crypto/asymmetric_keys/x509_loader.c

0001 // SPDX-License-Identifier: GPL-2.0-or-later
0002
0003 #include <linux/kernel.h>
0004 #include <linux/key.h>
0005 #include <keys/asymmetric-type.h>
0006
0007 int x509_load_certificate_list(const u8 cert_list[],
0008                    const unsigned long list_size,
0009                    const struct key *keyring)
0010 {
0011     key_ref_t key;
0012     const u8 *p, *end;
0013     size_t plen;
0014
0015     p = cert_list;
0016     end = p + list_size;
0017     while (p < end) {
0018         /* Each cert begins with an ASN.1 SEQUENCE tag and must be more
0019          * than 256 bytes in size.
0020          */
0021         if (end - p < 4)
0022             goto dodgy_cert;
0023         if (p[0] != 0x30 &&
0024             p[1] != 0x82)
0025             goto dodgy_cert;
0026         plen = (p[2] << 8) | p[3];
0027         plen += 4;
0028         if (plen > end - p)
0029             goto dodgy_cert;
0030
0031         key = key_create_or_update(make_key_ref(keyring, 1),
0032                        "asymmetric",
0033                        NULL,
0034                        p,
0035                        plen,
0036                        ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
0037                        KEY_USR_VIEW | KEY_USR_READ),
0038                        KEY_ALLOC_NOT_IN_QUOTA |
0039                        KEY_ALLOC_BUILT_IN |
0040                        KEY_ALLOC_BYPASS_RESTRICTION);
0041         if (IS_ERR(key)) {
0042             pr_err("Problem loading in-kernel X.509 certificate (%ld)\n",
0043                    PTR_ERR(key));
0044         } else {
0045             pr_notice("Loaded X.509 cert '%s'\n",
0046                   key_ref_to_ptr(key)->description);
0047             key_ref_put(key);
0048         }
0049         p += plen;
0050     }
0051
0052     return 0;
0053
0054 dodgy_cert:
0055     pr_err("Problem parsing in-kernel X.509 certificate list\n");
0056     return 0;
0057 }