diff options
author | Stefan Berger <stefanb@linux.ibm.com> | 2021-03-16 17:07:37 -0400 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2021-03-26 19:41:59 +1100 |
commit | 299f561a66939debba70e6d7c67aa01ed32613d9 (patch) | |
tree | 490234c55e82ab9c0d1009e1a0db5fd73fb0064f /crypto/asymmetric_keys/x509_public_key.c | |
parent | d1a303e8616c5ba1260722bb9068bbc0d1704847 (diff) |
x509: Add support for parsing x509 certs with ECDSA keys
Add support for parsing of x509 certificates that contain ECDSA keys,
such as NIST P256, that have been signed by a CA using any of the
current SHA hash algorithms.
Cc: David Howells <dhowells@redhat.com>
Cc: keyrings@vger.kernel.org
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto/asymmetric_keys/x509_public_key.c')
-rw-r--r-- | crypto/asymmetric_keys/x509_public_key.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c index ae450eb8be14..3d45161b271a 100644 --- a/crypto/asymmetric_keys/x509_public_key.c +++ b/crypto/asymmetric_keys/x509_public_key.c @@ -129,7 +129,9 @@ int x509_check_for_self_signed(struct x509_certificate *cert) } ret = -EKEYREJECTED; - if (strcmp(cert->pub->pkey_algo, cert->sig->pkey_algo) != 0) + if (strcmp(cert->pub->pkey_algo, cert->sig->pkey_algo) != 0 && + (strncmp(cert->pub->pkey_algo, "ecdsa-", 6) != 0 || + strcmp(cert->sig->pkey_algo, "ecdsa") != 0)) goto out; ret = public_key_verify_signature(cert->pub, cert->sig); |