diff options
-rw-r--r-- | security/integrity/digsig.c | 36 | ||||
-rw-r--r-- | security/integrity/integrity.h | 2 |
2 files changed, 37 insertions, 1 deletions
diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c index 4f643d1b34dd..5e3bd72b299a 100644 --- a/security/integrity/digsig.c +++ b/security/integrity/digsig.c @@ -14,7 +14,7 @@ #include <linux/err.h> #include <linux/sched.h> -#include <linux/rbtree.h> +#include <linux/slab.h> #include <linux/cred.h> #include <linux/key-type.h> #include <linux/digsig.h> @@ -84,3 +84,37 @@ int __init integrity_init_keyring(const unsigned int id) } return err; } + +int __init integrity_load_x509(const unsigned int id, char *path) +{ + key_ref_t key; + char *data; + int rc; + + if (!keyring[id]) + return -EINVAL; + + rc = integrity_read_file(path, &data); + if (rc < 0) + return rc; + + key = key_create_or_update(make_key_ref(keyring[id], 1), + "asymmetric", + NULL, + data, + rc, + ((KEY_POS_ALL & ~KEY_POS_SETATTR) | + KEY_USR_VIEW | KEY_USR_READ), + KEY_ALLOC_NOT_IN_QUOTA | KEY_ALLOC_TRUSTED); + if (IS_ERR(key)) { + rc = PTR_ERR(key); + pr_err("Problem loading X.509 certificate (%d): %s\n", + rc, path); + } else { + pr_notice("Loaded X.509 cert '%s': %s\n", + key_ref_to_ptr(key)->description, path); + key_ref_put(key); + } + kfree(data); + return 0; +} diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h index 20d220481025..1057abbd31cd 100644 --- a/security/integrity/integrity.h +++ b/security/integrity/integrity.h @@ -134,6 +134,7 @@ int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen, const char *digest, int digestlen); int __init integrity_init_keyring(const unsigned int id); +int __init integrity_load_x509(const unsigned int id, char *path); #else static inline int integrity_digsig_verify(const unsigned int id, @@ -147,6 +148,7 @@ static inline int integrity_init_keyring(const unsigned int id) { return 0; } + #endif /* CONFIG_INTEGRITY_SIGNATURE */ #ifdef CONFIG_INTEGRITY_ASYMMETRIC_KEYS |