projects / cascardo / linux.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge branch 'smack-for-4.5' of https://github.com/cschaufler/smack-next into next
[cascardo/linux.git] / security / integrity / digsig_asymmetric.c
diff --git a/security/integrity/digsig_asymmetric.c b/security/integrity/digsig_asymmetric.c
index 4fec181..5ade2a7 100644 (file)
--- a/security/integrity/digsig_asymmetric.c
+++ b/security/integrity/digsig_asymmetric.c
@@ -17,6 +17,7 @@
 #include <linux/key-type.h>
 #include <crypto/public_key.h>
 #include <keys/asymmetric-type.h>
+#include <keys/system_keyring.h>
 
 #include "integrity.h"
 
@@ -32,9 +33,22 @@ static struct key *request_asymmetric_key(struct key *keyring, uint32_t keyid)
 
        pr_debug("key search: \"%s\"\n", name);
 
+       key = get_ima_blacklist_keyring();
+       if (key) {
+               key_ref_t kref;
+
+               kref = keyring_search(make_key_ref(key, 1),
+                                    &key_type_asymmetric, name);
+               if (!IS_ERR(kref)) {
+                       pr_err("Key '%s' is in ima_blacklist_keyring\n", name);
+                       return ERR_PTR(-EKEYREJECTED);
+               }
+       }
+
        if (keyring) {
                /* search in specific keyring */
                key_ref_t kref;
+
                kref = keyring_search(make_key_ref(keyring, 1),
                                      &key_type_asymmetric, name);
                if (IS_ERR(kref))
Unnamed repository; edit this file 'description' to name the repository.