Eric Lee / smarc-fsl-linux-kernel

Blame view

certs/common.c 1.24 KB
edit raw normal view history
2565ca7f5   Eric Snowberg   certs: Move load_... 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
 
  // SPDX-License-Identifier: GPL-2.0-or-later
  
  #include <linux/kernel.h>
  #include <linux/key.h>
  #include "common.h"
  
  int load_certificate_list(const u8 cert_list[],
  			  const unsigned long list_size,
  			  const struct key *keyring)
  {
  	key_ref_t key;
  	const u8 *p, *end;
  	size_t plen;
  
  	p = cert_list;
  	end = p + list_size;
  	while (p < end) {
  		/* Each cert begins with an ASN.1 SEQUENCE tag and must be more
  		 * than 256 bytes in size.
  		 */
  		if (end - p < 4)
  			goto dodgy_cert;
  		if (p[0] != 0x30 &&
  		    p[1] != 0x82)
  			goto dodgy_cert;
  		plen = (p[2] << 8) | p[3];
  		plen += 4;
  		if (plen > end - p)
  			goto dodgy_cert;
  
  		key = key_create_or_update(make_key_ref(keyring, 1),
  					   "asymmetric",
  					   NULL,
  					   p,
  					   plen,
  					   ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
  					   KEY_USR_VIEW | KEY_USR_READ),
  					   KEY_ALLOC_NOT_IN_QUOTA |
  					   KEY_ALLOC_BUILT_IN |
  					   KEY_ALLOC_BYPASS_RESTRICTION);
  		if (IS_ERR(key)) {
  			pr_err("Problem loading in-kernel X.509 certificate (%ld)
  ",
  			       PTR_ERR(key));
  		} else {
  			pr_notice("Loaded X.509 cert '%s'
  ",
  				  key_ref_to_ptr(key)->description);
  			key_ref_put(key);
  		}
  		p += plen;
  	}
  
  	return 0;
  
  dodgy_cert:
  	pr_err("Problem parsing in-kernel X.509 certificate list
  ");
  	return 0;
  }