summaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2013-08-30 17:18:15 +0200
committerDavid Howells <dhowells@redhat.com>2013-09-25 18:17:01 +0200
commit2ecdb23b8c545fbee95caad0f2e45082787563ee (patch)
tree14884783575a49feb510a7e402747c076c076792 /crypto
parentX.509: Embed public_key_signature struct and create filler function (diff)
downloadlinux-2ecdb23b8c545fbee95caad0f2e45082787563ee.tar.xz
linux-2ecdb23b8c545fbee95caad0f2e45082787563ee.zip
X.509: Check the algorithm IDs obtained from parsing an X.509 certificate
Check that the algorithm IDs obtained from the ASN.1 parse by OID lookup corresponds to algorithms that are available to us. Reported-by: Kees Cook <keescook@chromium.org> Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'crypto')
-rw-r--r--crypto/asymmetric_keys/x509_public_key.c11
1 files changed, 11 insertions, 0 deletions
diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c
index b7c81d8df08b..eb368d4c632c 100644
--- a/crypto/asymmetric_keys/x509_public_key.c
+++ b/crypto/asymmetric_keys/x509_public_key.c
@@ -119,6 +119,17 @@ static int x509_key_preparse(struct key_preparsed_payload *prep)
pr_devel("Cert Issuer: %s\n", cert->issuer);
pr_devel("Cert Subject: %s\n", cert->subject);
+
+ if (cert->pub->pkey_algo >= PKEY_ALGO__LAST ||
+ cert->sig.pkey_algo >= PKEY_ALGO__LAST ||
+ cert->sig.pkey_hash_algo >= PKEY_HASH__LAST ||
+ !pkey_algo[cert->pub->pkey_algo] ||
+ !pkey_algo[cert->sig.pkey_algo] ||
+ !pkey_hash_algo_name[cert->sig.pkey_hash_algo]) {
+ ret = -ENOPKG;
+ goto error_free_cert;
+ }
+
pr_devel("Cert Key Algo: %s\n", pkey_algo_name[cert->pub->pkey_algo]);
pr_devel("Cert Valid From: %04ld-%02d-%02d %02d:%02d:%02d\n",
cert->valid_from.tm_year + 1900, cert->valid_from.tm_mon + 1,