Re: [PATCH] X.509: if signature is unsupported skip validation

From: Herbert Xu
Date: Fri Aug 25 2023 - 07:05:59 EST

Next message: Herbert Xu: "Re: [PATCH v2 1/7] Revert "dt-bindings: crypto: qcom,prng: Add SM8450""
Previous message: Jai Luthra: "[PATCH] drm: bridge: it66121: Fix invalid connector dereference"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Aug 15, 2023 at 02:29:42PM +0300, Thore Sommer wrote:
> When the hash algorithm for the signature is not available the digest size
> is 0 and the signature in the certificate is marked as unsupported.
>
> When validating a self-signed certificate, this needs to be checked,
> because otherwise trying to validate the signature will fail with an
> warning:
>
> Loading compiled-in X.509 certificates
> WARNING: CPU: 0 PID: 1 at crypto/rsa-pkcs1pad.c:537 \
> pkcs1pad_verify+0x46/0x12c
> ...
> Problem loading in-kernel X.509 certificate (-22)
>
> Signed-off-by: Thore Sommer <public@xxxxxxxx>
> ---
> crypto/asymmetric_keys/x509_public_key.c | 5 +++++
> 1 file changed, 5 insertions(+)

Patch applied. Thanks.
--
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Next message: Herbert Xu: "Re: [PATCH v2 1/7] Revert "dt-bindings: crypto: qcom,prng: Add SM8450""
Previous message: Jai Luthra: "[PATCH] drm: bridge: it66121: Fix invalid connector dereference"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]