diff options
| -rw-r--r-- | crypto/asymmetric_keys/x509_public_key.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c index 752d8d5b48fa..fc77a2bd70ba 100644 --- a/crypto/asymmetric_keys/x509_public_key.c +++ b/crypto/asymmetric_keys/x509_public_key.c | |||
| @@ -230,6 +230,11 @@ int x509_check_for_self_signed(struct x509_certificate *cert) | |||
| 230 | 230 | ||
| 231 | pr_devel("==>%s()\n", __func__); | 231 | pr_devel("==>%s()\n", __func__); |
| 232 | 232 | ||
| 233 | if (cert->raw_subject_size != cert->raw_issuer_size || | ||
| 234 | memcmp(cert->raw_subject, cert->raw_issuer, | ||
| 235 | cert->raw_issuer_size) != 0) | ||
| 236 | goto not_self_signed; | ||
| 237 | |||
| 233 | if (cert->sig->auth_ids[0] || cert->sig->auth_ids[1]) { | 238 | if (cert->sig->auth_ids[0] || cert->sig->auth_ids[1]) { |
| 234 | /* If the AKID is present it may have one or two parts. If | 239 | /* If the AKID is present it may have one or two parts. If |
| 235 | * both are supplied, both must match. | 240 | * both are supplied, both must match. |
| @@ -246,6 +251,10 @@ int x509_check_for_self_signed(struct x509_certificate *cert) | |||
| 246 | goto out; | 251 | goto out; |
| 247 | } | 252 | } |
| 248 | 253 | ||
| 254 | ret = -EKEYREJECTED; | ||
| 255 | if (cert->pub->pkey_algo != cert->sig->pkey_algo) | ||
| 256 | goto out; | ||
| 257 | |||
| 249 | ret = public_key_verify_signature(cert->pub, cert->sig); | 258 | ret = public_key_verify_signature(cert->pub, cert->sig); |
| 250 | if (ret < 0) { | 259 | if (ret < 0) { |
| 251 | if (ret == -ENOPKG) { | 260 | if (ret == -ENOPKG) { |