Orange Pi5 kernel

^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  1) // SPDX-License-Identifier: GPL-2.0-or-later
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  2) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  3) #include <linux/kernel.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  4) #include <linux/key.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  5) #include "common.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  6) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  7) int load_certificate_list(const u8 cert_list[],
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  8) 			  const unsigned long list_size,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  9) 			  const struct key *keyring)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) 	key_ref_t key;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) 	const u8 *p, *end;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) 	size_t plen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) 	p = cert_list;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) 	end = p + list_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) 	while (p < end) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) 		/* Each cert begins with an ASN.1 SEQUENCE tag and must be more
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) 		 * than 256 bytes in size.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) 		 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) 		if (end - p < 4)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) 			goto dodgy_cert;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) 		if (p[0] != 0x30 &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) 		    p[1] != 0x82)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) 			goto dodgy_cert;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) 		plen = (p[2] << 8) | p[3];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) 		plen += 4;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) 		if (plen > end - p)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) 			goto dodgy_cert;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) 		key = key_create_or_update(make_key_ref(keyring, 1),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) 					   "asymmetric",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) 					   NULL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) 					   p,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) 					   plen,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) 					   ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) 					   KEY_USR_VIEW | KEY_USR_READ),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) 					   KEY_ALLOC_NOT_IN_QUOTA |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) 					   KEY_ALLOC_BUILT_IN |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) 					   KEY_ALLOC_BYPASS_RESTRICTION);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) 		if (IS_ERR(key)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) 			pr_err("Problem loading in-kernel X.509 certificate (%ld)\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) 			       PTR_ERR(key));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) 		} else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) 			pr_notice("Loaded X.509 cert '%s'\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) 				  key_ref_to_ptr(key)->description);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) 			key_ref_put(key);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) 		p += plen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) dodgy_cert:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) 	pr_err("Problem parsing in-kernel X.509 certificate list\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) }