aboutsummaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2013-08-30 11:18:15 -0400
committerDavid Howells <dhowells@redhat.com>2013-09-25 12:17:01 -0400
commit2ecdb23b8c545fbee95caad0f2e45082787563ee (patch)
tree14884783575a49feb510a7e402747c076c076792 /crypto
parentb426beb6eeb0c81aeaa419f7444064abc9cb04ae (diff)
X.509: Check the algorithm IDs obtained from parsing an X.509 certificate
Check that the algorithm IDs obtained from the ASN.1 parse by OID lookup corresponds to algorithms that are available to us. Reported-by: Kees Cook <keescook@chromium.org> Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'crypto')
-rw-r--r--crypto/asymmetric_keys/x509_public_key.c11
1 files changed, 11 insertions, 0 deletions
diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c
index b7c81d8df08b..eb368d4c632c 100644
--- a/crypto/asymmetric_keys/x509_public_key.c
+++ b/crypto/asymmetric_keys/x509_public_key.c
@@ -119,6 +119,17 @@ static int x509_key_preparse(struct key_preparsed_payload *prep)
119 119
120 pr_devel("Cert Issuer: %s\n", cert->issuer); 120 pr_devel("Cert Issuer: %s\n", cert->issuer);
121 pr_devel("Cert Subject: %s\n", cert->subject); 121 pr_devel("Cert Subject: %s\n", cert->subject);
122
123 if (cert->pub->pkey_algo >= PKEY_ALGO__LAST ||
124 cert->sig.pkey_algo >= PKEY_ALGO__LAST ||
125 cert->sig.pkey_hash_algo >= PKEY_HASH__LAST ||
126 !pkey_algo[cert->pub->pkey_algo] ||
127 !pkey_algo[cert->sig.pkey_algo] ||
128 !pkey_hash_algo_name[cert->sig.pkey_hash_algo]) {
129 ret = -ENOPKG;
130 goto error_free_cert;
131 }
132
122 pr_devel("Cert Key Algo: %s\n", pkey_algo_name[cert->pub->pkey_algo]); 133 pr_devel("Cert Key Algo: %s\n", pkey_algo_name[cert->pub->pkey_algo]);
123 pr_devel("Cert Valid From: %04ld-%02d-%02d %02d:%02d:%02d\n", 134 pr_devel("Cert Valid From: %04ld-%02d-%02d %02d:%02d:%02d\n",
124 cert->valid_from.tm_year + 1900, cert->valid_from.tm_mon + 1, 135 cert->valid_from.tm_year + 1900, cert->valid_from.tm_mon + 1,