Add OIDs for sha224, sha284 and sha512 hash algos and use them to select
the hashing algorithm. Without this, something like the following error
might get written to dmesg:
[ 31.829322] PKCS7: Unknown OID: [32] 2.16.840.1.101.3.4.2.3
[ 31.829328] PKCS7: Unknown OID: [180] 2.16.840.1.101.3.4.2.3
[ 31.829330] Unsupported digest algo: 55
Where the 55 on the third line is OID__NR indicating an unknown OID.
Reported-by: Valdis Kletnieks <[email protected]>
Signed-off-by: David Howells <[email protected]>
Tested-By: Valdis Kletnieks <[email protected]>
---
crypto/asymmetric_keys/mscode_parser.c | 9 +++++++++
crypto/asymmetric_keys/pkcs7_parser.c | 8 ++++++++
include/linux/oid_registry.h | 3 +++
3 files changed, 20 insertions(+)
diff --git a/crypto/asymmetric_keys/mscode_parser.c b/crypto/asymmetric_keys/mscode_parser.c
index 214a992123cd..adcef59eec0b 100644
--- a/crypto/asymmetric_keys/mscode_parser.c
+++ b/crypto/asymmetric_keys/mscode_parser.c
@@ -97,6 +97,15 @@ int mscode_note_digest_algo(void *context, size_t hdrlen,
case OID_sha256:
ctx->digest_algo = HASH_ALGO_SHA256;
break;
+ case OID_sha384:
+ ctx->digest_algo = HASH_ALGO_SHA384;
+ break;
+ case OID_sha512:
+ ctx->digest_algo = HASH_ALGO_SHA512;
+ break;
+ case OID_sha224:
+ ctx->digest_algo = HASH_ALGO_SHA224;
+ break;
case OID__NR:
sprint_oid(value, vlen, buffer, sizeof(buffer));
diff --git a/crypto/asymmetric_keys/pkcs7_parser.c b/crypto/asymmetric_keys/pkcs7_parser.c
index e6298b7a945a..758acabf2d81 100644
--- a/crypto/asymmetric_keys/pkcs7_parser.c
+++ b/crypto/asymmetric_keys/pkcs7_parser.c
@@ -229,6 +229,14 @@ int pkcs7_sig_note_digest_algo(void *context, size_t hdrlen,
case OID_sha256:
ctx->sinfo->sig.pkey_hash_algo = HASH_ALGO_SHA256;
break;
+ case OID_sha384:
+ ctx->sinfo->sig.pkey_hash_algo = HASH_ALGO_SHA384;
+ break;
+ case OID_sha512:
+ ctx->sinfo->sig.pkey_hash_algo = HASH_ALGO_SHA512;
+ break;
+ case OID_sha224:
+ ctx->sinfo->sig.pkey_hash_algo = HASH_ALGO_SHA224;
default:
printk("Unsupported digest algo: %u\n", ctx->last_oid);
return -ENOPKG;
diff --git a/include/linux/oid_registry.h b/include/linux/oid_registry.h
index 93e0ff92fb9b..d2fa9ca42e9a 100644
--- a/include/linux/oid_registry.h
+++ b/include/linux/oid_registry.h
@@ -63,6 +63,9 @@ enum OID {
OID_certAuthInfoAccess, /* 1.3.6.1.5.5.7.1.1 */
OID_sha1, /* 1.3.14.3.2.26 */
OID_sha256, /* 2.16.840.1.101.3.4.2.1 */
+ OID_sha384, /* 2.16.840.1.101.3.4.2.2 */
+ OID_sha512, /* 2.16.840.1.101.3.4.2.3 */
+ OID_sha224, /* 2.16.840.1.101.3.4.2.4 */
/* Distinguished Name attribute IDs [RFC 2256] */
OID_commonName, /* 2.5.4.3 */
On Sun, 30 Aug 2015, David Howells wrote:
> Add OIDs for sha224, sha284 and sha512 hash algos and use them to select
> the hashing algorithm. Without this, something like the following error
> might get written to dmesg:
>
> [ 31.829322] PKCS7: Unknown OID: [32] 2.16.840.1.101.3.4.2.3
> [ 31.829328] PKCS7: Unknown OID: [180] 2.16.840.1.101.3.4.2.3
> [ 31.829330] Unsupported digest algo: 55
>
> Where the 55 on the third line is OID__NR indicating an unknown OID.
>
> Reported-by: Valdis Kletnieks <[email protected]>
> Signed-off-by: David Howells <[email protected]>
> Tested-By: Valdis Kletnieks <[email protected]>
> ---
Please always specify which kernel a patch/pull request is for.
--
James Morris
<[email protected]>
On Tue, 01 Sep 2015 09:29:40 +1000, James Morris said:
> On Sun, 30 Aug 2015, David Howells wrote:
>
> > Add OIDs for sha224, sha284 and sha512 hash algos and use them to select
> > the hashing algorithm. Without this, something like the following error
> > might get written to dmesg:
> >
> > [ 31.829322] PKCS7: Unknown OID: [32] 2.16.840.1.101.3.4.2.3
> > [ 31.829328] PKCS7: Unknown OID: [180] 2.16.840.1.101.3.4.2.3
> > [ 31.829330] Unsupported digest algo: 55
> >
> > Where the 55 on the third line is OID__NR indicating an unknown OID.
> >
> > Reported-by: Valdis Kletnieks <[email protected]>
> > Signed-off-by: David Howells <[email protected]>
> > Tested-By: Valdis Kletnieks <[email protected]>
> > ---
>
> Please always specify which kernel a patch/pull request is for.
The patch was tested against linux-next 20150826....