On Wed Mar 20, 2024 at 1:47 PM EET, Stefan Berger wrote:
> Enable the x509 parser to accept NIST P521 certificates and add the
> OID for ansip521r1, which is the identifier for NIST P521.
>
> Cc: David Howells <dhowells@xxxxxxxxxx>
> Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxx>
> Tested-by: Lukas Wunner <lukas@xxxxxxxxx>
> ---
> crypto/asymmetric_keys/x509_cert_parser.c | 3 +++
> include/linux/oid_registry.h | 1 +
> 2 files changed, 4 insertions(+)
>
> diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c
> index 487204d39426..99f809b7910b 100644
> --- a/crypto/asymmetric_keys/x509_cert_parser.c
> +++ b/crypto/asymmetric_keys/x509_cert_parser.c
> @@ -538,6 +538,9 @@ int x509_extract_key_data(void *context, size_t hdrlen,
> case OID_id_ansip384r1:
> ctx->cert->pub->pkey_algo = "ecdsa-nist-p384";
> break;
> + case OID_id_ansip521r1:
> + ctx->cert->pub->pkey_algo = "ecdsa-nist-p521";
> + break;
> default:
> return -ENOPKG;
> }
> diff --git a/include/linux/oid_registry.h b/include/linux/oid_registry.h
> index 3921fbed0b28..af16d96fbbf2 100644
> --- a/include/linux/oid_registry.h
> +++ b/include/linux/oid_registry.h
> @@ -65,6 +65,7 @@ enum OID {
> OID_Scram, /* 1.3.6.1.5.5.14 */
> OID_certAuthInfoAccess, /* 1.3.6.1.5.5.7.1.1 */
> OID_id_ansip384r1, /* 1.3.132.0.34 */
> + OID_id_ansip521r1, /* 1.3.132.0.35 */
> OID_sha256, /* 2.16.840.1.101.3.4.2.1 */
> OID_sha384, /* 2.16.840.1.101.3.4.2.2 */
> OID_sha512, /* 2.16.840.1.101.3.4.2.3 */
Reviewed-by: Jarkko Sakkinen <jarkko@xxxxxxxxxx>
BR, Jarkko
