1// SPDX-License-Identifier: GPL-2.0-or-later
2
3#include <linux/kernel.h>
4#include <linux/key.h>
5#include <keys/asymmetric-type.h>
6
7int x509_load_certificate_list(const u8 cert_list[],
8 const unsigned long list_size,
9 const struct key *keyring)
10{
11 key_ref_t key;
12 const u8 *p, *end;
13 size_t plen;
14
15 p = cert_list;
16 end = p + list_size;
17 while (p < end) {
18 /* Each cert begins with an ASN.1 SEQUENCE tag and must be more
19 * than 256 bytes in size.
20 */
21 if (end - p < 4)
22 goto dodgy_cert;
23 if (p[0] != 0x30 &&
24 p[1] != 0x82)
25 goto dodgy_cert;
26 plen = (p[2] << 8) | p[3];
27 plen += 4;
28 if (plen > end - p)
29 goto dodgy_cert;
30
31 key = key_create_or_update(keyring: make_key_ref(key: keyring, possession: 1),
32 type: "asymmetric",
33 NULL,
34 payload: p,
35 plen,
36 perm: ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
37 KEY_USR_VIEW | KEY_USR_READ),
38 KEY_ALLOC_NOT_IN_QUOTA |
39 KEY_ALLOC_BUILT_IN |
40 KEY_ALLOC_BYPASS_RESTRICTION);
41 if (IS_ERR(ptr: key)) {
42 pr_err("Problem loading in-kernel X.509 certificate (%ld)\n",
43 PTR_ERR(key));
44 } else {
45 pr_notice("Loaded X.509 cert '%s'\n",
46 key_ref_to_ptr(key)->description);
47 key_ref_put(key_ref: key);
48 }
49 p += plen;
50 }
51
52 return 0;
53
54dodgy_cert:
55 pr_err("Problem parsing in-kernel X.509 certificate list\n");
56 return 0;
57}
58EXPORT_SYMBOL_GPL(x509_load_certificate_list);
59

source code of linux/crypto/asymmetric_keys/x509_loader.c