Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/kernel/modsign_pubkey.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /* Public keys for module signature verification 2 * 3 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public Licence 8 * as published by the Free Software Foundation; either version 9 * 2 of the Licence, or (at your option) any later version. 10 */ 11 12 #include <linux/kernel.h> 13 #include <linux/sched.h> 14 #include <linux/cred.h> 15 #include <linux/err.h> 16 #include <keys/asymmetric-type.h> 17 #include "module-internal.h" 18 19 struct key *modsign_keyring; 20 21 extern __initdata const u8 modsign_certificate_list[]; 22 extern __initdata const u8 modsign_certificate_list_end[]; 23 24 /* 25 * We need to make sure ccache doesn't cache the .o file as it doesn't notice 26 * if modsign.pub changes. 27 */ 28 static __initdata const char annoy_ccache[] = __TIME__ "foo"; 29 30 /* 31 * Load the compiled-in keys 32 */ 33 static __init int module_verify_init(void) 34 { 35 pr_notice("Initialise module verification\n"); 36 37 modsign_keyring = keyring_alloc(".module_sign", 38 KUIDT_INIT(0), KGIDT_INIT(0), 39 current_cred(), 40 ((KEY_POS_ALL & ~KEY_POS_SETATTR) | 41 KEY_USR_VIEW | KEY_USR_READ), 42 KEY_ALLOC_NOT_IN_QUOTA, NULL); 43 if (IS_ERR(modsign_keyring)) 44 panic("Can't allocate module signing keyring\n"); 45 46 return 0; 47 } 48 49 /* 50 * Must be initialised before we try and load the keys into the keyring. 51 */ 52 device_initcall(module_verify_init); 53 54 /* 55 * Load the compiled-in keys 56 */ 57 static __init int load_module_signing_keys(void) 58 { 59 key_ref_t key; 60 const u8 *p, *end; 61 size_t plen; 62 63 pr_notice("Loading module verification certificates\n"); 64 65 end = modsign_certificate_list_end; 66 p = modsign_certificate_list; 67 while (p < end) { 68 /* Each cert begins with an ASN.1 SEQUENCE tag and must be more 69 * than 256 bytes in size. 70 */ 71 if (end - p < 4) 72 goto dodgy_cert; 73 if (p[0] != 0x30 && 74 p[1] != 0x82) 75 goto dodgy_cert; 76 plen = (p[2] << 8) | p[3]; 77 plen += 4; 78 if (plen > end - p) 79 goto dodgy_cert; 80 81 key = key_create_or_update(make_key_ref(modsign_keyring, 1), 82 "asymmetric", 83 NULL, 84 p, 85 plen, 86 (KEY_POS_ALL & ~KEY_POS_SETATTR) | 87 KEY_USR_VIEW, 88 KEY_ALLOC_NOT_IN_QUOTA); 89 if (IS_ERR(key)) 90 pr_err("MODSIGN: Problem loading in-kernel X.509 certificate (%ld)\n", 91 PTR_ERR(key)); 92 else 93 pr_notice("MODSIGN: Loaded cert '%s'\n", 94 key_ref_to_ptr(key)->description); 95 p += plen; 96 } 97 98 return 0; 99 100 dodgy_cert: 101 pr_err("MODSIGN: Problem parsing in-kernel X.509 certificate list\n"); 102 return 0; 103 } 104 late_initcall(load_module_signing_keys);
Cache object: 811637d9db2c118b3ef0cbfc10af17f8
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]