Enable the x509 parser to accept NIST P521 certificates and add the
OID for ansip521r1, which is the identifier for NIST P521.
Cc: David Howells <[email protected]>
Signed-off-by: Stefan Berger <[email protected]>
Tested-by: Lukas Wunner <[email protected]>
---
crypto/asymmetric_keys/x509_cert_parser.c | 3 +++
include/linux/oid_registry.h | 1 +
2 files changed, 4 insertions(+)
diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c
index 487204d39426..99f809b7910b 100644
--- a/crypto/asymmetric_keys/x509_cert_parser.c
+++ b/crypto/asymmetric_keys/x509_cert_parser.c
@@ -538,6 +538,9 @@ int x509_extract_key_data(void *context, size_t hdrlen,
case OID_id_ansip384r1:
ctx->cert->pub->pkey_algo = "ecdsa-nist-p384";
break;
+ case OID_id_ansip521r1:
+ ctx->cert->pub->pkey_algo = "ecdsa-nist-p521";
+ break;
default:
return -ENOPKG;
}
diff --git a/include/linux/oid_registry.h b/include/linux/oid_registry.h
index 3921fbed0b28..af16d96fbbf2 100644
--- a/include/linux/oid_registry.h
+++ b/include/linux/oid_registry.h
@@ -65,6 +65,7 @@ enum OID {
OID_Scram, /* 1.3.6.1.5.5.14 */
OID_certAuthInfoAccess, /* 1.3.6.1.5.5.7.1.1 */
OID_id_ansip384r1, /* 1.3.132.0.34 */
+ OID_id_ansip521r1, /* 1.3.132.0.35 */
OID_sha256, /* 2.16.840.1.101.3.4.2.1 */
OID_sha384, /* 2.16.840.1.101.3.4.2.2 */
OID_sha512, /* 2.16.840.1.101.3.4.2.3 */
--
2.43.0
On 3/21/24 13:20, Jarkko Sakkinen wrote:
> On Wed Mar 20, 2024 at 1:47 PM EET, Stefan Berger wrote:
>> Enable the x509 parser to accept NIST P521 certificates and add the
>> OID for ansip521r1, which is the identifier for NIST P521.
>>
>> Cc: David Howells <[email protected]>
>> Signed-off-by: Stefan Berger <[email protected]>
>> Tested-by: Lukas Wunner <[email protected]>
>> ---
>> crypto/asymmetric_keys/x509_cert_parser.c | 3 +++
>> include/linux/oid_registry.h | 1 +
>> 2 files changed, 4 insertions(+)
>>
>> diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c
>> index 487204d39426..99f809b7910b 100644
>> --- a/crypto/asymmetric_keys/x509_cert_parser.c
>> +++ b/crypto/asymmetric_keys/x509_cert_parser.c
>> @@ -538,6 +538,9 @@ int x509_extract_key_data(void *context, size_t hdrlen,
>> case OID_id_ansip384r1:
>> ctx->cert->pub->pkey_algo = "ecdsa-nist-p384";
>> break;
>> + case OID_id_ansip521r1:
>> + ctx->cert->pub->pkey_algo = "ecdsa-nist-p521";
>> + break;
>> default:
>> return -ENOPKG;
>> }
>> diff --git a/include/linux/oid_registry.h b/include/linux/oid_registry.h
>> index 3921fbed0b28..af16d96fbbf2 100644
>> --- a/include/linux/oid_registry.h
>> +++ b/include/linux/oid_registry.h
>> @@ -65,6 +65,7 @@ enum OID {
>> OID_Scram, /* 1.3.6.1.5.5.14 */
>> OID_certAuthInfoAccess, /* 1.3.6.1.5.5.7.1.1 */
>> OID_id_ansip384r1, /* 1.3.132.0.34 */
>> + OID_id_ansip521r1, /* 1.3.132.0.35 */
>> OID_sha256, /* 2.16.840.1.101.3.4.2.1 */
>> OID_sha384, /* 2.16.840.1.101.3.4.2.2 */
>> OID_sha512, /* 2.16.840.1.101.3.4.2.3 */
>
> Reviewed-by: Jarkko Sakkinen <[email protected]>
>
> BR, Jarkko
Thanks for the tags.
>