[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-keyrings
Subject:    Re: [PATCH] X.509: if signature is unsupported skip validation
From:       Herbert Xu <herbert () gondor ! apana ! org ! au>
Date:       2023-08-25 11:05:00
Message-ID: ZOiK3Cn6mn6b63x+ () gondor ! apana ! org ! au
[Download RAW message or body]

On Tue, Aug 15, 2023 at 02:29:42PM +0300, Thore Sommer wrote:
> When the hash algorithm for the signature is not available the digest size
> is 0 and the signature in the certificate is marked as unsupported.
> 
> When validating a self-signed certificate, this needs to be checked,
> because otherwise trying to validate the signature will fail with an
> warning:
> 
> Loading compiled-in X.509 certificates
> WARNING: CPU: 0 PID: 1 at crypto/rsa-pkcs1pad.c:537 \
> pkcs1pad_verify+0x46/0x12c
> ...
> Problem loading in-kernel X.509 certificate (-22)
> 
> Signed-off-by: Thore Sommer <public@thson.de>
> ---
>  crypto/asymmetric_keys/x509_public_key.c | 5 +++++
>  1 file changed, 5 insertions(+)

Patch applied.  Thanks.
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
[prev in list] [next in list] [prev in thread] [next in thread]