Lukas Wunner wrote: > The upcoming in-kernel SPDM library (Security Protocol and Data Model, > https://www.dmtf.org/dsp/DSP0274) needs to retrieve the length from > ASN.1 DER-encoded X.509 certificates. > > Such code already exists in x509_load_certificate_list(), so move it > into a new helper for reuse by SPDM. > > No functional change intended. > > Signed-off-by: Lukas Wunner <lukas@xxxxxxxxx> > --- > crypto/asymmetric_keys/x509_loader.c | 38 +++++++++++++++++++--------- > include/keys/asymmetric-type.h | 2 ++ > 2 files changed, 28 insertions(+), 12 deletions(-) > > diff --git a/crypto/asymmetric_keys/x509_loader.c b/crypto/asymmetric_keys/x509_loader.c > index a41741326998..121460a0de46 100644 > --- a/crypto/asymmetric_keys/x509_loader.c > +++ b/crypto/asymmetric_keys/x509_loader.c > @@ -4,28 +4,42 @@ > #include <linux/key.h> > #include <keys/asymmetric-type.h> > > +int x509_get_certificate_length(const u8 *p, unsigned long buflen) > +{ > + int plen; > + > + /* Each cert begins with an ASN.1 SEQUENCE tag and must be more > + * than 256 bytes in size. > + */ > + if (buflen < 4) > + return -EINVAL; > + > + if (p[0] != 0x30 && > + p[1] != 0x82) > + return -EINVAL; > + > + plen = (p[2] << 8) | p[3]; > + plen += 4; > + if (plen > buflen) > + return -EINVAL; > + > + return plen; > +} > +EXPORT_SYMBOL_GPL(x509_get_certificate_length); Given CONFIG_PCI is a bool, is the export needed? Maybe save this export until the modular consumer arrives, or identify the modular consumer in the changelog? Other than that: Reviewed-by: Dan Williams <dan.j.williams@xxxxxxxxx>
