crypto: remove unsupported ecdsa signature algorithms

gaojiaqi7 · gaojiaqi7 · commit 7264a5b8cda9 · 2025-11-20T13:45:47.000+08:00
Signed-off-by: Jiaqi Gao &lt;jiaqi.gao@intel.com&gt;
diff --git a/src/crypto/src/lib.rs b/src/crypto/src/lib.rs
@@ -233,40 +233,21 @@ fn verify_signature_with_algorithm(
     signature: &[u8],
     signature_algorithm: &x509::AlgorithmIdentifier,
 ) -> Result<()> {
-    // Match against known signature algorithm OIDs
-    let algorithm_oid = &signature_algorithm.algorithm;
-
-    // ECDSA with SHA-256: 1.2.840.10045.4.3.2
-    const ECDSA_WITH_SHA256: &[u32] = &[1, 2, 840, 10045, 4, 3, 2];
     // ECDSA with SHA-384: 1.2.840.10045.4.3.3
     const ECDSA_WITH_SHA384: &[u32] = &[1, 2, 840, 10045, 4, 3, 3];
-    // ECDSA with SHA-512: 1.2.840.10045.4.3.4
-    const ECDSA_WITH_SHA512: &[u32] = &[1, 2, 840, 10045, 4, 3, 4];
 
+    // Match against known signature algorithm OIDs
+    let algorithm_oid = &signature_algorithm.algorithm;
     let oid_arcs: Vec<u32> = algorithm_oid.arcs().collect();
 
     match oid_arcs.as_slice() {
-        ECDSA_WITH_SHA256 => ecdsa::ecdsa_verify_with_algorithm(
-            public_key,
-            message,
-            signature,
-            &ecdsa::ECDSA_P256_SHA256_ASN1,
-        )
-        .map_err(|_| Error::SignatureVerification),
         ECDSA_WITH_SHA384 => ecdsa::ecdsa_verify_with_algorithm(
             public_key,
             message,
             signature,
             &ecdsa::ECDSA_P384_SHA384_ASN1,
         )
         .map_err(|_| Error::SignatureVerification),
-        ECDSA_WITH_SHA512 => ecdsa::ecdsa_verify_with_algorithm(
-            public_key,
-            message,
-            signature,
-            &ecdsa::ECDSA_P384_SHA384_ASN1,
-        )
-        .map_err(|_| Error::SignatureVerification),
         _ => {
             // Unsupported algorithm
             Err(Error::UnsupportedAlgorithm)
