From: Stefan Berger <stefanb@linux.vnet.ibm.com>
To: keyrings@vger.kernel.org, linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, patrick@puiterwijk.org,
Stefan Berger <stefanb@linux.ibm.com>,
David Howells <dhowells@redhat.com>
Subject: [PATCH v4 2/3] x509: Detect sm2 keys by their parameters OID
Date: Wed, 27 Jan 2021 19:14:11 -0500 [thread overview]
Message-ID: <20210128001412.822048-3-stefanb@linux.vnet.ibm.com> (raw)
In-Reply-To: <20210128001412.822048-1-stefanb@linux.vnet.ibm.com>
From: Stefan Berger <stefanb@linux.ibm.com>
Detect whether a key is an sm2 type of key by its OID in the parameters
array rather than assuming that everything under OID_id_ecPublicKey
is sm2, which is not the case.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Cc: David Howells <dhowells@redhat.com>
Cc: keyrings@vger.kernel.org
---
crypto/asymmetric_keys/x509_cert_parser.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c
index 52c9b455fc7d..4643fe5ed69a 100644
--- a/crypto/asymmetric_keys/x509_cert_parser.c
+++ b/crypto/asymmetric_keys/x509_cert_parser.c
@@ -459,6 +459,7 @@ int x509_extract_key_data(void *context, size_t hdrlen,
const void *value, size_t vlen)
{
struct x509_parse_context *ctx = context;
+ enum OID oid;
ctx->key_algo = ctx->last_oid;
switch (ctx->last_oid) {
@@ -470,7 +471,17 @@ int x509_extract_key_data(void *context, size_t hdrlen,
ctx->cert->pub->pkey_algo = "ecrdsa";
break;
case OID_id_ecPublicKey:
- ctx->cert->pub->pkey_algo = "sm2";
+ if (ctx->params_size < 2)
+ return -ENOPKG;
+
+ oid = look_up_OID(ctx->params + 2, ctx->params_size - 2);
+ switch (oid) {
+ case OID_sm2:
+ ctx->cert->pub->pkey_algo = "sm2";
+ break;
+ default:
+ return -ENOPKG;
+ }
break;
default:
return -ENOPKG;
--
2.26.2
next prev parent reply other threads:[~2021-01-28 0:15 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-28 0:14 [PATCH v4 0/3] Add support for x509 certs with NIST p256 and p192 keys Stefan Berger
2021-01-28 0:14 ` [PATCH v4 1/3] crypto: Add support for ECDSA signature verification Stefan Berger
2021-01-29 1:34 ` Herbert Xu
2021-01-28 0:14 ` Stefan Berger [this message]
2021-01-28 0:14 ` [PATCH v4 3/3] x509: Add support for parsing x509 certs with ECDSA keys Stefan Berger
2021-01-28 9:19 ` [PATCH v4 0/3] Add support for x509 certs with NIST p256 and p192 keys David Howells
2021-01-28 13:45 ` Stefan Berger
2021-01-28 13:54 ` David Howells
2021-01-28 13:58 ` Stefan Berger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210128001412.822048-3-stefanb@linux.vnet.ibm.com \
--to=stefanb@linux.vnet.ibm.com \
--cc=dhowells@redhat.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=patrick@puiterwijk.org \
--cc=stefanb@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).