Eric Lee / smarc-ti-linux-kernel | Embedian Git Server

Blame view

kernel/system_keyring.c 2.8 KB

b56e5a17b David Howells KEYS: Separate th...	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24	/* System trusted keyring for trusted public keys * * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. * Written by David Howells (dhowells@redhat.com) * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public Licence * as published by the Free Software Foundation; either version * 2 of the Licence, or (at your option) any later version. / #include <linux/export.h> #include <linux/kernel.h> #include <linux/sched.h> #include <linux/cred.h> #include <linux/err.h> #include <keys/asymmetric-type.h> #include <keys/system_keyring.h> #include "module-internal.h" struct key system_trusted_keyring; EXPORT_SYMBOL_GPL(system_trusted_keyring); extern __initconst const u8 system_certificate_list[];
62226983d Hendrik Brueckner KEYS: correct ali...	25	extern __initconst const unsigned long system_certificate_list_size;
b56e5a17b David Howells KEYS: Separate th...	26 27 28 29 30 31 32 33 34 35 36 37 38	/* * Load the compiled-in keys */ static __init int system_trusted_keyring_init(void) { pr_notice("Initialise system trusted keyring "); system_trusted_keyring = keyring_alloc(".system_keyring", KUIDT_INIT(0), KGIDT_INIT(0), current_cred(), ((KEY_POS_ALL & ~KEY_POS_SETATTR) \|
af34cb0c3 Mimi Zohar KEYS: Make the sy...	39	KEY_USR_VIEW \| KEY_USR_READ \| KEY_USR_SEARCH),
b56e5a17b David Howells KEYS: Separate th...	40 41 42 43	KEY_ALLOC_NOT_IN_QUOTA, NULL); if (IS_ERR(system_trusted_keyring)) panic("Can't allocate system trusted keyring ");
008643b86 David Howells KEYS: Add a 'trus...	44	set_bit(KEY_FLAG_TRUSTED_ONLY, &system_trusted_keyring->flags);
b56e5a17b David Howells KEYS: Separate th...	45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63	return 0; } /* * Must be initialised before we try and load the keys into the keyring. / device_initcall(system_trusted_keyring_init); / * Load the compiled-in list of X.509 certificates. / static __init int load_system_certificate_list(void) { key_ref_t key; const u8 p, *end; size_t plen; pr_notice("Loading compiled-in X.509 certificates ");
b56e5a17b David Howells KEYS: Separate th...	64	p = system_certificate_list;
62226983d Hendrik Brueckner KEYS: correct ali...	65	end = p + system_certificate_list_size;
b56e5a17b David Howells KEYS: Separate th...	66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84	while (p < end) { /* Each cert begins with an ASN.1 SEQUENCE tag and must be more * than 256 bytes in size. */ if (end - p < 4) goto dodgy_cert; if (p[0] != 0x30 && p[1] != 0x82) goto dodgy_cert; plen = (p[2] << 8) \| p[3]; plen += 4; if (plen > end - p) goto dodgy_cert; key = key_create_or_update(make_key_ref(system_trusted_keyring, 1), "asymmetric", NULL, p, plen,
af34cb0c3 Mimi Zohar KEYS: Make the sy...	85 86	((KEY_POS_ALL & ~KEY_POS_SETATTR) \| KEY_USR_VIEW \| KEY_USR_READ),
008643b86 David Howells KEYS: Add a 'trus...	87 88	KEY_ALLOC_NOT_IN_QUOTA \| KEY_ALLOC_TRUSTED);
b56e5a17b David Howells KEYS: Separate th...	89 90 91 92 93	if (IS_ERR(key)) { pr_err("Problem loading in-kernel X.509 certificate (%ld) ", PTR_ERR(key)); } else {
32c4741cb Dmitry Kasatkin KEYS: validate ce...	94	set_bit(KEY_FLAG_BUILTIN, &key_ref_to_ptr(key)->flags);
b56e5a17b David Howells KEYS: Separate th...	95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110	pr_notice("Loaded X.509 cert '%s' ", key_ref_to_ptr(key)->description); key_ref_put(key); } p += plen; } return 0; dodgy_cert: pr_err("Problem parsing in-kernel X.509 certificate list "); return 0; } late_initcall(load_system_certificate_list);