PEFILE: Load the contained key if we consider the container to be validly signed

author David Howells <dhowells@redhat.com>

Tue, 15 Jan 2013 15:33:42 +0000 (15:33 +0000)

committer David Howells <dhowells@redhat.com>

Sat, 19 Jan 2013 01:05:21 +0000 (01:05 +0000)
author David Howells <dhowells@redhat.com>
Tue, 15 Jan 2013 15:33:42 +0000 (15:33 +0000)
committer David Howells <dhowells@redhat.com>
Sat, 19 Jan 2013 01:05:21 +0000 (01:05 +0000)
diff --git a/crypto/asymmetric_keys/pefile_parser.c b/crypto/asymmetric_keys/pefile_parser.c

index edad948b18b477c6ad86381435e6b49d8ba94eab..c3efe39500c68e02b7a9fe19344bce20a4d46a6e 100644 (file)
--- a/crypto/asymmetric_keys/pefile_parser.c
+++ b/crypto/asymmetric_keys/pefile_parser.c
@@ -395,6 +395,8 @@ static int pefile_key_preparse(struct key_preparsed_payload *prep)
  {
         struct pkcs7_message *pkcs7;
         struct pefile_context ctx;
+       const void *saved_data;
+       size_t saved_datalen;
         int ret;
  
         kenter("");
@@ -440,7 +442,14 @@ static int pefile_key_preparse(struct key_preparsed_payload *prep)
         if (ret < 0)
                 goto error;
  
-       ret = -ENOANO; // Not yet complete
+       /* We can now try to load the key */
+       saved_data = prep->data;
+       saved_datalen = prep->datalen;
+       prep->data += ctx.keylist_offset;
+       prep->datalen = ctx.keylist_len;
+       ret = x509_key_preparse(prep);
+       prep->data = saved_data;
+       prep->datalen = saved_datalen;
  
  error:
         pkcs7_free_message(ctx.pkcs7);
diff --git a/crypto/asymmetric_keys/x509_parser.h b/crypto/asymmetric_keys/x509_parser.h

index 5e35fba2124589dacba3b1ff41d11837df74ad44..65452c46766b7c90b7c7f371675bded47d8fce2d 100644 (file)
--- a/crypto/asymmetric_keys/x509_parser.h
+++ b/crypto/asymmetric_keys/x509_parser.h
@@ -12,6 +12,8 @@
  #include <linux/time.h>
  #include <crypto/public_key.h>
  
+struct key_preparsed_payload;
+
  struct x509_certificate {
         struct x509_certificate *next;
         const struct x509_certificate *signer;  /* Certificate that signed this one */
@@ -47,3 +49,4 @@ extern struct x509_certificate *x509_cert_parse(const void *data, size_t datalen
  extern int x509_get_sig_params(struct x509_certificate *cert);
  extern int x509_check_signature(const struct public_key *pub,
                                 struct x509_certificate *cert);
+extern int x509_key_preparse(struct key_preparsed_payload *prep);
diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c

index 0f55e3b027a0537b1913f08650b3cdd29a70616c..c3e5a6dd902f89c6a6361c6e79b8a0cde4031647 100644 (file)
--- a/crypto/asymmetric_keys/x509_public_key.c
+++ b/crypto/asymmetric_keys/x509_public_key.c
@@ -105,7 +105,7 @@ EXPORT_SYMBOL_GPL(x509_check_signature);
  /*
   * Attempt to parse a data blob for a key as an X509 certificate.
   */
-static int x509_key_preparse(struct key_preparsed_payload *prep)
+int x509_key_preparse(struct key_preparsed_payload *prep)
  {
         struct x509_certificate *cert;
         struct tm now;
@@ -229,6 +229,7 @@ error_free_cert:
         x509_free_certificate(cert);
         return ret;
  }
+EXPORT_SYMBOL_GPL(x509_key_preparse);
  
  static struct asymmetric_key_parser x509_key_parser = {
         .owner  = THIS_MODULE,
author	David Howells <dhowells@redhat.com>
	Tue, 15 Jan 2013 15:33:42 +0000 (15:33 +0000)
committer	David Howells <dhowells@redhat.com>
	Sat, 19 Jan 2013 01:05:21 +0000 (01:05 +0000)
crypto/asymmetric_keys/pefile_parser.c		patch \| blob \| history
crypto/asymmetric_keys/x509_parser.h		patch \| blob \| history
crypto/asymmetric_keys/x509_public_key.c		patch \| blob \| history