_ameth.c	2015-12-04 18:56:55.250157042 -0800
@@ -298,7 +298,7 @@ rsa_pss_decode(const X509_ALGOR *alg, X5
 	if (pss->maskGenAlgorithm) {
 		ASN1_TYPE *param = pss->maskGenAlgorithm->parameter;
 		if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) == NID_mgf1 &&
-		    param->type == V_ASN1_SEQUENCE) {
+		    param && param->type == V_ASN1_SEQUENCE) {
 			p = param->value.sequence->data;
 			plen = param->value.sequence->length;
 			*pmaskHash = d2i_X509_ALGOR(NULL, &p, plen);