diff options
author | Stefan Berger <stefanb@linux.ibm.com> | 2021-03-16 17:07:37 -0400 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2021-03-26 19:41:59 +1100 |
commit | 2ceaf2ab3fcfaa16b1dcc5a014b8650ef12322f4 (patch) | |
tree | 6b8da8ad83c4590f260aa423753140035c422280 /crypto/asymmetric_keys/x509_public_key.c | |
parent | 266ee0f9a7250be68d285f7e27dbb6a91dc2f89d (diff) | |
download | linux-crypto-2ceaf2ab3fcfaa16b1dcc5a014b8650ef12322f4.tar.gz linux-crypto-2ceaf2ab3fcfaa16b1dcc5a014b8650ef12322f4.zip |
x509: Add support for parsing x509 certs with ECDSA keys
Add support for parsing of x509 certificates that contain ECDSA keys,
such as NIST P256, that have been signed by a CA using any of the
current SHA hash algorithms.
Cc: David Howells <dhowells@redhat.com>
Cc: keyrings@vger.kernel.org
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto/asymmetric_keys/x509_public_key.c')
-rw-r--r-- | crypto/asymmetric_keys/x509_public_key.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c index ae450eb8..3d45161b 100644 --- a/crypto/asymmetric_keys/x509_public_key.c +++ b/crypto/asymmetric_keys/x509_public_key.c @@ -129,7 +129,9 @@ int x509_check_for_self_signed(struct x509_certificate *cert) } ret = -EKEYREJECTED; - if (strcmp(cert->pub->pkey_algo, cert->sig->pkey_algo) != 0) + if (strcmp(cert->pub->pkey_algo, cert->sig->pkey_algo) != 0 && + (strncmp(cert->pub->pkey_algo, "ecdsa-", 6) != 0 || + strcmp(cert->sig->pkey_algo, "ecdsa") != 0)) goto out; ret = public_key_verify_signature(cert->pub, cert->sig); |