Skip to content

Commit

Permalink
X.509: Check the algorithm IDs obtained from parsing an X.509 certifi…
Browse files Browse the repository at this point in the history
…cate

Check that the algorithm IDs obtained from the ASN.1 parse by OID lookup
corresponds to algorithms that are available to us.

Reported-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David Howells <dhowells@redhat.com>
  • Loading branch information
David Howells committed Sep 25, 2013
1 parent b426beb commit 2ecdb23
Showing 1 changed file with 11 additions and 0 deletions.
11 changes: 11 additions & 0 deletions crypto/asymmetric_keys/x509_public_key.c
Original file line number Diff line number Diff line change
Expand Up @@ -119,6 +119,17 @@ static int x509_key_preparse(struct key_preparsed_payload *prep)

pr_devel("Cert Issuer: %s\n", cert->issuer);
pr_devel("Cert Subject: %s\n", cert->subject);

if (cert->pub->pkey_algo >= PKEY_ALGO__LAST ||
cert->sig.pkey_algo >= PKEY_ALGO__LAST ||
cert->sig.pkey_hash_algo >= PKEY_HASH__LAST ||
!pkey_algo[cert->pub->pkey_algo] ||
!pkey_algo[cert->sig.pkey_algo] ||
!pkey_hash_algo_name[cert->sig.pkey_hash_algo]) {
ret = -ENOPKG;
goto error_free_cert;
}

pr_devel("Cert Key Algo: %s\n", pkey_algo_name[cert->pub->pkey_algo]);
pr_devel("Cert Valid From: %04ld-%02d-%02d %02d:%02d:%02d\n",
cert->valid_from.tm_year + 1900, cert->valid_from.tm_mon + 1,
Expand Down

0 comments on commit 2ecdb23

Please sign in to comment.