cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

x509_loader.c (1303B)

      1// SPDX-License-Identifier: GPL-2.0-or-later
      2
      3#include <linux/kernel.h>
      4#include <linux/key.h>
      5#include <keys/asymmetric-type.h>
      6
      7int x509_load_certificate_list(const u8 cert_list[],
      8			       const unsigned long list_size,
      9			       const struct key *keyring)
     10{
     11	key_ref_t key;
     12	const u8 *p, *end;
     13	size_t plen;
     14
     15	p = cert_list;
     16	end = p + list_size;
     17	while (p < end) {
     18		/* Each cert begins with an ASN.1 SEQUENCE tag and must be more
     19		 * than 256 bytes in size.
     20		 */
     21		if (end - p < 4)
     22			goto dodgy_cert;
     23		if (p[0] != 0x30 &&
     24		    p[1] != 0x82)
     25			goto dodgy_cert;
     26		plen = (p[2] << 8) | p[3];
     27		plen += 4;
     28		if (plen > end - p)
     29			goto dodgy_cert;
     30
     31		key = key_create_or_update(make_key_ref(keyring, 1),
     32					   "asymmetric",
     33					   NULL,
     34					   p,
     35					   plen,
     36					   ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
     37					   KEY_USR_VIEW | KEY_USR_READ),
     38					   KEY_ALLOC_NOT_IN_QUOTA |
     39					   KEY_ALLOC_BUILT_IN |
     40					   KEY_ALLOC_BYPASS_RESTRICTION);
     41		if (IS_ERR(key)) {
     42			pr_err("Problem loading in-kernel X.509 certificate (%ld)\n",
     43			       PTR_ERR(key));
     44		} else {
     45			pr_notice("Loaded X.509 cert '%s'\n",
     46				  key_ref_to_ptr(key)->description);
     47			key_ref_put(key);
     48		}
     49		p += plen;
     50	}
     51
     52	return 0;
     53
     54dodgy_cert:
     55	pr_err("Problem parsing in-kernel X.509 certificate list\n");
     56	return 0;
     57}